the amount of trivialization and conflation irks me
1. "51% attack" is not a thing as in "one has to have 51% of hashpower to perform it". it's just that with 51% of hashpower it becomes relatively cheap to perform such attack. one can throw enough money at the problem and get lucky to perform large reorg with just 10% of hashpower. the lower the number - the more lucky attacker has to get.
2. "rewriting a block" or "billion dollar bounty" as the GP put it are just conveying wrong ideas. there is zero chance for that $1B to get stolen even if attacker gets 100% of hashrate. all they can do is revert the transaction so that money goes back to original owners by generating a fork in the chain that doesn't include said transaction.
even that is not enough because competing miners (assuming attacker doesn't really have all 100% of hashpower) will still eventually include the transaction because it pays lucrative fees.
the trick here is that in Bitcoin parties agree to finalize the deal only after certain number of confirmations (blocks created after the one that includes the transaction). general rule is to wait for 6 confirmations.
if there indeed was some $1B deal where 94k BTC changed hands i wouldn't be surprised if their agreed upon number of confirmations was ~500 blocks (half the value of transaction in question in miner rewards), which is roughly 3 days wait.
ultimately though i'm pretty sure this was some kind of cold-storage consolidation so no BTC actually changed hands.
There is a danger of theft, and the risk is to everyone, not just the parties to this big transaction. The risk is this:
1. A malicious syndicate gathers a billion dollars of bitcoin and sends it to themselves
2. In a short period of time, like a few days, the syndicate exchanges that bitcoin for non-bitcoin assets
3. The syndicate spends tens or hundreds of millions of dollars to fork the chain, backing up the ledger, so that they own the billion dollars of bitcoin again
So anyone accepting bitcoin for non-bitcoin assets for the next week or so is at risk. It doesn’t have to be a single transaction, though; this danger occurs whenever the transaction volume on bitcoin gets above the cost of mining.
If someone could fundraise a billion dollars, using it to steal another billion dollars (not great ROI considering all the security risks of bitcoin ecosystem) at the expense of shattering worldwide faith in Bitcoin (which also devalues the stolen coins), seems a really bad bet. It only makes sense if it was a government or some group spending a billion (semi illiquid because Bitcoin) dollars with the goal of destroying the Bitcoin ecosystem.
> it's just that with 51% of hashpower it becomes relatively cheap to perform such attack
The qualitative difference is that with 51% of hashpower you can sustain the attack indefinitely. Other miners might get the occasional block and temporarily take the lead but in the long run you'll always have the longest chain using only blocks you've mined yourself.
With less than 50% there's a chance that you can revert a transaction temporarily by mining two consecutive blocks (one to omit the transaction and another to make your chain longer than the original) in less time than it takes the main network to reach the same block height, but the odds of maintaining the attack drop by at least half with each additional block. The main network will always win eventually.
In any case no one controls anywhere close to 51% of the hashpower right now. There are pools which approach that size but they aren't monolithic entities; if the pool operators attempted to leverage their position as coordinators to carry out a sustained attack then miners would leave the pool.
That assumes that every other miner all mines the old chain. If you and ‘dumb’ miners that just use the longest chain add up to 51% then luck is enough.
No, I was assuming that the other miners continue the longest chain, not the old chain. But they'll include the transaction(s) you were trying to suppress in their blocks; they're not on your side. Each time they mine a block you have to start the attack over again, and the odds are not in your favor. You control under half the hashpower and you need to stay at least one block ahead of the main network. It's not a race you can win in the long term, even assuming a certain amount of luck.
If those transactions are larger than the wallets remaining funds that can’t happen. Aka wallet A moves coins to wallet B on the old chain and moves all it’s funds into wallet C in the new chain. In that case the A>B transaction is invalid on the new chain.
That isn't quite how Bitcoin works. Transactions use specific unspent prior transaction outputs (from the "UTxO" set) as inputs; there is no concept of "remaining funds". However, you're mostly right: if the attacker controls the private keys related to the original transaction then they can insert a conflicting transaction and make the original one permanently invalid on that chain. However, an attacker who does not have the private keys to sign a conflicting transaction cannot prevent the transaction from eventually being confirmed unless they control over 50% of the hashpower.
If you're concerned that the person you're receiving funds from might be willing to attempt a double-spend then you should wait for a suitable number of confirmations before considering the funds successfully transferred. However, if they control over 50% of the hash rate then there is no suitable number of confirmations that would make the transfer safe.
you're right, 51% represents a certain barrier when the attack becomes much more destructive, but it's still a spectrum. you can destroy faith in the system and value of bitcoin by performing multiple long reorgs with less than 51%.
Your math is off here. Block rewards are 12.5 BTC per 10 minutes and total fees per day are about 25-75 over last month. To get half of 94k BTC you'd be waiting quite a long time at 1,850 BTC per day total rewards + fees per day. 25 days, not 3.
1. "51% attack" is not a thing as in "one has to have 51% of hashpower to perform it". it's just that with 51% of hashpower it becomes relatively cheap to perform such attack. one can throw enough money at the problem and get lucky to perform large reorg with just 10% of hashpower. the lower the number - the more lucky attacker has to get.
2. "rewriting a block" or "billion dollar bounty" as the GP put it are just conveying wrong ideas. there is zero chance for that $1B to get stolen even if attacker gets 100% of hashrate. all they can do is revert the transaction so that money goes back to original owners by generating a fork in the chain that doesn't include said transaction.
even that is not enough because competing miners (assuming attacker doesn't really have all 100% of hashpower) will still eventually include the transaction because it pays lucrative fees.
the trick here is that in Bitcoin parties agree to finalize the deal only after certain number of confirmations (blocks created after the one that includes the transaction). general rule is to wait for 6 confirmations.
if there indeed was some $1B deal where 94k BTC changed hands i wouldn't be surprised if their agreed upon number of confirmations was ~500 blocks (half the value of transaction in question in miner rewards), which is roughly 3 days wait.
ultimately though i'm pretty sure this was some kind of cold-storage consolidation so no BTC actually changed hands.