At least five cryptocurrencies have recently been hit with an attack that used to be more theoretical than actual, all in the last month. In each case, attackers have been able to amass enough computing power to compromise these smaller networks, rearrange their transactions and abscond with millions of dollars in an effort that’s perhaps the crypto equivalent of a bank heist.
More surprising, though, may be that so-called 51% attacks are a well-known and dangerous cryptocurrency attack vector.
While there have been some instances of such attacks working successfully in the past, they haven’t exactly been all that common. They’ve been so rare, some technologists have gone as far as to argue miners on certain larger blockchains would never fall victim to one. The age-old (in crypto time) argument? It’s too costly and they wouldn’t get all that much money out of it.
But that doesn’t seem to be the case anymore.
NYU computer science researcher Joseph Bonneau released research last year featuring estimates of how much money it would cost to execute these attacks on top blockchains by simply renting power, rather than buying all the equipment.
One conclusion he drew? These attacks were likely to increase. And, it turns out he was right.
“Generally, the community thought this was a distant threat. I thought it was much less distant and have been trying to warn of the risk,” he told CoinDesk, adding:
“Even I didn’t think it would start happening this soon.”
Inside the attacks
Stepping back, cryptocurrencies aim to solve a long-standing computer science issue called the “double spend problem.”
Essentially, without creating an incentive for computers to monitor and prevent bad behavior, messaging networks were unable to act as money systems. In short, they couldn’t prevent someone from spending the same piece of data five or even 1,000 times at once (without trusting a third party to do all the dirty work).
That’s the entire reason they work as they do, with miners (a term that denotes the machines necessary to run blockchain software) consuming electricity and making sure no one’s money is getting stolen.
To make money using this attack vector, hackers need a few pieces to be in place. For one, an attacker can’t do anything they want when they’ve racked up a majority of the hashing power. But they are able to double spend transactions under certain conditions.
It wouldn’t make sense to amass all this expensive hashing power to double spend a $3 transaction on a cup of coffee. An attacker will only benefit from this investment if they’re able to steal thousands or even millions of dollars.
As such, hackers have found various clever ways of making sure the conditions are just right to make them extra money. That’s why attackers of monacoin, bitcoin gold, zencash and litecoin cash have all targeted exchanges holding millions in cryptocurrency.
By amassing more than half of the network’s hashing power, the bitcoin gold attacker was able to double spend two very expensive transactions sent to an exchange.
Through three successful attacks of zencash (a lesser-known cryptocurrency that’s a fork of a fork of privacy-minded Zcash), the attacker was able to run off with about more than 21,000 zen (the zencash token) worth well over $500,000 at the time of writing.
Though, the attack on verge was a bit different since the attacker exploited insecure rules to confuse the network into giving him or her money. Though, it’s clear the attacks targeted verge’s lower protocol layer, researchers are debating whether they technically constitute 51% attacks…