What you should know to stay safe
While undoubtedly complex and necessary for the crypto and NFT world, the ideas that underpin and connect blockchain technology are relatively easy to understand. One of its most important concepts is the so-called “51 percent attack:” an almost unparalleled threat to decentralized technology (and the crypto industry it supports). To understand what it is and its potential far-reaching implications for Web3, we need to look at the basics of blockchain itself.
The blockchain is a distributed digital database that moves and tracks data in blocks that are linked together to form a chain-like record of information flow. The important thing to know here is that blockchain systems are managed by a network of users and computers called nodes, which collectively validate transactions rather than a third party like a bank or a centralized data server controlled by a Big Tech company.
But what is a 51 percent attack?
In theory, the number of validating nodes in a blockchain system equals the security of that network. To successfully hack the system, a group or individual must take control of the majority of nodes in the system – 51 percent of them – to alter the blockchain record and falsify transactions involving crypto and NFT, potentially resulting in the loss of countless digital assets worth millions. Essentially, a 51 percent attack allows bad actors to hijack the blockchain network, giving them the ability to manipulate transactions on the network with catastrophic financial consequences.
This can happen through cooperation between groups and individuals who control the nodes or through hackers taking control of them. The larger the number of nodes, the more difficult this is to do. The Ethereum blockchain, for example, has hundreds of thousands of validators in its network, while other chains have far fewer.
Examples of 51 percent attacks
In March 2022, hackers with ties to the North Korean government gained control of five out of nine of the Ethereum-affiliated sidechain Ronin’s validating nodes on the popular play-to-earn blockchain-based game Axie Infinity. The hackers forged withdrawals from the network amounting to approximately $625 million, making it the largest hack in the network’s history. When the Ronin team realized what had happened, they took a centralized step and paused the blockchain network for several months before resuming transactions in late June.
Another 51 percent attack happened in 2020 when hackers took control of Bitcoin Gold, a small crypto token that split from the Bitcoin blockchain in 2017. The hackers were able to double spend over $72,000 of the cryptocurrency. Double-spending is when a cryptocurrency is used twice or more, allowing the person who initiated the transaction to claim back spent tokens.
How likely is a 51 percent attack?
Vulnerability to this type of attack directly correlates with network size: the larger the blockchain, the more secure it is. For systems running on energy-intensive proof-of-work (PoW) consensus mechanisms (such as Bitcoin), the computing power required to execute a 51 percent attack is massive and reduces its probability; it’s simply not worth the hackers’ time and money to try to do so.
If they can solve it, however, there’s no way to revoke the physical hardware that enables them to attack the system, meaning they can continue to do so until network administrators initiate a “hard fork.” A hard fork is a significant change to a blockchain’s protocol (its basic set of rules) that splits it into two now-incompatible versions of itself. Such events are often the point of origin for new cryptocurrencies, as was the case with Bitcoin Gold.
But there are ways to counter 51 percent attacks. Proof-of-stake (PoS) consensus mechanisms, on which the Ethereum blockchain runs, are exponentially less energy-intensive than PoW-operated networks. These rely on validators putting up (putting) an amount of cryptocurrency to be accepted as a validating node. As for Ethereum, that’s a hefty 32 ETH. In theory, if enough validators in a PoS system cooperated, they could take control of the network. Nevertheless, even if this happened, Ethereum administrators could “cut” this stake ETH, which means that the offending nodes will simultaneously lose their investment and the ability to attack again.
Ethereum co-founder Vitalik Buterin has addressed this issue several times over the years, arguing that while undesirable, a 51 percent attack would not be fatal to the blockchain.
The decentralization debate
In the days leading up to Ethereum’s merger into the much more energy-efficient PoS consensus system it now runs on, Buterin posted a Twitter poll in which he asked how long people would be willing to wait before supporting “extra-protocol” intervention. The idea was simple: Would society support a centralized authority that steps in and makes an assessment of the entire blockchain in case of extreme circumstances?
The question is not rhetorical either. Bitcoin is not the only blockchain that was forced to hard fork in the event of an attack. In 2016, Ethereum implemented a hard fork after attackers exploited flaws in an application running on the blockchain, prompting the system’s administrators to roll back the transactions related to the exploit to return users’ funds to them.
Such centralized actions are the antithesis of the very concept of blockchain technology: while the largest single group of respondents to Buterin’s poll supported the idea of centralized intervention, the idea of such an action sits uneasily with a significant portion of the Web3 community, as evidenced by the comments during the same the vote. But for now, they remain an unfortunate necessity to ensure the stability of these systems in times of extreme need. Regardless, they remain a controversial center of discussion in NFT and crypto circles. Similar to the discussion around decentralized Web3 marketplaces, it may be that decentralization by centralized means is the best, if paradoxical, way forward.
