
Cost of a 51% attack for different cryptocurrencies? - october_sky
https://www.crypto51.app/
======
Meekro
There is _absolutely no way_ to 51% attack a major coin like Bitcoin for as
little as $700k an hour. They are extrapolating from Nicehash's mining rental
prices, but Nicehash doesn't have anything like the capacity you'd need.

You can see here[1] that nicehash has about 500 PH/s (500,000 TH/s) available
for rent. However, Bitcoin's total hash rate right now is 100,000,000 TH/s[2].
This means that if you rented out the entire nicehash market, you'd have 0.5%
of the hash rate you need.

Could you get the other 99.5% by buying lots of mining hardware? Theoretically
yes, but realistically no. Bitmain is a major supplier of this kind of
hardware, so let's use their prices as a reference. They're currently
promoting a 67 TH/s unit for $1585 [3]. You would need more than 1.4 million
of these units, at a cost of over _$2.2 billion dollars._ Not that any
supplier can fill an order like that quickly.

And we haven't even gotten to the power and operations costs. You'd need
dozens of huge data centers to run all this hardware, each one consuming
astronomical amounts of electricity. You'd probably pick your data center
locations based on availability of cheap power and labor, and you'd become a
major commercial presence in each of those towns. The local papers would have
photos of you shaking hands with the mayor as your data centers open up.
Everyone would know what you're doing, including the FBI.

[1]
[https://www.nicehash.com/my/marketplace/SHA256](https://www.nicehash.com/my/marketplace/SHA256)
[2] [https://www.blockchain.com/en/charts/hash-
rate](https://www.blockchain.com/en/charts/hash-rate) [3]
[https://shop.bitmain.com/product/detail?pid=0002020011715132...](https://shop.bitmain.com/product/detail?pid=00020200117151322700cA9h5cat0694)

~~~
RL_Quine
Why are you assuming that hashrate would be obtained legally?

If you're already assuming criminality, go all out! BGP route hijack the
unencrypted, unauthenticated mining traffic and call it your own.

Cost is basically nothing to do so, other than some jail time.

~~~
SilasX
Can you clarify what you mean by hijacking mining traffic? If you mean the
traffic of mining pools communicating their solutions to the pool's "mother
brain", those are already cryptographically attached to a solution that pays
out to specified addresses. You can't substitute the transactions in the
block/solution without redoing the PoW.

That's why miners can't steal a pool's solutions to begin with.

~~~
RL_Quine
All miners connect to pools using a protocol called stratum. This is JSON
piped over TCP with newline terminations. There is no authentication for this
protocol and no encryption. You can simply intercept the communication here
and have all the miners on a pool actually mine for your replacement pool, and
nobody will ever catch on until its far too late.

> If you mean the traffic of mining pools communicating their solutions to the
> pool's "mother brain", those are already cryptographically attached to a
> solution that pays out to specified addresses.

That's not correct in practice. There's no authentication of the work going to
the miner at all, so an attacker can just change the destination before the
miner even sees the work.

~~~
SilasX
Okay I see what you mean about replacing the work assignments going to the
miners -- if you could tell them to solve a different block/fingerprint (hash
of new block + previous block) and receive their output, then you can steal
their hashing power. But I'm still not sure what you mean here:

>>If you mean the traffic of mining pools communicating their solutions to the
pool's "mother brain", those are already cryptographically attached to a
solution that pays out to specified addresses.

>That's not correct in practice. There's no authentication of the work going
to the miner at all, so an attacker can just change the destination before the
miner even sees the work.

I was referring here to the solutions the miners send out. That does not need
to be authenticated because it's already attached to the block they were
solving for -- i.e. it is a proof of work valid only for a specific block. If
they received the correct block and nonce range to check, then the solutions
are useless to anyone else. Diverting their traffic would just reduce the
mining pool's hash power, not give it to anyone else.

So yes, I see how you could steal the miner's hash power if you could replace
the assignment the pool head was giving them, and then see the output, but I
don't think it's correct to say that _solutions_ are vulnerable to being
stolen after getting the correct assignment "because they don't authenticate"
\-- the proof of work is only valid for that block, and so could only be
destroyed, not stolen.

~~~
RL_Quine
You're fundamentally missing the point somehow.

When you connect to a pool, you give them absolute trust over what you're
mining using your hardware with the expectation that they will pay you for it
later. In a route hijack, an attacker can replace the pool and announce their
own work to you, and receive all results you produce. You can not distinguish
this with the normal behavior of the pool and will be robbed, and your work
can be used to do whatever the attacker wishes.

The output of the work being loosely "authenticated" with the pool by virtue
of the work being non-transferable is entirely orthogonal. Nobody is going to
be taking that because it's worthless, as you correctly point out. They're
going to replace the work that's sent to you in the first place, because
that's what makes sense.

~~~
SilasX
Pretty sure I'm not missing the point, because that's exactly what I said, in
different words.

I specifically agreed that, if you can replace the assignment given to the
miners ("replace the pool and announce their own work to you"), and see the
output, then you can steal the work. It was in this paragraph:

>>Okay I see what you mean about replacing the work assignments going to the
miners -- if you could tell them to solve a different block/fingerprint (hash
of new block + previous block) and receive their output, then you can steal
their hashing power.

That is an agreement with your:

>In a route hijack, an attacker can replace the pool and announce their own
work to you, and receive all results you produce.

That is me communicating agreement that that's the attack that "makes sense"
as in your sentence here:

>They're going to replace the work that's sent to you in the first place,
because that's what makes sense.

I made my original because it sounded like you were saying a miner not
(separately) authenticating their output to the pool would be an issue, which
I now see you (always) agreed is orthogronal; my only objection in the follow-
up was that your comment was addressing something different than I originally
raised:

>>>That's not correct in practice. There's no authentication of the work going
to the miner at all, so an attacker can just change the destination before the
miner even sees the work.

>>I was referring here to the solutions the miners send out.

So, if I agree with you on every question of what and where the threat is and
is not, and said so with slightly different words than you did, what point do
you think I'm fundamentally missing?

------
gambler
Computational power is not a good proof of anything. It devours energy and
disproportionately rewards weird market actors (like people with custom mines
ASICs).

I always wondered whether storage could be used as proof of stake. It might
use less energy and it probably will have much better effect on the IT
industry as a whole. First, mining ASICs are not general computational devices
and cannot be used for anything useful. On the other hand, storage is storage
and can be repurposed. Second, it will up the prices for storage hardware, but
that is probably a good thing in the long run. (Consider how super-cheap
storage enabled unlimited surveillance and software bloat, for example.)

I don't know whether access to storage can solve all the problems a blockchain
solves, but it can solve some. Like proving that you're a real actor in the
system, rather than a temporary fake.

Some random ideas I had about how this could work:

If you want to transact with someone, they send you a challenge that consists
of a set of addresses in a large file. You must respond with a hash of data at
those addresses, problematically proving that you have the entire file.

This is the foundation. There are obvious challenges to how useful this is.
Many of them are solvable.

~~~
hinkley
There are some IPFS people who talk about proof of having stored files, but I
was never satisfied with their fraud detection techniques.

Can you prove that one copy of your data is being stored? Yes.

Can you prove that three copies of your data are being stored? I haven't seen
any scheme that can detect if I'm pretending to be multiple people, serving
files from the same disk array over multiple network connections.

~~~
labawi
> Can you prove that three copies of your data are being stored?

In the context of IPFS, I'm not sure.

If you want to use the (crypto) network as distributed storage, you can shard
and encrypt the data (at you 3x or whatever redundancy) and the storage
provider is forced to store all of it, at least once.

Some incentives on data durability and availability may be enough to get a
reasonable baseline.

~~~
hinkley
If I didn't care how complicated the client is, sure.

I can do something reminiscent of "m of n" control tools, FEC or striping
algorithms, but now the client is doing multiple fetches and matrix
multiplication on every single request.

If I'm just trying to make sure there are 3 copies of my home page on IPFS,
then I need 3 copies of the same file in three locations. And those locations
all need to be online when I want to challenge them.

The Bitcoin protocol is designed around low availability of individual nodes
and inference of consensus. Any 'proof' has to be uploaded while you're
connected. Uploading a proof (of work, stake, whatever) to the network proves
you did something, there is no need to challenge that fact, and you can
disappear for hours or forever. No voting, no challenges.

Proof of storage requires challenges, which requires availability (well,
storage also requires availability, otherwise what's the point?). If you
insist that almost everyone is online, then you open the door to other
consensus algorithms. Ones that can, for instance, handle non-repudiation.

~~~
labawi
I wasn't thinking of IPFS, rather a way to have a proof-of-stake storage
system doing actually useful work. I think I've seen at least one, though I'm
not sure of it's current state.

------
hudon
If you're capable of playing a long con, it costs much less than the stated
dollar prices.

With Bitcoin, for example, a smart malicious actor could infiltrate the Core
development team and through their social capital make certain malicious pull
requests get merged. This way, if the chain ever splits (let's say, due to a
bug you planted), you can actually also influence miners to hop onto a minor
chain without you ever owning any hashing power!

To see how this is done, look at the 2013 Bitcoin fork and see how a couple
developers steered large miners away from the majority chain:
[https://freedom-to-tinker.com/2015/07/28/analyzing-
the-2013-...](https://freedom-to-tinker.com/2015/07/28/analyzing-
the-2013-bitcoin-fork-centralized-decision-making-saved-the-day/)

The only counter-argument to this is how code reviews should catch this, but
history has clearly shown that bugs (including supply-inflation-causing ones)
make it into cryptocurrencies all the time:
[https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposu...](https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures)

Hash Rate is security theatre.

~~~
qertoip
The double spend is only possible against specific counter-party, for example
an exchange or a merchant.

For very large value transfers exchanges are expected to wait for 100
confirmations (~17 hours) until they credit balance.

It's all probabilistic.

Finally, Bitcoin PoW is not security theatre, it is just one piece of the
complex security system.

~~~
hudon
The most recent bug (that we know of) that allowed double-spend was in
production for over a year [0] (~Sept 2017 to ~Sept 2018). I don't think it is
possible to accurately determine the probability of this bug being exploited
(because you are right, it is "all probabilistic"), but this inability to
determine the probabilities is precisely why PoW is security theatre. PoW has
always been painted as a mathematical model of the security of the system (see
featured article), but in reality this model is not accounting for the much
more realistic attack vectors. Hence it fails to be an accurate model.

If you're just saying that PoW isn't painting the whole picture, I agree with
you.

[0]
[https://bitcoincore.org/en/2018/09/20/notice/](https://bitcoincore.org/en/2018/09/20/notice/)

------
cs702
By definition, to execute a 51% attack on Bitcoin, you would need to buy
computing power greater than 100% of the entire network's current computing
power. In other words, you would single-handedly _double the global demand for
computing power in this market_.

Is there enough supply readily available to satisfy a doubling of global
demand? How much would it cost to bring such computing power online? How
quickly could it be done? Wouldn't the price of computing power skyrocket?

EDIT: Meekro's comment elsewhere on this page makes essentially the same point
in a more concrete manner:
[https://news.ycombinator.com/item?id=22161500](https://news.ycombinator.com/item?id=22161500)
\-- I think his comment is better; read it. Also, see bencxr's analogy with
trying to control 51% of global oil supply:
[https://news.ycombinator.com/item?id=22161575](https://news.ycombinator.com/item?id=22161575)

------
skitout
1) If a big crypto-community notices an attack, the cost of a 51% attack would
rise

2) There are mechanisms to offer smaller cryptocurrencies Bitcoin level
security, like Komodo's Delayed Proof of Work
([https://komodoplatform.com/security-delayed-proof-of-work-
dp...](https://komodoplatform.com/security-delayed-proof-of-work-dpow/))

~~~
billions
The number of transactions that can be altered from a sustained 51% attack
would be so few and recent (last 10 minutes) in comparison to cost that it
makes it not worth it

~~~
WAHa_06x36
There are many more ways to make money off a 51% attack than just altering
transactions.

------
fredley
Can someone ELI5 how these numbers fit together? It costs me $3/hr to 51%
DeepOnion, which has a market cap of $1.95M. In practical terms, what does
that mean?

~~~
skitout
The market cap does not fit into the equation on how an attack works ; it just
gives you idea on how big/small is this blockchain

Blockchain don't have a centralized entity to "validate" and secure each
transaction, so had to come with a solution to securely do so in a
decentralized manner... Most blockchain use Proof of Work to do so : to
participate on the validation process you have to "pay", by working on some
mathematical problem... If you control more than 50% of the working power you
can "control" the validation process...

In the case of DeepOnion, it costs $3 to buy enough computer power to control
the validation process for one hour(by controlling more than 50% of the
working power). You can use it to rewrite some transaction, and spend 2 times
the same crypto.

~~~
yodsanklai
But if it costs only $3 to break the system, how come the market cap is so
high?

~~~
simias
Because the volume of transaction for these currencies is too low for the
market cap to mean anything. Imagine if there are, say, 1 million fancycoins
in existence, all owned by me. I manage to convince you to buy one fancy coin
for $1. Does it means that I now have $999,999 left in fancycoins "market
cap"? In theory maybe, in practice I'll almost certainly never manage to
liquidate them at this price.

For these small coins like DeepOnion you'll crash the market completely if you
try to sell even a moderate amount of coins. There's simply not enough demand
to move a big amount of coins at this price.

------
glofish
It feels surprisingly cheap.

Take bitcoin, a 105Billion cap can be subverted for just 700K per hour?

Not to mention DeepOnion for 3 bucks an hour. I can see people do that just
for lulz.

~~~
hn_throwaway_99
The issue with saying how much a 51% attack "costs" is that ALL
cryptocurrencies (and, really, ANY currency) is just based on the trust that
the currency has "value", meaning that it would be accepted as payment for
real goods and services.

A 51% attack on bitcoin would be easily noticeable. If a 51% attack was really
"viable", it means that essentially bitcoin would have $0 value, because all
of its value is based on the trust that the blockchain is real and verified.
The community at large would essentially just ignore the rogue chain, or
rather probably boost other existing resources to back it out.

~~~
meowface
How would the community collectively agree to ignore the rogue chain in a
timely fashion? If a client announcement is sent out, that'd help, but there'd
still be a lot of people stuck on the original chain (for example, some people
on vacation or something). For at least a few days, there'd probably still be
a lot of trust to capitalize on, and they could possibly get away with a few
big heists (e.g. making a big purchase with BTC and then reversing the
transaction after you've received the items).

Also, if the community does ignore the rogue chain, what's to stop the
attackers from switching their attack to the other non-rogue chains as soon as
they seem to gain traction? If they can hypothetically reliably sustain 51%+
power for weeks, they could potentially perform a DoS on an entire currency.
And you're right, Bitcoin would probably soon reach close to $0 (though would
probably slowly bounce back once/if the attack seems to be permanently
thwarted).

If I'm understanding your last sentence right ("probably boost other existing
resources to back it out"), then I also think that'd be the most likely
scenario. A serious sustained 51% attack (lasting beyond several days) would
turn into a Dragonball Z-like battle, with both sides firing continuous energy
beams at each other in parallel. Each side would be trying to increase the
magnitude of their beams to keep the other side's beam from collapsing theirs.
I think the legitimate mining team would have a lot more energy in reserve
(e.g. good samaritans who start mining for the first time to help push away
the attackers - kind of like Goku's Spirit Bomb, which Frieza can't replicate)
and would probably win. However, if for some reason the attackers can win for
weeks at a time, then it'd be a serious DoS.

Disclaimer: I might be misunderstanding something important here. Not a
cryptocurrency expert whatsoever.

------
bencxr
These numbers are based off the current price of hashrate. As soon as you try
to buy significant amounts for larger currencies like Bitcoin, the numbers
skyrocket.

The nice-hashable column on the site shows how much hash power is available
for purchase.

To read the page naively would be a little like claiming one could hoard 51%
of the oil supply given today's price at the pump. In reality, as soon as you
started buying in large quantities, the price would skyrocket (making that
attack very much more costly), suppliers would cut you off, and others would
notice.

------
xur17
I pointed this out elsewhere in this comment thread, but resurfacing here
since it's perhaps not as clear as it should be: The attack cost is based on
the the extrapolated cost of attacking the given coin based on the current
hashing price on nicehash. If < 100% of the necessary hashing power is
available via nicehash, it's greyed out, and the nicehash-able column shows a
value of < 100%.

Another caveat: It's potentially cheaper to attack these coins than the number
shown on this site since you receive block rewards from the time period when
you attack a coin. In a lot of cases this will recover a majority of the money
you spend on the attack. That said, this isn't guaranteed, and you are forced
to put up this amount of money in order to carry out the attack.

Disclaimer: I built crypto51 ~a year ago

------
pat2man
Since it took a while for me to understand this. A 51% attack doesn’t let you
steal money from anyone. It essentially lets you block all transactions from
making it to the blockchain. Nodes will still verify all transactions and
ignore transactions that are invalid.

Edit: you can also create multiple forks and switch between them. External
viewers will see both forks and if they don’t or can’t handle the difference
they could experience a double spend.

That being said any miner has the ability to sort transaction any way they
want which can give them an advantage. So if someone has a lot of hashing
power they can use that ability to delay certain transactions or to give
preference to others.

~~~
lordnacho
> A 51% attack doesn’t let you steal money from anyone.

1\. You deposit BTC at an exchange. The exchange credits you the amount in
their non-BTC ledger.

2\. You send off a chain of blocks overwriting the the original deposit so
that you never did it.

3\. You fill in the form to withdraw your credited amount from the exchange.

Now you have 2x the coins.

Of course there are a LOT of details to this that I won't get into, and a
number of mitigations for the exchange. But that's the basic outline.

~~~
pat2man
Yeah exchanges and all other external systems need to handle this. Effectively
they should look at the possibility of a deep reorg and the potential cost to
them and use that to adjust how many transactions they require until the risk
is mitigated.

------
rocqua
As I recall, last time this was posted, Monero was still on this list. Now it
is not. Did the new PoW algorithm for Monero essentially remove the 'rentable
hashing power' available?

~~~
seibelj
There are no ASICs known to work on Monero anymore. As a brief summary, the
new algorithm (RandomX) uses a bespoke virtual machine that requires 2GB of
memory, and programs are randomly generated until the opcodes take in an input
(previous block hash) and have an output (new hash with required difficulty)
that pass the requirements. It is very interesting.

[https://github.com/tevador/RandomX](https://github.com/tevador/RandomX)

~~~
RL_Quine
A GPU is an ASIC, which can mine RandomX. The idea that you could make
something that's able to only be computed by a general purpose GPU, and not
something more specialized, is just absurd. Even if that's just removing the
unnecessary display hardware from the GPU and whatever parts of the shaders
aren't being used, you still have an advantage.

~~~
Forbo
GPUs actually have a significant disadvantage on RandomX. Their hashrate is
much lower than what you'd get from a CPU.

Edit for more info:

[https://monerobenchmarks.info/](https://monerobenchmarks.info/)

According to this site, an overclocked Titan RTX gets about the same hash rate
as a stock AMD FX8370E at nearly half the TDP.

~~~
RL_Quine
Replace GPU with CPU in my answer. It applies to all of the algorithms in one
way or another. ASIC resistant is an oxymoron.

~~~
Arnavion
ASIC-resistant specifically applies when you're talking about using ASICs as
ASICs. If you're using ASICs to emulate CPUs (soft microprocessors), that is
usually much less efficient than what the ASIC is capable of.

------
maliker
Anyone know how to calculate the revenue side of these attacks? E.g. if it
costs 700k to attack the bitcoin network for 1 hour, how much money could you
make in that hour (say based on average transaction volumes)?

~~~
rodonn
It depends. Roughly speaking the revenue is

(Largest transaction you can cash out at exchanges) * (1 - (The decrease in
value of the currency you attacked)) + (Block rewards earned).

Basically you get someone to give you cash in return for your cryptoX and then
the attack lets you undo the transaction that gave them the cryptoX (but you
still have the cash you got). The second term handles the fact that the attack
may have cause the value of cryptoX to decrease which hurts you since you
still hold the cryptoX you double spent.

This is an academic paper that looks into the details more closely
[https://faculty.chicagobooth.edu/eric.budish/research/Econom...](https://faculty.chicagobooth.edu/eric.budish/research/Economic-
Limits-Bitcoin-Blockchain.pdf)

------
TekMol
$705k per hour for Bitcoin - these numbers sound very expensive.

Do they take into account that during an attack the attacker will earn block
rewards and transaction fees?

Because if not, then they vastly overestimate the costs.

This sounds like it is based on the some energy price that would be needed to
do 51% of Bitcoins hashing.

Doing so could very well be profitable.

The reason it would be hard to do is that the attacker would have to gather a
ton of hardware that way way exceeds the energy costs.

~~~
ecwilson
I was actually shocked that it could be this low and thought it must be wrong.
Other sources have suggested it would cost over $1B:

[https://u.today/guides/blockchain/bitcoin-51-attack-how-
it-w...](https://u.today/guides/blockchain/bitcoin-51-attack-how-it-works-how-
much-bitcoin-51-attack-costs)

> The hash rate is currently about six exahashes per seconds. Considering the
> most efficient ASIC miner with a hash rate of about 13,000 GHS (using the
> SHA-256 algorithm) being sold for about $2,100, an attacker will require
> about 500,000 hardware units and this will amount to about $1,005,000,000.
> When we factor in the cost of electricity and cooling daily, this figure
> rises to $1,006,000,000.

[https://cryptoslate.com/analysis-bitcoin-
costs-1-4-billion-t...](https://cryptoslate.com/analysis-bitcoin-
costs-1-4-billion-to-51-attack-consumes-as-much-electricity-as-morocco/)

> To successfully conduct a 51 percent attack on the Bitcoin network would
> cost an incredible $1.4 billion. This massive network supports over 5
> million specialized ASIC mining computers, consuming a total of 29 Terawatt
> hours of electricity a year—as much as the entire country of Morocco. One of
> the underpinnings of the Bitcoin network is...

[https://gobitcoin.io/tools/cost-51-attack/](https://gobitcoin.io/tools/cost-51-attack/)

> $17,562,078,097, Hardware cost only, at cheapest rate. The attack would
> consume 241,478,573.839 kWh per day. (12,073,928.692$ per day)

~~~
lftl
The calculations you cite and what the linked page are fundamentally
different. The numbers you're citing are roughly what it would cost to buy
hardware that would continuously be capable of mounting a 51% attack. The
linked site is estimating how much it would cost to rent existing capacity to
mount an hour-long 51% attack.

------
ilikehurdles
Hard to take this seriously when it is missing Garlicoin.

~~~
C14L
From their web sites, it sounds like some sort of Dogecoin remake?

------
malux85
QuarkChain QKC $6.01 M Ethash 10 GH/s $7 69,816%

So 7$ is the nicehash cost? But isn't nicehash an out of the box solution? So
if I wanted to actually execute a 51% attack I'd have to deploy my own
malicious mining software to the nodes, that then issued an invalid
transaction and _forced_ consensus on it ... is that the idea? Can someone who
knows a little bit more about this fill me in?

~~~
rzwitserloot
I believe this is the basic idea. Let's say on QKC.

1\. Buy a whole bunch of QKC and wait for your receipt of the QKC to clearly
be part of the winning chain.

2\. Make a copy of the blockchain. Keep it to yourself.

3\. Start adding mining blocks* to your copy, in private; do not release your
private copy of the chain at all, just keep piling on mining blocks. You must
outpace the world's ('public chain') rate at which they are piling blocks on,
hence why you need over 50% of total hashing power to do this and guarantee
that your private copy ends up with more mining blocks than the public copy.

4\. Whilst you are mining your own private copy, spend spend spend. Spend
ALLLLL your QKC, getting goods and services in return, or simply other
cryptocurrencies.

5\. Eventually, when you've spent all your QKC and your private copy clearly
has more mining blocks on it than the fork of the public chain everyone
currently agrees upon... release it.

6\. The protocols and papers all state that now your erstwhile secret, private
copy is now the new consensus view; after all, it has the most mining blocks
on it.

7\. That means that none of your QKC is actually spent. Effectively you get
all your spent QKC back. In addition, whatever wallet has been doing all that
mining just earned a bunch of QKC as a reward for doing all that mining
effort, so you now have more QKC than you started with, AND you have all the
goods (or other cryptocurrencies, or services, or whatnot) that you bought
with your QKC whilst you were secretly mining.

Exactly how much time you need to spend all your QKC and ensure that your
private copy of the chain definitely will win any consensus fight with any
other fork is beyond my understanding of cryptocurrencies.

There are out-of-band mitigations possible; if it is abundantly clear what's
going on and sufficient amounts of those who control major nodes all agree to
just hardcode in their copy of the software that your chain, no matter how
many blocks it has, is never selected as the consensus, then all your work is
for naught. Etherium has run into a variant of this problem (it wasn't a 51%
attack but something else). Everything happened just as I write: the majority
of ethereum network movers and shakers chatted on forums and the like and
decided to update their software (and their personal 'belief' of which of the
many forks is the consensus fork) to disregard the one where a lot of eth was
'stolen'. But not quite everybody; a few decided not to update their software
and stick with the rule that the one with the most is the consensus. That is
now called 'etherium classic'.

*) Mining blocks are just blocks confirming all is well; they contain a proof of work which involves a random number added to the message. A mining block is valid if, when you hash it, the hash ends in a whole bunch of zeroes. The idea is that the only way to do this is to generate billions of random numbers, keep hashing the results, until you hit the jackpot and your hash ends up by sheer coincidence to end in the desired # of zeroes. At which point you publish this mining block on the chain. As part of doing that, the 'network' itself gives you some coin to pay you for your efforts, and the 'fork' that you put this block on is now more robust, in that the rule is that the consensus block is the one with the most mining blocks on it.

------
vinniejames
Also relevant, one the front page of HN today: Bitcoin Gold hit by 51%
attacks, $72K in cryptocurrency double-spent

[https://thenextweb.com/hardfork/2020/01/27/bitcoin-
gold-51-p...](https://thenextweb.com/hardfork/2020/01/27/bitcoin-
gold-51-percent-attack-blockchain-reorg-cryptocurrency-binance-exchange/)

------
spir
Interesting article on this topic:

[https://blog.coinbase.com/how-coinbase-views-proof-of-
work-s...](https://blog.coinbase.com/how-coinbase-views-proof-of-work-
security-f4ba1a139da0)

Also, Ethereum is transitioning to proof of stake which will make attacks much
more expensive because an attacker must acquire large amounts of ETH for each
attack.

------
kmod
51% attacks on most currencies are quite easy if you attack the mining pools.
[http://blog.kevmod.com/2019/01/pooljacking-
easy-51-attacks-a...](http://blog.kevmod.com/2019/01/pooljacking-
easy-51-attacks-against-bitcoin-and-ethereum/)

------
randyrand
How is Ripple doing these days? That one always interested me. It’s not on
here.

------
dang
Discussed in 2018:
[https://news.ycombinator.com/item?id=17173051](https://news.ycombinator.com/item?id=17173051)

------
mmhsieh
seems like any nation state can easily afford to do this. we should be wary of
any country that is heavily reliant on exports of ink and paper.

------
dumbfounder
I feel like if someone can envision a motive attractive enough we have to
assume that China has the plans in place to execute such an attack.

------
0xDEEPFAC
DASH's is incorrect. It has some protection against this vector of attack
called "Chain Locks"

[https://cryptobriefing.com/chainlocks-dash-
network/](https://cryptobriefing.com/chainlocks-dash-network/)

------
praptak
Would it work to somehow sabotage the other 49%?

