Some practical estimates:
Most top 100 bitcoin compatible altcoins trade a total of $1000 to $25000 per day, some get a lot more volume but usually it is due to CNY trading. The second 100 ranked trade $5000 or less as a guideline.
The CE risk is that 100% of all funds for all coins and in this aspect, even if it the only aspect, makes the DE much safer to trade.
http://www.coindesk.com/court-cryptsy-ceo-predicted-exchange-failure/ vs blockchains to see where all the funds are. just the open disclosure would make DE superior, even if DE had all the same risks as CE. But I argue that DE risk is dramatically less due to the fragmenting of the funds across all coins. Also, the attacker is only able to make money by selling altcoins for BTC en masse to a lot of buyers which is quite a bit harder than the reverse
Let us say an exchange DE or CE gets 10% of the trading market and roughly $100,000 per day is traded. This would translate to a lot more on deposit, hard to estimate what percentage of trades are vs amount on deposit, if it is 10:1, then that means $1 million is at risk at this CE, all the time, from reorg attacks like DE and many other attacks and internal theft and simply flight of owner.
Now the DE, let us assume 100% of a coin is at risk, it is $2500 in this context. But actually it would be just the trades that are pending and if average trades complete in one hour or so, it might be $100.
With a budget of $100 or even $2500, I am having a hard time seeing that it would be a cash positive expectation if the process isnt fully automated. Even with a fully automated system, the cost to rent hashrate varies in realtime based on supply/demand and it is not like you can buy arbitrary amounts at a fixed cost.
My feeling is that like the cut and choose itself, it is all about positive expected return from conducting the attack and opportunity cost. Unless attacking the DE offers positive expected ROI, it is the same thing as saying someone can attack cut and choose and continue to lose money.
Can you estimate the hashrate it would take to attack some middlemarket coin,or rather, what coin could be attacked with a $2500 budget? Wouldnt the attacker need to pregenerate the blocks ahead of time? if so, there is a very big risk of not being able to make the trades to take advantage of this alternate chain. or can he wait until he has all the trades pending, then buy the hashrate, hope he is able to build a stronger attackchain with his double spends, then complete all the swaps, push the attack chain to reverse the altcoin payments.
Now he gets back the altcoins used for the trade, which had to be of equal value to the BTC gained, so he is stuck with altcoins for a chain that got attacked. maybe that will cause it to lose value and add more risk.
There seem to be quite a few "ifs" that all have to work out and the reward is 5BTC, not any 5000 BTC. So this seems an attack scenario for the financially challenged attacker, unless I am dramatically overestimating the cost to conduct the attack.
James