What is a 51% Attack and Why should you be afraid of it?
Bitcoin (and other cryptocurrencies like it) are unique in that, in an effort to avoid counterfeiting, they do not abdicate that responsibility to a trusted third party (in the case of fiat), or to the laws of physics (in the case of gold and other precious metals). Instead, the strength of Bitcoin comes from guarantees made by its protocol. However, these guarantees have conditions, and, in the unusual situation in which one of those conditions is violated, it is possible for the currency to lose some of its vital characteristics (like being counterfeiter-proof) and there’s potential for a fairly serious failure of the currency.
One of the most plausible failures of a cryptocurrency is called a 51% Attack, and it works like this:
When a version of the bitcoin software detects a conflict between two possible blockchains, and is unsure which one is real, it automatically defaults to the one that has the strongest proofs of work in it — the one on which the most hashing power has been expended.
In other words, given a conflict between two blockchains, the bitcoin client defaults to trusting the one that came from the largest pool of computing power. This works wonderfully — if the majority of the computing power in the network is in the hands of different people with different goals. If one single organization or individual ever amasses a majority of the computing power, then they can, on average, outspend the rest of the network combined, and ensure that their version of recent transaction history is the one that the network accepts.
If you’re in the fortunate position of owning 51% of all the mining hardware in a currency, you can do a number of things. You can double-spend your money by spending it, waiting for the transaction to be acknowledged, and then quickly generating a new, fake blockchain in which you did not spend the money and then throwing hashing power at it until the network accepts it as real, effectively overwriting your transaction and allowing you to spend the same money again.
You can use the same approach to cancel transactions of others. In theory, a successful 51% attacker could prevent anyone from making transactions on the network — or, perhaps worse, they could selectively limit access to transactions to push their own agenda, or hold Bitcoin balances for ransom, effectively becoming a malicious central authority in the network.
Obviously, a 51% Attack would be hugely destructive to Bitcoin, and might lead to complete collapse of the currency. That said, isn’t a 51% Attack just a theoretical concern? How plausible is it that any one organization could possibly come to own half of all the bitcoin mining hardware in the world?
The Mining Pool Problem
Unfortunately, a 51% Attack is not as implausible as you might think. Here’s why: Bitcoin mining is an intensive and often unrewarding task for miners. The rewards are large, but they come very, very infrequently – and, in the meantime, miners spend a lot of money running their mining hardware for no visible results. This means that there’s a big incentive to socialize the risk of mining by working together in a centralized fashion and pooling computing power. When a reward is found, everyone gets a cut of it proportional to how much of the total hashing power they contributed. This is called a “mining pool” – and, from the perspective of the miners, it causes mining to provide a steadier and more reliable stream of rewards, which is a big win.
Unfortunately, mining pools also bring much greater hashing power under the control of individuals (the operators of the pool). Right now, the largest Bitcoin mining pool (the zero-fee GHash.io) owns more than 40% of the hashing power in the network. GHash.io issued a press release stating that it had no desire to execute a 51% Attack, and that it would make active efforts to avoid accumulating 51% of the hashing power in the network, including refusing to accept new miners. However, this is not a real fix to the problem, which arises from perverse incentives within the Bitcoin community.
There are a number of different ways that Bitcoin could protect itself from the risk of a 51% Attack. It might be possible to reduce the incentive to use mining pools by altering the way that rewards are paid out during mining. On a more radical level, Bitcoin could be switching, in part or in whole, to the use of a proof-of-stake system, an approach known to be several fold more resilient to 51% Attacks, along with other advantages. Unfortunately, radical changes such as these require extensive development, and due to the reticence of Bitcoin users to update their software, would likely involve forking the blockchain, which is destructive in its own right. Still, the situation as it stands is untenable. Something must be done, lest a more malicious set of pool operators than the folks at GHash.io find themselves in a position to exercise undue influence over the Bitcoin network.