Bitcoin security risk? How many miners make up 51% of the hashrate?

[legiteum]

The prevailing notion about Bitcoin is that:

1. It is "impossible" for any government or other large entity to control Bitcoin.

2. Bitcoin is "absolutely safe" since the redundancy and dispersal of the network makes it impossible to compromise.

But as we discussed in another thread here, Satoshi identified, in the original Bitcoin whitepaper, the risk of a "51% attack" on the Bitcoin network. Bitcoin's integrity is safe, Satoshi said in essence, as long as a majority of the network's hashrate is not "evil".

Bitcoin's hashrate is controlled by "miners", and some of these mining companies are large, publicly traded companies.

The question this brings up is this: how hard would it be for some "evil" entity--say a major world government or an extremely sophisticated group of hackers--to gain control of the the companies (or key personnel within those companies, or key servers within those companies) that comprise over 51% of the hashrate, and thus take control of Bitcoin? Or in another scenario, how many companies would a large government e.g. the US or the EU need to compel in order to effectively change the Bitcoin network?

Here is an article that alleges that just 0.1% of Bitcoin miners control half of all mining capacity. It's a little old, and I would wonder if the hashrate is even more concentrated now, since that's what businesses tend to do: consolidate.

Does anybody have any more recent data about this? To me, this seems like a really big deal since it calls the security of the Bitcoin network itself into question. And at minimum, the idea that only a handful of public, not-government-proof, companies actually control Bitcoin sorta... flies in the face of the prevailing Bitcoin mythology .

[Mia Chloe]

The 51% rule on the bitcoin network is like a protocol that suggests that if a miner or mining pool is able to attain 51% of the total Bitcoin network's hash rate they will have an edge over the whole network and can dominate blocks more significantly by being able to do certain things like alter more recent blocks and some other stuff.

The fact is that the chances of some miner or mining pool pulling a 51% attack is very thin. This is because aside from the fact that attaining such amount of hash power would not be easy, I believe no pool will be soo foolish to waste such huge amount of hash rate to harm a network that they can benefit heavily from with that same hash rate. Every miner is out for profit and pulling such an attack that might even be neutralized would be uneconomical.

[EL MOHA]

The question this brings up is this: how hard would it be for some "evil" entity--say a major world government or an extremely sophisticated group of hackers--to gain control of the the companies (or key personnel within those companies, or key servers within those companies) that comprise over 51% of the hashrate, and thus take control of Bitcoin? Or in another scenario, how many companies would a large government e.g. the US or the EU need to compel in order to effectively change the Bitcoin network?

With the current hashrate percentage, as you asked the government will only get to hold onto just two pools; foundary USA (26.67% hashrate) and Antpool (25.38% hashrate) to make it a 51% hashrate. There is more because the government will need to actually generate large electricity again to be able to continue mining without the other miners getting a block.

Also one thing we have failed to understand about 51% attack or double spending is that the Miner with this hash power wouldn’t still be able to use it get in invalid transactions in, other nodes will need to accept the transactions first. Having an invalid transaction like you think will just nullify the work done by the mining pool and also means they lost energy.

But overall this will be very bad for the network as they could even censor some transactions that they will include in their blocks and you will have to wait till the smaller miners get to mine a block and add your transaction

[Felicity_Tide]

Performing a 51% attack on the network will be a very tough task considering the things that must be involved. A 51% attack will require the performer to have control over at least 51% of the total computing power (hash rate). This attack would cost so much since the computing power will require more powerful hardware and consume more energy. But we should also understand that the more the network grows with more people on board, the more secure Bitcoin becomes, making 51% attack more difficult to perform. which means, as more adoptors, Bitcoin price, mining difficulty,etc continue to increase, then the network security also increase. I think this increment should be in a linear pattern (correct me if am wrong).

1. It is "impossible" for any government or other large entity to control Bitcoin.

 I think most government or entity might have thought of this idea, but ended up dumping it due to the imaginable cost attached to performing such attack.

[franky1]

mining "control" is just the risk of empty blocks, chain re-orgs to double spend
its not about "controlling bitcoin" in regards to changing the rules

most mining pools are not some building with servers which a swat team can invade.. instead its just some ip address of some cloud service which a mining pool brand has multiple IP addresses and cloud services set up for dotted around the planet (remote location stratums)

if an entity took over a server they cant change the rules as their blocks would get rejected. so all they can mess with is the amount of transactions they include or if enough power over enough time go back and change the transaction list of a recent old block and then catch up to re-org the chain of recent blocks to undo some confirmed transactions

if an entity took over a mining pool server. miners can simply 'pool hop' away to another mining pool or even just a different stratum ip address of same brand if they notice silliness occur to blocks produced by a certain pool

however everyone has become too reliant on cores code releases and follow blindly out of "trust" even when new releases do change the rules of what data it put into blocks, but do not benefit bitcoiners.. and instead benefit the inception of the idea that bitcoiners should stop transacting on bitcoin and use other networks for their daily activity, to allow spammers and metadata bloaters to fill blocks for high fee's to further annoy bitcoiners

the real "control bitcoin" in regards to the rules ends up being more related to majority following cores code. and core being controlled by under a dozen devs with code force-merge privileges all employed by just 3 companies who get funded by certain institutions/organisations

[Darker45]

This has been discussed over and over again. And I think there is consistency in the assurance that, though this is a possibility, this is far from happening. For one, an attacker needs "between $5 billion and $20 billion" to be able to attempt such attack.^[1] Second, there is not much you can gain from it.

If you wish to make money, it would be way more profitable for you to use your resources to support the network rather than to attack it. On the other hand, if you wish to just bring Bitcoin down, it wouldn't work either. With your $5 billion to $20 billion, all you can do is attack the network for a little while. Neither can you totally control the network nor sustain the attack.

[1] https://cryptopotato.com/this-is-how-much-you-would-need-to-spend-to-execute-51-attacks-on-bitcoin-and-ethereum/

[legiteum]

So far many of the posters here seem to have missed the point I was making about the risk.

1. The attack would not entail one lone miner, but rather many miners in a coordinated attack/government order.

2. There would be no incremental cost for such a move since these are companies that already have the servers in place and are mining for the network every single day. The challenge here is convincing/forcing/tricking a smaller number of companies to do something, not duplicate what they are doing already.

With the current hashrate percentage, as you asked the government will only get to hold onto just two pools; foundary USA (26.67% hashrate) and Antpool (25.38% hashrate) to make it a 51% hashrate.

So... there are two public companies in the world that control over half of the Bitcoin network. Okay. So much for being "decentralized" .

Seriously, what is to stop the USA/EU/some other country from simply ordering these two companies to change Bitcoin's central software in order to make it do different things e.g. give Satoshi's blocks to charity?

One other thing that keeps coming up here is the notion that "somebody" could reject the participation of miners who are, upon deep analysis, breaking the rules. Who enforces that rules? How? I get that any of us here could simply do our own calculations, but what would be the exact mechanism wherein the network, without any central authority whatsoever, would "reject" this software change?

Perhaps I have my answer below?

so all they can mess with is the amount of transactions they include or if enough power over enough time go back and change the transaction list of a recent old block and then catch up to re-org the chain of recent blocks to undo some confirmed transactions

Um, that sounds like... total control of Bitcoin to me . Seriously, if I could double-spend and validate blocks without the private key, that's... absolute control of the network, at least in terms of Bitcoin's actual function.

if an entity took over a mining pool server. miners can simply 'pool hop' away to another mining pool or even just a different stratum ip address of same brand if they notice silliness occur to blocks produced by a certain pool

How would you know which is which on the fly? And what is to stop the majority hashrate from doing it's own "pool hopping" or for that matter any individual miner today? If users of the network can simply pick and choose the nodes they will and won't work with, then that means a 51% attack is even easier since the "good" nodes would be instantly iced out and deemed "evil" by the "evil" nodes.

And if you are talking about doing things based on ip addresses, then boy oh boy, there are lots and lots of problems with that. IP addresses can change in milliseconds, there are many ways to change/cloak them, and so on. No serious secure system on the public Internet uses ip addresses as a mechanism for identity.

So question is, how would one stop a 51% attack? From my understand of the network, a "51% attack" would immediately turn into a "49% attack" by the losing minority, and the "good" nodes would be treated as the "evil" ones.

[Plaguedeath]

1. The attack would not entail one lone miner, but rather many miners in a coordinated attack/government order.

2. There would be no incremental cost for such a move since these are companies that already have the servers in place and are mining for the network every single day. The challenge here is convincing/forcing/tricking a smaller number of companies to do something, not duplicate what they are doing already.

If they do that, both Foundry USA and Antpool will be sued for breaching regulations, remember that big companies are under regulations and they can't monopoly the mining pools. Many mining pools had been sued for done something that give them own benefit, so I wouldn't worry so much about conspiracy thing.

[legiteum]

1. The attack would not entail one lone miner, but rather many miners in a coordinated attack/government order.

2. There would be no incremental cost for such a move since these are companies that already have the servers in place and are mining for the network every single day. The challenge here is convincing/forcing/tricking a smaller number of companies to do something, not duplicate what they are doing already.

If they do that, both Foundry USA and Antpool will be sued for breaching regulations, remember that big companies are under regulations and they can't monopoly the mining pools. Many mining pools had been sued for done something that give them own benefit, so I wouldn't worry so much about conspiracy thing.

Really? What regulations? Under which jurisdiction? And Bitcoin mining is... regulated? Are you sure? Are you telling me there's a law saying Bitcoin miners can't "monopoly" the hashrate? I find it pretty crazy that the US Congress was able to construct such a law on such a specific and complicated technology.

(Of course there would be no "monopoly" necessary here since all that is required is 51%).

And we're talking about a scenario where these two (two!) companies would either be compelled by a government using the law or attacked by a government using force of some kind (network infiltration, etc.).

[God bless u]

The prevailing notion about Bitcoin is that:

1. It is "impossible" for any government or other large entity to control Bitcoin.

2. Bitcoin is "absolutely safe" since the redundancy and dispersal of the network makes it impossible to compromise.

But as we discussed in another thread here, Satoshi identified, in the original Bitcoin whitepaper, the risk of a "51% attack" on the Bitcoin network. Bitcoin's integrity is safe, Satoshi said in essence, as long as a majority of the network's hashrate is not "evil".

Bitcoin's hashrate is controlled by "miners", and some of these mining companies are large, publicly traded companies.

The question this brings up is this: how hard would it be for some "evil" entity--say a major world government or an extremely sophisticated group of hackers--to gain control of the the companies (or key personnel within those companies, or key servers within those companies) that comprise over 51% of the hashrate, and thus take control of Bitcoin? Or in another scenario, how many companies would a large government e.g. the US or the EU need to compel in order to effectively change the Bitcoin network?

Here is an article that alleges that just 0.1% of Bitcoin miners control half of all mining capacity. It's a little old, and I would wonder if the hashrate is even more concentrated now, since that's what businesses tend to do: consolidate.

Does anybody have any more recent data about this? To me, this seems like a really big deal since it calls the security of the Bitcoin network itself into question. And at minimum, the idea that only a handful of public, not-government-proof, companies actually control Bitcoin sorta... flies in the face of the prevailing Bitcoin mythology .

You've talked about the control of governments of Bitcoin but you haven't talked about the big investors that control and manipulate that market of Bitcoin. You can't just hide one thing by  enforcing over another thing.Yoh should have a debate on control of big investors on BTC prices.

Ive seen people applying the best techniques and skills that could be possibly applied for the prediction of trade but often then they have seen suprisingly behaviour of BTc that wasn't expected by anyone so why's that?

[pooya87]

Bitcoin is decentralized and has a certain level of privacy that makes it hard to answer this very question because in order to know the degree of centralization of mining we have to be able to measure how much of the hashrate we see in total or on mining pools belongs to the pool itself and how much of it belongs to independent miners who would go away if the pool turned malicious.

This is why you are already getting false information here about Foundry USA and Antpool that leads you to the false conclusion "two public companies in the world that control over half of the Bitcoin network". These companies do NOT control the entire said percentage of hashrate. They are mining pools that actual miners with actual hashrate connect to. The hashrate in their own control is less.
That means if the pool turns malicious, miners would migrate and that percentage would fall.

Also keep in mind that in order for an entity to perform a 51% attack they will have to have actual control over the mining equipment. Meaning the said government has to kick down doors and send SWAT teams to physically seize people's ASICs from their homes (the solo home miners) or from the companies (farms) to be able to first control that much ASIC then provide the infrastructure to install and start mining (ie. massive location, electricity, cooling, staff, etc).
That's because no miner in their right mind would ever participate in an attack against something they are making a profit from because the moment that attack takes place, their revenue would head toward zero. So they either migrate their business elsewhere (offshoring) or just shut down and enjoy whatever bitcoin they already have.

Here is an article that alleges that just 0.1% of Bitcoin miners control half of all mining capacity.

I'm not familiar with NBER works but I skimmed through the 55 page they published and I have to say that's an interesting effort but I still don't like their methodology and the logic they used like the following:
"The idea is that miners in a particular region would most likely send their rewards to an exchange that is
also in this region."
This is a weak logic at best that makes their conclusion unreliable as well.
https://www.nber.org/system/files/working_papers/w29396/w29396.pdf

In any case we should be concerned about centralization creeping in at all times. But I wouldn't make any conclusions on whether things are already centralized or not.

One of the biggest hits on decentralization of mining was when China shut down mining in its territory, forcing them to migrate elsewhere increasing the hashrate concentration elsewhere. We needed this kind of diversification so that if one independent "bloc" went crazy the rest remain sane.

[blckhawk]

They can't do that anyway, that's because there's a regulations about this and when they reach that, they will have no choice to split up again right so the 51% isn't a possibility. People have been speculating about this problem for a really long time and so far, no one's been able to do it so I don't think that it's ever going to be ever worth it.

[legiteum]

This is why you are already getting false information here about Foundry USA and Antpool that leads you to the false conclusion "two public companies in the world that control over half of the Bitcoin network". These companies do NOT control the entire said percentage of hashrate. They are mining pools that actual miners with actual hashrate connect to. The hashrate in their own control is less.

That means if the pool turns malicious, miners would migrate and that percentage would fall.

Well okay, maybe it would require controlling more than just two companies in order to take over the network? That's good to know. But it doesn't sound like it would be that many more.

Also keep in mind that in order for an entity to perform a 51% attack they will have to have actual control over the mining equipment. Meaning the said government has to kick down doors and send SWAT teams to physically seize people's ASICs from their homes [...]

Or, their government of jurisdiction could pass a law ordering them to submit; or, a government or other large entity could bribe, extort, or otherwise convince them to submit; or, their systems could be taken over by hacking.

No "SWAT teams" are necessary to do this.

In any case we should be concerned about centralization creeping in at all times. But I wouldn't make any conclusions on whether things are already centralized or not.

I have brought this up in other threads as well: today, most holders of Bitcoin do so in a centralized way (a broker or an app with KYC), leading one to conclude that most consumers are not at all interested in "decentralization".

And while a government take-over of control over the whole network is a source of debate here, it's clear if the US or the EU decided one day that Bitcoin was "bad", they could take steps that would easily drop the price of Bitcoin down by about 95%. Again, this is because most consumers of Bitcoin use it in a way that is completely centralized and therefore subject to government regulation. They may not be able to fully "kill" Bitcoin, but they could very easily eliminate it as a mainstream product that average consumers use.

[peter0425]

The question this brings up is this: how hard would it be for some "evil" entity--say a major world government or an extremely sophisticated group of hackers--to gain control of the the companies (or key personnel within those companies, or key servers within those companies) that comprise over 51% of the hashrate, and thus take control of Bitcoin? Or in another scenario, how many companies would a large government e.g. the US or the EU need to compel in order to effectively change the Bitcoin network?

The simple answer here would be is that it would take a great deal for any entity to try and control most of bitcoin.

Satoshi is right that as long as they are not evil, they will not do anything to sabotage the decentralized nature of bitcoin at all. Since miners can work independently, it would be difficult to try and convince a lot of them to work under a specific entity especially one with malicious intent.

I don’t know if there is any recent data but bitcoin’s decentralization must be strengthened over time in order to prevent this.

[PX-Z]

The simple answer here would be is that it would take a great deal for any entity to try and control most of bitcoin.

Controlling is not an option, it can possible since the possibility don't fall to zero. But it will only be temporary by means it can be rollback or fixed in later blocks by bitcoin devs. So attempting to do so is just a waste of time, money and resources.

[franky1]

so all they can mess with is the amount of transactions they include or if enough power over enough time go back and change the transaction list of a recent old block and then catch up to re-org the chain of recent blocks to undo some confirmed transactions

Um, that sounds like... total control of Bitcoin to me . Seriously, if I could double-spend and validate blocks without the private key, that's... absolute control of the network, at least in terms of Bitcoin's actual function.

no.. mining pools cant edit transactions owned by others to change the destination of funds.. they can:
edit old BLOCKS to not contain transactions and then catch up with the blockheight to then re-org the chain
then edit only their own transactions to then spend their utxo again if it has been un-wound via a re-org

its not about spending other peoples value. its just about reversing payments and if the reversed payment was one of their own then yes they can respend it to a different destination.. however other peoples now reversed transactions(if reversed) are deemed not spent, which they can either try to rebroadcast to get it confirmed again or the key holder can make a new transaction to spend the utxo value to a new destination..
emphasis third time to save reposting.. mining pools cannot 'take control' of other peoples value to edit the transaction to a different destination

if an entity took over a mining pool server. miners can simply 'pool hop' away to another mining pool or even just a different stratum ip address of same brand if they notice silliness occur to blocks produced by a certain pool

How would you know which is which on the fly? And what is to stop the majority hashrate from doing it's own "pool hopping" or for that matter any individual miner today? If users of the network can simply pick and choose the nodes they will and won't work with, then that means a 51% attack is even easier since the "good" nodes would be instantly iced out and deemed "evil" by the "evil" nodes.

miners know many pools of different brands and which are affiliated or not.. heck even you know which ones are affiliated and which are not. so if 2 pools were colluding. and miner owners working for their pool notice dodgy stuff happening to their pools blocks. the miners can hop to a different pool thats not colluding


as for your mentions about nodes.. well yes we did see the NYA group in 2017(group of economic nodes (main exchanges/services)) collude to say they wont accept blocks from pools that didnt vote positively for an upgrade.. and the opposite can be true too, economic nodes can ignore blocks that do certain things like empty blocks or multiple chain re-orgs or other anoyances

And if you are talking about doing things based on ip addresses, then boy oh boy, there are lots and lots of problems with that. IP addresses can change in milliseconds, there are many ways to change/cloak them, and so on. No serious secure system on the public Internet uses ip addresses as a mechanism for identity.

mining pools can change ip addresses of their stratums, but then it will cause continuity of hashrate issues as miners would need to change addresses their asics point to each change. meaning the pool loses power until everyone they had on old address moves over, thus not really a good method to "hide" and still remain powerful.. infact it would be a sign of them doing this that would make miners hop away and avoid that type of pool that keeps switching IP's

So question is, how would one stop a 51% attack? From my understand of the network, a "51% attack" would immediately turn into a "49% attack" by the losing minority, and the "good" nodes would be treated as the "evil" ones.

51% is not about nodes.. its about hashrate

anyways the many preventatives are about monitoring the blockchain and noticing if:
one pool keeps getting too many blocks in a row
one pool keeps getting too many blocks too quickly
a re-org occurred
one pool keeps doing empty blocks
one pool does [insert many annoyances]

where miners then hop to a pool that does not do the annoyances

it also helps by miners hopping to different pools when pools have a high percentage even when there are no annoyances..  to not get near the odds of them repeatedly making blocks in succession.. as the more miners on one pool the more the reward needs to be shared meaning the miners get less reward and risk having the block rejected if pool does annoying things.. so they are risk adverse to not even let things get to those potentials
also if pools have too much hashrate and making blocks too quickly, it shoots them in the foot by raising the difficulty which hurt their income.. so they naturally try to find a safe balance even when pools are not nefarious
its financially incentivised to:
not make too many blocks too quickly and have too much hashpower in one pool
act honourably to ensure blocks are not rejected(rewards cant be spent if rejected)

[legiteum]

The simple answer here would be is that it would take a great deal for any entity to try and control most of bitcoin.

Satoshi is right that as long as they are not evil, they will not do anything to sabotage the decentralized nature of bitcoin at all. Since miners can work independently, it would be difficult to try and convince a lot of them to work under a specific entity especially one with malicious intent.

I don’t know if there is any recent data but bitcoin’s decentralization must be strengthened over time in order to prevent this.

Right. But that was never the question. The question is, what if they are evil?

And over time, it would appear that decentralization is diminishing and the natural consolidation of businesses will probably consolidate it further.

miners know many pools of different brands and which are affiliated or not.. heck even you know which ones are affiliated and which are not. so if 2 pools were colluding. and miner owners working for their pool notice dodgy stuff happening to their pools blocks. the miners can hop to a different pool thats not colluding

Brands? Huh? What are you talking about?

Can you tell me the "brands" of each of the severs below?

a) 33.171.87.6
b) 103.52.102.88
c) 65.191.4.49

All I see are IP addresses, which can be changed on the fly and spoofed. That's all any software on the Internet sees. How would miners magically know what nodes are "good" and which ones have been compromised? And what actual mechanism is there to "decide" any of this? Certainly no centralized mechanism.

[pooya87]

Well okay, maybe it would require controlling more than just two companies in order to take over the network? That's good to know. But it doesn't sound like it would be that many more.

Yeah, unfortunately there is a small number of mining pools and we need more in order to reach a better decentralization. But an attacker still needs to control miners not mining pools to pull off a sustained attack successfully.

Otherwise, lets say they only need two and pull off a 51% attack. What would that achieve?
A temporary crash + miners abandoning those pools + share holders dumping the hell out of the stocks of those pools (eg. MARA crashed 60% and that was just market reaction to censorship news) + those pools go bankrupt and shut down themselves.

After a while (maybe after 6 months) bitcoin would be back to $70k and rising + new pools pop up + devs get off their asses and find a solution to this centralization ... + the attack becomes impossible in the future!

Or, their government of jurisdiction could pass a law ordering them to submit; or, a government or other large entity could bribe, extort, or otherwise convince them to submit; or, their systems could be taken over by hacking.

No "SWAT teams" are necessary to do this.

As I said no business is going to shoot themselves in the foot. If they participate in an attack that would crash bitcoin price, they'll brick their own investment.

I have brought this up in other threads as well: today, most holders of Bitcoin do so in a centralized way (a broker or an app with KYC), leading one to conclude that most consumers are not at all interested in "decentralization".

It is impossible to know what percentage of bitcoins do things the wrong way. Claiming "most" of bitcoins are like that is just a guess.

And while a government take-over of control over the whole network is a source of debate here, it's clear if the US or the EU decided one day that Bitcoin was "bad", they could take steps that would easily drop the price of Bitcoin down by about 95%. Again, this is because most consumers of Bitcoin use it in a way that is completely centralized and therefore subject to government regulation. They may not be able to fully "kill" Bitcoin, but they could very easily eliminate it as a mainstream product that average consumers use.

95% crash is debatable but they can definitely crash the market with a ban. However, it won't be because people use it in a centralized way. It would be because if dozens of countries suddenly banned bitcoin, people would start panic selling it which would crash bitcoin. Something that would still happen even if not a single centralized exchange (or any other centralized service) existed.

[legiteum]

As I said no business is going to shoot themselves in the foot. If they participate in an attack that would crash bitcoin price, they'll brick their own investment.

If their systems have been hacked, or they have been ordered by their government to do something, or they have been internally compromised then... they will brick their own investment. They wouldn't have any choice.

It is impossible to know what percentage of bitcoins do things the wrong way. Claiming "most" of bitcoins are like that is just a guess.

You can do the hard analysis to see what percentage of Bitcoin transactions are coming from brokers. My guess is that it's almost all of the volume.

Next, try to find somebody you know who doesn't have an account on this forum who has a self-custodial wallet . I personally know zero people like this. Every single person I've ever talked to in person who holds Bitcoin does so through a broker or an app. Anecdotal, I know, but it sure seems like a remarkable coincidence.

95% crash is debatable but they can definitely crash the market with a ban. However, it won't be because people use it in a centralized way. It would be because if dozens of countries suddenly banned bitcoin, people would start panic selling it which would crash bitcoin. Something that would still happen even if not a single centralized exchange (or any other centralized service) existed.

If no centralized exchanges existed, and nobody could buy Bitcoin through straight-forward means, I suspect Bitcoin would still be a dollar. Most average consumers don't want to go to all of that trouble.

[franky1]

Brands? Huh? What are you talking about?

ill answer your question with your own words

some of these mining companies are large, publicly traded companies.

as for you endlessly talking about nodes.. (facepalm)
miners are ASIC devices.. asic devices are not nodes