Security Considerations

By using cryptography and consensus mechanisms, blockchains provide a secure and reliable way to share data and transactions without the need for a third party. However, we have to remember that "secure" does not mean "invulnerable."

51% attack

The primary and most common risk for a blockchain is the so-called 51% attack. It allows the attacker to potentially manipulate the blockchain’s ledger by reversing confirmed transactions, double-spending coins, and preventing new transactions from being confirmed. This attack is considered one of the most serious security threats for any blockchain because it can lead to a complete breakdown of the network’s trust and reliability. Despite the severity of the attack, its occurrence is fortunately quite rare.

A 51% attack is a type of attack that is specific to the blockchain platform. The most common goal of this attack is to successfully spend crypto twice (double-spending). But how can this happen?

Let’s look at a brief example for clarification. If a luxury watch shop accepts crypto payments (let’s say Bitcoin), an attacker could buy the watch and transfer 20 Bitcoin to the shop’s owner. The transfer transaction is sealed in a valid block and everything seems good. But, by performing a 51% attack, the attacker can reverse the transaction. So, they can own both the luxury watch and Bitcoins that they can spend again.

Attacking a PoW blockchain

In the case of the PoW blockchains, this attack occurs when a single entity or a group of entities controls more than 51% of the network’s hash rateA blockchain hash rate is the measure of a miner's computational power, or how quickly the miner can process transactions on a blockchain network. The hash rate is measured in hashes per second (H/s), which is the number of times the miner is able to calculate a cryptographic hash, or the output of a cryptographic function, in one second. Higher hash rates are generally associated with more powerful miners and greater mining rewards. or computing power. The attack is tied to the way of work of the consensus mechanism.

Invisible fork

In normal conditions, when a miner finds a valid block, it is supposed to broadcast it to other miners. Other miners can check the block validity and then add the block to the chain.

In a 51% attack, there is a group of corrupted miners. When they find a valid block, it is not broadcasted to the rest of the network and is added only to the local copy of the malicious miners’ blockchain.

Now, the blockchain forked, one version is followed by honest miners and is publicly visible to all the nodes of the network, while the other version is followed only by corrupted miners and is invisible to the rest of the network because it was never broadcasted. Now, an attacker spends all their cryptocurrency on the truthful version of the blockchain. The spending transactions are added to the chain by the honest miners but, at the same time, these transactions are ignored by the malicious miners. In the isolated version of the blockchain, the attacker still has their coins.