On May 18, 2018, the bitcoin gold network suffered what could be a multi-million-dollar loss from a 51 percent attack. During the attack, the perpetrator was able to steal 388,201 BTG, presently worth approximately 18.2 million dollars.
In a public post, Ed Iskra from the bitcoin gold (BTG) network announced, "An unknown party with access to very large amounts of hash power is trying to use '51 percent attacks' to perform 'double spend' attacks to steal money from Exchanges."
To complete a 51 percent attack, the attacker(s) must first gain control of at least 51 percent of the network's hash power in order to "control, exclude and modify the ordering of transactions."
Once the person, or group of people, obtains control over the network, they are not able to make transactions with other miners' coins because that would require them to have access to private keys. However, they can make transactions with their own coins, or exclude certain transactions from a block. According to Iskra's post, this ability allows them to:
- "Reverse transactions that they send while in control. This has the potential to double-spend transactions that previously had already been seen in the block chain.
- Prevent some or all transactions from gaining any confirmations
- Prevent some or all other miners from mining any valid blocks"
One lure of a 51 percent attack is the "double-spending" aspect.
Attackers begin to mine on a chain forked from the original chain until theirs is longer, with more verifying nodes to support its claim of veracity. (In this most recent case, the entity or entities minted, on their competing fork, an additional 22 blocks to call the original BTG blockchain into question.) With their fork now being used by over 51% of the nodes, it becomes prudent to continue mining in the attacker's fork, and the mining pools and individual miners react accordingly.
This can make it possible for a bad actor to send a transaction to one recipient using one chain, and at the same time send those same earmarked funds to someone on the other chain ... or the attacker can choose to hold onto them, cashing them out for fiat or another digital currency. Either way, having two chains allows them to spend the same coin in more than one place. Whatever unfortunate soul receives these duplicate coins, if they're not on the prevailing fork of the blockchain, their receipt of the coin is essentially overwritten by the malicious version of the chain. It's like it never happened.
Requiring more confirmation on transactions in the blockchain is just one way to maintain safety from 51 percent attacks. Iskra stated he had been "urging [exchanges to require] higher [confirmation] limits to prevent such an attack, and urging manual review of large deposits of BTG before clearing the funds for trading."
51 percent attacks are nothing new. As recently as last Tuesday, the verge cryptocurrency network suffered a very expensive attack. On Tuesday, representatives from the network tweeted that verge "is once again under attack, someone is 51 percent'ing the chain and invalidating all legit blocks. All pools and miners suffer from this, the attacker is getting all blocks currently."