Crypto51

About

What is the purpose of this site?

This website is intended to bring light to the risk of 51% attacks on smaller cryptocurrencies. It is not intended to encourage or help in completing an attack, but instead to get people talking about the problem and potential solutions.

What is a 51% attack?

In Proof of Work (PoW) cryptocurrencies, nodes typically are set up to recognize the blockchain with the most blocks (and therefore the most hashing power) as the correct version of history. Miners with > 50% of the network hashing power can take advantage of this by sending funds to one address on the main chain, while sending the same funds to another address on a forked copy of the blockchain that they are silently mining with more hashing power than the main chain.

Since other nodes only know about the main chain, they will see the first transaction as valid, and exchanges, etc will accept this transaction as valid. This malicious node can later release these silently mined blocks, and other nodes will accept this as the new 'correct chain' since it is longer. This will cause the original transaction to effectively dissappear, and nodes will recognize the funds as being sent to the address from the new chain instead. This is known as a 'double spend' attack.

Most bigger cryptocurrencies have sufficient mining capacity behind them, making it extremely expensive to acquire the necessary hardware to pull an attack like this off. Smaller cryptocurrencies have less hashing power securing the network, making it possible to simply rent hashing power from miners on a service like Nicehash for a few hours. This significantly reduces the capital costs of an attack.

Recently there have been a number of 51% attacks including a high profile attack against Bitcoin Gold where $18 Million was stolen.

How is the attack cost calculated?

Using the prices NiceHash lists for different algorithms we are able to calculate how much it would cost to rent enough hashing power to match the current network hashing power for an hour. Nicehash does not have enough hashing power for most larger coins, so we also calculated what percentage of the needed hashing power is available from Nicehash.

Note that the attack cost does not include the block rewards that the miner will receive for mining. In some cases this can be quite significant, and reduce the attack cost by up to 80%.

Can we reduce the risk?

There are a number of possible solutions to this problem:

Where is the data from?

Hash rates are from What to Mine, coin prices are from CoinMarketCap, and rental pricing is from NiceHash. The data has been spot checked for accuracy, but please let us know if any data is incorrect, and we'll do our best to fix it.

API

An api is available at this url. Please note this api is subject to change, but we will try to limit any disruptions.

Open Source

This project is open source - pull requests and other updates can be submitted on github.