The key problem of the IT industry as a whole (and the blockchain industry as well) is its susceptibility to hacking. Despite the fact that distributed ledgers are better protected from hackers than any other system, they also have a few weak spots.
The talks about blockchain being a universal cure against most problems relating to security are far from being true. However, this does not have to do with the technology itself, but rather with the outdated method of implementing the consensus mechanism in most of the biggest networks. Not only new coins can fall prey to the 51% attack (which already happens quite often), but also established blockchains like Bitcoin.
In this article we will explain what 51% attack is, what networks have already suffered from it, how the susceptibility to it can affect the industry, as well as why Universa blockchain is safe from it and how we managed to achieve this.
What are 51% attack and double spending
51% attack means that perpetrators obtain the control of more than half platform power. Obtaining the access to the majority of a network hashrate, hackers can independently issue new blocks and be the only ones who receive rewards for this, control and adjust time — set the convenient for them marks of a transaction date and time. They can also abuse the double spending (spending the same funds from the same wallet in a payment system twice), benefiting from the network vulnerabilities, which can result in even more losses for a platform.
Simply put, blockchain is all about the data on all the transactions are stored by all the network participants at the same time. That is why, in an ideal blockchain it is impossible to spend money twice. However, if a perpetrator owns the majority of capacities, they themselves decide how many times to transfer the same funds.
Which networks have already suffered from it and which ones are under threat
On October 13, an anonymous hacker publicly attacked Bitcoin Private. To reach the point where the double spending can actually be demonstrated, he spent $100. Therefore, the hacker not only showcased the blockchain vulnerability, but also cast a shadow on the coin value.
In the morning of June 3 ZenCash cryptocurrency posted a message in their blog about the attack on their blockchain. The perpetrator obtained the control over a large mining pull, which allowed him to retract a few transactions and profit from the double spending.
The hacker retracted 38 blocks and profited from double spending in 4 of them. Altogether, he received 19600 ZEN coins, which was $550,000 at the exchange rate on the day of the attack. The experts believe that to complete such an attack the hacker spent less than $30,000 to rent the equipment. The hacking immediately dropped the cryptocurrency exchange rate by 7%.
Within one month, Verge, another blockchain, twice fell victim to the 51% attack. In the end, the hackers obtained cryptocurrency for more than $2 million.
Experts believe that the Equilhash mining algorithm, although one of the most widespread in the industry, is at the same time one of the most vulnerable, as it allows to mine crypto even using PCs.
Bitcoin Gold, one of the two most successful Bitcoin forks, also operates based on Equilhash and it has already suffered from the 51% attack. In May, hackers, by compiling significant calculating capacities, manage to complete the 51% attack and profit from the double spending error on a number of occasions until the developers noticed the attack.
As a result of the Bitcoin Gold attack, hackers got their hands on 388,000 coins ($18 million in May). The attack prompted the developers to change the hash algorithm for a more secure one, but even this measure cannot guarantee that this attack won’t happen again.
Theoretically, even the first and the biggest blockchain, Bitcoin, can become a victim of this attack, not only its forks. If someone had enough funds to purchase enough of the latest models of ASIC miners, they would be able to perform an attack on the network. The inevitable price drop in case of a one-time withdrawal of a large cryptocurrency amount is the only constraint that protects the network. However, this does not mean that the 51% attack won’t happen.
Currently, there’s no effective way to fully eliminate the 51% attack possibility for the protection of the networks that use Proof of Work for the consensus purposes. Just like Bitcoin, other large networks, Ethereum and Litecoin, are also under threat.
This way, for instance, the Bitcoin network vulnerability was proven. In 2014, large mining pool GHash.io managed to obtain 55% of all the network hashrate. The cryptocurrency holders sounded the alarm back when the pool had obtained 30%, but its representatives negated the worries by saying that they wouldn’t perform the attack. And despite the fact that the attack, indeed, didn’t happen, the mere idea of possessing the majority of capabilities makes one really wonder if the network is truly secure and how the principles of decentralization should develop.
Another category of the especially vulnerable coins is new cryptocurrencies with low mining complexity. In this case, hackers don’t need vast resources for an attack, as the new blocks generating powers are still low. There will be little financial profit from such an attack, but it will result in the still unstable cryptocurrency basically losing all its users trust and any prospects for further developments.
Major cryptocurrencies based on large-scale and popular blockchain although better protected from the attack due to its high costs and low cost-effectiveness, still can be the potential victims, if the hackers don’t aim for the profit, but seek to discredit the blockchain network.
Defending blockchain against the attack
The main and the most effective method to achieve the highest level of network protection against the 51% attack is large size and scalability of the blockchain. The larger the blockchain, the bigger the electricity and equipment maintenance costs for the perpetrator trying to obtain the control over the majority of the network hashrate.
Another way to defend against such an attack is to apply the more modern, although also not ideal, Proof of Stake algorithm instead of the Proof of Work one. In PoS blocks are created not based on acquiring the calculating capacities, but based on possessing a cryptocurrency itself.
Such networks make attacks even more costly and even less profitable, as purchasing more than half of all the issued coins at the same time is very expensive, even when we talk about the low-developed networks. However, the relative degree of difficulty of the attack cannot be considered reliable protection.
Payment system Peercoin (PPC) uses this second method of security. As for November 2018, the PPC capitalization is $40 million, which is not as much as what the market leaders have, but already enough to make the 51% attack extremely expensive and unprofitable. Ethereum is also switching to PoS, which is ranked second, with the capitalization of $53 billion. The switch from PoW to PoS was carefully planned in the development strategy in advance.
Why the attack can’t scare Universa blockchain
The optimal way to protect against the 51% attack is to give up the mechanism of reaching consensus via mining, as it is unreliable and not secure enough, especially considering the ever-growing coin mining industry. Giving up Proof of Work brings a lot of advantages not only relating to scalability and even environmental sustainability, but also security.
In Universa blockchain, creation of new blocks, as well as verification of the performed transactions and their recording is not a prerogative of random miners from all around the world, whose capabilities perpetrators can accumulate for the attack, but is the responsibility of the certified partner nodes, which completely eliminates the possibility of the 51% attack and the hackers profiting from the double spending error. This means that before adding a new node, it is mandatory to undergo an internal test of node quantity for a specific participant. If this number exceeds 10%, induction of a new node to the system is rejected.
Another advantage of the Universa public networks is our own nodes and partner companies, which have enough power and capabilities to establish nodes. Smart contract processing in this type of networks is performed through UTN, and validity is verified by thousands of users devices.
In the Universa private networks, the validity is verified by the reliable and highly productive nodes, which reduces the transaction costs. The private networks also provide greater control of the platform, allow adjusting of the data access model and form a controllable environment. Such type of network is perfect for corporations and public institutions.
We, at Universa, are confident, that blockchain is a promising technology which allows to solve various problems not only due to its high speed and low costs, but also due to the highest levels of security, which is impossible to maintain with the help of the outdated mechanism of reaching consensus through mining.
The key problem of the IT industry as a whole (and the blockchain industry as well) is its… was originally published in UniversaBlockchain on Medium, where people are continuing the conversation by highlighting and responding to this story.