Is a 51% attack on Bitcoin really a threat?

Won’t you lose your money? Doesn’t that mean it’s not secure? Can’t bitcoin be destroyed with this attack?

No. Firstly, bitcoin has never suffered a 51% attack. It is very difficult and expensive to attempt, and the reward to an attacker would be small. It is difficult to amass 51% of the mining power of the largest network of hash power in the world. It is not difficult to do for a smaller chain that uses SHA-256 hashing, since bitcoin miners can suddenly switch to the smaller chain and attack it at any time. No such bigger predator exists for bitcoin. The owners of all mining equipment (and new that are about to come online), mine honestly, and get rewarded — that is the incentive, to be honest and make money. The network is getting bigger daily; the hashing power is growing; the difficulty to acquire 51% of the hash power is getting more difficult; and the cost to attack the network is growing and is already “secure enough.”

I estimate that if 75% of all mining equipment were to be suddenly destroyed, Bitcoin would still be much too difficult to attack. Just look back in time at what the hash rate used to be, and the corresponding price, and also note it has never been attacked successfully. (BTW, Bitcoin is NOT a waste of electricity. Using electricity to mine makes it more expensive to attack. The more electricity used, the more secure it is. Because it is the world’s future base money — it’s worth it.)

With a 51% attack, the work of the current block needs to be re-written, and re-hashed, and then the next block too, so that the new version of the chain is the longest. (Only the longest chain is valid.)

To steal from you, the attacker would have to pay you for goods or services in bitcoin, receive what you have to offer, and then, start re-writing the blockchain. They would delete the transaction they made to pay you, and re-mine the block (which excludes the payment to you). You would have effectively given away your goods for free, and they would keep their bitcoin and receive your goods. Who lost? Just you. Bitcoin survived. This attack would cost a lot, and is not guaranteed to be successful. You could have prevented it by making the attack more expensive and difficult to do by waiting 6 confirmations before delivering the goods. (That’s why bitcoin deposits on exchanges take a while, they are protecting themselves.) You’ll learn for next time, but it’s just never going to happen is it?.

Why 6 confirmations? The longer the wait, the more blocks mined, the more blocks that need to be re-mined to attack and become the longest chain. While those 6 blocks are being mined, the honest/real bitcoin blockchain is getting longer and longer. With only 1% extra mining power than the honest network, catching up to the longest chain will take perhaps 100 blocks. I haven’t don’t the maths myself but it will be long. It will be expensive. All just to steal from you. It’s just never going to happen is it?

And lets say the 51% pool had more malevolent intentions. Whatever you can imagine. Destroy Bitcoin perhaps by messing up everyone’s transactions. What would happen then? All the nodes, including my node, will fork away from the destroyed new version the attacker has created. This would be coordinated by Bitcoin developers with a new version of Bitcoin Core that rejects the malevolent chain. There will easily be consensus to do this. Bitcoin version 2 will emerge. The 51% chain will have a different version of events recorded. Let them have it — Because an attacker knows this could happen, they won’t attempt a Bitcoin-destroying attack, as it will be expensive and guaranteed to fail. But won’t this destroy confidence in Bitcoin? I don’t think so. It will demonstrate how the attack would fail, but only once a new chain emerges. There will be panic in the meantime, but long term, more confidence. Every failed attack strengthens Bitcoin. It is “anti-fragile”. It can be beaten down, but it will always grow back, like a weed.

On-chain or Lightning