More than a decade ago, when Satoshi Nakamoto released the Bitcoin whitepaper, it was thought that perpetrating a 51% attack (also called a majority attack) would be impossible. Today, blockchains remain difficult to target, but they are still vulnerable.

What exactly is a 51% attack, and what do you need to know to help reduce the risk of one? We’ll discuss the answers to those questions in this article.

What Is a 51% Attack?

If a group or individual controls the majority of the hashing power of a given network, they have the ability to reorganize the blockchain and perpetuate a 51% attack.

This, essentially, involves reversing a transaction in order to spend the same cryptocurrency twice (a.k.a. double-spending). Here are the components that make this type of theft possible.

Hash Rate

The foundation of the 51% attack has to do with the hash rate for a particular blockchain. Hash rate is the measure of the computational power in a proof-of-work (PoW) system and is used to determine the health, security, and mining difficulty of a network.

At its most basic, a hash is a randomly generated string of letters and numbers. Hashing is the process of guessing the hash. The hash rate is the rate at which those guesses are submitted across the entire network.

On larger networks, there are typically hundreds or thousands of computers making millions of guesses per second. Because of that, the hash rate for these networks is typically measured in terahashes (or 1 trillion hashes) per second.

On smaller networks, there are typically fewer miners making fewer guesses, so the hash rate may be measured in kilohashes per second (1 thousand/s), megahashes per second (1 million/s), or gigahashes per second (1 billion/s).

As an example, in the last quarter of 2022, the hash rate for the Bitcoin network was around 240 million terahashes per second.

Because the volume of data on the Bitcoin network is so high, it makes it extremely difficult for any one person or organization to amass a majority of the hashing power.

But, on smaller altcoin networks, the possibility still exists that the majority of hashing power could be controlled by a single individual or organization. If that happens, it opens the door to double-spending.

Double-Spending

While modern cryptocurrency networks are generally secure, there is some risk involved, and coin or token owners are still susceptible to scams, like the rug pull and the double spend.

A double spend is a set of transactions where the same cryptocurrency is used twice. This allows the person perpetrating the transactions to get something for nothing and, potentially, make off with a large number of digital assets.

To make this type of transaction possible, the bad actor has to go back within the blockchain and alter the initial transaction so they can reacquire the original cryptocurrency. They can only do this if they have a majority of the hashing power on the network.

While there are other types of double-spend scams, the 51% attack is the most common.

Examples of the 51% Attack

A Simple Example of a 51% Attack

After gaining majority control of the network, a bad actor (individual or organization) sends a large amount of Coin A to a crypto exchange. Next, they convert Coin A into Coin B.

Once that’s done, they move Coin B off the crypto platform onto their own storage site.

Then, using their majority control of Coin A’s blockchain, they go back in and reorganize things to erase the first transaction (Coin A to Coin B) and “recover” all the Coin A that they spent.

That leaves them with the original Coin A they started with and all of the Coin B they traded for.

A More Advanced Example of a 51% Attack

After gaining majority control of Coin A’s network, a bad actor sets up an alternate blockchain that runs in parallel (Coin A2) and starts mining blocks in secret.

Next, the bad actor transfers their legitimate Coin A to a crypto platform where they can use it to trade or buy other digital assets.

After that, they continue to mine blocks on the alternate blockchain as fast as possible and without the rest of the ‘true’ blockchain knowing.

Eventually, the alternate blockchain grows to the point that it is longer than the original chain (because the attacker can mine blocks faster than the other 49% of the network).

When that happens, the bad actor announces the alternate blockchain to the rest of the nodes on the original network. Since the alternate blockchain is longer, the rest of the network is forced to accept those blocks as true.

On the alternate chain, the transfer of Coin A to the crypto platform never happened, so once it’s integrated into the original chain, the bad actor is free to spend those funds again.

What a Majority Attack Can and Can’t Do

What’s Possible

With majority control of a network, an attacker could, theoretically, reverse transactions they made while having 51% of the hash rate.

They could also potentially:

For cryptocurrency investors, the biggest risk associated with a 51% attack may be the devaluation of a particular digital currency.

Again, the larger the blockchain, the less likelihood there is that these types of attacks can occur.

What’s Impossible

While a 51% Attack does give bad actors a significant amount of power over the network, there are certain things that they can’t do, including:

How Likely Are 51% Attacks?

As we’ve mentioned, the larger the network, the lower the likelihood that a 51% attack will occur.

This is because as the magnitude of a network grows, it becomes more and more difficult to obtain enough computing power (hash rate) to overwhelm, override, and overrule the other nodes on the chain.

In addition, as the chain grows and becomes linked through cryptographic proofs, it becomes more and more difficult to change the blocks that have already been confirmed.

As a result, it becomes cost-prohibitive — meaning that it would cost more than the bad actor could get out of it — to even attempt to change blocks with a high number of confirmations.

On these larger chains, the bad actor would likely only be able to modify the transactions of a few recent blocks for a short time. To do any real damage, they would need to modify much older transactions, which would take a considerably longer amount of time.

This makes the odds of a 51% attack happening for monetary gain very low on most of the larger blockchains.

There is, however, potential for a bad actor who is not motivated by profit to attack a network with the sole aim of destroying it.

But, in the Bitcoin blockchain, for example, even if they did manage to disrupt the network in some way, the software, protocols, and nodes would react to the attack and adapt fairly quickly.

It’s worth reiterating here that while larger blockchains are more or less immune to majority attacks like this, smaller blockchains are still susceptible.

Ethereum Classic suffered 51% attacks in 2019 and 2020, and Bitcoin Gold suffered 51% attacks in 2018 and 2020.

To prevent these types of attacks, some platforms have increased the number of confirmations necessary to implement transactions and trades, thus making it more difficult to execute a majority attack.

Can You Prevent a 51% Attack?

Unfortunately, there isn’t a whole lot you, as an individual crypto enthusiast, can do to prevent a 51% attack.

These attacks aren’t directed at one individual, per se, so the standard security strategies — e.g., using a cold wallet, not talking about your holdings, keeping your private key secure, etc. — don’t really apply.

In addition, the majority of the work for these types of attacks often happens behind the scenes and is then dropped on the blockchain in one fell swoop. That means that no one sees it coming until it’s too late.

You can, however, protect your portfolio just a bit by diversifying into other digital assets instead of putting all of your funds into one coin or token.