Topic: 51% attack (Read 459 times)

Even if more than one major pool was owned by the same entity, it doesn't make a huge amount of difference. Remember of course that each big pool is used by thousands or even tens of thousands different miners - everything from huge ASIC farms down to individuals running a single ASIC at home. All of these miners are separate entities despite mining under the same umbrella of the pool they use. Should that pool operator decide to turn malicious and attempt to 51% attack the network, then any of these individual mining entities can switch to a new pool in a matter of minutes.

Thanks both, it all makes sense now. I had a slightly wrong idea of how nodes validate transactions. Every day is a school day.


As mentioned before, ghash.io actually went above the 50% and it wasn't the first time that happened (it was the last time though). Hashpower distribution improved a lot since then, at least officially, it's hard to know for sure whether different pools are actually independent of each other.

51% attacks have never occurred in the bitcoin network and will never occur because one company (miner) cannot own close to that amount of mining power possible for that because it is expensive to possess such mining power; additionally, other miners will never allow such an attack to occur and are constantly on the lookout for such attacks.

Only in 2014 did a company called Ghash.io get close to that amount, with a total mining power of 38.24% at the time. The company no longer exists, and no one has ever gotten close to that percentage since. If miners do not collaborate to conduct an attack on the network, they will give the longest chain and dominate the network attackers. 51% is not possible practically because of the way the bitcoin network is built, we don’t need to worry about that.

Gambling websites are fairly unique in the regard that no coins actually need to move until you withdraw your winnings. You can play and win dozens of bitcoin, but the gambling site only needs to honor that when you actually withdraw. And so they can just place a hold on any withdrawals until your deposit has enough confirmations. You can deposit, start playing after 1 confirmation (or even immediately), but then not be allowed to withdraw until after 3 confirmations, or something along those lines. This keeps the risk of any double spends to a minimum.

This is not possible with centralized exchanges, since as soon as you start trading the exchange has to start filling orders. If you double spent, they would be left with a bunch of orders they would still have to honor. And so you have to wait for longer on centralized exchanges.

Maybe that's the reason exchanges back then approved transactions of Bitcoin that had "3+" confirmations.
Gambling websites also required 3+ confirmations around 2013, but now it's reduced to 1+ confirmations looking at how hard it would be for someone to double-spend their coins on the website (there's still a possibility of performing the 51% attack, but the malicious party will waste their resources looking at the current overall hash rate of bitcoin network)

Some websites, even today, require 3+ confirmations.

Not daft at all - a good question.

As ranochigo explains, nodes are important to verify and validate all the transactions and blocks which make up the blockchain, but they do not judge where these transactions and blocks came from.

For example, if I submitted a transaction which sent all of Satoshi's coins to an address I control, then obviously that transaction would have an invalid signature. Nodes would therefore reject that transaction and not propagate it through the network.
If a 51% attacker submitted a block which contained such a transaction with an invalid signature, then again, nodes would reject that entire block and not propagate it through the network.
However, a 51% attacker is able to submit valid blocks which contain valid transactions, which nodes will accept. They can also submit a whole chain of blocks which is longer than the current main chain, and nodes will automatically swap to this new longer chain if it is all valid. So as I explained above, if there is already a confirmed transaction sending their coins to someone else, they can replace that by releasing a longer chain which includes a transaction sending those same coins back to themselves. This double spend is still entirely valid as far as nodes are concerned - it spends a valid UTXO with a valid signature - so nodes will validate it and accept it.

This is the crux of a 51% attack. It allows the attacker to freely double spend their own coins. But nodes checking the validity of all transactions are what prevents the 51% attacker from accessing anyone else's coins.

There is a difference between the validity and the honesty. The onus of maintaining a chain that is mined with fairness and integrity in mind is on the miners. No one on the network can judge which is the honest chain and which one isn't, and the only assumption that we can make is to assume that the majority of the network are honest and not engage in double spending, malicious chain-reorg, etc. Keep in mind that executing a 51% attack doesn't break the protocol rules.

Nodes play an important role in being economic agents in ensuring that the blockchain that they see is valid and for SPV nodes to be receiving the a chain that is valid, keeping in mind that SPV nodes has no idea whether a chain is valid or not. Nodes are useful for individuals to ensure that the chain that they are seeing is valid.

Thanks again for clarifying. Technical aspects of the network have never been my strong suit. Just another daft question: If nodes do not police the chain, then why is it advised for nodes to have a full copy of the blockchain? I always imagined it was for situations like the one discussed, to prevent malicious miners from propagating invalid chains.

But back then the value of bitcoin is close to few dollars so why would even try such things especially it will not have any benefit for them once they lose 51% hash rate power the blocks will be back and all the malicious blocks will be replaced by actual one.

They care only if the price is higher ironically the expense of 51% attacks also higher enough for not to attempt such attacks on the bitcoin network which is what keeping the bitcoin standout from other shitcoins.

we use reason and logic, why attack a coin that at that time had no value? even people were given it for free at that time many did not want it. but after a valuable item, then people will look for it. 

No, because the full nodes validate ALL blocks and ALL transactions, and enforce the rules. If there's a mining pool that announces an invalid block, the full nodes in the network will know and not send it out, disallowing it from propagating around the network.

Bitcoin has always been a tempting target for the technically knowledgeable and financially well-equipped. A 51% attack, as you suggest, could have been catastrophic for Bitcoin back when it was still in its infancy. Interestingly, according to my findings, no such attack ever took place.

However, the motivation to launch such an attack was likely considerably lower back then, despite Bitcoin's increased susceptibility. There was much less incentive to launch such an attack because Bitcoin has not yet established itself as a reliable digital money or investment option. There was also a lack of both the availability and sophistication of the computational resources needed to launch such an attack.

No, not at all.

Nodes will follow the chain with the most valid accumulated work. The whole point of a 51% attack is that a malicious miner can produce blocks faster than the rest of the network. So while the rest of the network mines the original transaction and x number of blocks on top of it, the 51% attacker can mine an alternate chain in secret which double spends the coins in the original transaction back to themselves and x+1 number of blocks on top of it. Once you have released the goods or whatever, the 51% attacker can then broadcast their alternate chain they were mining in secret. Assuming that this chain remains consensus valid (and there is no reason it wouldn't be), then nodes will immediately switch to this chain upon learning about it, since it is longer than the honest chain and therefore has more accumulated work. At that point the original transaction and all its confirmations disappear from the network, and are replaced by the double spend transaction.

Nodes do not police which chains are "honest" or "dishonest", and really, have no way of making that judgement. They simply follow the valid chain with the most accumulated work.

Haha seems like we are going to have a couple of topics similar to that every week, Becasue now the rumors are the king of fud. Actually, the problem is with our people haha they just follow the blind news from unknown sources. Improper research and information behind asking the questions and posting the queries, I think a few days ago we had discussed the same topic with another view. It was clearly explained there that currently now the hash power 51%+ cant offer control over the network.

This thread is also based on quite a similar query and there the theory of 51% is discussed.

Unraveling the Ridiculous: Exposing the Absurdity of the 51% Power Attack FUD

@OP
I suggest you watch this video (it contains some small errors and on some topics it is dated but it explains these topics in a complete way).
https://www.youtube.com/watch?v=Lx9zgZCMqXE&t=0s

In practice, even if an entity had 51% of computing power available, its ability to solve blocks only slightly increases, and if it wants to reorganize them it must always compete both to solve the new block and to "modify" the previous one. If you think about it, ok it increase the chance but this not means it would be able to make a reorganization.

In short, 51% of potential power does not guarantee anything.
In the past, the cex.io pool has reached this value without any particular problems...

Thanks for sharing. I thought ghash.io was the only time the pool went above 50%. I got into Bitcoin in late 2013 ao wasn't around when the first two times happened.

I guess we can draw the conclusion that the simplest and cheapest way to perform the attack is not to buy or produce enough hashpower, but to create a pool (or few pools pretending to be independent) and attract enough miners.


But that new chain would get rejected by the majority of the network, meaning nodes, right?

In those years, there was no obvious reason for the attack, why should they attack. There is no such reason now, of course, but since the mass it affected was not that big at first, an attack was not even considered. I know there is no 51% attack yet.

Its widespread use and popularity today are just some of the biggest obstacles to attacks. I don't think there is such a risk for Bitcoin. This is just one of the beautiful aspects of Bitcoin.

At the same time, the cost of such an attack is very high, and I don't think there is any organization that would want to do something like this.

Not for transactions which do not belong to them, no. They can refuse to mine any transactions they don't want to, but the transactions they don't mine remain perfectly valid and as soon as the 51% attack ends those transactions can be mined as normal.

They can double spend their own coins only. For example, the 51% attacker might make a transaction paying you 100 BTC. You wait for 6 or 10 or 20 confirmations, and then hand over whatever expensive goods you were selling. The 51% attacker can then mine an alternate chain to replace the last 20 blocks and include in that chain a transaction which sends the same 100 BTC back to one of their own addresses. They have double spent their own coins. They cannot do this for anyone else's coins, since having 51% of the hashrate does not give them any special ability to forge your private keys, break ECDSA, force nodes to accept invalid signatures, and so on.

I'm not sure of this but satoshi did answer this back then? I don't know if he exactly addressed this exact scenario or that he said that there should be a gentleman's agreement that no one should get much powerful miners so the beginner miners or newbies to bitcoin itself can mine without any problems. I might add the link to it later if I find it. 51% attack is not possible imo and many probably share the same answer with me, there's a lot of bitcoin mining corporations already and I don't think that they're merging anytime soon, not to mention that there's individual miners who has computing power too and there's more of them than those mining corporations, I think.

Can't they make a valid transaction invalid? Isn't it double spending? If anyone can censor transactions, the network won't be any more decentralized. My bad if I have written something wrong, that's what I know. I'm not saying that's going to happen though.
Well, it doesn't make sense. Why would someone bother to attempt to do so by spending this huge amount in achieving this huge hash rate?

But that's also not accurate since adding right now 200th/s would drop the revenue per th/s per miner from barely 7 cents as it is now in the 5 cents area and it will push a ton of hashrate out of business since they will be in the red.
And the prices of the hashrate needed he mentioned are also bad, he went for the s19pro at 110th/s for 3000, that's $27 per th/s when you can buy S19hydros at $11 per th/s or pros at $16 per th/s and I'm talking about new gear from Bitmain not used gear on the market. Even new with older models I saw Mikey selling at $9 per th.

But that aside, there is the thing of why doing it, and the best example is right here:
Bitcoin Scam Vision has around 600Ph/s, there are 7 companies I know of that have way more hash rate than the entire network yet none is doing anything against it. And why would they? And why would anyone do this to BTC also?

 

Plus if there was, let's get the facts clear. There's a misstatement that's commonly accepted that if an entity "controls 51% or more of the total hashing power, that entity has total control over the Bitcoin network". That's actually wrong. An entity can have 100% of the total hashing power, but it still can't change the consensus rules and it still can't make invalid transactions into valid transactions. It can JUST censor transactions.

There have been a number of occasions in the past where a single pool has controlled >51% of the hashrate, but they have not used this to attack bitcoin.

Deepbit in 2011 - https://bitcointalksearch.org/topic/deepbit-at-about-49-26656
BTCGuild in 2013 - https://bitcointalksearch.org/topic/danger-51-attack-possibility-152296
GHash.IO in 2014 - https://bitcointalksearch.org/topic/2014-06-09-ghash-nears-51-apples-change-of-heart-facebook-approves-a-dogec-645056

Obviously back then the total hashrate was a tiny fraction of what it is now.

That wouldn't be a 51% attack. If someone was to add new hashrate to the existing hashrate like that, then they would need to add more than all the already existing hashrate.

In your example, if there is 437 TH/s and a malicious party comes along with 223 TH/s, then now there is 660 TH/s altogether. Of that 660 TH/s, the malicious party owns 223 TH/s, which is only 33.8% - not enough to perform a 51% attack. The malicious party would instead need 438+ TH/s, at an even greater cost.

Your math is accurate only if you are taking hashrate which already exists (such as a mining pool) and turning it from honest to malicious, not if you are adding new hashrate.

Generally, 51% attacks or the likes of it are one and done schemes. They are not intended to be sustained for very much longer than required and it wouldn't matter if the miners switch or not. Since 51% attack works by shifting the miners to work on an alternate chain simultaneously, the probability of the pool miners noticing it and shifting before the damage is done is pretty much zero.

The issue lies with the opportunity cost of executing such an attack. Most pool owners have a huge amount of Bitcoins and it is in their best interests to sustain the prices and keep them afloat. Any attack on the network would tank the price, destroy the mining economy and the probability of their pools ever being used again. It is simply not worth it to execute a 51% attack at any point in time.

I haven't read of any. I think there was really no 51% attack that happened. It has always been just a threat. Oftentimes the attack is merely in theory. But that became more serious and closer to reality in 2014 as mentioned by seoincorporation. But it didn't really become a problem.

First and foremost, there was no intention to attack. And that's common sense. The reason is simply that 51% attack is not cost-beneficial. Aside from the fact that it is an expensive undertaking, what you will get out of it if you are successful is close to nothing. And you're success will only be very short. So why do it then? You'd rather just contribute your computing power to the network and continuously make money.

There are times when some big pools have enough cumulative hashrate if they combine together but they did not do it. I have never read any report about past attacks and surely I can miss something.

My thinking is if in history of Bitcoin, there has ever been such attacks, Bitcoin would have never been continued to grow more like we are witnessing. Any successful attack will damage the reputation of Bitcoin blockchain and investor belief will vanish. Impossible to reclaim it and Bitcoin would have very cheap price.

• How many Bitcoin confirmations is enough?
• More important, if an attacker does such an attack, Bitcoin price will be dumped to the hell and even the attacker will not get much money from it.

Practice with Bitcoin confirmation risk calculators

• https://web.archive.org/web/20181231045818/https://people.xiph.org/~greg/attack_success.html
• https://jlopp.github.io/bitcoin-confirmation-risk-calculator/

https://petra.isenberg.cc/publications/papers/Tovanich_2020_VAO.pdf
http://organofcorti.blogspot.com/2016/11/november-6th-2016-block-maker-statistics.html?m=1
https://hal.archives-ouvertes.fr/hal-03610424/document

Bitcoin can be possibly hit by 51% attack that time but there's no evidence that it was experienced such attack. We know that they can afford the hashing power before if we compared it today.

The current level of Bitcoin hash rate is around 437.01M TH/s and the 51% is 222.9M TH/s. The best Bitcoin miner which is Antminer S19 pro only has 110 TH/s and it cost 3000$ for one. Imagine, you have to get 2M Antminer S19 pro in order to make 222.9M TH/s, which is around $6B and that's too expensive. I think there's no bad organization want to take risks on that.

---

https://ycharts.com/indicators/bitcoin_network_hash_rate#
https://www.investopedia.com/terms/1/51-attack.asp

Bitcoin has a lot of soft and hard forks, but it doesn't have 51% attacks yet, the closer we get to that was on January 2014.


But there are some fresh examples of 51% attacks in the past years in other blockchains:


But you have a point there, we are talking about the old days, maybe satoshi did some test to verify the 51% attack, who knows. In the end the real risk for the 51% is the exchanges. just think about it, you send the cryptos to the exchange, sell them, then make the 51% attack and get back the coins. Sound easy but to get the 51% of the mining power isn't easy at all.

Bitcoin was attacked at the time, some of those attacks led to changes in the protocol and others were unsuccessful. A 51% attack will not have had a long term effect on the market price of Bitcoin, same way such an attack now will not have a long term effect.
In both cases it will have been far more profitable for such a miner to simply get new coins rather than attacking the network.

There were close calls that caused very high potential bitcoin 51% attacks. I don't believe that any were successful (definitely none successful enough to hurt Bitcoin as we are still here today). I understand from memory reading that there was a pool who had more than 51% of the hash power at one stage, though miners reallocated themselves and the pool made steps to reduce the hash power, I believe dividing into two pools was the approach.

I don't believe that a 51% attack is still something to worry about today if Bitcoin maintains its ability to make the globe compete for it's supply and its hash power.

It is important to understand that having 51% hash power on the network does not necessarily imply abuse of that advantage. You should consider the context in which this was possible. During that time, there wasn't much traffic on the network, and there were no exchanges, casinos, or other services using Bitcoin transactions. Therefore, there was really nothing that could be abused.

Nobody knew about Bitcoin in 2009. In early 2009 there was one person on the network (Satoshi), and then there were two (Hal Finney I believe). I would assume by the end of 2009 there were probably at most a few thousand people in Bitcoin, maybe only a few hundred.

And all these hundreds or at most few thousand people that were mining were mining with CPUs, "high-tech mining machines" didn't exist for years after this. I think GPU mining didn't even start until sometime in 2010? You're asking if companies or wealthy people attacked Bitcoin in 2009...nobody knew that Bitcoin existed in 2009. Probably only a few thousand people had even heard of Bitcoin. A 51% attack back then could have only been performed by one of the very few people that knew about Bitcoin back then and was actively engaged in Bitcoin, which means they had no incentive to do it. Also Bitcoin had no market value at that point either, it was still just an experiment back then so why would those few people involved with it bother to attack it?

It's sort of like asking if people were hacking ARPANET back in like 1970 when all it did was connect like 4 universities and nobody else knew about it.

Companies and wealthy individuals getting involved in mining or even just Bitcoin in general didn't happen until years later.

Don't think so. There's no merit to them in the past cause surprise, surprise, bitcoin's worth nothing back then. Only as the coin gradually increased in value and appreciation did people come to realize how bitcoin is vulnerable to 51% attacks but way back then we didn't have to worry cause why would a large corporation buy 51% of the total supply of a currency which doesn't even go as high as a dollar in value? Plus to add to this there's not even that much of users in the past so jacking the price up will be a herculean task which would require this company to fork out even more money in the process, yielding a negative payout for everyone who'd try this in 2009-2012. Of course as time goes by it became apparent that bitcoin is valuable and the idea of a 51% attack became more real, but as it stands today unless you have a trillion dollars just lying around, I don't think you'd be able to buy bitcoins to that degree that you'd have supreme control over it.

Why attack something that did not yet have any traction? After the release in 2009 Bitcoin had many vulnerabilities comparing to which 51% attack did not sound all that scary. For example, that one time, in the block 74638, 92 billion bitcoins came into existence, you can read more about that here:
https://bitcointalksearch.org/topic/strange-block-74638-822

I've never heard of any actual 51% attack on Bitcoin, but at one point (very briefly) a mining pool called ghash.io went above 50% of the total hashpower, but they had no intention of attacking the network and took steps to discourage individual miners from joining their pool.

As far as I know, Bitcoin has never experienced a 51% attack & there were no reported 51% attacks on the Bitcoin network in its early days. Bitcoin's security relies on its decentralized nature and the significant computational power required to perform such an attack. While there have been 51% attacks on smaller and less secure blockchain networks, Bitcoin's popularity and widespread mining made it more resilient to such threats.

Unfair means to get an advantage over the network and abusing that advantage (more than 51% hash in this case)

I think you're right. If the people (individuals) started attacking the network at that time, then the adoption of Bitcoin could've been delayed, and we would be seeing a different market price of Bitcoin compared to now.

Define "attack".

While in the early years there were no big companies at all involved in bitcoin
there have been times where one individual had the majority of hash-power.

In 2010 the user ArtForz was one of the first people using GPUs for mining and he used quite a lot of them, so for a while (a couple of weeks?) he had more than 51% iirc,
but he was just an honest miner and didn't "attack" the network.

After that I think there were some pools that came close, maybe some even got above the 51% fo some time, not sure about that.
The thing about pools is, that users (aka workers) can switch them anytime. So if any of them even tries to "attack" the network, it's probably not gonna be used much longer.

Not many people were mining with high-tech mining machines when Bitcoin was released (2009, if I'm not mistaken).
Thus, bitcoin was vulnerable to a 51% attack by a big company or an individual with huge resources.

But was there any such attack on Bitcoin around that time?