Fears of a ‘51% attack’ have loomed since the popularization of blockchain technologies. Indeed, attacks were attempted and in some cases succeeded upon some smaller, lesser known cryptocurrencies (see Bitcoin Gold 51% attack), but the scale of the major blockchains rendered them resistant such attacks. That was, until January 7, 2019 when a 51% attack was carried out on Ethereum Classic (ETC).
In the aftermath of the attack, many are speculating how Ethereum Classic might recover from this potentially disastrous incident, but also considering the potential implications for blockchain technology as a whole. The danger of this type of event is by no means limited to smaller blockchains; it is inherent in the very concept of decentralization.
What Happened
On January 7, 2019, an attacker acquired 51% of the total Ethereum Classic blockchain hashing power. This allowed the malicious actor to begin a series of rewrites to the blockchain in an attempt to double-spend the ETC cryptocurrency. Ultimately, the attacker was able to process a series of double-spend transactions on the Ethereum Classic blockchain, generating losses of about $1 million across the network.
Most exchanges responded to news of the attack with announcements stating that they were not compromised, but some, such as Gate.io, announced that they had fallen victim to the attack. The affected exchange businesses lost hundreds of thousands of dollars in covering trader losses and unquantifiable amounts due to the damage to their credibility and reputations.
An Unavoidable Risk?
As with centralized ledgers, the decentralized nature of blockchains make them susceptible to attack. Anyone who is able to obtain 51% of the hashing power on a blockchain network will automatically gain the power to rewrite previous transactions on the chain, double-spend cryptocurrency, and take advantage of the system. Many, including Litecoin creator Charlie Lee, have stated any decentralized blockchain can experience, no matter the size or stability, can fall prey to a 51% attack.
Accounting for an Attack
The extent to which hashing power can be purchased on the open market is one metric used to evaluate if a coin is susceptible to a 51% attack. NiceHash is the largest marketplace for cryptocurrency hashing power. If the token economics and price work provide an opportunity for would-be attackers to profit, and if there is enough hashing power available for sale on NiceHash, an attack could potentially happen at any time.
Lee described how this played out in the case of the Ethereum Classic attack:
“Be careful w/ coins that are not dominant in their respective mining algorithm, especially ones that are NiceHash-able. ETC has less than 5% of the total Ethash hashrate and is 98% NiceHash-able. 1-hr attack costs $5k. Almost $500k has been double spent.”
The site Crypto51 provides a live view of most major cryptocurrencies, the amount of money it would cost to conduct a 51% attack, and the percentage of hashing power of the total network available for an attacker to purchase. Using NiceHash is not the only way to carry out such an attack, but these metrics can provide key clues to detect a potential blockchain vulnerability.
Lower Prices Means Easier Attacks
Due to the drops in prices of the entire cryptocurrency market that have occurred over the past year, it is now easier and cheaper than ever to rent the necessary computing power to carry out this type of attack. As mining becomes less profitable, the number of miners on a network falls. Fewer miners means less hashing power, which makes it easier for an attacker to purchase the hashing power required to reach 51% of the entire network.
Reviewing the trend in hash rate of the Ethereum Classic blockchain prior to the attack, the entire network was utilizing half the hash rate that it did at its peak in September of last year. This significantly lowered the financial barrier to carry out the attack.
Ethereum Classic Price Remains Stable
While conventional wisdom would expect the price to have fallen, this simply wasn’t the case. In fact, after dropping only about 10%, the price of ETC stabilized and Ethereum Classic weathered the attack.
There are several potential reasons for this. First, the immediate reaction of many exchanges was to freeze trading on the cryptocurrency, which forced ETC investors to hold through the event and would have prevented a large-scale ‘run’ on the crypto coin. For instance, Coinbase, one the world’s largest crypto exchanges, suspended ETC trading following the attack, rendering users unable to access their ETC funds.
In addition, in spite of the attack, the core development and advocacy team of Ethereum Classic showed no sign of wavering or move to sell their ETC. These core members hold a significant stake in the cryptocurrency, and their demonstrated continued belief in the tokens could well have contributed to stabilizing the price. When asked about ETC price stability after the attack, Castle Island Ventures partner Nic Carter responded, “The truth is that a lot of these assets have dogmatic diehard communities that refuse to submit, and most tokens are held by them anyway.”
The Wider and Future Implications
While Ethereum Classic continues to recover from the attack, the shockwaves and implications continue to be felt throughout the cryptocurrency industry. While the advantages of blockchain technology and decentralization have been highly touted, the ETC attack highlighted one manner in which blockchains can be vulnerable to attack and stoked fears of similar attacks occurring in the future.
Blockchain networks are successful because the majority of verifiers (miners and nodes) act in a trustworthy manner. When untrustworthy actors pursue their individual interests at the expense of others, the entire network can break down. The majority of cryptocurrencies will not achieve the ‘escape velocity’ required to reach a scale that renders 51% attacks impractical, and in these cases, for now at least, we must depend upon collective efforts to act with integrity and pursue the positive progress of this still young and developing industry.