Just a few hours ago, a link to a website appeared on Reddit that shows roughly what it would cost to perform a 1-hour 51% attack on various proof-of-work cryptocurrencies like Bitcoin and Ethereum. The site also lists a number of much smaller PoW coins and the results are shocking. Some networks, the site revealed, are so easy to overwhelm that they have a 51% attack cost of $0. This revelation is causing some in the community to doubt the efficacy and safety of PoW for smaller projects.
Crypto community in shock
The site has revealed how mining resources can be weaponized to easily overwhelm smaller networks, image via pixabay.com
The site, crypto51.app was just shared on Reddit a few hours ago by user xur17. The goal of the site is to point out some of the inherent weaknesses in PoW consensus models when the hash rate is comparatively low.
Bitcoin, for example, has a mind blowing hash rate of 33,633 PH/s. Ethereum, the next largest competitor has an equally huge hash rate (given its more difficult mining algorithm) of 215 TH/s.
What gets interesting is when we move further down the list. Projects like Ethereum Classic have a much lower hash rate of just 6 TH/s as compared to Ethereum’s 215. As such, the site estimates the cost of a 1-hour attack on ETC to be at around $10,500.
Bytecoin, a privacy cryptocurrency that was the grandfather of Monero has a depressingly low cost of just $613 for a successful attack. Going even further down the list, a small project called Catcoin which currently has just a single gigahash of hashing rate with the Scrypt algorithm can be attacked for a theoretical price of $0. The currency has a market cap of $11 million.
Calculating the attack costs
So how is the site coming up with its attack prices?
According to the site, it is using publicly available data from NiceHash, a service that allows individuals to rent a massive network of miners to mine almost any coin imaginable. The service can be rented for short time frames and incredible amounts of hash rate can be procured for competitive prices.
Normally, people use NiceHash to rent hash power and target it towards a mining pool of their choice. This earns the customer the output of the combined power of the mighty NiceHash network. But with so much potential power at the fingertips of almost anyone, it appears that NiceHash and services like it could be effectively weaponized against smaller chains.
Aside from the cost of an attack, the site also includes a percentage that it calls “NiceHash-able”. This number, according to its creator, means this is the amount of power NiceHash can produce in comparison to the network at large. Simply put, the larger the number, the higher the chance of a successful attack.
Bitcoin and Ethereum both have relatively low rates, 2% and 3% respectively. This means that a 51% attack from a weaponized NiceHash would be basically untenable. Ethereum Classic, however, has an incredible 95% NiceHash-able rate, and Bytecoin has a 219% rate – meaning success is practically guaranteed.
What about the tiny projects? The numbers are even more grim. An X11 project with a market cap of $557,368 called Cream has a NiceHash-able rate of 1,910,730% (and a cost of 0$). The previously mentioned Catcoin has a similar rate of 1,419,281%.
Some other notable mid-size projects include Dash at 39%, Zcash at 23%, Bitcoin Gold at 333%, Bitcoin Private at 1,085%, and Dogecoin at 6%.
Why do this?
This is the explanation for the site on it’s about page:
This website is intended to bring light to the risk of 51% attacks on smaller cryptocurrencies. It is not intended to encourage or help in completing an attack, but instead to get people talking about the problem and potential solutions.
The site also claims a major impetus for creating the site was the recent Bitcoin Gold attack, where it states $18 million was stolen from the network.
The page also gives few suggestions on how these kinds of risks can be mitigated, including switching to proof-of-stake, or using ERC-20 or other similar tokens that do not use PoW mining.
The community has responded to this site mostly with appreciation for shedding light on this potential attack vector. Redditor ThomasVeil writes:
Seems to me that PoW will die out, except for one or two big networks. All the small ones could be taken over by just switching hashrate over
Time to reflect
Perhaps now is the time for smaller coins to reconsider the safety of PoW, Image via pixabay.com
While this site is not an absolute claim that PoW is dangerous or obsolete, it does bring into question the use of it in smaller projects that will inevitably attract a much lesser hash rate than major players. Its difficult to say how the teams behind these at-risk coins will react to this information, but it certainly does demand at least some degree of reflection and consideration.