Double spending: the 51% attack

The 51% attack is a possible attack on the bitcoin network (and on all blockchains) that allows to rewrite the history of all transactions.

It’s a very expensive attack and therefore practically unfeasible, but possible in theory.

Trying it wouldn’t make much sense, because the attack would only work once and the bitcoin value would drop down to zero, since people wouldn’t trust a network lacking security anymore.

The rule for a blockchain is that when there are two different versions of it competing with each other, the nodes choose the one that gained more POW, but we could simplify this concept saying that the nodes choose the longer chain.

Let’s see how an attack would go with a hypothetical example: you’re a car dealer and you sell me a Ferrari; I own 51% of the hash power. I could follow this procedure to scam you:

  1. I buy the Ferrari
  2. I pay you
  3. I wait for the payment transaction to be written on the blockchain
  4. I get the Ferrari and leave the store as its legitimate owner
  5. I use all my computing power to rewrite the blockchain and it will be as if the payment never happened.

At this point I could walk into a Lamborghini store and spend the same amount of bitcoins to buy a Lambo.

At this point I could walk into a Lamborghini store and spend the same amount of bitcoins to buy a Lambo.
But let’s see point #5 more in detail: I would have to start mining from the previous block up to the one where my payment was written. As a consequence, this would generate two different blockchain versions competing with each other: the one that contains my payment and the one that I’m mining and where I’m really careful not to write that transaction again. Since I have more processing power than those who are mining on the original chain, sooner or later the blockchain I’m mining will become longer than the one everyone else considers as valid. That’s when they will begin to see mine as valid and they will prefer it to the original one.
If I didn’t own more than 50% of the hash power, on the other hand, my alternative chain would always be shorter and the attack would fail.
Every now and then it actually happens that a blockchain gets rewritten and that a block that had been mined gets eliminated, but this is due to the fact that two different miners find a valid block almost at the same time and two competing blockchain versions coexist for a very limited time.

This is the reason why you need to wait two or three confirmations to be sure of the payments.

The cost of the attack depends on how many blocks you want to rewrite, so the higher is the number of blocks added after the one where the transaction was recorded, the more certain you can be of its validity.

Lascia un commento