Before diving into the 51% attack, it is crucial to have a good understanding of mining and blockchain-based systems.
One of the key strengths of Bitcoin and its underlying blockchain technology is the distributed nature of building and verifying data. The decentralized work of the nodes ensures that the protocol rules are being followed and that all network participants agree on the current state of the blockchain. This means that the majority of nodes need to regularly reach consensus in regards to the process of mining, to the version of the software being used, to the validity of transactions, and so forth.
The Bitcoin consensus algorithm (Proof of Work) is what assures that miners are only able to validate a new block of transactions if the network nodes collectively agree that the block hash provided by the miner is accurate (i.e. the block hash proves that the miner did enough work and found a valid solution for that block’s problem).
The blockchain infrastructure - as a decentralized ledger and distributed system - prevents any centralized entity from making use of the network for its own purposes, which is the reason why there is no single authority on the Bitcoin network.
Since the process of mining (in PoW-based systems) involves the investment of huge amounts of electricity and computational resources, a miner’s performance is based on the amount of computational power he has, and this is usually referred to as hash power or hash rate. There are many mining nodes in various locations and they compete to be the next to find a valid block hash and be rewarded with newly generated bitcoins.
In such a context, the mining power is distributed over different nodes across the world, which means the hash rate is not in the hands of a single entity. At least it is not supposed to be.
But what happens when the hash rate is no longer distributed well enough? What happens if, for example, one single entity or organization is able to obtain more than 50% of the hashing power? One possible consequence of that is what we call a 51% attack, also known as a majority attack.
What is a 51% attack?
A 51% attack is a potential attack on a blockchain network, where a single entity or organization is able to control the majority of the hash rate, potentially causing network disruption. In such a scenario, the attacker would have enough mining power to intentionally exclude or modify the ordering of transactions. They could also reverse transactions they made while being in control - leading to a double-spending problem.
A successful majority attack would also allow the attacker to prevent some or all transactions from being confirmed (transaction denial of service) or to prevent some or all other miners from mining, resulting in what is known as a mining monopoly.
On the other hand, a majority attack would not allow the attacker to reverse transactions from other users nor to prevent transactions from being created and broadcasted to the network. Changing the block’s reward, creating coins out of thin air, or stealing coins that never belonged to the attacker are also deemed impossible events.
How likely is a 51% attack?
Since a blockchain is maintained by a distributed network of nodes, all participants cooperate in the process of reaching consensus. This is one of the reasons they tend to be highly secure. The bigger the network, the stronger the protection against attacks and data corruption.
When it comes to Proof of Work blockchains, the more hash rate a miner has, the higher the chances of finding a valid solution for the next block. This is true because mining involves a myriad of hashing attempts and more computational power means more trials per second. Several early miners joined the Bitcoin network to contribute to its growth and security. With the rising price of Bitcoin as a currency, numerous new miners entered the system aiming to compete for the block rewards (currently set as 6.25 BTC per block). Such a competitive scenario is one of the reasons why Bitcoin is secure. Miners have no incentive to invest large amounts of resources if it is not for acting honestly and striving to receive the block reward.
Therefore, a 51% attack on Bitcoin is rather unlikely due to the magnitude of the network. Once a blockchain grows large enough, the likelihood of a single person or group obtaining enough computing power to overwhelm all the other participants rapidly drops to very low levels.
Moreover, changing the previously confirmed blocks gets more and more difficult as the chain grows, because the blocks are all linked through cryptographic proofs. For the same reason, the more confirmations a block have, the higher the costs for altering or reverting transactions therein. Hence, a successful attack would probably only be able to modify the transactions of a few recent blocks, for a short period of time.
Going further, let’s imagine a scenario where a malicious entity is not motivated by profit and decides to attack the Bitcoin network only to destroy it, no matter the costs. Even if the attacker manages to disrupt the network, the Bitcoin software and protocol would be quickly modified and adapted as a response to that attack. This would require the other network nodes to reach consensus and agree on these changes, but that would probably happen very quickly during an emergency situation. Bitcoin is very resilient to attacks and is considered the most secure and reliable cryptocurrency in existence.
Although it is quite difficult for an attacker to obtain more computational power than the rest of the Bitcoin network, that is not so challenging to achieve on smaller cryptocurrencies. When compared to Bitcoin, altcoins have a relatively low amount of hashing power securing their blockchain. Low enough to make it possible for 51% attacks to actually happen. A few notable examples of cryptocurrencies that were victims of majority attacks include Monacoin, Bitcoin Gold and ZenCash.