A Twitter user by the handle GeoCold posted a tweet on Oct. 7 announcing their intention to wage a 51 percent attack against altcoin Einsteinium and live-stream the entire event on Twitch.
The user, who credits American hacker George Hotz with the idea to live stream the hack, isn’t coming from a place of malicious intent. Rather, they want to make people aware of just how easy it can be to take over a blockchain with a few dollars of rented hardware. GeoCold has two stated goals:
- Demonstrate how easy these attacks are for anyone to do, and
- Generally, teach people about the nuts and bolts of these attacks and potential mitigations.
Oct 13, 3:00 CDT (8:00 UTC) I'm doing 51% attacks against real live CryptoCurrencies and explaining the whole process on twitch. https://t.co/JQm34LrvhW
— GeoCold (@geocold51) October 8, 2018
What is a 51 Percent Attack?
A 51 percent attack occurs when, as the name suggests, an outside user assumes majority control of a targeted blockchain. Cryptocurrencies that operate by ‘Proof of Work’ (PoW) are set up to automatically accept the longest version of the blockchain as the correct version.
In a 51 percent attack, a miner can take advantage of that by using greater than half of the blockchain network’s hashing power to send funds to an address on the main blockchain while secretly sending the same funds to an address on a forked copy of that chain.
Because they’re in command of the majority of the network’s hashing power, they can create this secret chain, build it longer than the main chain, then release it later. Crypto51, a site set up to explain this attack and its dangers, explains it like this:
“Since other nodes only know about the main chain, they will see the first transaction as valid, and exchanges, etc will accept this transaction as valid. This malicious node can later release these silently mined blocks, and other nodes will accept this as the new ‘correct chain’ since it is longer. This will cause the original transaction to effectively disappear, and nodes will recognize the funds as being sent to the address from the new chain instead. This is known as a ‘double spend’ attack.”
While bigger coins would take a lot of money to attack because taking over their network would require an incredible amount of computing power, some altcoins like Einsteinium can be attacked for cheap. GeoCold is planning to conduct their attack with $50 USD.
Why is this important?
Coins with a low value, and therefore a typically low hashrate, make easier targets as they don’t take much computing power to gain 51 percent control over. One commenter on GeoCold’s post said 51 percent attacks against small blockchains is “like taking candy from a toddler.” So why do it at all?
GeoCold appears to be operating as a kind of “white hat” hacker, bringing attention to the issue so that people designing blockchain networks can see where the weaknesses are and build them stronger. This kind of vulnerability, even if it does make attacking larger coins prohibitively expensive, could still be cause for concern. Amid fears of hacking, scams, and vanishing crypto funds fueled by reports of recent attacks, it makes sense to err on the side of caution.
Cover Photo by Kaique Rocha on Pexels