Author

Topic: How does a double spend 51% attack work ? Explanation and examples. (Read 366 times)

full member
Activity: 602
Merit: 106
Best explanation given that I have seen!
Not too long and understandable with solid facts and scenarios.

Well done!
 
legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide
https://medium.com/@slowmist/the-analysis-of-etc-51-attack-from-slowmist-team-728596d76ead

Excellent analysis of the recent 51% attack on ETC targeting Binance, Kraken, Coinbase, Bitrue and others.
legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide
I was thinking about it these days. A 51% attack really successful, would need the hacker to withdraw into another currency. Once they discovered this attack, the currency could devalue or have other problems.

So for an exchange to avoid this type of attack would not it be simpler to create security methods making it difficult to buy, sell and withdraw into another currency in large amounts in a short time?

Would users be hurt too much? Maybe limit this to projects that take some 51% attack risk?

Yes- the attacker would have to convert to another currency on an exchange and withdraw or purchase goods from a merchant and receive physical possession of the goods or crypto before the double spend is discovered.

Really the only safe solution is for the network hashrate to be so high that it is impossible to rent enough hashrate to wage an attack.

On small low hashrate networks it is very cheap to wage a 51% attack. So the more confirmations a merchant requires - the longer the attacker will make the side chain. On some chains the code would potentially allow the side chain to be very long. People already complain about 20 confirmations. Even 200 confirmations would not provide a guarantee.

Only transactions that are sent during the attack are affected by the attack. If you hold crypto in your wallet it is unaffected.

The only real longterm decentralised solution is merged mining or a POW / POS hybrid. POW & Masternodes hybrids are also a potential solution. With masternodes the largest stakeholders protect then network. Checkpoints are also a potential solution.  

For bitcoin and litecoin it is a relatively low risk. They are unlikely to produce a protocol that counters a 51% attack because the reason the code behaves in such a way is beneficial when there is no 51% attack  - and those chains have a low risk of an 51% attack because the blockchain has sufficient hashrate to protect against it.

A lot of the development is done by the large coin networks and just copy and pasted by the rest of the alts. This doesn't affect the large coin networks so the smaller coins have to figure it out themselves.

It is only the smaller coins that are at risk. They have insufficient hashrates to protect their network and it costs the attacker only a small amount to wage a 51% double spend attack. On some low reward networks it would cost as little as $4 for an hour attack.

http://www.crypto51.app/


The % rate shows the nice hash hashrate available to conduct such an attack. As you can see it is more than feasible. MMR also has lots of hashpower available for rent.

For a this reason a lot of small POW coins have swapped to hybrid chains or tokenized and rely on the higher hashrate of the chain that runs the token.




hero member
Activity: 672
Merit: 526
I was thinking about it these days. A 51% attack really successful, would need the hacker to withdraw into another currency. Once they discovered this attack, the currency could devalue or have other problems.

So for an exchange to avoid this type of attack would not it be simpler to create security methods making it difficult to buy, sell and withdraw into another currency in large amounts in a short time?

Would users be hurt too much? Maybe limit this to projects that take some 51% attack risk?
legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide
There is also some interesting discussion here:

Solution to a 51% attack?

The solution to a 51% attack is never let one entity amass that amount.
member
Activity: 378
Merit: 11
Decentralized Digital Billboards
Great, how i now understand, i dont know what is 51% attack.
before i think what its needed to accept only need for you transactions
legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide
That is a very good explanation! Thanks for your work!
Finally i have understood it completely.
Your contribution deserves merit, but unfortunately i have none to give.

Thank you for the complement.

Thank you to Lafu for the awesome German translation he has made of this topic.
https://bitcointalksearch.org/topic/wie-funktioniert-ein-double-spend-51-angriff-erklarung-und-beispiele-5035620

Thank you to theyoungmillionaire for his fantastic Filipino translation:
https://bitcointalksearch.org/topic/paano-gumagana-ang-isang-double-spend-51-attack-paliwanag-at-mga-halimbawa-5038913
jr. member
Activity: 294
Merit: 1
That is a very good explanation! Thanks for your work!
Finally i have understood it completely.
Your contribution deserves merit, but unfortunately i have none to give.
legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide
How does a double spend 51% attack work ?

BTCurious explained it brilliantly in a couple of sentences:
If I had 51%, I could mine a chain of blocks in which I transfer all my coins to my personal wallet. I'd mine this chain about 10 long, but not tell the rest of the network. At the same time, I convert all my coins to dollars on the exchange and withdraw them. This happens on the normal blockchain.
After my withdrawal has gone through. the normal blockchain is about 9 long, while my blockchain is 10 long. I announce all my blocks to the network, and lo and behold, the network confirms I am right.
But dollars can't be reverted! So the exchange takes a loss.

Quote

Monacoin, bitcoin gold, zencash, verge and now, litecoin cash.
At least five cryptocurrencies have recently been hit with an attack that used to be more theoretical than actual, all in the last month. In each case, attackers have been able to amass enough computing power to compromise these smaller networks, rearrange their transactions and abscond with millions of dollars in an effort that's perhaps the crypto equivalent of a bank heist.
More surprising, though, may be that so-called 51% attacks are a well-known and dangerous cryptocurrency attack vector.
https://www.coindesk.com/blockchains-feared-51-attack-now-becoming-regular/

This is the more comprehensive explanation:

When one person controls more than 51% of the mining power on a coin network they can control the concensus.

The attacker will rent (Miningrigrentals.com or Hashnest.com) or use a botnet to obtain a lot of hashpower.
For instance if the mainnet has 25 Gh of hashpower a 51% attack can be done with 25.5 Gh of rented mining power.

Which would be easy and not very expensive.


How the attack works:

Using a secret pool they make a private chain that is longer than the public chain.

For example:
Say they start at block 100 000
They will build a longer private chain than the public chain.
The private chain has more hashpower so will find blocks faster.
The private chain might have found 10 blocks while the public chain has only found 9 during that time.

The Double-Spend

As soon as they start their private chain they go to an Exchange or merchant and make a large deposit.

Using 10,000 GLD as an example.
This is broadcasts to the public blockchain in block 100,001. But they don’t broadcast that transaction on their private chain, only the public chain.
On their private chain they make a transaction sending those same 10,000 GLD to another wallet address in block 100,001.


This is the “double spend” part - they spend those same GLD twice.

How they Profit

The exchange sees the 10,000 GLD deposit on the public chain and after 6 blocks of confirmations it is accepted and the balance is transferred to the exchange ledger – making it available to be traded.

The funds are now securely in the exchange wallet – right ? Because the coin network has confirmed that they are there. It appears on the block explorer as a correct transaction.

The attacker then trades the 10,000 GLD  for Bitcoin at market prices and immediately withdraws the Bitcoin.  
The exchange approves the Bitcoin withdrawal and the attacker now have the proceeds in BTC.
By now, we’re at block 100,008 or 100,009.


As soon as the BTC comes out of the exchange -  the attacker will release their long private chain of 10 blocks, broadcasting it to the public network. Their longer private chain is now public. Because the private network has a higher hashing power (over 51%) and longer than the previous public chain  it is now accepted by the public chain as the true record.
This is called “Chain Reorganization.” The 9 blocks previously on mainnet are orphaned and the 10 new blocks are put in place as the new mainnet. This is how any chain splits are resolved in the GLD coin network protocol .

The coins that were accepted origionally by the network in the exchange wallet are now rejected as invalid by the coin network.
But the exchange has already released the proceeds of the sale of the coins for BTC to the attacker in BTC.

While their wallet initially had 10,000 GLD the network has voided that transaction and approved the private chain as the “true chain”.
Suddenly, the mainnet does not include the original deposit of 10,000 GLD to the Exchange back in the original block 100001 but it does include a transfer of those 10,000 GLD to the attacker’s own wallet back from privately-mined block 100,001.


On the new version of the chain the attacker never sent them to the exchange but they sent them to themselves instead.

So the attacker took out 10,000 GLD worth of BTC from the exchange, and they no longer gave the 10,000 GLD to the Exchange in the first place.

They may have paid a lot of money for all that hashpower but the GLD they stole is worth a lot more than that.

So is it a hack ?

The blockchain didn't get hacked. But the decentralized coin node network that runs the blockchain got exploited because the network had inadequate hashrate to protect against that.

In May Bittrex was the victim of a 51% double spend attack on the Bitcoin Gold network. The Bitcoin Gold developers only offered to partially compensate Bittrex for the losses and Bittrex chose to delist Bitcoin Gold instead.
Other coins that have been targeted by 51% attacks have usually compensated exchanges for their losses.
If a coin has enough hashrate to secure their network it would be almost impossible to carry out a 51% attack.
Some coin networks have resorted to merged mining or introducing a hybrid of POW and POS.

Sources:

https://www.coindesk.com/blockchains-feared-51-attack-now-becoming-regular/
https://forum.bitcoingold.org/t/anatomy-of-a-double-spend-51-attack/1398
https://bitcointalksearch.org/topic/how-exactly-would-a-51-attack-work-52388
https://www.bleepingcomputer.com/news/security/hacker-makes-over-18-million-in-double-spend-attack-on-bitcoin-gold-network/
https://cointelegraph.com/news/bittrex-to-delist-bitcoin-gold-by-mid-september-following-18-million-hack-of-btg-in-may


Translations of this article:

Thank you to Lafu for the awesome German translation he has made of this topic.
https://bitcointalksearch.org/topic/wie-funktioniert-ein-double-spend-51-angriff-erklarung-und-beispiele-5035620

Thank you to theyoungmillionaire for his fantastic Filipino translation:
https://bitcointalksearch.org/topic/paano-gumagana-ang-isang-double-spend-51-attack-paliwanag-at-mga-halimbawa-5038913

Thank you to taikuri13 for a great Russian translation:
https://bitcointalksearch.org/topic/51-5039027
Jump to: