51% Attack

A 51% attack is a blockchain exploit where a single entity or group gains control of more than half of a network's computing power or staked tokens. With majority control, the attacker can manipulate the blockchain by reversing completed transactions, preventing new ones from confirming, or spending the same cryptocurrency twice. The 20% attack threshold that defines a threat at 51% is the point where one party can consistently outpace the rest of the honest network in building the chain.

Think of it like a vote where one shareholder owns 51% of the company: the other shareholders technically still vote, but they can never outvote the majority holder.

How the Attack Actually Executes

On a Proof-of-Work blockchain like Bitcoin, the attacker must control more than half of the total hashing power, which is the computing capacity dedicated to solving the cryptographic puzzles that create new blocks.

With that majority, the attacker builds a secret alternative version of the blockchain. The public chain continues processing transactions normally. Meanwhile, the attacker's private chain grows faster because it has more computational power behind it. Once the attacker's chain becomes longer than the public one, it broadcasts the private chain to the network. Nodes follow the protocol rule of accepting the longest chain as valid, so they switch to the attacker's version. Transactions that were in the old chain are erased. Any cryptocurrency the attacker sent and spent in the discarded chain gets refunded to the attacker's wallet, while the recipient is left with nothing.

Double-Spending Is the Primary Goal

The financial motivation for most 51% attacks is double-spending. The attacker sends a large amount of cryptocurrency to an exchange, converts it to another asset or withdraws cash, and simultaneously builds a private chain that omits that transaction. When the attacker's chain replaces the public one, the original payment disappears, but the attacker keeps what they received from the exchange.

In 2019, Ethereum Classic suffered exactly this scenario. An attacker double-spent approximately $1.1 million worth of Ethereum Classic by exploiting the smaller network's limited hashing power. Coinbase detected the suspicious activity and froze trading on the asset.

Larger Networks Are Dramatically Harder to Attack

The cost of a 51% attack scales with the size of the network. Attacking Bitcoin would require acquiring and operating more computing hardware than the entire rest of the Bitcoin mining ecosystem, which represents billions of dollars in equipment and ongoing energy costs. The economic reality makes attacking major networks effectively prohibitive.

Smaller proof-of-work cryptocurrencies with lower total hashing power are genuinely vulnerable. An attacker can rent the necessary computing capacity from cloud mining platforms for hours at a fraction of what it would cost to build infrastructure. Websites like Crypto51.app have historically tracked the estimated hourly cost of attacking various smaller chains.

Proof-of-Stake Changes the Attack Vector

In Proof-of-Stake networks, a 51% attack requires accumulating more than half of the total staked cryptocurrency rather than controlling hardware. For large networks like Ethereum, this means an attacker would need to purchase and stake hundreds of billions of dollars worth of Ethereum. The sheer cost makes the attack economically irrational. Beyond cost, Proof-of-Stake protocols include slashing mechanisms that would destroy the attacker's entire stake if malicious behavior is detected, adding a further deterrent that Proof-of-Work networks lack.

Sources:
https://www.coinbase.com/learn/crypto-glossary/what-is-a-51-percent-attack-and-what-are-the-risks
https://chain.link/article/what-is-a-51-attack
https://thedefiant.io/education/hacks/what-is-a-51-attack-in-crypto
https://hacken.io/discover/51-percent-attack/
https://corporatefinanceinstitute.com/resources/cryptocurrency/what-is-a-51-attack/