Before diving into the 51% attack, it is crucial to have a good understanding of mining and blockchain-based systems.
One of the key strengths of the Bitcoin and its underlying blockchain technology is the distributed nature of building and verifying data. The decentralized work of the nodes ensures that the protocol rules are being followed and that all network participants agree on the current state of the blockchain. This means that the majority of nodes need to regularly reach consensus in regards to the process of mining, to the version of the software being used, to the validity of transactions, and so forth.
The Bitcoin consensus algorithm (Proof of Work) is what assures that miners are only able to validate a new block of transactions if the network nodes collectively agree that the block hash provided by the miner is accurate (i.e. the block hash proves that the miner did enough work and found a valid solution for that block’s problem).
The blockchain infrastructure - as a decentralized ledger and distributed system - prevents any centralized entity from co-opting the network for its own purposes, which is the reason why there is no single authority on the Bitcoin network.
Since the process of mining (in PoW-based systems) involves the investment of huge amounts of electricity and computational resources, a miner’s performance is based on the amount of computational power he has, and this is usually referred to as hash power or hash rate. There are many mining nodes in various locations and they compete to be the next to find a valid block hash and be rewarded with newly generated Bitcoins.
In such a context, the mining power is distributed across different nodes across the world, which means the hash rate is not in the hands of a single entity. At least it is not supposed to be.
But what happens when the hash rate is no longer distributed well enough? What happens if, for example, one single entity or organization is able to obtain more than 50% of the hashing power? One possible consequence of that is what we call a 51% attack, also known as majority attack.
A 51% attack is a potential attack on the Bitcoin (or another blockchain network), whereby a single entity or organization is able to control the majority of the hash rate, potentially causing a network disruption. In other words, the 51% attacker would have enough mining power to intentionally exclude or modify the ordering of transactions.
Such an attack would make it possible for the malicious entity to try and reverse transactions that he/she made while being in control, which would likely lead to a double-spending problem. A successful majority attack would also allow the attacker to prevent some or all transactions from being confirmed (aka. transaction denial of service) or to prevent some or all other miners from mining, leading to the so-called mining monopoly.
On the other hand, a majority attack would not allow the attacker to reverse transactions from other users nor to prevent transactions from being broadcasted to the network. Changing the block’s reward, creating coins out of thin air or stealing coins that never belonged to the attacker are also very improbable scenarios.
Since a blockchain network is maintained by a distributed network of nodes, all participants cooperate in the process of reaching consensus. This is one of the main reasons why blockchain networks tend to be secure. Bigger networks have a stronger protection against attacks and data corruption.
When it comes to Proof of Work blockchains, the more hash rate a miner has, the higher the chances of finding a valid solution for the next block. This is true because mining involves a myriad of hashing attempts and more computational power means more trials per second. Several early miners joined the Bitcoin network in order to contribute to the networks’ growth and security. With the rising price of Bitcoin as a currency, numerous new miners have joined the network aiming to compete for the block rewards (currently set as 12.5 BTC per block). Such a competitive scenario is one of the reasons why the Bitcoin network is secure. Miners have no reason to invest large amounts of resources if it is not for acting honestly and striving to receive the block reward.
Therefore, a 51% attack on Bitcoin is rather unlikely because of the magnitude of the network. Once a blockchain grows large enough, the prospect of a single person or group obtaining enough computing power to overwhelm all the other participants rapidly grows to unachievable levels.
Moreover, changing the previously confirmed blocks gets more and more difficult as the chain grows, because the blocks are all linked through cryptographic proofs. For the same reason, the more confirmations a block have, the higher the costs for altering or reverting the transactions of that block. Therefore, a successful attack would probably only be able to alter the transactions of a few recent blocks, for a short period of time.
Going further, let’s imagine a scenario where a malicious entity is not motivated by profit and decides to attack the Bitcoin network only to destroy it, no matter the costs. Even if the attacker manages to disrupt the network, the Bitcoin software and protocol would be quickly modified and adapted as a response to that attack. This would require the other network nodes to reach consensus and agree on these changes, but that would probably happen very quickly during an emergency situation. Bitcoin is very resilient to attacks and is considered the most secure and reliable cryptocurrency in existence.
Although it is quite difficult for an attacker to obtain more computational power than the rest of the Bitcoin network, that is not so challenging to achieve on smaller cryptocurrencies. When compared to Bitcoin, altcoins have a relatively low amount of hashing power securing their blockchain. Low enough to make it possible for 51% attacks to actually happen. A few notable examples of cryptocurrencies that were victims of majority attacks include Monacoin, Bitcoin Gold and ZenCash.