Cointime

Cointime

Download App
iOS & Android

Breaking Byzantine Fault Tolerance

From coinmetrics By: Matías Andrade

Introduction 

The paper Breaking BFT: Quantifying the Cost to Attack Bitcoin and Ethereum authored by Lucas Nuzzi, Kyle Waters, and Matías Andrade presents a novel model aimed at assessing the costs associated with breaching Byzantine fault tolerance (BFT) thresholds within the Bitcoin and Ethereum networks. Published earlier this month, the study introduces the Total Cost to Attack (TCA) metric, which serves as a pivotal tool in understanding the economic incentives that safeguard these blockchain networks against potential threats.

The paper delves into the motivations of potential attackers, distinguishing between profit-driven and ideologically-motivated adversaries. It emphasizes the improbability of attacks being profitable given the substantial costs involved, thus underscoring the importance of analyzing the economic feasibility of such endeavors. In this week’s State of the Network, we dive into the method and findings of this paper and review the importance of network security and resistance to attack.

Total Cost to Attack

At the heart of the paper lies the concept of Total Cost to Attack (TCA), which serves as a metric for quantifying the cost associated with breaching BFT in both Bitcoin and Ethereum by a theoretical attacker. TCA is defined as the summation of Capital Expenditures (CapEx) and Operational Expenditures (OpEx) incurred over time by an attacker attempting to breach the BFT threshold of 50% in Bitcoin and 33% in Ethereum in order to perform an attack.

TCA serves as a measure of blockchain network security by enabling quantitative reasoning and comparative analysis of security. The paper emphasizes the importance of dissecting a network's security model in calculating TCA, which enhances understanding of specific cost drivers and contributes to better appreciation of security mechanisms like Ethereum's churn limit

This paper also serves to highlight the differences between economic and non-economic or ideological attacks, the first type defined as those attackers that seek to profit and the second as those attackers that seek to destroy the network at a cost without seeking retribution or compensation. Although both types of attackers are subject to similar costs, the payoffs are fundamentally different and thus their motivations must be regarded separately.

TCA: Bitcoin

In applying the Total Cost to Attack (TCA) model to Bitcoin, the paper focuses on two main components: OpEx (Operational Expenditures) and CapEx (Capital Expenditures).

OpEx

As mentioned earlier, OpEx aims to capture the operational costs borne by the attacker throughout the duration of the attack. In the realm of Bitcoin mining, the primary component of these costs is typically the electricity required to power the ASICs over time. While there are additional operational expenses associated with mining, such as cooling, facility rentals, maintenance, and personnel, this paper focuses primarily on electricity consumption in this analysis due to limited publicly available data on other operational costs. For brevity, we only consider one scenario expounded by the paper, in this case assuming access to a distribution of ASICs that is similar to the market, calculated using the MINE-MATCH algorithm.

With the total electricity consumption per hour of the attack determined, the next step is to estimate the corresponding cost of that electricity. Given the considerable disparity in electricity prices globally, this paper calculates an average global rate for pricing purposes. Data on electricity costs across 147 countries allows us to calculate a global average of USD 0.15 per kilowatt-hour as of March 2023. This average cost is then applied to the total electricity consumed per hour of the attack to derive the OpEx, which is illustrated in the table below.

Source: Breaking BFT (2024) 

CapEx

Having addressed OpEx, let's now delve into the Capital Expenditures (CapEx) side of the model. CapEx in Bitcoin represents the cost of acquiring Bitcoin ASICs, specialized machines designed to compute the SHA256 hash function. The paper utilizes the MINE-MATCH algorithm as an accurate proxy for the distribution of the Bitcoin ASIC network, which enables the estimation of the dominance of specific ASIC models and thus the competitive efficiency margin of the Bitcoin network over time. 

Source: Coin Metrics’ MINE-MATCH

By tracking ASIC distribution, the model simulates how many machines an attacker would need to purchase to surpass the 51% threshold required to attack the Bitcoin network for one hour, allowing attackers to double-spend. The paper utilizes market prices of ASICs to estimate CapEx, considering factors such as machine efficiency and elasticity of ASIC supply, as well as the theoretical cost to manufacture S9s. The cost estimates corresponding to historical network hashrate values are illustrated in the chart below.

Source: Breaking BFT (2024) 

As we can see, at the current network hashrate and ASIC market, the cost to attack Bitcoin ranges from $5B to $20B, varying in proportion to the elasticity of supply when acquiring ASICs by the attacker or, as an extreme scenario, manufacturing these themselves. However, the potential cost could escalate further depending on unprecedented market activity and supply chain constraints, illustrating the complexity and dynamic nature of estimating the financial investment required for such an attack.

TCA: Ethereum

In applying the Total Cost to Attack (TCA) model to Ethereum, the paper considers both CapEx and OpEx in a similar way, extending the analysis to Ethereum’s Proof-of-Stake consensus design. In the interest of brevity, we omit the analysis performed in the paper and focus on the resulting TCA, highlighting some of the assumptions given by the paper.

Given that the attackers would need ETH to perform the attack itself, the paper first estimates available liquidity in the most important exchanges, evaluating the feasibility of acquiring enough ETH to perform this attack. In order to estimate this value, the Coin Metrics measure of Ethereum held by account wallets tagged as exchanges is used, which is inclusive of the most important centralized exchanges. 

Source: Breaking BFT (2024) 

To successfully breach the BFT threshold the attacker would need to acquire ~15 million ETH. This figure surpasses the total ETH held by Bitfinex, Bitstamp, BitMEX, Binance, Bittrex, Gemini, Huobi, and Kraken combined. While other major markets like Coinbase, Uniswap, and decentralized lending platforms could potentially provide additional ETH for the attacker, the likelihood of a liquidity shock emerging before such a far-fetched scenario materializes is significant.

Source: Breaking BFT (2024) 

The figure above highlights the relationship between Ethereum's price, the number of validators, and the estimated total cost to execute a potential attack on the network, the TCA. It seeks to map out a three-dimensional space where these variables interact, suggesting that as the Ethereum price increases, or as the number of validators grows, the cost of an attack also rises. The network status as of Dec. 31st, 2023 suggests that the TCA could be estimated around $34 billion. This steep cost serves as a testament to the security and resilience that the Ethereum network's proof-of-stake consensus mechanism aims to ensure, effectively deterring all but the most resourceful adversaries.

Conclusion

In conclusion, the research conducted by Coin Metrics and detailed in "Breaking BFT" provides an in-depth analysis of the robustness of Bitcoin and Ethereum against potential attacks. The Total Cost to Attack (TCA) metric introduced is a valuable tool for assessing the economic viability of such threats. The study's findings suggest that the security of these blockchain networks is underpinned by significant economic disincentives for potential attackers. With the TCA for Bitcoin ranging from $5B to $20B and Ethereum's TCA around $34 billion, it becomes evident that the costs to compromise these systems are prohibitively high.The milestone of Bitcoin's market capitalization surpassing $1 trillion once again, coupled with the excitement surrounding the newly-minted spot ETFs and the approaching Bitcoin halving event signals a dynamic and potentially transformative phase for digital assets.The security mechanisms of major blockchain networks appear to be well-equipped to foster increasing trust and growth in these networks, which, alongside favorable market indicators, paint a promising picture for the future of the cryptocurrency industry.

Comments

All Comments

Recommended for you

  • BTC Surpasses $76,000

    Market data shows that BTC has surpassed $76,000, currently priced at $76,039.83, with a 24-hour increase of 1.67%. The market is highly volatile, so please ensure proper risk management.

  • Trump: Bombs Will Explode if Ceasefire Agreement Expires

    On April 20, according to PBS, U.S. President Trump stated on Monday that if the ceasefire agreement with Iran expires on Tuesday, there will be a large number of bombs exploding. Trump made this remark during a call with White House reporter Liz Landers, focusing on the issue of the Iran war, while a U.S. delegation was preparing for further peace negotiations. When asked whether Iran would still participate in the talks scheduled to take place in Islamabad, Trump replied, "I don't know. I mean, they should show up. It's arranged. We'll see if they come. If they don't, that's fine too." When asked about his expectations for the negotiations, Trump stated, "Very simple, Iran absolutely cannot have nuclear weapons."

  • U.S. Vice President Vance and Delegation to Arrive in Islamabad Today

    On April 20, according to the New York Post: U.S. Vice President Vance and the American delegation will arrive in Islamabad today.

  • BitMine Increases ETH Holdings by Over 100,000, Total Holdings Exceed 4.97 Million ETH

    As of April 19, Eastern Time, BitMine's total cryptocurrency and cash holdings, including the 'Moon Landing Plan,' amount to $12.9 billion. BitMine holds 4,976,485 ETH (an increase of 101,627 ETH from last week), which represents 4.12% of the total Ethereum supply of 120.7 million ETH. Additionally, it holds 199 BTC, shares in Beast Industries worth $200 million, $107 million in Eightco Holdings (NASDAQ: ORBS), and $1.12 billion in unsecured cash. As of April 20, 2026, the total amount of staked ETH by BitMine is 3,334,637 ETH, valued at $7.7 billion based on a price of $2,301 per ETH.

  • Strategy Acquires 34,164 Bitcoins for $2.54 Billion Last Week

    On April 20, Strategy purchased 34,164 Bitcoins last week for a total of approximately $2.54 billion, at a unit price of about $74,395, achieving a 9.5% return on Bitcoin from 2026 to date. As of April 19, 2026, Strategy holds a total of 815,061 Bitcoins, valued at approximately $61.56 billion, with a unit price of about $75,527.

  • Binance Wallet to Launch 46th TGE Project OpenGradient (OPG)

    On April 20, Binance Wallet will launch the 46th exclusive TGE project OpenGradient (OPG). The subscription period is from April 21, 17:00 to 19:00 (UTC+8), and users must participate using Binance Alpha Points and meet the corresponding qualifications. According to the official announcement, OPG tokens will be available for collection and trading starting at 19:00 (UTC+8) on the same day. Additionally, 23,000,000 OPG tokens are reserved for future activities, with specific rules to be announced later.

  • CoinShares: $1.4 Billion Inflows into Digital Asset Investment Products Last Week

    On April 20, CoinShares reported that inflows into digital asset investment products reached $1.4 billion last week, marking the highest weekly inflow since January and achieving positive growth for the third consecutive week. Bitcoin saw inflows of $1.116 billion, bringing the total inflows for the year to $3.1 billion. The price of Bitcoin has surpassed the $76,000 mark, indicating a significant technical breakthrough after two months of range-bound trading. In contrast, inflows into Bitcoin short products were only $1.4 million, suggesting that while there is still hedging demand, it remains limited. Ethereum attracted $328 million in inflows, the strongest week since January, bringing its total inflows for the year to $197 million, while XRP and Solana recorded outflows of $56 million and $2.3 million, respectively.

  • Sources: Bank of Japan Unlikely to Raise Interest Rates in April Meeting

    On April 20, sources familiar with the Bank of Japan's thinking revealed that the central bank is unlikely to raise interest rates next week. The diminishing hope for a swift end to the Middle East conflict has left Japan's economic and price outlook fraught with uncertainty. Although the final decision still carries some uncertainty and will depend on the progress of peace negotiations between the U.S. and Iran, the sources indicated that the bank prefers to maintain the status quo this month to allow more time to assess the impact of the conflict. One source stated, 'Given the current level of uncertainty, the Bank of Japan may consider it feasible to hold steady this month.' Another source echoed this sentiment. A third source noted that the Bank of Japan is unlikely to raise rates, as the market has already fully priced in the possibility of no rate hike this month. These sources mentioned that even if the Bank of Japan keeps rates unchanged next week, it is likely to signal readiness to raise rates as early as June, given the escalating inflationary pressures.

  • Hong Kong SFC Announces New Regulatory Framework for Trading Tokenized Investment Products in Secondary Market

    On April 20, the Hong Kong Securities and Futures Commission (SFC) announced a new regulatory framework to promote the trading of tokenized investment products recognized by the SFC in the secondary market, aiming to enhance digital asset trading activities in Hong Kong and support the further development of the ecosystem. The first batch of products is expected to primarily consist of tokenized money market funds. The SFC will review the operation of these products and will consider expanding the range of products in due course.

  • Stephen Katte ·

    Hackers impersonated eth.limo team to hijack its domain: Post-mortem

    EasyDNS CEO Mark Jeftovic said the social engineering attack was highly sophisticated and the company is conducting further investigation to determine how the breach occurred.

    Hackers impersonated eth.limo team to hijack its domain: Post-mortem

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company