Bitcoin 101: 51% Attack

In discussing bitcoin’s Security Budget, we introduced the concept of a “51% attack.”

What is a 51% attack?

A 51% attack refers to a situation where a single entity or coalition amasses more than 50% of the bitcoin mining hashrate and uses this control to manipulate the network.

If a malicious attacker controls >50% of the hashrate, they could conspire to build a longer, dishonest blockchain in private faster than the rest of the network can continue building an honest chain.

On this dishonest blockchain they could reverse recent transactions or double-spend tokens. Think of this as stealing or counterfeiting, respectively. They could also execute a Denial-of-Service (DOS) attack by intentionally not including specific transactions in their blocks.

(Importantly, they could not alter certain network rules, such as creating new coins or accessing private keys and stealing bitcoin that was not recently transacted.)

Nodes are locally run software programs that verify the state of the blockchain based on consensus rules that they all agree upon. One of those rules is to accept the longest blockchain as the true blockchain, because it has performed the most “work” to add blocks to the chain, i.e. “proof-of-work.”

Once a malicious attacker has built a longer (but dishonest) blockchain in private, they can broadcast that chain out to the rest of the network. Nodes will pick it up and agree that it is the true blockchain because it has the most blocks (i.e. has performed the most work), and confirm it. In order to keep proposing dishonest blocks, a 51% attacker must maintain >50% of network hashrate over time.

Since the cost to attack the network is marshaling >50% of the hashrate dedicated to mining new blocks, the total amount of hashrate on the network is bitcoin’s security, and the block reward (comprised of the block subsidy plus fees) awarded to miners for mining new blocks, thereby incentivizing them to deploy that hashrate, is bitcoin’s security budget.

A 51% attack is theoretically possible. But is it feasible? Is it likely?

For an established network like Bitcoin, executing a 51% attack would require an astronomically high amount of computational power. How much?

As we learned while discussing bitcoin’s security budget:

As of March, 2024, bitcoin is secured by approximately 540 EH/s (exa-hashes per second). A “hash” is a single attempt at solving the Proof-of-Work math problem required to mine a new block. One exa-hash equals one quintillion hashes.

540 EH/s is likely about equal to or greater than the total sum of the rest of the world’s computers if they were to flip a switch and start mining bitcoin today. This is because bitcoin mining ASICs (application specific integrated circuits) are about 2,000 times more efficient at solving PoW math problems than CPUs or GPUs.

And how much energy is needed to perform all those computations?

Global bitcoin mining electricity consumption is projected to be around 140 terawatt-hours (TWh) in 2024.

That’s more than the US Department of Defense at 117 TWh.

Global data centers consume about 200 TWh of electricity annually, to power the global internet.

The UK consumes about 300 TWh of electricity annually.

So, to put it in perspective, what’s currently securing the Bitcoin network?

The sum of the rest of the world’s computing power combined with half of the energy needed to power the entire UK for a year.

And it’s only going up:

Bitcoin has vast amounts of compute and energy securing it, and attempting a 51% attack would be extremely costly and with no guarantee of success.

What might be the incentive to attack the network in the first place?

Perhaps one would want to profit by stealing or double-spending bitcoin. They would likely need to steal a whole lot to cover the costs of doing so. And what would happen to the value of bitcoin if the network’s security was compromised? A thief motivated by profit would need to devalue the very thing they sought to steal in order to steal it.

Perhaps, instead, one wants to effectively shut the network down so that they can maintain their monopoly on money creation. Rather than direct profit, they are motivated by power and control and are willing to spend vast sums of their money on attacking bitcoin.

Remember, though, that the ultimate “cost” to perform a 51% attack isn’t borne in money. It is in hashrate, and hashrate is only amassed through the combination of specialized hardware and electricity. To the extent that capital can be frictionlessly and limitlessly converted into these resources, the cost to 51% attack the network can be approximated in money. But in reality, there is neither a limitless supply of bitcoin mining ASICs, nor of electricity.

If an attacker has all the money in the world, but does not have enough competitive mining hardware and an adequate energy source, they cannot 51% attack the bitcoin network.

This is one of the key, novel security features of proof-of-work generally and of bitcoin specifically: it is secured by real world energy and cryptographic logic, as opposed to all software programs that came before it, which are secured by just logic.

Logic can be exploited. Energy cannot be.

This fact is at the heart of beginning to understand Proof-of-Work vs. Proof-of-Stake, which will be the topic of next week’s Bitcoin 101.