The Anatomy Of A 51% Attack And How You Can Prevent One

DanielJuly 20, 2018

It was not so long ago that the idea of a successful 51% attack seemed unrealistic and far-fetched. While experts acknowledged that they're theoretically possible, most people assumed that 51% attacks would be so difficult to perform that they didn’t present a legitimate threat.

Now, all of that has changed. Over the last year, a number of successful 51% attacks, including a few on reputable blockchains, have proved that the threat is real. 51% attacks are no longer an abstract concern. Every single blockchain project must put security before all else.

Komodo Platform recently defined the 4 Pillars of Blockchain, with security being the first and most foundational of the four. Security always comes first at Komodo.

In fact, with Komodo’s unique delayed Proof of Work (dPoW) security services, you can protect your blockchain with the hashrate of the Bitcoin network. This Blockchain Security Service is available to any UTXO-based blockchain project and can help prevent a successful 51% attack on your chain.

This post will explain exactly how a 51% attack occurs and how Komodo’s Blockchain Security Service can prevent one.

51% Attack

A Brief Introduction To The 51% Attack

Put very simply, a 51% attack occurs when malicious actors gain control of more than 50% of a blockchain network’s hash rate, hence the name. Since the attackers have at least 51% of the network’s hash rate, they can force the rest of the network to erase their transactions. This means attackers can maliciously use their majority power to spend coins or tokens more than once.

Attacks of this nature are also called “double-spend attacks” because the attackers are able to spend their coins or tokens twice and then sell the counterfeit currency for profit.

It’s worth noting that only blockchains using a Proof of Work consensus mechanism are susceptible to 51% attacks. Blockchains that use a Proof of Stake consensus mechanism are vulnerable to a similar variety attack, called a Nothing-At-Stake attack. However, Nothing-At-Stake attacks are distinct from 51% attacks. For a more detailed discussion, please see Part I, Section 2 of the Komodo White Paper.

The most popular blockchains, like Bitcoin and Ethereum, are also not at risk to 51% attacks because gaining more than 50% of the network’s hash rate is not feasible. Even the largest mining pools are not close to attaining majority power of these networks.

Blockchains with smaller networks, however, are extremely vulnerable. An attacker wouldn’t even need to invest the money into purchasing the hardware necessary to overpower a small network. Instead, the bad actor could simply rent the hash power necessary to launch an attack.

One blockchain enthusiast even created this website to show how vulnerable many blockchains are. There are dozens of blockchains that can be successfully 51% attacked for less than $500 USD an hour. All you would need to do is rent the hash rate and fire away.

Of course, Komodo Platform does not advocate for attacking blockchain projects. The point is that many, if not most, Proof-of-Work blockchains are vulnerable to attack.

Successful 51% Attacks In 2018 & 2019

There were a number of successful 51% attacks in 2018 and the trend is continuing in 2019. Here is a list of the attacks that have occurred:

That's 10 successful 51% attacks over the last 10 months, adding up to more than $23 Million in losses, with an average loss of $2.5 Million per attack.

It's important to note that these are only the 51% attacks that were revealed publicly. It's quite likely that many more attacks occured away from the public eye and were never publicized.

It's also important to note that all of the figures quoted above are estimates and, in some cases, disputed. It can be difficult to determine the true losses and various sources report different information. In any case, the losses listed above include only the amount of money spent twice. There are a number of additional losses not included in the above estimates, including:

  • a surge of negative press coverage
  • reduced trust in the blockchain
  • being delisted from crypto exchanges
  • a substantial reduction in the price of the currency
  • decreased likelihood of future investment in the project

All of these consequences make a 51% attack a catastrophic event for any blockchain project.

The Anatomy Of A 51% Attack

Before learning how Komodo’s security service mitigates the risk of a successful 51% attack, it’s helpful to understand exactly how an attack of this nature unfolds. There are six steps.

First, an attacker gains control of a simple majority of a blockchain’s network. As noted above, this is not as difficult or costly as you might imagine.

Second, the attacker begins to secretly mine blocks on an alternate blockchain. This second chain runs parallel to the chain on which the rest of the network’s nodes are mining. When the attacker mines new blocks, he does not announce it to the other 49% of the network. Thus, they do not know that the alternate version of the blockchain exists. 

Third, the attacker transfers a sum of coins or tokens native to the blockchain he is attacking. Most often, attackers send funds to a centralized exchange, where they can be traded off for other cryptocurrencies and liquidated. Note that this transaction only takes place on the ‘true’ version of the chain. The fraudulent chain (the one being mined privately by the attacker) does not acknowledge this transaction at all.

Fourth, the attacker continues to mine blocks on the private chain as fast as possible. Again, this is done without announcing any of the blocks to the rest of the network. And with more hash rate than the rest of the network combined, the attacker is able to mine blocks at a faster rate than the other 49% of the network. The fraudulent chain continues to grow and eventually becomes longer than the ‘true’ chain.

Fifth, the attacker announces the fraudulent chain to the rest of the nodes on the network. Because of the longest chain rule, a rule that assumes the longest version of a blockchain to be the ‘true’ version of the chain, the rest of the network is forced to accept the attacker’s fraudulent blocks. The honest nodes implicitly assume that their version of the chain is incorrect and convert to the attacker’s chain.

Finally, since the attacker forced the network to conform to the chain on which his transaction from step three never took place, he is free to spend those funds again. It’s as if they never left the original wallet, despite the fact that they also arrived in the address to which they were sent.

The attacker sends the funds a second time, swaps for other coins, and then washes and/or liquidates them. The rest of the network is left scratching their heads. That's how a 51% attack takes place.

Komodo’s Blockchain Security Service

Komodo Platform’s delayed Proof of Work (dPoW) security mechanism protects chains with the power of the Bitcoin hash rate. To put it simply, the dPoW mechanism stores backups of your blockchain onto the Bitcoin ledger. Here’s how the process works.

First, the dPoW mechanism takes a snapshot of every chain employing Komodo’s Blockchain Security Service. This records the balance of every address for each and every chain. Then, the snapshot is written into a block on the main KMD chain.

Next, the dPoW mechanism takes a snapshot of the KMD chain, which contains the snapshots of all the chains employing Komodo’s security services. Same as before, the snapshot makes a record of the balance in each address.

Finally, all of this information is saved onto a block in the Bitcoin blockchain. This process occurs every ten minutes and once it takes place, a hacker would need to overpower the Bitcoin network before altering or destroying the backups.

In essence, the dPoW mechanism provides a form of insurance for your blockchain. An attacker would need to take down both the BTC and KMD networks before they could alter, disrupt, or destroy the backups of your blockchain. The network will not accept a version of the blockchain that doesn’t match the most recently notarized backup.

Moreover, as this process occurs every ten minutes, the window of opportunity for an attack to take place is impractically small. There isn’t enough time between notarizations to launch a successful 51% attack.

It may also be helpful to think of the dPoW mechanism as a form of two-factor authentication (2FA). It’s simply an added layer of security to deter potential attackers from targeting your blockchain. If you were a malicious actor, would you choose to attack a blockchain that was being notarized onto the BTC ledger every ten minutes? Probably not. It’s just not sensible.

If you’d like to implement Komodo’s dPoW security mechanism, kindly send an email to [email protected] and we will promptly begin your security integration process. Komodo’s Blockchain Security Service is available to any UTXO-based blockchain.

To learn more about Komodo Platform, sign up for our weekly newsletter and join our thriving community on Discord. Join Komodo as we continue to provide innovative blockchain solutions.