Won’t you loose your money? Doesn’t that mean it’s not secure? Can’t bitcoin be destroyed with this attack?
No. Firstly, bitcoin has never suffered a 51% attack. It is very difficult and expensive to attempt, and the reward to an attacker would be small. It is difficult to amass 51% of the mining power of the largest network of hash power in the world. It is not difficult to do for a smaller chain that uses SHA-256 hashing, since bitcoin miners can suddenly switch to the smaller chain and attack it at any time. No such bigger predator exists for bitcoin. The owners of all new mining equipment that is manufactured and coming online, mine honestly, and get rewarded — that is the incentive, to be honest and make money. The network is getting bigger daily, the hashing power is growing, the difficulty to acquire 51% of the hash power is getting more difficult, and the cost to attack the network is growing, and already “secure enough.” I estimate if 75% of all mining equipment was suddenly destroyed, bitcoin would still be much too difficult to attack. Just look back in time at what the hash rate used to be, and the corresponding price, and also note it has never been attacked successfully. (BTW, Bitcoin is NOT a waste of electricity. Using electricity to mine makes it more expensive to attack. The more electricity used, the more secure it is. As it’s the world’s future base money — it’s worth it.)
With a 51% attack, the work of the current block needs to be re-written, and re-hashed, and then the next block too, so that the new version of the chain is the longest. (Only the longest chain is valid.) The attacker would have to pay you bitcoin, receive what you have to offer, and then, start re-writing the blockchain. They would delete the transaction they made to pay you, and re-mine the block (which excludes the payment to you). You would have effectively given away your goods for free, and they would keep their bitcoin and receive your goods. Who lost? Just you. Bitcoin survived. This attack would cost a lot, and is not guaranteed to be successful. You could have prevented it by making the attack more expensive and difficult to do by waiting 6 confirmations before delivering the goods. (That’s why bitcoin deposits on exchanges take a while, they are protecting themselves.) You’ll learn for next time, but it’s just never going to happen is it?.
Why 6 confirmations? The longer the wait, the more blocks mined, the more blocks that need to be re-mined to attack and become the longest chain. While those 6 blocks are being mined, the honest/real bitcoin blockchain is getting longer and longer. With only 1% extra mining power than the honest network, catching up to the longest chain will take perhaps 100 blocks. I haven’t don’t the maths myself but it will be long. It will be expensive. All just to steal from you. It’s just never going to happen is it?
And lets say the 51% pool had more malevolent intentions. Whatever you can imagine. Destroy bitcoin perhaps by messing up everyone’s transactions. What would happen then? All the nodes, including my node, will fork away from the destroyed new version the attacker has created. This would be coordinated by bitcoin developers with a new version of bitcoin core that rejects the malevolent chain. There will easily be consensus to do this. Bitcoin version 2 will emerge. The 51% chain will have a different version of events recorded. Let them have it — Because an attacker knows this could happen, they won’t attempt a bitcoin-destroying attack, as it will be expensive and gauranteed to fail. But won’t this destroy confidence in bitcoin? I don’t think so. It will demonstrate how the attack would fail, but only once a new chain emerges. There will be panic in the meantime, but long term, more confidence. Every failed attack strengthens Bitcoin. It can be beaten down, but it will always grow back, like a weed.
The other type of attack is a double spend attack. This is an attack that doesn’t disturb the blockchain, but can be used to steal from you. More information in the next section…
What about a cup of coffee? Who can wait 10 minutes to pay for coffee?
No one. There’s no need. Think about this. Who is taking the risk in the coffee transaction? The merchant. The merchant can accept you bitcoin, make you a cup of coffee, without waiting for ANY confirmations. It would be sufficient to see that you have sent the transaction to the mempool — “beep beep”, and that the transaction is waiting to be incorporated into the blockchain by a miner. This delivery of the transaction to the mempool takes seconds. What is the merchant risking by doing this, and not waiting 10 minutes or more? The risk is that you might double spend the coins you just gave him. Theoretically, while waiting for your coffee, you might have the technical expertise to rewrite the transaction and send those unconfirmed coins to one of your other wallets, and by adding a higher fee, your sneaky transaction might get incorporated on the blockchain before your original payment (or it might not and the attack fails), so when the 2nd transaction gets added by a miner, the first will be seen as invalid. So the merchant will never get the payment. Clever and sneaky and dishonest. It can happen. It’s a risk a coffee merchant can take. It’s part of doing business. The amount of money saved not paying VISA more than makes up for the number of times a broke and dishonest coffee addict with computer skills might do this.
But in reality, what is likely to happen is the lightning network will take care of small payments like this. It is new and still evolving. Don’t think it won’t happen.