Few weeks ago, one of the bitcoin forks – Bitcoin Gold suffered a 51% attack on its blockchain and the hack got the hackers 18 million US dollar.
If you are curious what an attack like this costs to undertake on this BTG or any other blockchain, there is an interesting website that calculates exactly that. You can basically rent hashing power from NiceHash to complete an attack and the website tracks the cost for that rent.
The calculations are based on renting hashing power from NiceHash (explained in more detail here). As noted on the website, the top coins are safe from this, and the real problem occurs for smaller coins where NiceHash has more than enough hashing power to complete an attack.
It is very surprising that it is possible to rent enough hashing power for many of the smaller currencies, which makes you question the use of PoW for smaller coins.
The numbers this websites shows are staggering: for example, Bytecoin has a 1 billion dollar market cap and can be attacked for 600$ an hour or 15000$ for an entire day. By using a simple mining pool like NiceHash.
With this much hash power you can basically rewrite the whole chain of a smaller cryptocoin. This makes it possible for hackers to send their coins to exchange, exchange the coins for another coin, withdraw those coins, ewrite the blockchain back to the original and now hacker has the old coins and the coins he stole.
Most of the smaller coins networks rely on the benevolence of miners. They rely on miners playing nice which means the security model is broken right now. The whole point of crypto is we shouldn’t need to trust anyone.
This is where importance and advantages of Bitcoin network lie, it is slow and archaic, but it’s the historical ledger of crypto and the most difficult to attack.
Also, this plays into the cards of Proof of Stake advocates, as explained by Vitalik Buterin himself, PoS is much more resilient to the 51% attacks:
Theoretically, a majority collusion of validators may take over a proof of stake chain, and start acting maliciously. However, (i) through clever protocol design, their ability to earn extra profits through such manipulation can be limited as much as possible, and more importantly (ii) if they try to prevent new validators from joining, or execute 51% attacks, then the community can simply coordinate a hard fork and delete the offending validators’ deposits. A successful attack may cost $50 million, but the process of cleaning up the consequences will not be that much more onerous than the geth/parity consensus failure of 2016.11.25. Two days later, the blockchain and community are back on track, attackers are $50 million poorer, and the rest of the community is likely richer since the attack will have caused the value of the token to go up due to the ensuing supply crunch. That’s attack/defense asymmetry for you.
The above should not be taken to mean that unscheduled hard forks will become a regular occurrence; if desired, the cost of a single 51% attack on proof of stake can certainly be set to be as high as the cost of a permanent 51% attack on proof of work, and the sheer cost and ineffectiveness of an attack should ensure that it is almost never attempted in practice.
So 51% attack on PoS could absolutely happen and in theory is a lot easier than PoW, BUT the community concensus would hardfork rendering the attacker’s deposited coins as lost forever. This actually makes the community richer because it would largely decrease the amount of coins now in existence.
