In this guide we are going to analyse various attacks that can happen to your cryptocurrency (mostly bitcoin). While it is true that most of the attacks we will talk about are purely hypothetical in nature, we have already seen real life examples of some of the attacks described here (Mt. Gox and Transaction malleability). Before we get started, a huge shout out to the “Game theory and Network attacks” video by “Blockchain at Berkley” for providing the inspiration for the article.
Note: We will be using these two terms a lot in the article below so let’s define it right now:
- Orphan blocks aka orphans: Blocks that couldn’t get added to the main chain despite being successfully mined.
- Hashrate: Basically means how powerful that miner’s computational resources are.
So without any further ado, let’s get started.
What are mining pools?
Before we get into the descriptions of various attacks, let’s understand what a mining pool is (in this section we will be talking exclusively wrt BTC). The entire blockchain works because of a network of “miners”. The miners basically “mine” for new blocks in the blockchain by solving complex cryptographical puzzles using their computational power. As a result of this, they get a mining reward which is 12.5 BTC.
Once they successfully mine a block, they gain the power to put in transactions inside the block. That’s basically how transactions happen in all cryptocurrency, a miner puts in the record of the transaction inside the block.
Now remember one thing, there are only a limited number of bitcoins that were created (21 million coins). Satoshi Nakamoto, the creator of bitcoins, envisaged that as more and more miners got in, the rate of bitcoin mining would exponentially increase, so much so that all the available bitcoins could be mined out in a couple of years!
Now, this could be a disaster for bitcoins, because like all economic commodities, the value of bitcoin lies in supply and demand. If the supply of bitcoins suddenly increases, then that would decrease the demand, which would in turn hurt its value. The supply-demand relationship is one of the most critical economic concepts, the following is what the supply-demand graph looks like:
To prevent the supply of bitcoins from going out of hand and to make it a more sustainable model, Satoshi implemented a difficulty adjust system.
What is difficulty adjustment? As more and more blocks get mined, the difficulty of the cryptographic puzzles increase exponentially. Basically, the more bitcoins you mine out, the more difficulty the process of mining becomes. Miners soon found out that they can’t really mine efficiently by themselves anymore, the process was getting more and more expensive. So, they decided to pool their resources together and form cliques and groups to mine bitcoin more efficiently. These groups of miners are called “mining pools”.
Advantages and Disadvantages of mining pools
The pools are run by pool managers. It is far easier to upgrade the overall network because instead of coordinating with random independent miners, the pool managers can simply upgrade the network by themselves.
Reduces variance in mining rewards:One of the biggest reasons why miners join pools is to reduce variance in their mining rewards. To understand what variance means and how that affects miners, we will need to do some mathematics. Credit to L.M. Goodman and her medium article for the explanation.First, let’s understand what Bernoulli distribution is. The Bernoulli distribution basically states that for every discrete distribution which has two outcomes “success” and “failure” if the probability of success is p (where, 0<p<1), then the probability of failure is 1-p.Now , let’s apply this in bitcoin. If a miner controls a fraction “p” of the overall mining power and as a result, has a probability p of mining a new block where 0<p<1, then, on applying Bernoulli’s distribution, he/she has the probability of (1-p) of NOT mining a new block.In Bernoulli’s distribution: variance = p*(1-p)Now, let’s see how many blocks are mined in a year.Every 10 mins, 1 block is mined. Which means each hour 6 blocks, every day 24 * 6 blocks and every year 365246 blocks are mined.
Basically, for a miner who has “p” probability of mining a block, is expected to mine 365246*p blocks per year. That’s their expected return.
Similarly, the overall standard variance that they are going to be facing the entire year is: 365246p(1-p).
Now, we shall define “standard deviation”. Standard deviation is a term which defines by how much are the members of a particular distributed group varying from the mean of the group.
In the context of the blockchain and this example, standard deviation is by how much is this miner’s reward going to be deviated from the expected reward.
Standard deviation = [sqrt]variance / expected return.
Now, as we know:
- variance = 365246p(1-p)
- expected return = 365246*p
So, on substituting these values we get:
- Standard deviation = [sqrt] (365246p(1-p)) / 365246*p
Now let’s take an example. Suppose a miner owns 0.01% of the hash rate in the network. (Meaning p=0.0001).
If you substitute the values accordingly to the standard deviation equation then you will get a standard deviation of 0.4364 OR 43.6%!! A 43.6% deviation from the expected reward or a miner who owns 0.01% hash rate.
The only solution to decrease this deviation and variance is to pool in resources to together to increase the overall hash rate percentage, which is exactly what mining pools offer.
- A lot depends on the ethics of the pool manager.
- Centralisation:The biggest criticism that most pools face is that they lead to centralization of coins. Let’s see what we mean by that. Checkout the hashrate distribution of bitcoin:
~50% of the world’s bitcoin supply is being mined by 4 pools!! Just 4!Bitcoin is supposed to be a decentralized currency, but how decentralized can it really be if nearly half of it is controlled by 4 pools?Unfortunately, this is not a problem exclusive to Bitcoin, checkout the hashrate distribution chart of Monero:
In Monero 42.6% of the supply is controlled by 1 unknown group!!
When a pool overwhelmingly takes in more and more stake in the hashrate distribution chart, they defeat the purpose of decentralization. We have already seen how important miners are in the context of a blockchain. When a group of miners control so much hashrate, they tend to become the central authority themselves. In fact, when a group of miners take over 51% of the network’s hashrate, they automatically initiate an attack called the “The 51% attack”.
What is the 51% attack?
The 51% attack happens when the 51% of the network’s hashrate is under one entity. That entity could be a mining pool or an authority figure. The moment 51% of the hashrate is under siege, it basically destroys the decentralized nature and opens up the network to a plethora of attacks:
- Selfish mining.
- Cancelling all transactions.
- Double Spending.
- Random forks.
Now, before we go through each of those attacks let’s see how and when can a 51% attack happen.
Case 1: A mining pool becomes too big
The most common form of 51% attacks can happen when a mining pool becomes too big and gets more than 51% hashrate. In fact, this has already happened with bitcoin once before. In July 2014, the popular mining pool GHash.io passed 51% hashrate. They then voluntary cut themselves down and explicitly stated that they would never pass 39.99% hashrate.
In August 2016, Krypton and Shift which are two blockchains based on Ethereum, suffered 51% attacks.
Case 2: Having limitless capital
A powerful entity with limitless capital (like a country or a billionaire) can buy enough equipment to take over the a blockchain. Another interesting variation of this is a “Gold finger attack”.
Picturize this, suppose you are a hostile entity and you have limitless capital at your disposal. You can, in theory, buy all the ASICs and GPUs required to initiate a 51% takeover of the chain. You can then proceed to destroy the value of the coin by either initiating double spends or by bloating up the chain with spam transactions.
Case 3: The proof of work takeover problem
Now this, is a very interesting and diabolical scenario. Vitalik Buterin gave a great example of this by showing how the takeover problem can happen in Ethereum.
Suppose, someone makes a hypothetical smart contract for an activity. The terms of the contract go like this:
- Any miner can join the activity by sending a very large deposit into the contract.
- The miners must send shares of the partially completed blocks that they have mined into the contract and the contract verifies it and also verifies that you are a miner and that you have sufficient hash power.
- Before 60% of the miners in the system join you can leave anytime you want.
- After 60% of the miners join you will be bound to the contract until the 20 blocks have been added to the hardfork chain aka the red chain.
Not only will the new chain grow bigger and longer, since 60% of the entire miners are bound contractually into this new chain this will quickly make the original older chain aka the blue chain irrelevant.
Now, you might be asking why will miners join in a takeover?
Well, let’s see their incentive for joining:
- Possible reward at the end.
- No risk of joining on their part.
What is their incentive to follow through with the contract?
- The huge amount they have deposited in the beginning.
- Once again, the possibility of a great reward.
So, these in nutshell are certain examples of how 51% hashrate can be taken over by one entity. Now, let’s see the repercussions of such an attack.
What are the repercussions of a 51% attack?
As discussed above, the 4 main attacks that can happen directly as a result of the 51% attack are:
- Selfish mining.
- Cancelling transactions.
- Double Spending.
- Random forks.
When an entity does manage to get over 51% of the hashing power, the computational advantage that they have over their competitors is truly staggering. Like we have discussed before, miners mine for coins by discovering and adding blocks to the blockchain. The way this happens is that they solve extremely complicated cryptographic puzzles. On discovering the block, the entire network (or at least a majority) needs to acknowledge that it fulfills the necessary proof of work criterion, and then it becomes part of the main chain.
Now, suppose Alice and Bob are two miners. There is a chance that both of them solve the puzzle at the same time for both of their respective blocks. After that, it is all about who the network chooses and agrees to mine on. Eg. If 80% of the network chooses to mine on Alice’s block, then there is a higher chance of them coming up with the next block than the 20% who is siding with Bob (due to the higher hash rate). When this happens, Alice’s block will become part of the chain while Bob’s becomes an orphan block (a block not attached to the main chain).
Now think of this. Suppose Bob has 51% of the hash rate in Bitcoin at his disposal. He can simply mine for blocks and keep mining on top of it without waiting for the network’s approval because he himself represents the majority (since he possesses 51% of the hash rate). So he can simply keep on mining on top of his blocks without bothering to let the network know and collect all the reward and transaction fees.
How do transactions happen in cryptocurrencies? Long story short, if Alice were to send 1 BTC to Bob, then Alice will have to send the transaction after signing it to the miners, who can then verify and put it in their blocks. That way Bob can then get his 1 BTC. Now if bitcoin were under 51% attack then the chances are that majority of the blocks will be mined by the attacker. In cases like that, it will be entirely feasible for the attacker to not accept any transactions to any of their blocks (which could be all the future blocks in the chain). If this were to happen it will destroy bitcoin.
One of the many important roles that miners have is the prevention of “double spending”. Double spending basically means spending the exact same coin on more than one transactions at the same time. This problem is circumnavigated because of miners. In a blockchain, transactions happen only when miners put the transactions in the blocks that they have mined.
So suppose, Alice were to send 1 bitcoin to Bob and then she sends the same coin to Charlie, the miners would put in one transaction inside the block and, in the process, overwrite the other one, preventing double spending in the process. However, this only works when the miners are not compromised.
In a 51% attack, the miners have already been compromised. As has be stated earlier, in a 51% attack the attacker will most likely be the one adding new blocks to the blockchain. They can then initiate a double spend wherein they can spend the same coin to do more than one transactions.
This attack is generally done to devalue a coin. Like mentioned above, a hostile entity can initiate a “Gold Finger” attack to double spend the coin indiscriminately and destroy its value. Double spending can also happen via “forking”.
So, what is a fork?
A fork is a condition whereby the state of the blockchain diverges into chains where a part of the network has a different perspective on the history of transactions than a different part of the network. That is basically what a fork is, it is a divergence in the perspective of the state of the blockchain.
In the example above the red chain is a fork from the main blue chain.
So, why would a currency like bitcoin, under 51% attack, would want to fork from the main chain? Suppose the attacker has spent 20 BTC in block 51 to buy 400 Ethereum (hypothetical scenario). They can then simply do a fork in block 50 to go to block 51. When you fork, you will get the exact amount of currency that you had in the block before in the newly forked block. Basically, if the attacker had 20 BTC in block 50, in blue block 51 they would have 400 ETH and in the red block 51 they would still have 20 BTC.
So, post fork, they would still have their 20 BTC and an additional 400 ETH! This is the double spending that happens via forking.
There is another interesting scenario where an attacker may choose to fork. Remember, like we said, under 51% attack most, if not all, the blocks would be mined by the attacker themselves? What will happen, if by some dumb luck, some random miner does manage to create a new block? Well, the attacker will simply fork the chain prior to this new block and continue mining on the new chain anyway!
Now, you may be thinking, what is going to make the rest of the 49% go along in the new chain? The answer to that lies in co-ordination game. Remember, most of the 49% miners will be spread out and independent. They will want to look for their own self-interests. So, in this context we look at game theory, in particular co-ordination game, for answers.
Let’s take an example of the co-ordination game:
Suppose we want to change the language to a symbol based language. Eg:
- Original statement: “Give me your number?”
- New statement: “#?”
If only you speak using this language, it will be a failure because the majority won’t understand what you are talking about and you will be shunned from conversations aka the payoff for you is very low and you have no incentive to change.
However, if the majority of your society shifts to this language and use it exclusively, you will have to change your language otherwise you will never be able to fit in. Now the incentive for you to join is high.
Use the same logic here. The majority of the hash rate is already in the forked chain. You being the independent miner would want to be in the same chain as the majority.
How likely is it that bitcoin could be susceptible to a 51% attack?
Like we have mentioned before, bitcoin did face this scenario once when the Ghash pool exceeded 51%, however the likelihood of that happening is small right now. For an attacker to initiate a 51% attack, the incentives (initially) are very low. The amount of capital required to do a 51% on bitcoin is staggering. Actually, in cases like these, the market price of bitcoin is a great shield. The higher the market price, the more hashing power gets paid for, and the more expensive an attack becomes since resource sourcing gets more expensive.
Now let’s look at more ways that the blockchain could be attacked which have nothing to do with the 51% attack. Remember, most of these examples are purely hypothetical in nature, so don’t go off sounding the alarm bells!