We just started a new year and the 51% attacks are back on the news. On the 7th of January, exchange Gate.io was attacked with a double spending attack on the Ethereum Classic (ETC) blockchain. In this article I will cover how the attack was performed and the theoretical financial cost involved in performing such an attack.
All blockchains based on a Proof of Work (POW) algorithm are susceptible to such an attack. The lower the network hash rate the more the blockchain is exposed to such as attack.
When a transaction if performed on a blockchain, it is first transferred to a pool of unconfirmed transactions. The miner’s job is to add these transactions into a block and perform a computational expensive algorithm (a hash) to confirm the transaction.
When a miner solves this computation, the new blockchain and the proof of work are broadcasted to the whole network. Once the other miners detect that a new block has been found they stop their mining process and validate the new block. Once validated the miner is rewarded for the work performed. Once validation is complete all the miners will update their version of the blockchain and resume mining.
It is important to note that a blockchain is based on a majority. The longest chain transmitted in the network is regarded as the true valid version that all the nodes present the the network will use.
Based on this basic knowledge of how a blockchain works we can now dive into how the attack is performed.
To perform the attack we need to act as a rouge miner. Our aim will be to out run all the other minors in computational power and be able to generate our own version of the blockchain and then broadcast it to all the other nodes in the network.
Given that we can alter the blockchain we can now do double spending. We can perform a transaction such a transfer money to another account (to buy an item) and then erase it from the ledger as if it never happened. Giving us the possibility to spend it again. Thus the double spending attack
This type of attack is typically performed against crypto exchanges. The attacker would start mining and transfer crypto funds to the crypto exchange. Then exchange his crypto funds to a new coin and withdraw the new coin to his wallet. After the attacker gets the new coin the attacker will rewrite the blockchain by generating a longer version of the blockchain with his 51% of hash power. The attacker has now his original funds and can transfer them again to the crypto exchange and exchange them to another currency.
Lets now go into the costs of running this attack. To outrun all the other miners in the network we need to gain 51% of the hashing power on the blockchain we want to attack.
Calculation of the mining cost is fairly simple. We must first determine the hash rate of the blockchain we want to attack. Lets say we want to emulate the attack that happened at the start of this year.
At the time of writing this blog the Ethereum Classic has a network hash rate of 9.02 T/s ( 9 trillion hashes per second) and the Block time is 14.05s. (A new block is generated every 14 seconds). Information was extracted from whattomine.com
To calculate a very rough estimate of the attack I will use the cost calculator of nicehash which is an online service for cloud mining. At the time of writing this blog nicehash has an available total of 8.45 Th/s of hash power which is 92% of the required computation power (which is close enough).
We need to attack the network by gaining 51 percent of the computational power. Therefore we need 8.98*51/50 = 9.16 Th/s of hash power.
Using their public api provided we can determine the cost of renting this hash power.
https://api.nicehash.com/api?method=stats.global.current
{“price”:”3.2192″,”algo”:20,”speed”:”8520.75638223″,”profitability_eth”:”0″,”profitability_above_eth”:”0″},
The price is 3.2153 BTC/TH/DAY. So lets convert it to USD/TH/DAY
The bitcoin price today is 3618 USD. So the cost of processing per second
= 3.2153 * 3618 * 9.16 / ( 24 * 3600) = 1.2333 USD per second – 4439 USD per hour.
Theoretically we need to run the attack for the time required to generate one block. From the statistics we got from whattomine.com the average time to generate a new block is 14.06s so the attacking for one block is 17.34 USD.
Hope you liked this article. Feel free to add me on Linkedin here or contact me on email on [email protected].