The Infamous "51% Attack"
New York University's Joseph Bonneau, looked at how much it would cost to execute perhaps the most infamous of blockchain attacks, a "51% attack," where one entity controls so much of the mining capacity, it can begin to bend (or break) the rules of the system.
The primary retort from cryptocurrency supporters is that this would not be in the attacker's self-interest, because attacking the network requires you to spend millions or billions to buy up mining equipment. And, once they do all that, they won't be able to make all that much money from it.
Bonneau explores how much it would be to launch such an attack anyway, for someone who's not expecting profit.
"If there's a villain out there like Goldfinger from the James Bond movies with no intrinsic motivation, how expensive would a blockchain be to kill?" he asked.
Bonneau explained that there are different ways of buying up the necessary power to disrupt the network, varying from blockchain to blockchain.
He started with the easiest to execute. Rather than buying a thousands of mining computers and wiring them up, a lazier attacker can launch a "rent" attack by buying power online using a cloud platform such as Amazon Web Services with a click of a few buttons.
Since it's possible to rent GPUs, the power underpinning ethereum, but not ASICs, the hardware securing bitcoin, this is an attack that affects ethereum, but not bitcoin. "It would take about $2 million an hour to attack ethereum," Bonneau stated.
Meanwhile, if an malicious attacker were to instead launch what Bonneau calls a "build" attack, that's where a malicious attacker actually buys up enough physical mining hardware to control the network.
As you might have gathered, buying hardware is more expensive than temporarily renting it. Bonneau estimates it would take roughly $1.5 billion an hour to execute such an attack on either bitcoin or ethereum.
All that said, Bonneau argues his back-of-the-napkin analysis isn't completely accurate. "People argued with me up or down on Twitter. But I would argue the exact number doesn't matter, the order of magnitude does," Bonneau said, adding that there's "a lot left to model" and "we need more detailed analysis."
Bonneau implied, though, that with the estimates he's made for now, these attacks might be too cheap and easy. "Is this enough for an $80 billion system?" he asked in an open question to the audience.
If more and more people begin to use this form of online currency, this attack vector might grow on people's minds, he argued, concluding the presentation with a prediction:
"I think there will be more fear that this will happen in the future."
For future viewers: price of bitcoin at the moment of posting is 9718.70USD