51% Attacks
Since Bitcoin launched in 2009, Proof-of-Work has been the mainstream method of securing decentralized cryptocurrencies against double-spend attacks. Proof-of-Work is intended to make it prohibitively expensive for an attacker to rewrite the blockchain and reverse transactions that are considered settled. An attacker could double-spend through a "51% attack" in which the attacker amasses a majority of the hashrate on the target cryptocurrency. Satoshi Nakamoto assumed in the Bitcoin whitepaper that acquiring 51% of Bitcoin's hashrate would be impossible and thus did not consider the economic incentives behind a 51% attack.
Recently, theoretical thinking about 51% attacks has evolved. A plethora of alternative cryptocurrencies (altcoins) with wildly differing market capitalizations have launched. This has made 51% attacks against altcoins realistic because only a small proportion of miners from larger coins need to switch to a smaller coin in order to control 51% of the smaller coin's network hashrate. This has led to the creation of economic models that consider the incentives behind launching a 51% attack in a world where enough hashrate can be purchased if the attacker is willing to pay. These theories suggest that successful attacks are either break-even or profitable unless miners have large fixed costs associated with their mining hardware that could not be recouped in the case of an attack.
Mining rental services have reduced the fixed costs for an attacker to zero as renters only need to purchase hashrate for the duration of the attack and have no commitment to future returns from the underlying hardware. This effectively allows an attacker to rent hashrate for only its marginal cost. A large number of Proof-of-Work altcoins have many multiples of their network hashrate available to rent, leading to a number of high-value attacks in the wild. Until this research project, the industry has relied on media reports and disclosures from victims (usually exchanges) to learn about attack events. Exchanges are not incentivized to disclose successful attacks due to the risk of being perceived as insolvent and journalists are rarely able to provide detailed data on an attack. Futhermore, 51% attacks are transient events meaning that unless they are observed at the time of attack, it is not possible to detect them later.
We built a system to actively monitor scores of Proof-of-Work cryptocurrencies and detect chain reorganizations (reorgs) which can indicate that a 51% attack has occured. When an attack is detected, the system analyzes the blocks involved and reports any transactions that have been double-spent. The system also estimates the cost of attack based on hashrate rental prices at the time of the attack. The goal is to gather real-time empirical data on the rate of reorgs on popular cryptocurrencies to provide guidance to the industry on better practices for managing Proof-of-Work security.
Since we launched the reorg tracker in June 2019, we have detected over 40 reorgs that were 6 or more blocks deep on coins such as BTG, HANA, VTC, XVG, EXP and LCC. Some of these reorgs contained double-spends and were hundreds of blocks deep. We have also seen evidence that hashrate rental markets were used to perform a subset of the attacks
Papers and Reports
Media
Videos and Lectures
Researchers and Collaborators
In transition