Back in January, news of reversed transactions on the Ethereum Classic (ETC) blockchain (little brother to the main Ethereum blockchain) made headlines and raised concerns about blockchain security. The product of a “51% attack,” these transaction reversals allowed some ETC tokens to be spent twice, a cardinal sin in cryptocurrency called a “double spend,” and the exact problem blockchains were invented to solve.
In response, U.S.-based cryptocurrency exchange Coinbase disabled sending and receiving on the ETC network. Wired called it a “black eye for cryptocurrencies,” and one Forbes contributor went so far as to describe some blockchains as “laughably unsecure.”
Let’s dip into our fictitious reader mailbag and see if we can help make sense of it all.
What do you mean transactions were “reversed”? I thought blockchains were supposed to be permanent and unchangeable. What’s the word … immutable, right? —Confused in California
To paraphrase the great Miracle Max, it just so happens that blockchains are only mostly immutable.
Many well-known blockchains like Bitcoin, Ethereum, and in this case Ethereum Classic, use a system called Proof of Work for security. On these blockchains, in order to add a new block of transactions to the chain, the network must first solve a complex cryptographic math puzzle. Whoever solves the puzzle gets a reward and adds their new block to the blockchain.
This process is called “mining” and has attracted enormous amounts of computing power. If any individual or group were able to gain control over a majority of the computing power on a given network, they would be able to impose their will on the rest of the network, including making changes to the blockchain.
So if someone on the network gets enough power, they can do whatever they want? —Alarmed in Alabama
Fortunately, no. Even someone controlling more than half of the network can’t break the blockchain’s underlying cryptography. They can’t invent new coins, pay themselves an extra reward or force others to accept invalid transactions. And they can’t hack your private key or steal your crypto directly.
What they can do is control which transactions make it onto the blockchain and which ones do not, raising issues of blacklisting and censorship. And they can sometimes remove or “unconfirm” transactions that have already been “permanently” stored on the blockchain. This is the power that opens the door for the 51% attack double spends like the ones we are talking about.
What is a 51% attack? Please explain. —Befuddled in Bermuda
A warm welcome to our international readers!
Because blockchain networks are spread out across the globe, participants hear about new transactions and blocks at different times. To keep everyone on the same page and in agreement about which version of the blockchain is the correct version, participants agree to follow the longest valid chain.
Say you control 51% of the FakeCoin network. You send $1,000 worth of FakeCoin to an online merchant who accepts it for the purchase of a new TV. Once your transaction has been included in a block on the FakeCoin blockchain, the merchant ships your TV.
However, while the rest of the FakeCoin network works to add your transaction to the blockchain, you instead use your 51% to mine a secret, alternate chain that excludes your payment to the merchant. Because you control the majority of the FakeCoin hash power, your secret blockchain grows faster than the publicly known chain. After the merchant ships your TV, you broadcast your longer, secret chain to the rest of the network, and the remaining nodes follow their programming and switch to your longer chain. Your payment to the merchant has just been erased from the blockchain, and you are free to spend the $1,000 worth of FakeCoin again.
This is what happened with Ethereum Classic, only here the double spends totaled around $1.1M.
Hoo boy! Here I thought blockchains were immutable, and now I’m learning that millions of dollars might be vulnerable. This is a disaster of Biblical proportions. Human sacrifice. Dogs and cats living together. Mass hysteria! —Peter in Punxsutawney
While many blockchains may be susceptible to this kind of 51% attack, in practice that risk is not spread evenly. Blockchains can be classified by their “hashing algorithms,” the complex equations that make up each blockchain’s math puzzle. Blockchains that use the same hashing algorithm belong to the same family and, most importantly for our purposes, can be mined using the same hardware.
Bitcoin and Ethereum are the heavyweights of their algorithm families and face relatively low risk of a 51% attack. The enormous computing power involved and the level of coordination required to secure 51% of that hash power from among so many competing parties make the chances of a successful attack unlikely. Low chances of success and the potential to erode each coin’s reputation and price make an attempted attack unattractive to most network participants.
But the landscape is much different for Ethereum Classic, which operates on only ~5% of the computing power of main-chain Ethereum but uses the same hashing algorithm. Instead of massive coordination, all that is required to gain 51% of the Ethereum Classic network is to temporarily borrow a small fraction of the Ethereum main network power. Hash power can even be rented for a number of different hashing algorithms, making a 51% attack on these so-called “minority hash” chains even easier.
There is a reason a successful attack happened on Ethereum Classic and not Ethereum.
Let’s wrap up with a few takeaways.
First, the attack on Ethereum Classic was important because it was a successful, real world example of an attack vector that had been widely discussed but rarely seen in the wild. It is a reminder that care must be taken with regards to transaction finality and has rightfully focused attention on important issues of blockchain governance and security.
Second, it’s probably an appropriate time for anyone receiving payments on a blockchain to do a quick policy review. How long to wait before considering payments final will vary depending on the nature of the transaction, amount involved, and relationship between the parties. Common heuristics, such as Bitcoin’s “wait for six block confirmations” will likely not be appropriate in all cases.
Third, not all blockchains are created equal. The likelihood of a successful 51% attack on majority-hash blockchains like Bitcoin or Ethereum is simply much, much smaller than it is for blockchains like Ethereum Classic. The important lessons for users are to understand the particular strengths and weaknesses of any blockchain on which they transact and to assess the risks unique to each blockchain individually.