We argued in the H/Rindex (Hashing Power and Robustness index) Paper and in the simplified introduction of the previous post Rindex :: The Robustness Index, that in the crypto universe it all boils down to one word “Security”. Both in our research and while we’re constructing an index to benchmark security and robustness we have come across some interesting findings and realistic models for potential lucrative attacks. We’ll discuss all of this in this article

To Recap..

The consensus attack cost is what it would cost to control 51% of the total hashing power of a cryptocurrency network, doing so would make it possible to 1) Prevent transactions from being confirmed, 2) Reverse recent transactions that have been sent, ‘double-spending’ your coins 3) Execute some sort of denial-of-service attacks against specific addresses like exchanges, or other miners or pools.

Any of this would collectively erode confidence in network, and, with a very high probability, cause a significant price decline.

How much that 51% consensus attack cost

The Classical model calculate is as:

Total Network Hashrate / Efficient Miner Hashrate = Miner Units needed

Miner Units needed * Miner Unit Cost + Electricity = 51% Attack cost

ETC Nethash averaged of 7000 GH/s (6600 to 7200 GH/s according to ETCstats , BitInfo respectively) Most efficient miners are Antminer E3 with 0.18 GH/s and Radeon Rx 480 with 0.025 GH/s

7000 nethash / 0.18 = 38888 Antminers E3 Needed * $2150 = $83,611,111 + $150,000 per day Electricity = $83,761,111 (~85 million with electricity for couple of days)

The same calculation with Radeon Rx 480 we found the cost to be about $55 million

We can safely estimate The Cost of a 51% attack on Ethereum Classic today to be between 55 to 85 million (averaged $70 million)

I’m confident you’re probably familiar with all that, and for years we argued about the 51% attack and its cost and the usual conclusions are:

Barrier of entry is high you still need to buy miners, setup farm, and all logistics right.. or

is high you still need to buy miners, setup farm, and all logistics right.. or Well if you have all that hashing power you’re better off mining coins than attacking the network!

No, Not anymore and today, both assumptions can be challenged:

The Barrier of Entry: Have we forgotten that many PoW blockchains share the same hashing algorithm, — particularly the forks —

Ethereum Classic uses ETHASH (the same algorithm as Ethereum’s) I mean you don’t need to setup or buy anything at all, If you’re already mining Ethereum, and your pool contributes with small percentage of only 2.5% of Ethereum Nethash, Switch to mine Ethereum Classic and you’re now +51% of hashing power of Ethereum Classic network. First, there is no barrier of entry for you, and second, your cost of 51% attack on ETC is your ETH mining profit per day, for a miner mining 2.5% of ETH Nethash the gain is about 525 ETH per day which is ~$380k USD, which is pretty much the cost of 51% on ETC per day, and please let’s not forget that the Ethereum Classic network has a ~2 billion market-cap.

Have we forgotten that many PoW blockchains share the same hashing algorithm, — particularly the forks — Ethereum Classic uses ETHASH (the same algorithm as Ethereum’s) I mean you don’t need to setup or buy anything at all, If you’re already mining Ethereum, and your pool contributes with small percentage of only 2.5% of Ethereum Nethash, Switch to mine Ethereum Classic and you’re now +51% of hashing power of Ethereum Classic network. First, there is no barrier of entry for you, and second, your cost of 51% attack on ETC is your ETH mining profit per day, for a miner mining 2.5% of ETH Nethash the gain is about 525 ETH per day which is ~$380k USD, which is pretty much the cost of 51% on ETC per day, and please let’s not forget that the Ethereum Classic network has a ~2 billion market-cap. The ‘Better off mining coins than attacking’: No you’re not, with that 7000 GH/s mining power you have which is about 2.5% of ETH Nethash you’re making currently 525 ETH or ~380k USD per day. However, by attacking ETC, while short-selling ETC with n margin on the open market would make you 3x to 100x that profit from the ETC price decline — We will discuss this in details in a bit..

This alternative leasing model of a 51% attack (calling Rindex v2.0 Model) works by leasing hashing power practically available for coins using the same hash algorithm. (BTC n BCH, ETH n ETC, ZEC n BTG.. etc)

The cost of a 51% attack = Revenue per GH/s * Target network Nethash

ex. Ethereum Daily block Rewards of 20600 ETH per day, Ethereum Network HashRate 275 TH/s The Revenue per TH/s is 75 ETH per day (-electricity)

For ETC: 75 (ETH revenue per TH/s day) * 7 (ETC nethash) = 525 ETH /day

If an ETH miner with +2.5% of Nethash switches to mine ETC, he is +51% ETC Nethash, That brings the cost of 51% attack on ETC to 525 ETH/day

A Byzantine miner with +7.0 TH/s hashrate of the list below is able to perform a consensus attack on ETC today in an hour. and a miner, like Ethermine pool, can do that by allocating only 10% of their hashing power.

List of Top Ethereum Miners with more +7 TH/s hashrate (byzantine candidates for ETC)

The Profitability with Price Decline

As we found out, the traditional methodology of calculating the cost of a 51% attack -from the cost of mining equipment acquisition- might be completely-off for networks with a total hashrate significantly smaller than others that use the same hashing algorithm, and you can perform that attack at a fraction of the cost.

Now it’s true that you as Byzantine miner (w/ +51% of network hashrate) can benefit with ‘double-spending’, by sending $10mm of ETC to one exchange then re-minting the blocks and sending it again to another one. However, the compelling true financial benefit you might be pursuing is through preventing transactions from being confirmed on the network + executing DoS on exchanges and other pool addresses, this makes it clear that the network is under 51% attack and erodes confidence in this cryptocurrency which would eventually cause a significant price decline.

Nakamoto-consensus was designed with the assumption that rational miners working in their best financial interest, wouldn’t perform such attack as they can’t benefit from price decline.

Today 9 years later clearly these assumptions are very outdated, We do have major exchanges with a lot of liquidity which allow you to short-sell with a trading margin from 2.2x to up to 100x (to benefit from price declines significantly) like Poloniex, BitFinex, Kraken and GDAX — Futures market like CME and Exante(and many others lining up) we have derivatives markets like, BitMex, WhaleClub and CFDs like AVAtrade, and Plus500, Options like LedgerX and the decentralized prediction markets like Augur, and Gnosis — which have been becoming popular. You see where I’m going with this.. it’s just becoming easier everyday and the market is more liquid for opportunities where you can benefit from price decline.

I’ve promised you a realistic lucrative scenario, let’s get to that.. so what is realistically the amount a malicious attacker a Byzantine miner could spare for this venture attacking our example here Ethereum Classic a $2 Billions market-cap? 1 billion? 500 or 100 millions? it becomes interesting as hell if you can do it with like 10 million or even only 1 million!

Let’s first simulate price % change, with your X margin and calculate your payoff as %

a reasonably conservative sweet spot might be 5x to 8x margin with a range of 35% to 50% price decline

Don’t forget the cost of attack as we calculated above is 525 ETH or ~$380k per day, if you’re not the byzantine miner and just an investor and you’re going to rent from a mining pool at 7 TH/s ETHash for a day (which is what you need to control +51% mining ETC) They will be gladly willing to lease it for anything >$380k or 525 ETH, (which is what the 7 TH/s hashing power generates for them per day) Let’s say you pay them $500k and your investment was $1.5 million, now you’re left with $1 million to short-sell ETC on your favorite exchanges, ex. on BitFinex with 3.3x margin you break-even at -15% price decline anything else is profit, at -30% you net $500k, and -70% $1.8mm Voilà

We take this one step further by putting some serious investment on this venture, to do so, we need to know how is the liquidity and how much the market can afford to pay us.

The average trading volume of Ethereum classic is currently in the range of $150 million per day (with a history of up to 1.4B /day last year) we can take this as a reference for liquidity, and make a simulation for investment with a bigger stake.

In this case now our investment will be $55 million, we will rent hashing power from a mining pool for 10 days paying $5 million and short-selling ETC with a margin using the leftover of $50 mm

As you can see in our simulation here, $50mm investment to short-sell ETC with 35x margin, a decline of 50% will net ~$ 1B and if the price continues to decline we would break the bank with a +90% price decline, which would net you $1.8B profit (currently that is the market-cap of ETC). And if 35x margin was a stretch for you to secure, then just increase the investment from $50mm to $200mm instead and with 10x margin you will get pretty much the same results — $ payoff.

The Models for the Calculation of a 51% Attack

The Classical model (Based on cost of acquisition) we have used for years, — well detailed in Mario Dian post here — , calculates the cost of acquisition of enough miners (ASIC/GPUs) which will generate the total hash of a the target network + electricity, and the one used at beginning of this article and we used in Rindex v1.0:: The Robustness Index,

ex. for ETC with current 7 TH/s nethash the 51% attack cost is $70 million Vlad Zamfir in Simple model of an internal PoW attacker introduced a sound assumption that honest miners working in their best financial interest would switch to mine on a different network when you add hashpower to current networks. That when you add a smaller % like 3.5 TH/s to ETC of 7TH/s, the total nethash truly becomes 10.5 TH/s and you’re controlling only 33%, but as as difficulty adjustments make it no more profitable for honest miners to continue mining ETC, they would switch to mine on different networks and you end up with +51% .

ex. for ETC with current 7 TH/s nethash, 51% attack cost max $35 million Rindex v2.0 model — (The cost of hashpower leasing)

Revenue per GH/s * Target network Nethash = 51% attack cost

ex. for Ethereum Classic: 75 (ETH revenue per TH/s day) * 7 (ETC nethash) = 525 ETH per day = $380 Thousand dollar

I’m keen to believe a mixture of #2 and #3 is the more likely scenario, which would put the cost of Ethereum classic attack in our example here to less than $200k per day.

What about the cost of attacking other coins?

Bitcoin Cash: Following the same logic you can observe that the cost of 51% on Bitcoin Cash Network is not the $300 million (which is what would cost you to to acquire miners with enough hashing power to be 51%) but only 250 BTC or $2 million, by switching from mining BTC to BCH.

If a BTC miner with +14% of Nethash switches to mining BCH, he is +51% BCH nethash, That brings the cost of 51% attack on BCH to 250 BTC/day ~$2mm

Bitcoin Gold: Bitcoin Gold, a much smaller network(1/20 the size of Bitcoin Cash network), since the fork, has switched to become ASIC resistant hashing with Equihash algorithm, — same as zCash — It is currently more secure against 51% attack from Bitcoin miners, but vulnerable to attacks from Zcash and other Equihash miners.

If a zCash miner with +8% of Nethash, Switch to mine Bitcoing Gold, he is +51% BTG nethash, That brings the cost of 51% attack on BTG to 580 ZEC/day ~$200k

Check the table on RINDEX post, for the classic cost of a 51% attack -Top 10 PoW

Conclusion

We demonstrated how you can profitably attack a $2 billions cryptocurrency network like Ethereum Classic, with as little as $1.5 million, and how you can ‘bankrupt it’ with $55 million netting +$1B in profit.

Now, a growing number of institutional investors are watching crypto-currencies, ruthless intimidating wizards and trolls, standing on the tips of their toes aiming to exploit opportunities for quick and big profits, they aren’t the type of ‘dudes’ you’re used to, the ones that care about the community, the ecosystem and the future of decentralization.

The intention of this article is to raise the awareness of this attack vector so that we can take appropriate measures to increase our networks’ robustness before it gets exploited

How can we fix and increase the robustness of networks?

Upgrade to PoS, check out Casper FFG, PoS in general is much safer and 51% practically infeasible, but by just adding Finality the Capser FFG style you will significantly increase robustness.

check out Casper FFG, PoS in general is much safer and 51% practically infeasible, but by just adding Finality the Capser FFG style you will significantly increase robustness. Upgrade your hashing algorithm (In a way you’re not using the same hash algorithm like other chains that have significantly more hashing power)

(In a way you’re not using the same hash algorithm like other chains that have significantly more hashing power) Increase required confirmation (A LOT More) a byzantine miner can send an ETC equivalent of $100mm swap it for BTC, while mining his own in-shadow chain disconnected from ETC, and when he liquidates his $100mm he propagates his in-shadow blocks. As it has more hashing power behind it, and because it is the longer chain, it would replace the current one and the miner would now be ‘double spending’.

(A LOT More) a byzantine miner can send an ETC equivalent of $100mm swap it for BTC, while mining his own in-shadow chain disconnected from ETC, and when he liquidates his $100mm he propagates his in-shadow blocks. As it has more hashing power behind it, and because it is the longer chain, it would replace the current one and the miner would now be ‘double spending’. Emergency preparedness, stay one step ahead with a miner, exchange and developers coordinated action plan

What do you think? What can we do to improve the robustness, security, and minimize the effect of a 51% attack particularly on these networks that use same hashing algorithm like bigger ones, with smaller nethash?

Update 2018.05.24: removing 0 from BCH attack cost it’s 250 BTC ~$2mm not 20mm