By Maxwell Sanchez
Over the past five years, cryptocurrency exchanges have been the target of increasingly damaging “51% attacks” resulting in the theft of over $30 million worth of cryptocurrency to date.
Related: Wildland restores control of data to individuals
However, these attacks aren’t due to exchange security flaws; malicious actors are exploiting the underlying consensus protocols of blockchains themselves.
Every blockchain uses a consensus protocol which allows all nodes on the network to agree on the current state of the blockchain. In Bitcoin, for example, a process known as “Proof-of-Work” (“PoW”) involves miners solving a difficult mathematical problem with powerful computers.
And whichever miner finds a solution adds a block to the blockchain, which contains transactions from users on the network. Each node validates the solution before accepting the block, and miners should begin working on solving the problem for the next block.
However, there is no way for a decentralized protocol to force a miner to work on solving the newest problem; a malicious miner can instead attempt to re-solve an older problem and propose an alternate version of the blockchain to the network.
Normally this is not a problem – nodes consider the chain with the most total computational power correct, or “canonical,” meaning alternate chains are discarded.
However, if an attacker possesses 51% or more of the computational power of the entire network, they can force nodes to accept their alternate chain, because it’s built with more mining power than the “legitimate” chain currently on the network.
Attackers can use this method of rewriting history to reverse transactions. This allows an attacker to send a deposit to an exchange on the normal chain, and once the deposit is confirmed — and the attacker trades the funds to another asset and withdraws– they release their alternate version which lacks this deposit transaction.
This allows the attacker to claw back the original deposit to his or her wallet. It’s like tying a string to a coin and pulling it back out of a vending machine once you receive your soda.
In 2018, a 51% attack on Bitcoin Gold absconded with over $18M, and the attack was estimated to cost less than $200k to execute. In 2019, Ethereum Classic suffered a 51% attack, and three more successful attacks were executed in August of 2020, after which some exchanges increased the confirmation time for ETC deposits to 2 weeks or disabled them entirely.
The presence of hashrate rental marketplaces like NiceHash make acquiring the required mining power easy; an attacker could rewrite an entire day of Bitcoin SV’s blockchain for less than $150k. Unsurprisingly, the $3B blockchain suffered three 51% attacks over the summer.
These attacks don’t only apply to PoW blockchains either; any decentralized consensus protocol can be attacked in a similar manner if a malicious actor acquires 51% or more of the block production capability.
However, there are solutions blockchains can adopt to drastically increase their security without attracting any more mining power. Bitcoin, due to its extremely high hashrate, is nearly immune to these attacks.
And there are security protocols which allow other blockchains to inherit Bitcoin’s security, like VeriBlock®. VeriBlock and its Proof-of-Proof® (“PoP®”) consensus protocol is a completely Decentralized, Trustless, Transparent, and Permissionless (“DTTP®”) add-on to a chain’s existing security.
PoP miners publish blockchain state data through VeriBlock’s security aggregation network to Bitcoin, and these publications are used to reject reorganizations onto an attacker’s chain even if they control more than 51% of the network’s mining power.
On blockchains using VeriBlock, transactions receive Bitcoin confirmations, referred to as “Bitcoin Finality.” This means exchanges and merchants can accept transactions on these blockchains with the same security assurances as transactions on Bitcoin itself.
In order for an attacker to reverse a transaction finalized by Bitcoin, they would have to 51% attack the security-inheriting blockchain, VeriBlock, and Bitcoin simultaneously.
This symbiotic relationship between Bitcoin and other blockchains benefits the entire ecosystem: Bitcoin’s “environmental cost” is amortized over many blockchains — allowing it to secure millions of transactions per second, rather than a handful.
Bitcoin miners increase their revenue — leading to even more security. And other blockchains can operate in a highly secure fashion without introducing any centralized control mechanisms.
Solutions like VeriBlock enable the rapid proliferation of a diverse blockchain ecosystem without the security concerns present today, allowing experimentation and innovation with confidence.
About the essayist: Maxwell Sanchez is the founder and chief technology officer of VeriBlock; has been building technologies for the blockchain ecosystem since 2012. Based in the Cayman Islands, The VeriBlock Foundation is a non-profit organization committed to increasing awareness and adoption of the VeriBlock Blockchain. To learn more, you can join the project’s Discord or follow them on Twitter.
