In case of a 51% attack, can the damage be reverted?

[20kevin20]

Hi! I'm not a new guy around here - been in this space for half a decade now. However, I do still have some questions and one of them is about the case of a 51% attack on the Bitcoin network.

Say some hackers somehow get the control of more than 51% of the BTC network. I guess this isn't impossible as there have already been a few tries and if we consider the fact that a few miners own +51% of the mining power, a hacker has only a few targets to hit in order to control the mining power.

Now this is the way I see it. I might be wrong about anything I wrote above and if I am, please someone point me toward the right direction.

If what I said is possible someone gets to control the mining power and does damage to the network.. can this be reversed when the big miners get back in control? IIRC, something similar happened way back when Bitcoin was in its first years and someone got in control of some Bitcoins they shouldn't have been in control of, and this was reversed through a Bitcoin Client update or something like that.

So, in case of a 51% attack... is it possible to reverse the damage?

[1714079651]

1714079651

[1714079651]

1714079651

[1714079651]

1714079651

[20kevin20]

You can revert block mined with 51+% hashrate, but you can't reverse the damage (such as merchants who suffer losses from double-spend attack).

But this requires agreement of community (or at least pools) to reverse/rollback blocks and can't be done automatically/without human intervention.

I see. But doesn't rolling back blocks also roll back transactions? If the blocks get rolled back to the one BEFORE I made a transaction, wouldn't that mean I would get my money back while the other party would be at loss?

[NeuroticFish]

I see. But doesn't rolling back blocks also roll back transactions? If the blocks get rolled back to the one BEFORE I made a transaction, wouldn't that mean I would get my money back while the other party would be at loss?

With rollback you erase a chunk of the history. And yes, that means all the transactions included in that block / those blocks.
Luckily Bitcoin network is strong enough to make 51% attack too expensive to worth it, because the rollback is a nightmare and really nobody would consent to support it.

[aliashraf]

You can revert block mined with 51+% hashrate, but you can't reverse the damage (such as merchants who suffer losses from double-spend attack).

But this requires agreement of community (or at least pools) to reverse/rollback blocks and can't be done automatically/without human intervention.

50%+1 attack could be carried out for cheating exchanges and merchants who are not cautious enough to wait for more confirmations and release their assets for the attacker who is able to revert the chain back and re-write it with blocks that don't include the transaction he has convinced the victim wit and instead confirm an alternative transaction that spends the output and makes the original one useless.

It is a short range attack, the new chain is valid and has no breach other than being selective about few pairs of competing double spend transactions in favor of the attacker. There is no way to invalidate such a brand new chain and restore the old one (without a hard fork).

Good News:
Third parties could always mitigate this scam schema by waiting for more confirmations when they are committing to high stake transactions. The smartest approach would be calculating the attack cost which is linearly dependent on the range of attack and comparing it to the stakes involved and choosing to wait for more confirmations relatively.

Note that a long range 50%+1 attack is impractical and won't e carried out in real world because the attacker will ruin the coin under consideration by such an attack while spending too much resources (electricity, rents, ...) it turns the whole purpose of the attack to be void.

[Wind_FURY]

IIRC, something similar happened way back when Bitcoin was in its first years and someone got in control of some Bitcoins they shouldn't have been in control of, and this was reversed through a Bitcoin Client update or something like that.

Can you give us the whole story of that "something similar"? It would be incorrect to assume that a successful 51% attack would give someone the power to steal. Because, anyone correct me if this is a mistake, if an attacker can control 100% of the hashing power, it still cannot turn invalid transactions into valid transactions. The nodes will not relay them. It can only censor transactions.

[ranochigo]

IIRC, something similar happened way back when Bitcoin was in its first years and someone got in control of some Bitcoins they shouldn't have been in control of, and this was reversed through a Bitcoin Client update or something like that.

Can you give us the whole story of that "something similar"? It would be incorrect to assume that a successful 51% attack would give someone the power to steal. Because, anyone correct me if this is a mistake, if an attacker can control 100% of the hashing power, it still cannot turn invalid transactions into valid transactions. The nodes will not relay them. It can only censor transactions.

It has never happened. The only time anything like this happened was with the bug[1] that resulted in block rewards that was over the limit. It was forked off and everyone switched. And you're right, you can't make transactions that are invalid into a valid one.
[1] https://nvd.nist.gov/vuln/detail/CVE-2010-5139

[ABCbits]

With rollback you erase a chunk of the history. And yes, that means all the transactions included in that block / those blocks.
Luckily Bitcoin network is strong enough to make 51% attack too expensive to worth it, because the rollback is a nightmare and really nobody would consent to support it.

Actually, AFAIK it happened twice :
1. Value overflow in 2010 where attacker generate 184,467,440,737.09551616 Bitcoin
2. Accidental hard-fork after QT 0.8 release where it has different DB version and not compatible with older version

So, if something major like that happen again, rollback might be supported by parts of the community

Note that a long range 50%+1 attack is impractical and won't e carried out in real world because the attacker will ruin the coin under consideration by such an attack while spending too much resources (electricity, rents, ...) it turns the whole purpose of the attack to be void.

I agree as it's not impractical, expect it happened once with Bitcoin Gold (a fork of BTC). AFAIK attacker borrow hashrate from various mining rental services such as NiceHash to reverse 22 blocks, which is far higher than average confirmation needed by most merchants/exchange (1-6 confirmation).
While it can't happen to Bitcoin as there's no services which could provide hashrate enough to perform 51% attack. All cryptocurrency which it's hashrate is lower than hashrate of mining rental service combined should be very careful.

[HeRetiK]

Note that a long range 50%+1 attack is impractical and won't e carried out in real world because the attacker will ruin the coin under consideration by such an attack while spending too much resources (electricity, rents, ...) it turns the whole purpose of the attack to be void.

I agree as it's not impractical, expect it happened once with Bitcoin Gold (a fork of BTC). AFAIK attacker borrow hashrate from various mining rental services such as NiceHash to reverse 22 blocks, which is far higher than average confirmation needed by most merchants/exchange (1-6 confirmation).
While it can't happen to Bitcoin as there's no services which could provide hashrate enough to perform 51% attack. All cryptocurrency which it's hashrate is lower than hashrate of mining rental service combined should be very careful.

That's the upside of ASICs vs GPUs. As an ASIC-mined coins you have fewer coins to compete with than being one that is GPU-mined.

If you're the largest coin that can be profitably mined via GPU you're golden. But as soon as you're one of the smaller ones you're a potential target. Since the infrastructure already exists, the hashing power merely needs to be pointed in your direction at the flip of a switch.

True also for ASIC-mined coins, of course, but less pronounced than with GPU mining. Obviously it also helps that Bitcoin has by far the largest Sha256 hashrate, so there's little hashrate that can come "out of nowhere" as was the case with Bitcoin Gold.

[20kevin20]

With rollback you erase a chunk of the history. And yes, that means all the transactions included in that block / those blocks.
Luckily Bitcoin network is strong enough to make 51% attack too expensive to worth it, because the rollback is a nightmare and really nobody would consent to support it.

I understand. It might be too expensive to be worth it, but you never know who would have 'the guts' to do it and try to attack the network. Enough events happened in the crypto world and in the economic world in general to make it almost impossible to happen.

Note that a long range 50%+1 attack is impractical and won't e carried out in real world because the attacker will ruin the coin under consideration by such an attack while spending too much resources (electricity, rents, ...) it turns the whole purpose of the attack to be void.

When I mentioned "hackers" I meant hackers that would be able to get in control of the largest mining farms in the world without having to rent rigs or pay for electricity etc in order to attack the network. Wouldn't it be possible? I'm kinda newbie to the mining part so I might be talking nonsense.

Can you give us the whole story of that "something similar"? It would be incorrect to assume that a successful 51% attack would give someone the power to steal. Because, anyone correct me if this is a mistake, if an attacker can control 100% of the hashing power, it still cannot turn invalid transactions into valid transactions. The nodes will not relay them. It can only censor transactions.

I might have talked about a story that never happened. ranochigo gave the right link to the case I was talking about. Here's one to the wikipedia, it's about the same incident: https://en.bitcoin.it/wiki/Value_overflow_incident

Actually, AFAIK it happened twice :
1. Value overflow in 2010 where attacker generate 184,467,440,737.09551616 Bitcoin
2. Accidental hard-fork after QT 0.8 release where it has different DB version and not compatible with older version

So, if something major like that happen again, rollback might be supported by parts of the community

I agree as it's not impractical, expect it happened once with Bitcoin Gold (a fork of BTC). AFAIK attacker borrow hashrate from various mining rental services such as NiceHash to reverse 22 blocks, which is far higher than average confirmation needed by most merchants/exchange (1-6 confirmation).
While it can't happen to Bitcoin as there's no services which could provide hashrate enough to perform 51% attack. All cryptocurrency which it's hashrate is lower than hashrate of mining rental service combined should be very careful.

So the two cases you mentioned are 51% attacks too, right?

[ranochigo]

When I mentioned "hackers" I meant hackers that would be able to get in control of the largest mining farms in the world without having to rent rigs or pay for electricity etc in order to attack the network. Wouldn't it be possible? I'm kinda newbie to the mining part so I might be talking nonsense.

It's possible. The firmwares that the ASICs are on is definitely exploitable. The main reason is the motivation. I doubt anyone would just ruin the coin just like that. Most ASIC farms are actually fairly small and it isn't that big to be able to ruin a mid-sized coin.

I might have talked about a story that never happened. ranochigo gave the right link to the case I was talking about. Here's one to the wikipedia, it's about the same incident: https://en.bitcoin.it/wiki/Value_overflow_incident

It has. Bugs in the client could cause the client to accept and relay transactions that are otherwise invalid. If not, 51% attack can't do that much.

So the two cases you mentioned are 51% attacks too, right?

Its not. The 1st was due to the bug in the client. The second was due to the miners mining incompatible block (no 51% attacks whatsoever) that resulted in the splitting of the chain. The older clients were following one and the newer clients were following the other. While 51% can result in forks, the new fork must still follow the consensus rules, no matter how much hashrate they own. A block can only have that many Bitcoins and block rewards and signatures must be valid, etc. If not, the blocks wouldn't even be accepted and the 51% attack would be as if it has never happened.

[aliashraf]

Note that a long range 50%+1 attack is impractical and won't e carried out in real world because the attacker will ruin the coin under consideration by such an attack while spending too much resources (electricity, rents, ...) it turns the whole purpose of the attack to be void.

When I mentioned "hackers" I meant hackers that would be able to get in control of the largest mining farms in the world without having to rent rigs or pay for electricity etc in order to attack the network. Wouldn't it be possible? I'm kinda newbie to the mining part so I might be talking nonsense.

Nop. It is not how it works in the real world. No hacker is able to take control of a mining farm at least for a considerable amount of time. The owner will shut the farm down and make it secure in less than an hour if it is large enough and within few hours if it is not.

Generally speaking I think there is a LOT of exaggerations about 51% attack in the literature.

[20kevin20]

When I mentioned "hackers" I meant hackers that would be able to get in control of the largest mining farms in the world without having to rent rigs or pay for electricity etc in order to attack the network. Wouldn't it be possible? I'm kinda newbie to the mining part so I might be talking nonsense.

It's possible. The firmwares that the ASICs are on is definitely exploitable. The main reason is the motivation. I doubt anyone would just ruin the coin just like that. Most ASIC farms are actually fairly small and it isn't that big to be able to ruin a mid-sized coin.

I might have talked about a story that never happened. ranochigo gave the right link to the case I was talking about. Here's one to the wikipedia, it's about the same incident: https://en.bitcoin.it/wiki/Value_overflow_incident

It has. Bugs in the client could cause the client to accept and relay transactions that are otherwise invalid. If not, 51% attack can't do that much.

So the two cases you mentioned are 51% attacks too, right?

Its not. The 1st was due to the bug in the client. The second was due to the miners mining incompatible block (no 51% attacks whatsoever) that resulted in the splitting of the chain. The older clients were following one and the newer clients were following the other. While 51% can result in forks, the new fork must still follow the consensus rules, no matter how much hashrate they own. A block can only have that many Bitcoins and block rewards and signatures must be valid, etc. If not, the blocks wouldn't even be accepted and the 51% attack would be as if it has never happened.

Awesome, thank you for the explanation!

The main reason is the motivation. I doubt anyone would just ruin the coin just like that.

I think a government would have enough motivation to ruin a cryptocurrency if the regulations and whatever else they have in plan will fail. It might sound like conspiracy, but I believe this is not very unlikely if we look at the EtherDelta SEC registration case (https://www.sidley.com/en/insights/newsupdates/2018/11/first-sec-enforcement-action-against-decentralized-digital-asset) and the recent news about regulations and governments' point of view. If coins go out of control through decentralization and privacy, I see a 51% attack driven through a government's plan possible. I'm sorry if this classifies as a non-topic reply!

Nop. It is not how it works in the real world. No hacker is able to take control of a mining farm at least for a considerable amount of time. The owner will shut the farm down and make it secure in less than an hour if it is large enough and within few hours if it is not.

Generally speaking I think there is a LOT of exaggerations about 51% attack in the literature.

I see. I was wondering how an attack would look like and whether there is the possibility of doing something about it or it would ruin the coin completely. Thanks!

[mu_enrico]

Sorry if this is off-topic but I really curious about the "checkpoint" issue that often mentioned recently. Is this a legit way to prevent reorg of the bad block? What's the pros and cons? Thanks!

[20kevin20]

Note that a long range 50%+1 attack is impractical and won't e carried out in real world because the attacker will ruin the coin under consideration by such an attack while spending too much resources (electricity, rents, ...) it turns the whole purpose of the attack to be void.

When I mentioned "hackers" I meant hackers that would be able to get in control of the largest mining farms in the world without having to rent rigs or pay for electricity etc in order to attack the network. Wouldn't it be possible? I'm kinda newbie to the mining part so I might be talking nonsense.

While it's possible, it won't be easy task as major mining pools must have good security knowing they have lots of coins and their hashrate can be used maliciously.
Even if that happens and the hacker decide to use 51% attack, bitcoin community will realize it quickly, then miners will switch to another pool while pool owner will shutdown their pool.

Actually, AFAIK it happened twice :
1. Value overflow in 2010 where attacker generate 184,467,440,737.09551616 Bitcoin
2. Accidental hard-fork after QT 0.8 release where it has different DB version and not compatible with older version

So, if something major like that happen again, rollback might be supported by parts of the community
--snip--

So the two cases you mentioned are 51% attacks too, right?

1st - no, as mining isn't involved
2nd - yes, even though it's not attack, but accidental. Even so, there's a successful double-spend attempt. More info : https://bitcointalk.org/index.php?topic=152348.0

But my point is, community might agree to rollback blocks, even if it's not because 51% attack.

Alright, got it now, thank you for the detailed explanation. Have a great day!

[aliashraf]

Sorry if this is off-topic but I really curious about the "checkpoint" issue that often mentioned recently. Is this a legit way to prevent reorg of the bad block? What's the pros and cons? Thanks!

Checkpoints are hardcoded in client software to help with a safer bootstrap for nodes not to get sybil-attacked (being completely surrounded by malicious peers). It is also useful to resist very-long-range attacks (reorg of entire history or multiple thousands long chain re-writes) and has nothing to do with 51% attacks under discussion which belong to short up to medium chain reorg attempts.

[mixoftix]

But my point is, community might agree to rollback blocks, even if it's not because 51% attack.

and this is my two cents, community might agree on a double-check data flow before block creation. not exactly double-check but I mean a concrete solution should involve before block creation - and I'm working hard on it. rollback is always costly and harmful to the trust.

[suzanne5223]

Hi! I'm not a new guy around here - been in this space for half a decade now. However, I do still have some questions and one of them is about the case of a 51% attack on the Bitcoin network.

Say some hackers somehow get the control of more than 51% of the BTC network. I guess this isn't impossible as there have already been a few tries and if we consider the fact that a few miners own +51% of the mining power, a hacker has only a few targets to hit in order to control the mining power.

Now this is the way I see it. I might be wrong about anything I wrote above and if I am, please someone point me toward the right direction.

If what I said is possible someone gets to control the mining power and does damage to the network.. can this be reversed when the big miners get back in control? IIRC, something similar happened way back when Bitcoin was in its first years and someone got in control of some Bitcoins they shouldn't have been in control of, and this was reversed through a Bitcoin Client update or something like that.

So, in case of a 51% attack... is it possible to reverse the damage?

Firstly, the 51% attack can be prevent using the system used by the monero and I also believed prevention of the 51% attack was the reason behind Satoshi not expanding the blocksize so that the community will be able to notice foul play. However, the 51% does not profit any profit to the group of company that owns the 51% mining power and with my research 51% was using carried out by coin competitor in other to eliminate coins which they see as challenger for their project.

[vit05]

I will make another question, as the one that starts the topic was already answered. In case of a 51% attack, the damage should be reverted?

Should it not be an even bigger problem to be able to roll back an action already done on the blockchain?

Bitcoin's political consensus is quite subjective. I mean, the voice of the community is something that depends on time. We do not have a voting system in Bitcoin where a result is clear. BTC is Bitcoin for being clear the choice of the majority. But in an event like such an attack, if it was of great proportions. One group could choose to revert and another group could choose not to. In the same way as with ETH and ETC.

So the question is not whether this is possible. But if this will be the majority choice in the long run.

[Wind_FURY]

I see. I was wondering how an attack would look like and whether there is the possibility of doing something about it or it would ruin the coin completely. Thanks!

What miners do is direct their hashing power to a new pool. Simple as that because the miners would earn more if they are honest. But if the mining cartel assumes control of the network, then they can and will censor transactions, effectively making Bitcoin become Fed 2.0.

The answer is yes, it will ruin the coin completely, unless UAHF.

[aliashraf]

I see a lot of confusion about 51% attack in this thread, seemingly it is used as a metaphor for any disaster in bitcoin which is not true.

Following points might be found helpful:

1- Being short-range: A 50%+1 attack typically is about an adversary who somehow puts hands on a majority of hashpower for a short period of time. If this majority is persistent for a long period of time, it is no longer considered an attack, it would turn the network to a simple centralized service which is at least subject to censorship, just like conventional banking system.

2- Limited  user vulnerability: The main targets of 50%+1 attack with its short-range chain rewrite consequences are merchants and exchanges that do not take proper security measures by waiting for enough confirmations (blockchain growth) for high stake transactions. This vulnerability could be mitigated if users closely observe the network overall 50%+1 attack cost and wait for more confirmations up to safe thresholds.

3- Serious miner vulnerability: When the chain gets reorged a few blocks become orphaned and their miners lose their rewards and as long as this attack is active they are unlikely to mine any blocks even though they are consuming time and resources. Also, there are more consequences for miners because of hashrate fluctuations and difficulty jump.

4- Legitimacy crisis: For an adversary, taking control of a majority hashpower is a matter of investment but convincing user base about his legitimacy is almost unachievable.