51% attack, and what is capable of destroying Ethereum 2.0
10.11.2021

51% attack, and what is capable of destroying Ethereum 2.0

By bit.team

There are various solutions for obtaining cryptocurrencies. One of them is to engage in mining in order to receive rewards. And in order to better take advantage of these rewards, miners often get together and form a pool. On Coinmarketrate.com. you can find dozens of descriptions of this process. But this concept which promotes the development of blockchain, can also become its biggest nightmare. This is the case when a 51% attack occurs. What is it about? What are the chances that this will happen?

The world of cryptocurrencies is based on several principles, including the principle of the existence of the blockchain. Cryptocurrency cannot exist without blockchain. But the blockchain can become vulnerable and be hijacked by any person, group of people or organization. In all cases, in order for an attack to be effective and have real consequences, its initiators must have a mining power of more than 50%. So at least 51%.

When they have most of the computing power of the network, hackers can cancel transactions made by other users. They can also decide which transactions will be confirmed and which will not.

As a rule, the 51% attack is directed against Proof of Work (POW) blockchains. Why? Because in this type of decentralized management, transactions approved by the majority are recorded in the transaction registry.

What types of blockchains are vulnerable to attacks

Theoretically, it is not difficult to perform a 51% attack. It is enough to have a mining node and have most of the shares of the blockchain network under its control. As long as hackers have the necessary funding to complete the operation, they can succeed. Exactly how does this happen? Let’s take Bitcoin as an example.

With powerful ASIC machines, you can have significant computing power. This power increases when several miners gather. However, in reality, the total computing power of the BTC network and its size make the operation difficult, almost impossible. To implement it, it is necessary that thousands of miners unite and use their computing equipment.

But the BTC blockchain is not the only one that exists. The rest are not as stable.

If we take the case of a blockchain, for example, such as LeaCoin (LEA), the data will change. Indeed, since the blockchain is small, it is vulnerable. Hackers who replenish their equipment fleet with ASIC computers with a total computing power exceeding 1 TH/s can successfully carry out a 51% attack on the blockchain.

What are the consequences of such an attack

The 51% attack has positive consequences for … the hacker. In fact, since he controls most of the cryptocurrency mining, he receives significant rewards. These rewards become even more important when the attack is carried out by a team of people. After all, some people usually engage in blockchain attacks for financial gain.

If an attack is beneficial for a hacker, the consequences will be dramatic for the cryptocurrency that is its victim. Among other things, the asset loses its value. His reputation is under threat and investors are losing confidence. They will no longer use it to perform their transactions. As a result, the loss of value is further compounded.

Another consequence is that a hacker can perform double attacks. To do this, it changes the history of the blockchain: we must remember that it has the necessary computing power. By changing the history of the blockchain, a hacker can restore the spent coins and re-invest them in the network.

There is an even more serious situation. The 51% attack gives the performer the opportunity to carry out a DoS attack that will allow him to disable the entire network. Thus, it affects the economic system and causes significant losses to other miners.

Examples of attacks

Cases of such attacks are numerous. Unfortunately, besides Bitcoin, other cryptocurrencies seem vulnerable and are an ideal target for hackers. Moreover, many of them eventually became his victims. Let’s look at some of them:

Bitcoin-Gold (BTG) is a kind of Bitcoin, but it doesn’t have the same resistance as it does. In May 2018, when it was the 26th largest cryptocurrency in the world, it became the target of a 51% attack. The attackers managed to gain control over most of the hash power of the cryptocurrency. In addition, they were able to earn twice as much money as they spent on the operation.

Project Verge has been attacked twice since its launch. The attack that occurred in April 2018 turned out to be the most effective. Since the Verge (XVG) offer was not limited, the hacker, whose identity is still unknown, issued new tokens worth more than $1 million.

In November 2018, it was the turn of the Vertcoin cryptocurrency (VTC) to become the target of a 51% attack. This time, about $100,000 was stolen.

Ethereum Classic (ETC) has also been the target of a number of 51% attacks. The first attempt took place from July 31 to August 1 of the same year. The person responsible for this attack was able to get more than 807,000 ETC, or $5.68 million at that time. According to the research company Bitquery, he spent $192,000 in BTC for the success of this project. A few days later, on August 6, a new attack occurred, as a result of which 4,000 blocks of the blockchain were reorganized. This year it happened again.

What is the 51% chance of an attack?

Although a 51% attack is theoretically possible, in practice it seems impossible. That’s right, the examples show that this has already happened several times. However, analysts believe that a criminal miner will need hash power equivalent to the power of millions of miners around the world. In addition, he will have to spend a large amount of money to buy the necessary mining devices.

However, this does not mean that there are no chances of an attack. On the contrary, they are real. For example, when there is an error in the block chain code, it may allow a hacker to create new blocks at a faster rate than usual. So he can launch a 51% attack.

The 51% attack represents a real threat to crypto-blockchains. This has already happened to many digital assets. However, theoretically this seems impossible, since it requires large computing power and the activation of several devices. To date, the Bitcoin blockchain is the one whose probability of becoming the target of hackers is 0%. But you can’t say the same about Ethereum.

3 Radical Ways to Destroy Ethereum 2.0

Ethereum is on its way to one of the biggest upgrades in its history with the release of version 2.0. However, the transition from proof of work (POW) to proof of ownership (POS) will not be a risk-free process. Researchers are assessing the situation, and the conclusions are disappointing.

The Ethereum network, as we know it, ensures the functioning of its consensus using a proof-of-work mechanism similar to the Bitcoin mechanism. However, since its launch, developers, including co-founder Vitalik Buterin, have identified the limitations of this model. Since 2016, the Ethereum developer community has been planning a transition from proof of work to proof of stake.

A lot has changed since then. After several years of development, the transition to PoS has never been so close. In practice, developers expect this in the first quarter of 2022. Unfortunately, some researchers are beginning to point out this transition as unsafe, highlighting several attack vectors.

Ethereum 2.0: Proof of Risk

On October 19, Kaspar Schwartz-Schilling, Barnabe Monno, Aditya Asgaonkar from the Ethereum Foundation, Joachim Noah, Ertem Nusret Tas and David Tse from Stanford University published a scientific article entitled “Three Attacks on Proof-of-Stake Ethereum”.

As the name suggests, there are 3 attack vectors that can endanger Ethereum 2.0.

  • Reorg Attack

The first vector will allow for a reorganization attack without the need for significant resources.

This attack will take place in 4 stages:

  1. At the beginning of slot n + 1, the attacker will create a block privately based on the previous block n. Since the block is private, honest validators will not see it and will confirm that the chain header is block n;
  2. At the beginning of the next slot (n + 2), an honest validator will offer an n + 2 block. At the same time, the attacker publishes his private block and certifies it for slot n+ 2. Hence, these 2 blocks will conflict because they will share the same parent block.;
  3. Since the attacker’s block will have its own certification and will have more weight due to its priority, honest validators will consider it the head of the chain;
  4. At the beginning of slot n + 3, a new honest validator will offer block n + 3, pointing to block n + 1 as the parent (attacker’s block). This will result in an n+2 lock, which will complete the reorganization attack.

However, please note that this whole attack can only be carried out if there is no delay in the network, which is very unlikely. The article concludes that this is “a non-trivial problem, but feasible in practice.”

Unfortunately, all the actions described above will not be considered fraudulent and, therefore, will not lead to any fine (punishment), leaving the attacker free to repeat these actions as many times as he wishes.

  • Balancing Attack

The second identified attack vector is the so-called balancing attack. Its purpose is to block the Ethereum 2.0 consensus mechanism.

In practice , this attack has 2 main stages:

  1. Attackers offering blocking will offer 2 competing channels, called Left and Right;
  2. The proponents will zealously vote for 2 channels in order to direct the vote of honest validators. Attackers will make sure that there is a connection between the two chains, so that the system remains connected and blocks consensus.

Since the validators could not agree on which channel to choose, consensus would be blocked until resolved.

Again, this attack requires preparation, as well as proper timing. Although this is possible in practice, this does not mean that it is possible in real conditions, with several thousand validators on the network.

Again, these actions are unlikely to be punished by the network. This again gives the attacker the opportunity to persist until the attack takes place.

  • A combination of the first 2 attacks

The final attack will consist of combining the 2 attacks presented earlier.

“Combining the ideas of these two attacks, we now describe an attack in which an attacker can perform a reorganization over long distances, with infinitely low rates and without controlling network delays”.

Conclusion

Fortunately, 51% attacks and threats to Ethereum are known today (fortunately, this became known a few months before the transition to Proof of Stake). Thus, developers can now take these risks into account in order to publish a new hard fork that will provide fixes to reduce the risk of attacks.

Recently, the first hard fork occurred on the Ethereum 2.0 network with the deployment of the Altair update. The first of a long series, this one may well be followed by another, following the revelations of this publication. And thank God, everything went smoothly.