51% attack – Biggest Flaw of decentralized proof of work network

Biggest selling point of bitcoin & cryptocurrencies is decentralization & open contributor network (mining) where any one can contribute to the network hash power to reap the benefits, it does opens up the opportunity to bad actors who can take over the network & bend it accordingly. Once they’ve the control of network, they can pretty much do anything they want. These kinds of attacks are not easy in bigger networks such as bitcoin but smaller networks are very much vulnerable to it.

Imagine a single financial institute having control of the entire world ledger where they can manipulate the information & enforce new rules. They can send fake deposits that appear real or deprive any one of their balance.

Yesterday, Ethereum Classic suffered a 51% attack where approximately 1 Million worth of ETC tokens were fraudently transferred on the network. This fraud in specific is “double-spent”, where a single transaction is spent more than once. You can think of it as counterfeit currency that looks 100% as original. This devalues the existing token value since now you’ve more supply that was produced illegitimacy & negatively impacting the tokenomics.

Bitcoin so far has been safe from such 51% attach though there were many potential opportunities. It however has impacted coins with much smaller market cap, because it’s easy to control it. Again, take an example of taking over a small company vs large company. You can purchase a small company stake for much cheaper over large company. Protections in case of small networks are generally small as well.

Easier solution to avoid double spent is by having longer confirmation threshold. While speed is an essence & experience, at times recipients are okay with 1-2 confirmations, but in this case they’ve to rely on 6 confirmations in majority cases. If the network is busy, it may take hours or even days for a transaction to clear. Imagine every bill verified at a toll booth through counterfeit currency checker. There is a tradeoff between experience & protection.

Decentralized networks operate on a trust level where every contributor is expected to act in good faith & by design if 51% of the contributor decide to change something, rest have to follow. This is a limitation in any proof-of-work network. If you remove this clause, it pretty much removes the basic promise of proof-of-work network.

Going a bit deep, I’ll try to explain how it actually happens. Miners are the driving force in any proof-of-work (PoW) network. Their goal is to support the network by validating & storing every transaction on the shared network. This shared network is referred to as “blockchain”. If one of the contributors have got the 51% power, means he has simple majority on the network. He can now forge transaction history, add a new fake transaction or reject any upcoming transaction. Consider it as equivalent to a ruling party with simple majority in the parliament who can rewrite anything they want. Actually, worse than that because here you don’t even know who the ruling party is who can come, conquer & leave without any indication of their identity.

This forge or chain manipulation is also referred as “chain reorganization”. Every chain reorganization has two attributes. depth & length. Depth is number of existing blocks which were replaced & length is number of new replaced blocks.

In all honesty, it’s very difficult to carry on similar attack for long so generally they last anywhere between couple of minutes to hours with rare exception of more than 24 hours. Once there is any suspicious activity detected, major merchants or recipients stop accepting transactions on that network till things have figured out. Once the attack is over, blockchain is resynced excluding all the fraudulent transactions.

Victim in this case is the recipient if he delivered the product with the assurance that the funds are legit. Once the blockchain is reverted back to original form, that transaction doesn’t exist anymore. This also has a major impact on the confidence that users have on the network & can be used to manipulate the prices. Imagine you’ve a massive short position that’s not in your favor & you’ve to cover short. You may be better off by attacking the network rather than covering your short due to margin call.

With smaller networks, it’s very cheap to conduct such activity & interestingly in many cases it’s less than 0.1% of the network value that can bring it to knees.

This also may define a new model for valuations where networks would be valued at multiples of cost of 51% attack. I’ll cover cost of such attacks in next post along with the market cap they’ve. Subscribe to my mailing list to be informed.

2019-01-08T15:47:49+00:00January 8th, 2019|