51% Attacks

Since Bitcoin launched in 2009, Proof-of-Work has been the mainstream method of securing decentralized cryptocurrencies against double-spend attacks. Proof-of-Work is intended to make it prohibitively expensive for an attacker to rewrite the blockchain and reverse transactions that are considered settled. An attacker could double-spend through a "51% attack" in which the attacker amasses a majority of the hashrate on the target cryptocurrency. Satoshi Nakamoto assumed in the Bitcoin whitepaper that acquiring 51% of Bitcoin's hashrate would be impossible and thus did not consider the economic incentives behind a 51% attack.

Recently, theoretical thinking about 51% attacks has evolved. A plethora of alternative cryptocurrencies (altcoins) with wildly differing market capitalizations have launched. This has made 51% attacks against altcoins realistic because only a small proportion of miners from larger coins need to switch to a smaller coin in order to control 51% of the smaller coin's network hashrate. This has led to the creation of economic models that consider the incentives behind launching a 51% attack in a world where enough hashrate can be purchased if the attacker is willing to pay. These theories suggest that successful attacks are either break-even or profitable unless miners have large fixed costs associated with their mining hardware that could not be recouped in the case of an attack.

Mining rental services have reduced the fixed costs for an attacker to zero as renters only need to purchase hashrate for the duration of the attack and have no commitment to future returns from the underlying hardware. This effectively allows an attacker to rent hashrate for only its marginal cost. A large number of Proof-of-Work altcoins have many multiples of their network hashrate available to rent, leading to a number of high-value attacks in the wild. Until this research project, the industry has relied on media reports and disclosures from victims (usually exchanges) to learn about attack events. Exchanges are not incentivized to disclose successful attacks due to the risk of being perceived as insolvent and journalists are rarely able to provide detailed data on an attack. Futhermore, 51% attacks are transient events meaning that unless they are observed at the time of attack, it is not possible to detect them later.

We built a system to actively monitor scores of Proof-of-Work cryptocurrencies and detect chain reorganizations (reorgs) which can indicate that a 51% attack has occured. When an attack is detected, the system analyzes the blocks involved and reports any transactions that have been double-spent. The system also estimates the cost of attack based on hashrate rental prices at the time of the attack. The goal is to gather real-time empirical data on the rate of reorgs on popular cryptocurrencies to provide guidance to the industry on better practices for managing Proof-of-Work security.

Since we launched the reorg tracker in June 2019, we have detected over 40 reorgs that were 6 or more blocks deep on coins such as BTG, HANA, VTC, XVG, EXP and LCC. Some of these reorgs contained double-spends and were hundreds of blocks deep. We have also seen evidence that hashrate rental markets were used to perform a subset of the attacks

Papers and Reports

Media

Featured
Cointelegraph covers James Lovejoy's Presentation at CESC 20': "MIT Crypto Group Researcher Says PoW Attacks Not Always Obvious"
Cointelegraph covers James Lovejoy's Presentation at CESC 20': "MIT Crypto Group Researcher Says PoW Attacks Not Always Obvious"

DCI James Lovejoy and Gert-Jaap Glasbergen presented during this past weeks Crypto Economic Security Conference: Unitize Online Event July 6-10th, 2020. Their Proof-of-Work presentation combines Gert-Jaap’s work on Pool Detective and James’s work on 51% Attacks.

Reorgs on Bitcoin Gold: Counterattacks in the wild - Medium Post by James Lovejoy

The economic security of Bitcoin and other proof-of-work cryptocurrencies relies on how expensive it is to rewrite the blockchain. If a 51% attack were economically feasible, an attacker could send a transaction to a victim, launch the attack, and then double spend the same coins back to themselves. Satoshi Nakamoto assumed that this would not occur because a majority of miners would find it more lucrative to honestly follow the protocol than to attack the chain, the source of their own mining revenues.

Recent work has shown the cost of attack on a coin can vary widely. This cost depends on factors like the liquidity of hashrate, the impact on coin price, and the length of the required rewrite; under certain circumstances an attack could even be free. As of March 2020 for chains like Bitcoin, miners make large advance investments in mining equipment and are reluctant to rent any significant fraction of the chain’s hashpower, making the cost today likely quite high. Some coins, however, use proof-of-work algorithms for which there is enough new hashrate for rent to cost-effectively launch 51% attacks, and there have been double-spend attackson these coins observed in practice. Using hashrate markets like NiceHash, buyers and sellers can easily find each other. It is now commonly believed that low hashrate coins, coins that are not the largest in their proof-of-work algorithm class, and coins for which there is a liquid hashrate rental market are all susceptible to cheap 51% attacks and are insecure.

In a recent paper titled Double-Spend Counterattacks, we discuss a strategy to prevent 51% attacks in vulnerable proof-of-work based coins: the victim can counterattack. We show that the victim’s ability to rent hashrate and mine on the original chain, overtaking the attacker chain in the event of an attack, can deter the attack from happening at all in equilibrium. The results hold under the following assumptions: (1) the victim suffers a moderate reputational cost to losing that the attacker does not suffer (e.g. exchanges may suffer negative reputation cost if attacked while anonymous attackers do not), and (2) the net cost of attack increases over time (e.g. by coin value dropping or the cost of hashrate rising). While we had no evidence for double-spend counterattacks in the real world at the time we wrote the paper, we recently saw what we think are counterattacks on Bitcoin Gold…

Forbes's "Bitcoin Rival Suffers Devastating Attack" reviews DCI's James Lovejoy's discovery of a '51% Attack'
Forbes's "Bitcoin Rival Suffers Devastating Attack" reviews DCI's James Lovejoy's discovery of a '51% Attack'

“Bitcoin gold, a relatively minor cryptocurrency that split off from the original bitcoin blockchain in late 2017, has suffered a so-called 51% attack resulting in over $72,000 worth of bitcoin gold tokens being double spent.

A 51% attack can occur when malicious cryptocurrency miners take control of tokens' blockchain and is the second time it's now happened to bitcoin gold which saw $18 million worth of bitcoin gold stolen in May 2018.

The price of bitcoin gold, which ranks as the 36th most valuable cryptocurrency according to CoinMarketCap data, jumped following reports of the attack, moving counterintuitively considering the seriousness of an attack of this type and suggesting the market for smaller tokens is still far from maturity…”

Videos and Lectures

Researchers and Collaborators

In transition

Previous Researchers and Collaborators

Graduate Researchers

Undergraduate Researchers