Topic: Almost no one understands the 51% Attack (Read 789 times)

That's why Bitcoin block time is set to 10 minutes, not seconds. And also: if you have a coin, where "uncle block" is a valid thing, then it is a completely different situation. Ethereum simply lowered their block time, without understanding the consequences.

Many coin creators decreased their block time from the default 10 minutes, but when I tried to build my network, I did the opposite, and actually increased it (for example into one hour, one day, or even two weeks). For example: if you want to have decentralized DNS, then you don't really need to update your naming indexes every 10 minutes. Establishing a domain is a long process, so you are not in a hurry, even in the centralized model, so there is no reason for giving for example 50 new names every 10 minutes, you can do that every hour, or every day, and that system would be better.

First, many altcoins rejected double SHA-256, and tried something else. And then, suddenly, they were protected from attacks from Bitcoin miners, but at the same time, they opened their network for the new attacks, from the new, unexplored hashing algorithms. And then, they are suddenly surprised, that they don't have the largest base of miners on their side.

Just use Merged Mining properly, and it can deal with those things, if you manage to calculate the global difficulty correctly (not like NameCoin, which only counts their own difficulty, without considering global hashrate). Collect all valid headers, to compute the real global chainwork, even without collecting block data from altcoins (just headers are enough).

As far as I know, no chain did that properly, not even Bitcoin. Because BTC is safe, when forks have something like 1% of double SHA-256 global hashrate. But it won't be safe, if you are on that "1% side". However, it could be fixed, and I wonder, why no altcoin implemented those kinds of protections, and instead, they are all blindly calculating only their own difficulty. It is like closing your eyes, and pretending that BTC doesn't exist, if you still allow mining a new block, for providing 1% of the global hashrate.

I agree with the title, but I don't agree with why no one understands the 51% attack.

Too many people think that the method of 51% attacks is detectable while it's in progress because of how it's described in the Bitcoin whitepaper.

The actual method that nearly all successful 51% attacks on PoW networks have occurred is via withholding attacks, which are undetectable until the moment they execute.

e.g. The Aug 2020 attack on Ethereum PoW where 4000 blocks were reorged at the same time without prior detection. Reorgs attacks don't happen block by block. They happen all at once.

One moment the blockchain is safe; the next second, 50 blocks are reorged all at once and it takes a whole day for honest miners to fight back, assuming they can even muster the mining power to do so.

you obviously didnt read.. if the prev hash doesnt match then its not part of the chain (hint: 'orphan'(unknown parent))
also look into how altcoins fork off, it doesnt require the genuine honest network needing to change. its just where there is a mismatch of chain of hashes, for a new lineage to proposer the new lineage has to do things to continue building on and not reject(by banning the honest pools/nodes broadcasts)

so without a army of nodes on the malicious pools side the malicious pool has to do some extra things to not only produce blocks but also try to get its ancestry of differing 'previous hash' to be accepted by honest nodes without ending up rejected and treated as a solo pool altcoin with no community

there is more to block acceptance than just your theory of valid transactions.. such as the changetip work whereby to also try to win the height competition the malicious pool would need more than equal power to be able to do more work in less time to show a higher 'proof work', difficulty to be accepted as the more worked on chain, because the 51% is more of a minimum not a target. because anything below 51% would probably be working on a lower difficulty to create fast blocks and just rejected based on less proof work or would not be solving as many blocks so never overtake the honest network in height or difficulty

This is an entirely different scenario. In the case with an attacker accumulating 51% of the hash power, then he can reach the threshold on any fork where the same mining algorithm is used. In your case, some people hardforked, e.g., Bitcoin Cash, the fork experienced a mining pool with >50% of the hash power, and people simply sold their BCH for BTC. However, in this thread, we're talking about an entity reaching 51% of the hash power of BTC.

---

The real issue arises if a malicious entity controls 51% of the total hash power, not when a mining pool tries to use its clients' hash power for an attack; that could be quickly mitigated.

It would not be rejected because we assume that the malicious branch is valid and nodes would have all of its blocks. So the incoming malicious block would have a previous hash that matches a block in the malicious branch. When the malicious branch becomes longest, there is a reorg.

A malicious block would be accepted because its previous hash matches a block in the malicious branch. Their are no invalid blocks so none are rejected.

In order for honest nodes to reject the malicious branch, which we assume is the longest valid chain, the consensus rules would have to be changed so that a block in the malicious branch becomes invalid. That would require all honest node operators to install a new version of the software with the new rules. The attacker doesn't have to incentivize anyone. As long as the attacker continues to make the longest valid chain with its majority hash power, honest nodes will follow it.

at the +1 height difference nodes see the previous hash doesnt match their own and do reject it, because its not working ontop of their chain
..
im trying to simplify things down because a simple person has already cried that i explained too much how why when what and he just wanted simple answers.. but the indepth answer is that unless there is a heck of alot of hashrate advantage above 51% the ability to go back and then forward is scuppered due to other mitigating factors like changetip work, which would need a malicious pool to be working at an even higher hashrate with higher difficulty to show a bigger changetip to win the re-org
(it would be great to get into the deeper details.. but we are still in baby steps of some of the more basic mitigating factors which legiteum keeps passing by and not taking onboard with all of his offshoot whataboutisms of different/new attacks to avoid discussing the basics already spoke about of a specific attack scenario)

but if all honest nodes are working on a honest chain. no matter what direction/node you send a block with a non-matching 'previous hash' all honest nodes would query it



i never said everyone need to install a new node to reject the malicious chain... i said the malicious community would need to incentivise an army of new nodes that will accept it and keep the malicious lineage alive(altcoin), where it would be best for them that even current economic nodes would need to also adapt to keep a new set of blocks to keep the malicious lineage alive..

But, reorgs are normal and expected. Nodes can't reject a block simply because it causes a reorg.



But, nodes are connected to several others, so even if one node won't send the "malicious" block to my node, there are others that will. It only takes one node.



I don't see that as a viable outcome. Some entity attempts to take over the block chain via 51% and so everyone installs a new node to reject the malicious chain as you suggest. What would prevent the entity from doing it again?

so many people dont understand bitcoin and instead want junk and bloat for the sake or de-censorship

however bitcoin was designed to have rules to make sure bitcoin stayed lean, clean and functional, where each byte why validated to ensure it was meeting requirements. it had rules and validations that actually checked(emphasis had(past tense)) all the data of a tx.. but some rules have been softened and allowed bloat and unchecked data, aswell as bypassing some validation processes completely.. which is a security risk

there is a difference between having validation rules vs calling it censorship..
what word you should be using is non-discriminatory rules where by 2 things that are deemed valid and should be validated that are then censored due to political, bias reasons

bitcoin has always had some level of security of validation to avoid certain things getting put into the blockchain.. the main one is that a transaction should never be added to a block if it doesnt satisfy the signature proof of key ownership of utxo being spent.. however even lately those rules are getting softened due to "privacy" and "censorship" where some devs believe full nodes should not get to know whom signed what and if nodes should even retain the signature proofs(witness).. (nodes doing 'isvalid' on transactions that are flagged as 'anyonecanspend')

in a situation of re-org when a malicious pool finally overtakes the honest network to broadcast a new higher height block. the nodes will see the newest blocks 'previous hash' does not compare to the current hash of the honest network


it doesnt take one node to spread.. initially the malicious pool that creates a block has to broadcast it to other nodes, then those nodes broadcast it further out to other nodes if the block is valid and suitable. or if not, within the inner layer of the spiders web would not broadcast it out and so the outer layers wont see it
what nodes do is if say honest network had 861203 and one of its peers(malicious) had 861204 the honest node would request the ..204 block, however the peer that had it has to have accepted it to update its own height. if the honest node gets it and rejects it, the honest node stays at ..203 and so its own other peers wont see a height update from the honest node so doesnt ask for a new block because they too are still on ..203
 

there would need to be a different in the nodes of whats acceptable and whats rejectable.. and if there is a difference. an altcoin is made where differing chain of blocks from different pools doing different chain of 'prev block' hashes compared to the other set

as said if its just one malicious pool and the malicious entity has not got a army of nodes to back it, especially not the economic nodes of the major services/exchanges.. that altcoin would be a waste of resources no one sees bar the malicious entity. the honest network would have seen the ancestry of many previous blocks dont match the chain they support so would just reject it

the only way a malicious pool could re-org by editing a previous confirmed block is to not go back very far. and then have WAY MORE then equal hash to honest network to catch up and over take super fast to get under the threshold of acceptable number of block ancestry that can be replaced

It will lead to censorship that we don't want.

They can say they censor this transaction with following reasons, other transactions with other reasons, and at the end Bitcoin blockchain will become a centralized, censored blockchain which I don't want to use.

Censorship on the Bitcoin network
Six OFAC-sanctioned transactions missing - A pool from Asia is the first to comply with US sanctions?
Non-US Bitcoin Miner Gets Caught Censoring Transactions

Censorship will lead to a day when all Bitcoin waiting transactions will be checked and approved by DOJ, OFAC, before Bitcoin mining pools and their miners confirm these "approved after censorship" waiting transactions.

Help me understand:

The only identifying information in a block is what the miner chooses to provide. How would a pool or node recognize that a block is from an anonymous malicious miner?

It only takes one node for the blocks to spread to the rest of the network. How are nodes prevented from receiving blocks from a malicious miner?

If a portion of the network rejects valid blocks, then the result would be a hard fork. What would be the impact of the hard fork, and how would it be mitigated?

ban man is part of the node.. how much more transparent can those words be
the node is the interface for many functions of bitcoin.. users dont need to build/download anything separate.


as for how its handled and how the network reacts for instance
pool managers dont want to waste resources communicating with silly temporary nodes of users, they instead have a white list of nodes they communicate with such as economic nodes and super nodes alowing those node peers to then get data first and then distribute it out further
like a spiders web spreading out

if you mapped the network out you would see pools at the center mainly connecting to each other to compete with each other to start new attempts as fast as possible after receiving a block and then also sending their confirmed blocks to economic/super nodes. who then distribute the data out to other nodes, where by several layers out there are then the stripped and pruned nodes and then the litenodes

so when for instance a economic node or a competing pool node gets a block from a malicious pool misbehaving. the honest node rejects the block for particular reasons and doesnt transmit it to its downstream peers and takes the node that sent the mebehaving block off its connection list and so doesnt tell other peers about the malicious node so no one downstream gets a list that includes the malicious node connection list

---

as for your new attack method about the peer connection gossip list. you can try and learn about the DNS seed nodes. and this is managed by core too. where they have the initial set of nodes which you would connect to initially which then when connecting to those nodes the connected nodes then share their versions of nodes(kept connected to) by which you wont see the malicious nodes in the list thus not connect to those thus banned

yes a attack vector would be to hack core devs personal servers to change the dns seed lists.. but the core devs monitor those and can just change the data back, so you would need to do things like a brute force continual attack to keep the list in your favour, by which time the dns seed node would just firewall you out of connecting to it.. in seconds.. thus defeat your attempts

you could try a brute force DDoS to prevent nodes getting access to the dns seed, but now your migrating down a different attack rabbit hole whilst still unsure of the basics of the mitigating factors of the primary topic of 51% attack

I'm not sure if you are being obtuse on purpose, or that's just how it's coming out, but I'll try to ask this question a different way.

What will it accomplish if I, one of millions of Bitcoin holders, downloaded banman and banned some nodes I read about--if I am one of the only ones doing this? How would the millions of Bitcoin wallet holders know to do this? I would imagine that 95% of wallet holders have never used GitHub, and don't have access to a build system where they could build it, and then they wouldn't know which nodes to ban (where would they find this out?). Indeed, I suspect most Bitcoin holders don't get day-to-day Bitcoin news, and wouldn't update their wallet's node list for weeks, if ever. Then what?

If the thing defending the Bitcoin network is a "gossip network", then obviously the attackers would generate their own gossip and tell people to ban the good nodes.

(That you keep resorting to personal attacks isn't helping your argument either).

banman is a feature within a node.. but you just wanted a simple answer without explanation

ban man not only disconnects misbehaving node from yours but you also take it off the 'gossip' list of peers which you would share with your other connections so that other peers then avoid connecting to it.. basically creates a whitelist of honest nodes you gossip to your peers about so they all share a list of good nodes to connect to

as for asking about why dont attackers just ban honest nodes... hmm.. thats called creating an altcoin.. but if its just a malicious pool banning all honest nodes. then that mining pool has no one to talk to, so is just left talking to itself.. basically wasting time and money and a sure fire way to get its mining community to jump away from it and find their own other pools to join that the honest network is part of, so they cn atleast try to get some ROI on their hardware and energy investment

if however not only would you have 51% of network hashrate but you would need to coerce majority of economic nodes(services like CEX's) to be on your side for you to be able to keep your attack alive.. yep if you dont have the economic nodes on your side and they instead stay honest and ban your misbehaviour node(s) you get thrown off the network and left as a soulless altcoin no service sees or interacts with.
...
you seem to just want to hope someone gives you a answer that meets your narrative you pre-decided before making this topic, and want to ignore anything said that doesnt fit your narrative

if you however did want to learn about ban man and what it is and does you can go to the bitcoin github and learned about it, you would have learned more and not need to ask more questions you dont want answers to

so please go learn about bitcoin and all the mitigating factors that debunk your risk threat fantasy.. as it seems you dont understand much about the 51% attack nor the risk and effect and possibility of it all
(in the 13 hours between your 2 questions, you could have researched and looked this stuff up in like 20 minutes and learned all this stuff,plus more all by yourself)

So somebody just downloads banman, builds it, and any node on the Bitcoin network you want to be banned is... banned?

So why wouldn't the attackers simply ban nodes that aren't part of their attack?

simple answer

banman     aka ban manager (search it in bitcoin github)

but next time dont ask who why what how in same sentence if you dont want a lengthy answer

Do you even... I really don't understand if we are even talking about the same thing. If I owned a big mining farm, I will turn off the power. Why would I need FBI or Satoshi to do it? Hack my server, I switch off the power. Why would I let you run my rigs and I pay for your bills? What on earth are you talking about man?

Or like @hd49728 says, I would just reconfigure and put my hash to another pool.

And then 'Russia' or whoever it is in your scenario would be, what, out of costs spending on the hack and MAYBE built 10 blocks. Hooray?

Again, successful means profitable. You ignore this again and again.

Look, I just had a simple question. How are nodes banned?

ok first lets zoom into just one attack vector.. re-orging a chain of old blocks...

if a malicious pool went back say 6 blocks and then had 60% of network would still require ~55 blocks to catch up and get ahead of the honest network to even be able to sway the network to change its history.. but here is the thing
core nodes have a "banman" (ban manager) that looks at the changetips and header data and would reject blocks that dont match its history and then give the nodes sending such blocks a score whereby if the persistence of sending dodgy blocks continues to uprate the score then the node will ban the peer sending it
the node would also ignore/drop/reject/stale/orphan/evict the block(s) in question

if you spent some time looking at these things you will see that there are many mitigating factors involved that stop a malicious/misbehaving actor from sending data that does not correspond to the honest chain

my personal node for instance checks the block hash Id (and the 'chainwork' and othe things) of the current chain and if a new block appears with a new height. but its previous block hash does no match the one i have, nor does its previous or its previous for 6 blocks.. then my node just treats it as misbehaving and rejects it if the ancestry does not match within 6 block heights
thus my node sticks to the 6 confirm rule and not allow a chain re-org older than 6 confirms

thus if a malicious actor who did try to go back 6 blocks to its previous.. and then tried to catch up.. meaning it had a new chain of 55 blocks of different hashes compared to the honest chain i follow. it has no chance

it cant simply just go back one block edit it and then broadcast the edited block. as the honest network is already ~2 blocks ahead of the malicious pool, so the malicious pools broadcast would just get rejected as a lower height with a non matching block hash..
it would need to add more blocks and catch up overtake the honest network blockheight to have a height bigger then the honest network to even get a chance to be seen.

if a mining pool went one block back to edit one confirmed block.. and with a 60% of network hashrate, it might get to overtake and re-org the network within 10 blocks catchup time.. at very best 5 block catch up time.. thus only affect 6 blocks that get re-orged (5 after the rewind and 1 of the historic change)

if it managed to overtake and get its blockchain of edited blocks accepted, those transactions of the honest chain of parallel height blocks(6) just change from confirmed to unconfirmed and get put back in mempool to be rebroadcast again.. which the malicious pool can decide to just not put into blocks again and leave the network congested whilst the malicious pool "empty blocks"

however at the very minute that it broadcast the blockheight that overtakes the honest chain to make the honest chain drop its own 6 blocks.. the nodes create a log alert that its dropping blocks to then pursue the new version of 6 blocks thus unconfirming transactions back into mempool.. so people would react and notice.. and just affects transactions of upto 6 confirms
economic nodes as already said would and do have configured nodes to know which of its cex platform user accounts database is credited with balance from which utxo was spent and if there was a doublespend they would halt that cex account spending habits within its platform

other services also 'taint' certain utxos deemed unconfirmed again and if the tx is not spend in the same tx manner as the first time to purely re-confirm it again and instead the tx has been altered and replaced by the key holder those analysis services would flag it too

..
but lets concentrate on the nodes themselves.
as hinted at already, each block has a block id of its block and within that block it also has the Id of the previous block.. there are a set of rules in ban manager that can be set to reject blocks where they dont match the set the network already obtained

so not only is a malicious pool limited in how far back it can go due to it requiring more power or time to catch up and overtake.. but also nodes can treat blocks as misbehaving if their block ID's dont match the nodes own ancestry of id's at a certain depth

(there are more mitigating factors but lets atleast get you passed these little spoons first)

Who "banned" these nodes, and why? What did "banning" them mean, exactly? How is a node "banned"?

you keep skipping over alot of stuff avoiding details you dont want to see

anyways
to get an official patch(like in 2013) took 13 hours.. but nodes didnt need to wait that long. they can and did self ban certain nodes propagating dodgy blocks and then only accept blocks from the chain that was not funky..
..and guess what.. 11 years later bitcoin is still running. so your fear of bitcoin will die in a 13 hour event are proven wrong...

also (separate example of different event) it did not require every node to upgrade in summer 2017 for the network to change path. economic nodes only accepted certain blocks it mandated that they would accept and the rest of the network just received blocks which the economic nodes accepted and passed on.

i think you need to spend alot more time learning about bitcoin. as it seems you are becoming less interested in wanting to get answers and instead just wanting to throw out questions get responses and ignore things that dont fit your narrative you want to pursue.. so now me and others seem to be getting annoyed by your requesting to be spoonfed and then spitting out and not liking whats been fed to you.. so if you really want to learn, please take some time out from the forum which you endlessly post questions you dont want real answers to.. and instead spend those same wasted days on actually learning about bitcoin from the many sources available
i have only mentioned a few mitigating factors and you keep stepping over them, causing the discussion to keep circling around the same basics and not evolving the conversation further... so now its probably best you learn more about bitcoin for your own self education and then come back when more informed to realise where your theories get debunked

if you researched about what happened in 2013 and in 2017 you would not be responding in the way you were responding
so if you really want to know things, go research it in full

Okay. So today, Bitcoin is typically doing about 500k transactions per day. In 13 hours there would be roughly 250k transactions that would all be... either good or evil, nobody would know. In those 250k transactions, hundreds of billions of dollars could be transacted. In other words, that be game over for Bitcoin since the entire blockchain would have zero integrity.

And again, your mitigations all assume we "just know" who the bad guys are, and who the good guys are. How do we know? Obviously the bad guys are going to say they are the good guys. Obviously the bad guys are going to call their transactions the good ones, and say the other ones are the bad ones. How are we supposed to know the difference? Every transaction is performed by an anonymous entity.

well in 2013 there was a leveldb bug which was fixed in 13 hours

in 2017 it was decided they would at a certain date start ignoring certain blocks with a specific version bit. and at that exact mandated time, the blocks with the disliked version bit were ignored

economic nodes dont need to wait for the network to adapt, they can ban nodes propagating blocks it doesnt like, meaning they keep the blocks pre re-org and thus throw the malicious pool off their view of the network leaving it creating its own altcoin (again research events of 2017)
the economic nodes communicate with each other for many reasons of chain analysis. not just looking for funky blocks but also looking for tainted coin and blacklisted coin(AML/KYC stuff) so they are always on the lookout.

again as said already..
when CEX(economic nodes) get deposits and then a malicious pool does a re-org to then double spend a coin. if the CEX see's another deposit using a utxo it already seen used. the cex can firstly freeze the user account from doing any trading on its cex platform. and then send a redflag message to the core devs that a re-org occurred.. although the core devs would also already see that a re-org happened as even some core devs do block analysis and can create a patch to update to, to officially ban that re-org.. however economic nodes can manually ban certain things without needing official update patches
other mining pools can also reject blocks and just continue with their pre-org chain.
theres lots of mitigating factors

its not like the blockchain is not transparent.. as soon as a re-org happens everyone can see it and as said things like CEX's have things in place to protect their trades and deposits from double spends

there are already other mitigations such as block creators cant spend their rewards for 100confirms. so thats 16 hours before a malicious pool can even attempt to spend rewards so they wont benefit from reward profits unless their attack continued for atleast 16 hours (plenty of time inbetween to react)

So... some people see some strange things. Okay. What exactly do they do to the worldwide Bitcoin network in order to.. do something about what they see? Be very specific. Lets us know how much actual wall time is required for them to discover the problem, verify it, and then make the changes to the network to mitigate the problem. No handwaving allowed. Tell us what some individual could do if they found an anomaly on the network.

And by the way, if it's just up to some "core devs", then that would imply that the entire network is at the (very centralized) mercy of a few "core devs", right? So Russia could infiltrate those people and take over the network? I'm oversimplifying here, but the point is to illustrate the possibilities...

there is a they.. there are actual people that like to view the block data and find strange things. we see it alot when people shout out that early adopter coins have moved or there is a pattern of a few blocks that are "empty blocking". even times where blocks are just full of junk meme data

there are people monitoring and announcing issues, and there are some devs that discuss and have core privilege to change the protocol and create a release candidate to change the ruleset to ban nodes for certain reasons. we have seen it happen in the past. where certain things occur and the protocol changes to compensate for the change

you trying to pretend that the algo is just the algo and no one governs it is the ignorance of not realising core devs have control and its them that have political governance of the ruleset and yes this governnance in many ways is a bad thing also (to have one single group of ~ a dozen core devs in ultimate power..) but to then assume they dont exist is a double layer of ignorance to then not see the attack vector which the centralisation of core can present

i know you think a mining 51% attack is a mega threat.. however its actually the core centralised governance of the protocol thats more of the real threat to bitcoin long term

research what happened in july-aug 2017 where a group of devs and economic nodes(services) decided to ignore certain versions of blocks to falsify a 100% consensus(its unnatural/unrealistic to actually get the 100%) to cause a move of the protocol to a new version.. so yes devs a economic nodes can react to things they see in blocks they dont like, such as needing over 80% vote for a feature the devs wanted activating but the pools only gave 45% vote towards segwit, pre july 2017. so they ignored blocks to falsely get 100%

It's not AI, it's an algorithm. It's software. There is nothing in the network that discerns between "good" and "evil", only a valid response to a wallet and an invalid one. All you need to do to be a valid node is return a correctly formatted response--even if it's based on falsified data.

Everybody here keeps saying that "they" will route around the evil nodes, as if there's some overarching intelligence governing the network. That's not how it works. A node is a node. A miner is a miner. They do not wear black hats and white hats so you can tell which are the bad guys.

Some people could sit on the sidelines and say in essence, "this miner I trust is says there is a problem and I believe them because they are my personal friend", but we have no way of knowing if that post was sent by a black hat or a white hat. This is how the Internet works. This was the entire point of Bitcoin and the blockchain architecture (the original Bitcoin version, not the fake PoS networks): you don't trust people, you trust the algorithm.

With Bitcoin, there is no "they".

Now, if somebody can explain what the algorithm will automatically do in the event of attack, then that would be a mitigation. But the minute you bring people into the mix, the argument is lost.

(And even there were people, no human could react in a number of milliseconds before thousands of transactions have been committed).

If everyone understands 51% attack from hair to the toe, it will not be difficult then to execute. It is the complexity and the uncertainty that surrounds the 51% attack that makes people not to emback on the purported futile journey. Preventing attacks from remembering to breakthrough, is the best form of security.

although several posts ago.. im still laughing at this statement
legiteum thinks bitcoin is AI.. and doesnt understand the concept that core is wrote by humans(devs) and those same devs decide the changes of protocol/policy/rules of bitcoin.. and node users also have their own algo's to monitor and alert people to certain events

EG people panic when they see coins from 2009-2010 move, if the mtgox/bitfinex hack/government seized coins move, and CEX services use analysis services which they then use to make decisions over. there have been times where major exchanges lock withdrawals based on events or change batching,timing, fee configurations of withdrawals based on events.. its not all AI

There is no Mining servers with Bitcoin mining to be exact.

Bitcoin miners can run their own Bitcoin full nodes if they are solo miners but time for solo miners gone a long time ago. Nowadays if you are small solo miner, you are only wasting your resources without bitcoin rewards from mining.

With big Bitcoin miners, they can run their own full nodes if they want to set up their own big mining farms or they can configure their ASICs to join available Bitcoin mining pools that have their own Bitcoin full nodes.

Fortunately Bitcoin network is decentralized and Bitcoin miners can easily config, re-config their ASICs to any mining pools.

Servers? No, they don't care.

Who is going to take them offline? Satoshi? The FBI? The secret union of people who control Bitcoin? And how would they know who "they" are? How would we know who to trust and who not to?

You simply don't understand that there is no central authority controlling Bitcoin. It's an algorithm and nothing else. There is no "community that protects Bitcoin". The code does whatever it does, and when there is a dispute, it takes a vote among nodes and hashrate.

And as for profitability, do I need to spell it out? Bitcoin's market cap is $1 trillion now. You could easily make tens of billions by simply short-selling it after an attack--for instance. You are saying we should ignore the reputational cost, which is directly financial, and then at the same time bringing up profitability of an attack: these are at odds with each other.

Don't get me wrong, I know I'm being lazy here (I've got a million things to do these days): I haven't taken the time to carefully construct a complicated attack scenario that could profit billions of dollars. In lieu of that, it's fair to call that out.

But I'm pretty sure there is one...

Repeat: stop repeating this hypothesis like everyone else, and go make it at least a theory.

Repeat: people are ignoring the fact that it's not an issue about whether an attack is possible, but whether a PROFITABLE one is.

Repeat: ignore the reputational cost (you guys focus on financial only all the time).

You literally reply and ignored these points.

In your scenario, Russia hacks and gains control of all the mining servers. WOW. How long before these hacked servers get taken offline? Are they going to allow Russia to use that power to mine even 1 block? I guess in your scenario yes, because these powerful companies with 100s of IT staff and security owning the servers will just sit back and prove your hypothesis. They will never think to just pull one OFF switch to the power lol man, you really need to go and gang up with all the 100s of people who talk about all these fantasy stories and please convince someone to attack Bitcoin. I would love to see you guys do that seriously.

Actually, go for easier first, try do it to Dogecoin or something first. Maybe you can ask Belarus to help you hack a few Dogecoin mining servers, and come back and tell us all you proved you successfully attacked, made money, and own the new chain, and nobody stopped you because there are no people involved.

That would not prevent the attacker from continuing its attack.


You are assuming that the goal of the attack is financial gain, but it doesn't have to be. Also, there would not necessarily be chaos and Bitcoin might maintain its value if most users are mostly unaffected.

not only that, the costs shown are just to do a blockchain annoyance of transaction inclusion/exclusion.. if he then wanted to mess with the multiple CEX markets he would need a separate budget(s) to then spend on CEX market(s) to try to crash the market(s). which the CEX(s) can then freeze the account instantly and seize the funds (or simply just deny the order, or ban access to the ordering feature)

Yeah, as you suggest, the actual cost would be so far beyond that $18.6 billion figure.

It would take a LOT of time and money to set up the infrastructure to run a series of Bitcoin mining operations equal to the size of the entire global mining industry. And like you said there aren't millions of unused asics just sitting around lol. The attacker would have to compete for supply with the entirety of the global mining industry. That would drive up prices of the asics, making that $18.6B figure just for the mining machines potentially much higher, and it would take years to acquire them and set up the infrastructure. And presumably by the time they got it all set up, after likely several years, the hash rate will have increased significantly, so the attacker would have to keep buying asics well beyond that initial amount needed for a 51% attack when they started their plan. All told it would take numerous years and dozens of billions of dollars to engage in a 51% attack.

And after all that, the Bitcoin community could easily simply sidestep the attacked chain and keep going, making the attack worthless (though of course the simple fact of an attack happening, even though it could easily be sidestepped and not cause any lasting harm, would certainly at least temporarily hurt the reputation and market for Bitcoin).

The thing is that if everyone knows a 51% attack is happening and if the attackers were able to maintain their atttack, everyone would simply abandon the longest chain because it would then be corrupted.

The longest chain is considered the Bitcoin chain for the purposes of maintaining a consistent history when dealing with orphaned blocks. That doesn't mean the global Bitcoin community will just be forced to blindly follow a corrupted chain if a 51% attack occurred lol. Human beings are involved in the operation and use of Bitcoin, it's not just blind machines following rules. Those 51% attackers would quickly find themselves in 100% control of a completely useless blockchain and Bitcoin would keep going as normal. As soon as the 100% of honest miners switched away from the corrupted chain, the attackers would lose the chance to get the mining rewards they were hoping to get because the blockchain history they are using would be different from the blockchain history everyone else is using and so even if they kept running their chain they wouldn't be able to spend the money with anyone but themselves.

Now sure, they could keep doing the attack again and again, causing chaos for a short time, but they'd keep losing and burning huge sums of money for no monetary reward. Eventually they'd have to give up and it'd be an enormous financial ruin for the attackers.

I personally would predict Bitcoin absolutely crashing to near-zero if the network was successfully attacked. Absolutely everybody would want out of their Bitcoin and into safe haven investments e.g. USD. If the network can be shown to accept double-spends (etc.), then trust in the network would be incinerated. Bitcoin has no tangible value: it's value is purely its reputation, and most people are taught that Bitcoin is absolutely safe. Once it's shown not to be, even temporarily, that would be absolutely devastating to its brand.

In the successful scenarios we're talking about, transactions are lost, which means that money is lost. It doesn't need to be a lot to trash the system's reputation because the absolute perfection of Bitcoin has been so widely touted.


Okay, that seems to be more like it.

So that comes out to what, $30 billion in hardware and infrastructure to execute ~500k transactions per day?  I'm digressing here but, yeah sure, let's put voting on blockchain, yeah right! 

True miners won't put the source of their bread and butter in to chaos.  This will affect them more than any other else.  One example is Ghash.io, there is one point in time in 2014 where the mining company almost reach the 51% mining hashrate and it alarms the community, to be able to avoid to amass 51% hashrate they voluntarily reduce their mining hashrate to pacify the outcry of the community.


Or make a hardfork and return to the time stanp where the network is yet to suffer the 51% attack.  But obviously, this will dwindle down the trust in Bitcoin at least and at most there will be an instant 180 degree turn for most of the holders and believers and possibly Bitcoin will never be the same again.

bitcoin network of current honest miners is ~700EH
a malicious entity would need 714EH to become a new network hashrate of ~1.4ZH where the malicious entity has 51% of the hashrate and the honest miners have the rest

the cost of that 714EH would for 230THasic at $6k each, which would be 3104348 asics which is $18.6 BILLION.. billion with a B.. and thats just the hardware, let alone the electric costs that get added on and warehousing and manpower needed to set up the mega farm
(also asic manufacturers dont just distribute 3m of asics in one shot, so it takes time too)

however if we had the current 700EH honest network and a malicious entity was able to corrupt or collude half of the current 700EH to then make it a 353EH:347EH mal:hon ratio then it would require some kind of substantial bribe or promise to all those ~1.5m asics it attempts to corrupt, which may not last too long if the malicious act negatively affects those corrupted asic owners income flow.. they too can just jump to a honest pool and keep the bribe as a free lunch.. after all its not like the malicious entity will take its bribed asic owners to court for breach of contract..

Which nodes? If it's some random nodes over the Internet the legitimate nodes would simply ban them for misbehaving and not following the protocol. Even if it's 80%. Bitcoin is sybil attack resistant for a reason.

If they take over several major exchanges? This would maybe cause some confusion, because legitimate users would then have problems to transfer from and to these exchanges. But nevertheless, it will be detected in a few blocks at most. Exchanges (these are real people, by the way) would warn users via other channels. Okay, let's say the hackers also take over all major social media sites. Nevertheless, the confusion will only last a few hours at most.

The most important thing is that you can't trick a legit node into accept a non-protocol compliant chain. What is possible is a hack of mining pools (see below).

A real 51% attack, i.e. mining real protocol-compliant blocks with real hashrate, can of course cause damage. That's undisputed. But creating such an attack only via "hacking" (i.e. without wasting money in buying hashrate) would need:

1) You would need to hack the nodes of the pools first.
2) You would need to hack then also the nodes of major miners, because once miners detect that there's something wrong (see my last post: even if there's no major reorg, it is quite obvious when a single pool or even an address is censored), they will change the pool.

Both pool owners and miners (above all, major ones) do pay people to monitor their systems. They would very fastly see that something isn't right, e.g. when they lose access to their own user accounts on the system. And chain analysis firms are very likely to cooperate with miners and warn them about more subtle attacks like censoring, because they will fear their business model not to work anymore if Bitcoin is heavily hit by the attack. (I see @franky1 addressed that topic too).

You can also hack the software but as it's open source this would also be detected quite fastly. And you will always have lots of nodes which will not upgrade to the infected version.

There are so many actors that would have to be "taken over" that it should be the most complex hacking attack in history by far.

I believe this to be borderline impossible, perhaps 99,999999999%, to succeed for more than 1-2 hours. Of course a short "takeover" attack could cause a dip in price and some double spends, but I believe this would not result in major damage, much less in censorship.

So what if the same country took over 51% of the nodes? That's really what we're talking about here. I tend to simplify the conversation by using the words "miners" and "nodes" interchangeably even though that's not technically accurate, but for the purposes of a 51% attack, I just mean some entities that could be taken over.

And if some people detected the attack, what exactly would they do? Keep in mind that, unless the attackers were stupid, they would also be spreading their own disinformation about the 49% who are attempting an attack, and don't let them get to 51%, yadda yadda. How do we know who is the good guy and the bad guy in real time?

I think part of the problem in talking about this attack is that most of us (or all of us, hopefully ) are not criminal hackers and we don't think like one. But I know enough about hackers to know that they tend to figure out ways around problems and can be pretty elaborate and subtle about what they do, and they... think of things I never thought of.

Don't get me wrong, I feel like Bitcoin is as safe as getting on any airliner: I would bet my life on it being safe, and I do every time I fly. But airlines do go down occasionally: it's a different argument to call Bitcoin "theoretically 100% safe". By the same token, I hold my life savings in the same place most people do: in a financial institution. I would never call it "absolutely safe" in an academic sense, but the chances of my accounts at these places being hacked or erased or whatever is basically not a concern to me since it is so low.

There's a common talking point about Bitcoin that it's safer than a typical major financial institution, from the standpoint of losing your investment based on storage failure (e.g. hacking, crashing, etc.). That's simply not true, and there are remote risks involved with either.



So... $9 million or so? That's peanuts for a nation-state, and private hackers could easily make 10x that selling shorts on BTC while all of the turmoil was happening. I'm actually hoping you are wrong here .

Still I don't think a 51% will actually happen.  literally everyone including miners are all out to make profit and with that much hash rate to carry out a 51% attack I think mining pools would be smart enough to use that enormous hash rate themselves to collect more mining rewards rather than trying to re-org particular blocks on the network. Take for example as of recent, September 2024, the total Bitcoin network hash rate is around 300-400 Exahashes per second (EH/s) when I last checked. To launch a 51% attack, an attacker would need to control at least 51% of this total hash rate.

Let's assume a total network hash rate of 350 EH/s (say a rough estimate). To calculate the required hash rate for a 51% attack:

51% of 350 EH/s = 0.51 × 350 EH/s ≈ 178.5 EH/s

So, an attacker would need to control at least approximately 178.5 EH/s to launch a 51% attack on the Bitcoin network.
Almost no one would want to waste such hash rate on an attack since there is a possibility that it would be aborted before it's success.

I merited the OP because I think indeed there should be more knowledge about more subtle 51% attacks in the community.

However, I'm far less pessimistic than the OP here. Censoring a miner or mining pool for example would be quite obvious, detectable for everybody who knows the addresses of these mining pools - e.g. the pools themselves.

One of the interesting cases for example is an attack of a coalition of miners to censor not a miner, but an address (OFAC sanctioned for example). In theory they could simply wait if some other miner includes a transaction from or to that address into his blocks, and reorg only these blocks selectively.

However, this is also quite difficult that it would go unnoticed. With a bit of chain analysis you can find common characteristics of the censored blocks. And in addition: if the fee of the transactions to/from the "sanctioned" address is high enough, then all non-censoring miners would include the transaction in their blocks. So the coalition would have to censor every block not coming from themselves, and that would mean basically it's the same scenario than "censoring a miner" or "censoring a pool".

What is also not possible realistically is this scenario:

You can't simply "edit the chain" and "add your own blocks". That would simply be invalidated by all full nodes, as it's against the protocol. The blocks you add must follow protocol rules, i.e. match a certain difficulty, and thus it requires "real" mining to produce them.

So even in this scenario, you have only the "normal" 51% attack options: double spending (easy to detect), censoring miners (easy to detect too) and censoring transactions/addresses (like I wrote above, requires a little chain analysis but should be detected very fastly by the chain analysis firms, and in the case the fee is high this is also easy to detect by normal miners). There's nothing subtle in this attack.

Yes, GHash.io had more than 51% briefly back in 2014 I think.  Then they agreed to stay below 40% and then a few years later shut down.  I am not sure if it was DDOS related, or just people leaving them due to having been close to 51%, but they've been gone for a while.

The risk about the 51% attack es the fact that someone can sell a big amount of coins and then recover those coins, let's say someone sell 100btc and after cashing out from the exchange he make the 51% attack, with that he can recover the 100 btc that he deposited in the exchange, that way he keep the money from the sell and the 100 btc.

that's the main risk behind this kind of attack.

Russia could hack the top three mining companies using their existing infrastructure, making the cost of the attack essentially free for them.

Nobody doing this is going to go to Newegg and buy a zillion dollars in new servers. That's not how this would work.

And again, this is the concept that so many people cannot grasp: there are no human beings governing Bitcoin. Hence there is no scenario where "the community rejects XYZ". There is no "community". There are only algorithms and code. Every form of argument that starts with, "but then people will..." is a false one. There are no people involved here.

Yeah any attack is definitely not easy at all, would require an immense power behind it and a ton of machinery and a lot of energy consumption, all of which would cost insane amount of money and also time as well. They wouldn't need to start on the genesis block, but they would definitely not look like they know what they are doing, so it would make more sense if they could just avoid any of this, it wouldn't really be beneficial for the attacker.

Think about it, you would have to spend so much money and time on doing something like this that has no guarantee that you will achieve it, and in the end you are talking about something that would not give you that much profit to get it since people would just move away to something else instead. This is why I think it is never really attempted at BTC, because we have seen ETC for example, which is ethereum classic, to have it and nothing big happened and it wasn't worth it for the people who tried it, which is a reason why nobody does it on BTC neither.

That's the point. That all these theoretical posters simply want to ignore. An attack is not the issue, a SUCCESSFUL (profitable) attack is virtually impossible. Financial aspect alone is not possible, and they also don't like to discuss reputational cost.

Look at all the forked Bitcoins, all those who supported it looked stupid and continue to look stupid, nobody will trust them to run a chain that is globally honored.

So yes, these guys can talk about how easy it is, but go ahead and do it.

In theory, the attacker can start at any block because they will eventually surpass the other miners as long as they maintain a majority. They would not necessarily have to start with the genesis block. It depends on their goal.



It is naive to believe that a miner (or pool) cannot reach 51% as it has already happened once.

1. asics do not have a full node software in them.. in simple terms an asic receives a basic hash and some blockheader data via a different communication method(its called stratum) than the normal node relay network, and re-hash it trillions of times until it makes a difficult hash and send the difficult hash back (hash in -hash out) via the stratum connection..  asics are not full nodes and have a separate communication path to the pools compared to the bitcoin peer network of nodes

2. asic owners have a asic that (simple terms hash in-hash out) and separately have a computer that has a full node to watch the blockchain for other purposes including risks and if they get paid

3. asic owners can jump their asics activity over to other pools if the owners notice a pool is doing some funky stuff
so if a pools node is infected.. asic owners (remotely) can just change pools. via each asic owner looking at their own separate node for instances of malicious/funky stuff

---

im starting to think that you make posts with some silly assumptions to poke and trigger people to correct you so that you learn by being spoonfed info rather than actually spending the time to learn things properly by actually researching aspects of bitcoin(its starting to become a common occurrence with certain people.. play dump to prompt people to correct you on purpose as a lazy way to learn)

its like those preppy kids that hire a tutor to just give them the answers by acting ignorant to the subject rather than actually reading about things and learning via looking for information

---

try to learn about all the mitigating factors that actually make a potentially malicious pool not profit and instead want to operate honourably to profit. (hint there are many factors at play)

Hundreds of thousands of nodes running... one copy of the software. Hackers would presumably hack the software, not the individual ASICs.

a pool is not a single miner

pools are a collective of hundreds of thousands of miners, a 51% attack would require atleast one million asics working collectively
and if a pool was to be doing any shenanigans that cause financial risk to all those asic owners, they would jump away to another pool

for instance if a pool manager had a community of 1million asic owners and their pool started winning every block but the pool manager was not paying out rewards to those asic owners. the asic owners would jump to another pool.
if the pool manager was to start doing empty blocks of zero transactions so that those with coin cant move their coin, again asic owners would jump pools because they too cant spend coins they have or will get if they stay

by a pool manager denying transactions, even services will start to want to reject blocks with zero tx. (and yes they can because behind every algo filled node is a human at the computer that has a keyboard, commanding the node(bitcoin is not AI))

what you find is that the bitcoin economics work great because those that try to cheat it lose out in the end and those that operate honestly end up winning.
there are many mitigating factors that are in place and also extra scripts that services have and people operating nodes as extra precautions

even the most simple thing of block rewards cannot be spent for 100 blocks means that a malicious pool has to win constantly for 16 hours before it can even spend its first malicious block reward. thus even at the 15th hour of being malicious the honest part of the network and services that want an honest network can decide to re-org a crap tonne of empty blocks and accept honestly filled blocks or other factors of preference

thus even a malicious actor ends up gong straight to remain relevant.. and thats even when asics can jump to any other pool in under 20 seconds but have hours of time to see the malicious actors failures before the malicious actor can even profit from its maliciousness, so again a malicious actor wont want to be malicious if they are not making profit. and if they cant make profit per block for 16 hours delay per block, then the likely hood of them being malicious at all is negligible due to the risk of losing all of their efforts before the 16th hour delay between creation and spendability

Perhaps another related discussion here is: what if all three of the mining companies who currently comprise >51% of the Bitcoin hashrate were taken over by clandestine means, and the hackers subtlety changed the data store to (say) edit the chain and add their own blocks?

In terms of cost, this would be perhaps 3x more expensive than the average hack of a single company, which for a sophisticated player e.g. Russia or Iran or PRK, this would not really cost anything per se since they do this all of the time.

Any attacker here wouldn't be stupid and simply do something that would be immediately detected--they would quietly insert their own blocks (etc.), trade with them, and essentially infect the whole network. After a few hours/days/weeks of this happening, it wouldn't matter if the hacks were discovered since the integrity of the entire chain would be utterly incinerated since nobody could know which transactions were made by the attackers and which were made by normal users.

Understand that there is, for instance, no way to simply "turn off" Bitcoin while some central authority figures out what went wrong. The network would keep going and going in realtime (and in a situation where the network integrity was in question there would be a massive "run on the bank" situation with basically every single holder trying to trade their Bitcoin for USD).

And while I will be the first to say that such an attack is "unlikely", that is not the same as saying it is "impossible". My savings account is probably stored in a not-internet-connected mainframe at a Big Bank, and it's backed up to WORM storage in (probably) multiple geographical locations. It is "unlikely" that may savings account at Big Bank will be lost, and this is definitely not something that is very common (in fact I've never heard of this happening to a prominent bank ever). I don't lose sleep worrying that my savings account will be hacked just as I don't worry about every airplane I board crashing--because it's very unlikely.

The question is, in terms of systemic risk, which is safer: your Big Bank savings account, or Bitcoin? I would argue the former, based on everything we know right now. This is based on a security assessment that takes into account track record, system complexity (banks use braindead non-internet-connected mainframes that have stood the test of decades of time), and system governance (same deal: banking regulations and industry-standard practices around access, personnel, etc. that have been hardened over the decades for banks, whereas all of this is brand new for Bitcoin).

The point is, anybody who tells you it is "impossible" that Bitcoin is hacked and the value of your holdings could never go to zero are... wrong. Unlikely maybe, but not impossible.

Because you need only 51% to attack it that way and 50.1% probably wasn't catchy!
But yes he is right about it, a guy with 51% of the hashrate will be able to mine all the blocks and people noticing that won't matter, it would be like realizing a guy is beating you and you lie down on the floor with no power, what is realization going to do?
Also, miners won't all suddenly see that large operations maybe, smaller ones, no way, it would take even days in some cases before some realize they are getting trashed.


It's the opposite, legit miners will see their blocks getting reorg with nothing to do so they will quit, the hashrate will go lower and the attacker will never fewer and fewer resources.


And? What are they really going to do? Fork the chain? What good will that do, the attacker will attack the new chain!


And then they will move to your new chain and attack this one, and then again, and again...imagine the price after two such events.

The thing about such an attack is simple:
- yes, it's possible
- it's all about $
- is it worth it? not really!

As already explained, but 51% is two things, not easy, and not cheap. By not cheap, currently I doubt there is a single entity on this planet that will gladly spend Billions (with B) for this kind of attack which is not even sure to succeed.

It does matter, because if users will stop using a given coin, then it will lose its value. Guess what: some people tried to fork Bitcoin, and they reached 51% for a short period of time. What happened next? Well, people simply sold their ALTs for BTCs, and moved on. And the same thing can happen again: you get 51%, you reorg some valid blocks, mined by other miners, and then everyone will abandon your chain, so you will be left with a lot of worthless coins.

It is never the case. Miners are long-term investors. They will rather mine an altcoin, than stop mining. Which means, that if some transactions will be censored, then miners will form just another altcoin, and users will join them, because then, they will have at least some confirmations, instead of constantly seeing zero confirmations in the attacker's chain.

Currently, there are some altcoins, which have something around 1% of double SHA-256 hashrate. And guess what: they are still maintained, there are still some users, and even though the value of their coins decreased, their altcoin is still actively used. And when they were attacked more heavily, they introduced more rules, like "max 10 blocks chain reorganization", and other consensus changes, which allowed them to keep running their chain, no matter how hard they are attacked.

So, to sum up: a silent attack has much more chances to succeed. For example: the latest testnet4 soft-fork was silent, and many blocks were produced, before people noticed, what happened, and triggered a huge chain reorg, to fix it. But eventually, everything went back to normal, and timewarp rules were enforced properly. Because Bitcoin is not ruled by miners. And I know, that it is true, because it is not the first time, when I can see, that users can enforce their rules, and force miners to mine the blocks they want. Because miners are like entrepreneurs, making blocks, and selling them to users. And if you have 51%, and you use it for attacking, then nobody will buy your blocks, and they will lose their value immediately.

We have been hearing about a 51% attack for years now, it's never happened.

There are 2 possibilities of it happening.
1) By a private entity
2) By a government.

If it's #1, it would have to be the size of Apple or Amazon or similar with a ton of data centers and and insane amount of electricity and staff to run it. It would cost a fortune and there would be a shareholder revolt.

If it's #2 then it does not matter, it would have to be a larger country, with once again enough money to buy the miners and available electricity to run them. At which point it's just easier to ban all businesses that deal with BTC and start putting in very harsh penalties if caught dealing with it.

There are also much easier and cheaper ways of doing a 51% attack that don't involve buying miners just you have to run a pool:


-Dave

51% attack or 80% attack, miners will separate to longest and smaller chains. If assume the attacked longest chain is refused by Bitcoin community as an original chain, they will use the smaller chain as Bitcoin. The longest chain will become a chain of shit coin like many Bitcoin forks created, and died with time.

The good one will stay with us, and a bad one will rot and die with time. A longest chain done by attacks will not be able to last for so long.

How many Bitcoin forks are there?

fortunately engaging in such is quite expensive
Except the individual goal is nothing but destroying the trust of individuals in the Blockchain no matter the cost.

No they don't have to build a new chain from the Genesis block
They can start from the latest block or go further back if they plan on reversing a specific transaction
But the goal is that their private chain have to grow to the extent it becomes longer than the honest chain by continuously mining Blocks faster than other miners.
With 51% hash power  
Once their chain gets longer than the honest they can then broadcast it and the nodes would take the longest chain as the Valid
There by making double spending possible

But The cost in starting and maintaining it is astronomical, not to mention difficulty adjustment that's makes sure mining becomes more competitive.
It's theoretically possible but implementing it is hard and should be considered irrational.

So, literally the attacker has to start building a new chain from the genesis block? or would they be a way to maneuver the honest chain and advance from there? Nevertheless, it's quite unrealistic to possess a hash rate that supersedes that of all other miners combined.

It's not that people don't know about other types of attacks that can be done with having 51% (and some of this attacks can be done with less than that), it's that double spending would make the most damage to the trust in Bitcoin.

Other types of attacks like reorgs, censorship, stiffing mining competition have less impact on the trust.

I don't understand the technical details, 'almost no one' fully does, but you can argue 'almost no one' understands how Bitcoin works in the back, this is literally how it is supposed to happen for a user technology. Does 'almost no one' understand how internet works? Does it stop 'the community' from preventing and fighting against attacks?

I propose anyone who thinks a 51% attack is easy to go ahead and try it. Make the hypothesis into theory. Then prove the theory, again and again. Then it becomes a fact.

though community might not be the right word
But when I said community I meant the collective honest miners, full nodes operators, exchanges, developers and users.


well as a decentralized system that operates on consensus there are no bad or good nodes.
It's based on consensus the biggest hash in this case 51% becomes the valid chain.

As a decentralized system with no central Authority, it is run by certain protocols and there are no human hands that can fix it
But we can mitigate the human problem
Once detected, miners who cares about network security in the supposed malicious pool would pull out which would reduce the hash power and full node operators may be able to fork it.


While Bitcoin might be decentralized and have no central Authority, it's continuous resilience relies on these stakeholders acting on its best interest.

It doesn't matter if the attacker is known or not unless you know a way of censoring a miner.


It is called a 51% attack because that is the threshold. With 51%, the attacker's chain will always be longer than any other over time. Even when the other 49% find a block, the attacker will eventually catch up and pass any competing branch with its own.

The reason that a pool is unlikely to take over with 51% is that the members of the pool will abandon it before that happens (we hope). No members, no hash power.

BTW, if an attacker successfully attains 51% and rejects all other blocks, then the other 49% might as well stop mining because they will never get another block reward.

How would the "community" respond? And what exactly do you mean by the "community".

And how would this "community" come to know that an entity has taken over 51% of the hashrate? How would the "community" know who the "attacker" is, and who the "defender" is? Is there some central entity that is going to dub certain nodes "bad" and certain nodes "good"? If so, how do they determine this? By what authority?

For me, one of the most common misconceptions about Bitcoin is that there are human beings involved in running it, and those humans can take action when they "see stuff" they don't like. But this isn't so. Bitcoin is just an algorithm. There are no human beings involved. A node as a vote with it's hashrate, and that's it. You can have whatever personal opinion about a node you want, the only recourse you have is to outvote that node with your own hashrate. Complaining here on Bitcointalk wouldn't do anything. Calling the police won't do anything (they would have no idea who to arrest).

I share the frustration that this author seems to have: lots of people--even a lot of people who seem to think they know a lot about blockchain and Bitcoin--don't seem to fully understand the implications of decentralized system. There is no central authority. There is no "community". There is no nothing except nodes running hashrate. Why is that so hard for people to understand? That's actually the central innovation of Satoshi's Bitcoin whitepaper, and to this day many people simply don't understand it.

It will be clearly visible for anyone, who will type "getchaintips" in their node.

Then why it is called "51% attack", and not "100% attack"? Note that if the group of honest miners still have remaining 49%, then they can still mine, on average, every second block. If it will be reorged, then people will notice that. First, because of chaintips. Second, because all miners in a given pool will suddenly see, that a pool is getting all of their blocks reorged.

So, doing a chain reorganization is not a silent thing. It is visible in logs. It is measured. It will be noticed. And people will take action (for example by leaving the 51% pool, because their reputation will be destroyed).

Even less serious reorganizations were noted, for example: https://bitcointalksearch.org/topic/error-connectblock-too-many-sigops-invalidchainfound-invalid-block-5447129

So, why do you think, that 51% attack will remain unnoticed, if even sigops limit violations were caught? And they are much more silent, because a block, which violates sigops limit, is simply invalid, so you have to receive it directly from a failing node.

This is not the case. If you have 51% mining power, then you can earn 51% rewards on average. Earning 100% rewards require 100% hashpower (or reorging all blocks, mined by everyone else, but then, it is very far from being "silent").

Also, there is one important thing: jumping from 51% to 60%, 70%, 80%, and so on, doesn't make much sense. Because then, you are basically raising your own difficulty, for no reason. And then, you can paradoxically get more coins, by going from 90% to 60%, because then, the difficulty can drop, so you will pay less for electricity.

The thread title is a biasly wrong induction.
Yes controlling 51% and making an attack on the Blockchain is more than double spending and could have way for an attacker to censor other miners by either including or excluding certain transactions in the Block
This gaining more benefit while other miners suffer the losses
But stating it would be 100% subtle is only theoretical
Bitcoin is quite transparent and as time goes someone would be on the abnormalities and a proper response would be taken by the community.
Same applies with miner centralization, though it poses it's risk and the way it's going we getting there since the top 2 mining pool already have a combined hash power of more than 51%.
But if the response of the community is swift the damage could also be mitigated.


Yes most of what the author stated was correct but I feel it overrated the ease in making a 51% attack undetected and Underrated The capabilities of the community.

https://www.reddit.com/r/Bitcoin/comments/197m0yc/almost_no_one_understands_the_51_attack/

I came across this thread on Reddit, and thought that community members here would be interested in it since we've discussed this same topic here before. I personally find the subject of the 51% on Bitcoin to be both fascinating and extremely relevant. If there is a systemic risk to the entirety of Bitcoin--even if is a relatively remote one--then this ought to be discussed thoroughly.

Here's the first part of it of the post: