Vano Narimanidze: Bitcoin may be hacked by a 51% attack

Vano Narimanidze: Bitcoin may be hacked by a 51% attack

As reported by Vano Narimanidze, Founder at Overclockers GE and Co-Founder at Blockchain Association Georgia, most of PoW algorithm-based cryptocurrencies may be hacked by an attack 51%, even Bitcoin. In his interview with the press service of Blockchain & Bitcoin Conference Prague, the expert dwelled on the way an attack 51% is performed, algorithms that make a blockchain vulnerable to such threats, and solutions to avoid them.

Interview: Blockchain & Bitcoin Conference Prague (BBCP)

Respondent: Vano Narimanidze (V. N.)

BBCP: When did you take a serious interest in blockchain and cryptocurrencies, and in what circumstances?

V. N.: Although I have seen Bitcoin for the first time really early, back in 2010 and 2011, when it cost 0.05 USD and just over 1 USD, respectively, I did not buy or mine any, I did not even read the whitepaper and I did not get interested.

My serious interest in blockchain and cryptocurrencies began from early 2017 though when I started mining at a small scale and as I realized I could no longer be a Bitcoin billionaire I started learning a lot about the technology itself.

During early 2017, I have read The Book of Satoshi by Phil Champagne and How Money Got Free by Brian Patrick Eha and watched several good documentaries about Bitcoin that made me think about the cause cryptocurrencies serve and about benefits they provide. From that on, my belief and interest in blockchain and cryptocurrencies have been increasing exponentially, just non-stop. I believe it will be a very significant part of history and I wish to make my mark.

BBCP: What do you think will the cryptocurrency market face in 2019?

V. N.: In my opinion, 2019 will be the year of delivery. If nothing else, the technology has got just better, a lot better. 2018 has been a ‘bloody’ year and the ICO boom has faded but the scene has been cleansed from a lot bad and unfortunately some good projects too. Even though we are still in the longest crypto bear market to date many interesting startups emerged. Obviously, ICOs (or STOs, as they are being called now) are still here but no one finances them as easily and blindly as during the bull market.

2019 will also be the year of building. If you believe that the crypto market will recover, you must be ready for the influx of new users.

Although I am not a big fan of so-called stable coins, they seem to be getting big in 2019 too, of which Maker’s Dai has a very interesting business model.

BBCP: What are Horizen's plans for 2019?

V. N.: Speaking of Horizen, we have tons of things planned for 2019 in our roadmap. We are building the infrastructure, expanding our user base and delivering products. With our budget tied with the price of ZEN cryptocurrency (Horizen’s treasury consists of 20% of newly generated coins) and stretch goals in place, we will be able to go after them if the price recovers and design DAG and develop an on-chain payment system for our Secure and Super Nodes.

BBCP: As one of Georgia’s leading crypto experts, you are well-versed in such a term as 51% attack. What is the concept of these attacks?

V. N.: The most common goal of a 51% attack is to perform a double spend, which means spending the same coin twice. In order to perform a 51% attack on a blockchain network, you need to control a majority of the hash rate or computing power of the network, hence the name.

A malicious miner wanting to perform a double spend will first create a regular transaction spending his coins on a public chain buying a good or another currency and at the same time start mining a private, hidden chain himself, not including his transaction inside it. If he controls a majority of the computing power, his chain will grow faster on average than the honest chain. Once the attacker’s chain becomes longer, i.e. has more blocks inside it, he will broadcast his private branch to the entire network. All the honest miners will then drop their branch and start mining on top of the malicious chain. Because in the malicious chain the attacker hasn't included his own transaction, it seems to the network as if it has never happened. The attacker is still in control of his funds. He can now go and spend them again.

BBCP: What blockchain algorithms are prone to an attack 51?

V. N.: Not only PoW blockchains are vulnerable to the 51% attack, but PoS blockchains are also vulnerable too.

If you manage to accumulate enough coins or control so many nodes that you have 51% of the staking, you can successfully do a 51% attack against a PoS chain too. Though it is harder to do in a PoS blockchain and you can also fork a chain, deleting a malicious stake. Latest research shows that PoS blockchains are more vulnerable to Fake Stake attacks.

Speaking of PoW, these attacks are possible because the system allows to ‘overwrite’ the current node view of the blockchain history with the new one after a user accepted a specific transaction, e.g. after the Exchange waited for the confirmation time. This obeys Satoshi's principles given in the Bitcoin white paper and implemented by most of the PoW cryptocurrencies.

Block generation in PoW consensus is a stochastic process and honest miners can generate blocks in parallel on the same height (with probability depending on block generation time and network delays), for which Satoshi Consensus (the longest chain rule) has a simple method to adjudicate by ultimately defaulting to the chain with the most accumulated work. Thus, pruning shorter branches with lower accumulated work has been an efficient way to keep the linear sequence of blocks across these distributed systems.

Many things changed since publishing the Bitcoin white paper. Some of the most significant changes that jeopardize the longest chain rule are the appearance of ASIC miners and other computation boost techniques that completely break the ‘one-CPU-one-vote’ principle. Many cryptocurrencies share the same mining algorithm, but have extreme differences in hash rate, which allows for the computation of one cryptocurrency mining pool to potentially be used to attack another chain.

BBCP: Can a blockchain be hacked by such an attack?

V. N.: Speaking about Bitcoin, it would be very hard to accumulate so much hash rate that you can do a successful 51% attack against Bitcoin’s blockchain but if you manage to do that, Bitcoin’s blockchain has no protection against it. Same goes for the absolute majority of PoW cryptocurrencies.

BBCP: What other cases of 51% attack, save for Horizen, do you know?

V. N.: The first successful 51% attack in 2018 has been conducted against Bitcoin Gold, which has been a massive hit to the cryptocurrency world because it made clear that 51% attack was no longer a theory.

Apart from us, there have been successful 51% attacks against MonaCoin, Verge, Litecoin Cash, Vertcoin, PIRL and the latest one – against Ethereum Classic.

A website called has been started to bring light to the risk of 51% attacks on smaller cryptocurrencies. This website has a collection of coins and the theoretical cost of a 51% attack on each network, based on NiceHash prices.

BBCP: What solutions for avoiding 51% attack could you offer?

V. N.: We set up a tripwire system as part of the plan that would alert us if it detected a significant net-hash increase, and we put our tech team on a standby monitoring the network. The Zen network was the target of a 51% attack. The team began executing the mitigation procedures they had been working on to significantly decrease the difficulty of future attacks. The short-term solution was to ask our exchange partners to increase the block confirmations to at least 100 temporarily. That gave us enough time to be able to monitor the network and in case of repeated attacks, alert exchanges in time.

Because our engineering team was already working on possible solutions for a 51% attack, we did the POC and coding quickly and proceeded with the network upgrade.

We determined the best solution was to enhance the longest chain rule (Satoshi Consensus) and introduce a penalty for delayed block reporting. This makes it exponentially more difficult and costly for those looking to perform a 51% attack.

The penalty affects actors who try to mine blocks in private and later inject them into the chain. The penalty applied will increase quadratically based upon the number of blocks withheld. For example, if nefarious miner submitted their chain 26 blocks behind the legitimate chain he would need to continue mining publicly, and in competition with the legitimate chain for 351 blocks more until his chain is accepted as the new true blockchain. It is worth considering that the penalty mechanism affects only private/hidden mined chain and public network upgrades (hard forks) are not affected by this.

Our solution turned out to be sufficient enough for our blockchain and no successful 51% attacks have been recorded ever since the upgrade.

Several other projects have already started working on their solutions. One of the notable ones is PIRL’s PirlGuard System, the protocol inspired by Horizen’s penalty system and built for Ethash.

We encourage the whole cryptocurrency ecosystem to think ahead and take action to protect themselves even before they are attacked.

Willing to find out more about the topic? Join us at Blockchain & Bitcoin Conference Prague.

Buy a ticket
Meet new speakers and key news of the conference