[Update 2: Jan 7th, 2019–51% attacks against Ethereum Classic are a thing now, with multiple 100 block reorgs occurring. Some exchanges are requiring 100+ confirmations on the Ethereum Classic blockchain before crediting for deposits now, with recommendations they wait 400 confirmations! Bye, Bye $ETC (at least as a minority hashrate PoW coin.]

[Update: May 25, 2018 — Looks like the risk of a 51% attack for purpose of profit against minority hashrate coins is a topic finally getting attention (great work Husam ABBOUD!)]

All proof-of-work (PoW) cryptocurrencies (of which Bitcoin is one) are vulnerable to the 51% attack. What this means is that an attacker (or miner cartel) with control of 51% of a coin’s combined total mining hashrate has the ability to double spend the attacker’s own transactions — even transactions that have confirmed.

The theory to explain why this doesn’t happen to a coin like Bitcoin is that it is more economically rational for the 51% attacker to simply use that hashrate capacity and just mine the coin. But there could be other motivations to attack where economics isn’t the primary motivator — such as if a nation state were to do a 51% attack intending to disrupt a coin, or when a competing coin attempts to thwart an unwanted competitor even.

Bitcoin Is Protected

Acquiring control of 51% of a coin’s hashrate for such an attack isn’t particularly easy though. The hashrate on the Bitcoin ($BTC) network, for example, is currently (May 27th, 2017) 425,000,000 tH/s — the equivalent of about 340,000 Antminer S9’s. But to succeed with a 51% attack, for the purpose of double spending, you need stealth and that means mining a private chain with more hashrate than currently exists from all other miners for that coin combined. Naming this attack the 51% Attack is generally technically correct, but the attack really involves the acquiring ~101% of the existing hashrate (giving the attacker ~51% of the combined total hashrate). So in the instance of Bitcoin, the attacker needs to add another 425,000,000 tH/s. At $1,250 per Antminer S9 device, plus controllers, a minimum investment of about a cool half billion dollars would be required to be ensured success in performing a 51% attack on Bitcoin today.

But the supply chain simply doesn’t have another 340,000 Antminer S9's (even when substituting hashrate capacity sold by competitors Canaan and Bitfury). And there is essentially a near-zero capacity of this hashrate that is being used for mining other coins. Bitcoin has essentially 100% of the hashrate produced by all SHA-256 mining hardware.

So Bitcoin is not just protected because of the cost of the attack, but also because it already receives so much of the hashrate for that mining hardware class. One could compute a vulnerability ratio (for a 51% attack) by dividing market cap by the cost of the attack. Ignoring that even $500M can’t get you your 340,000 Antminer S9s today allows this ratio for Bitcoin to be calculated and the result is 72 (~$36,000M/~$500M). The lower the vulnerability ratio, the stronger a coin’s protection is. Bitcoin’s ratio shows weakness, but only because the true cost of succeeding in an attack would be enormous due to limits in the hardware supply and cannot be calculated.

Litecoin Is Protected Too

Litecoin, which uses Scrypt ASICs for mining, too is protected in a similar manner—it is the recipient of perhaps 90% or more of all mining performed using the Scrypt ASIC hardware asset class. It doesn’t matter that only $25M worth of this specialized hardware would be needed to successfully 51% attack Litecoin when there’s only a fraction of that level of hashrate capacity available for sale. Calculating the vulnerability for Litecoin with the same disregard on hardware availability yields a ratio of 52 (~$1,300M/~$25M).

Again, this ratio level shows Litecoin to be weak but only because the true cost of acquiring the necessary hardware (i.e., producing your own chips or otherwise effecting additional supply to occur) isn’t known.

How about coins mined using a GPU?

Now for coins mined using GPUs, the story changes significantly. The same GPU that mines ZCash ($ZEC) can be quickly switched to mining Ethereum ($ETH) instead, and vice-versa. So this attacker/cartel acquiring control of hardware for performing a 51% attack needn’t go and try to acquire capacity from the GPU supply chain but instead can simply cause existing hashrate capacity deployed for other coins to be redirected — something that is routinely done today based on each coin’s mining profitability.

ZCash is insanely well protected today relative to its market cap— there are currently $150M worth of GPUs protecting a coin whose market cap is $300M. This gives ZCash a very good, low vulnerability ratio of 2 (~$300M /~$150M).

Now if the cost of an attack were the only barrier preventing such an attack from happening, hitting a coin like UBIQ ($UBQ) would make much more sense. With even fewer than $1M worth of GPUs, an attacker can be guaranteed technical success in double spending transactions on UBIQ — a coin with a $25M market cap. So UBIQ’s vulnerability ratio is 25 (~$25M/$1M).

Why isn’t such an attack happening today? Perhaps because an attack just isn’t likely to return a profit.

The 51% Attack — For Fun And No Profit

Here’s an example how a 51% attack on UBIQ would go down. The attacker/cartel with $1M worth of GPUs starts mining a private chain. Then on the public chain the attacker broadcasts deposit transactions of $1.5M worth of $UBQ to the exchanges. Once those deposits confirm the attacker trades those funds for $BTC (or other non-repudiable payment method) and withdraws the $BTC. During this time that the attacker/cartel was making those deposits, the attacker was spending those same coins on the private chain to an address from the attacker’s own wallet.

With the withdrawn Bitcoins secured, the attacker then releases the private chain which, with majority of the hashrate, then becomes the longest public chain and the result is the prior deposit transactions to the exchanges essentially and immediately disappear — as if they had never even been made.

As a result, the attacker’s wallet would still have all the $UBQ (which was worth $1.5M when deposited to the exchanges) as well as the roughly $1.5M worth of $BTC bought and withdrawn. Subtract the $1M cost for mining hardware (assuming this required acquisition of new GPU hardware), and this attacker/cartel would have just earned a cool $0.5M profit on this attack!

The flaw in this scenario is that there simply isn’t a market to dump $1.5M worth of $UBQ without incurring extreme slippage. Even a quarter of this volume dumped suddenly on exchanges might decimate the exchange rate for that nascent coin. Additionally, a double spend only happens if the trading counterparty (e.g., an exchange) is caught unaware which would be the only way that the exchange not only would allow the recently deposited $UBQ to be dumped in record volumes but also then would allow all the proceeds (e.g., $BTC) of said dumping to be subsequently withdrawn as well. Exchanges are (hopefully) wiser than that. But even if that happens, the attack still might be a financial bust for the attacker.

The most significant reason this 51% attack might succeed on a technical level but fail to earn a profit is that the attacker still wants to later spend those $1.5M worth of $UBQ that were double spent. But this attack on UBIQ would probably end up being failure fatal to the UBIQ project as a whole, causing those $UBQ coins the attacker “stole” from the exchanges to become essentially worthless. Or another possible outcome is that the coin’s dev team responds to the attack by simply releasing a hard fork reversing those transactions involving stolen coins. This is similar to what Ethereum did in 2016 to get back the coins that the DAO thief controlled.

The Sweet Spot

So a 51% attack only works against coins in a certain sweet spot —where there’s a high vulnerability ratio (i.e., low cost for acquiring control of 51% of the hashrate relative to its market cap), with significant liquidity on exchanges, is traded on a variety of exchanges — particularly those with no KYC, and has a sufficient economy such that a hard fork for “reversing” transactions wouldn’t fly with its user base.

You can go up and down the crypto coin chart and there are very few coins that fit that description today. Bitcoin, Litecoin and ZCash are excluded for reasons given above. Ethereum, requiring $400M of GPU hardware to 51% attack also does not make an ideal target — even with a relatively high vulnerability ratio.

Ratio of Mark Cap versus Cost of 51% Attack (May 27, 2017)

Ethereum Classic Should Be Considered Vulnerable

Perhaps the closest to the sweet spot then is Ethereum Classic ($ETC). Just $40M worth of GPUs protects $1,550M worth of market cap, giving it a vulnerability ratio of 39 ($1,550M/$40M). The only criteria where this coin is lacking in is its low traction. Other than investors and miners, not too many people would even notice if $ETC were attacked. Looking at the Ethereum Classic blockchain shows very few transactions per block. This reveals that outside of speculation there essentially no economic activity occurring using $ETC whatsoever today. But over time as Ethereum Classic sees more and more traction and activity (e.g., like how Gambit is moving over from Ethereum), it soon could have an economy that might cause $ETC to still have value even if a 51% attacker were to make off with some of the target exchange’s $ETC loot.

So Ethereum Classic is perhaps the coin most vulnerable and likely to be the first significant crypto currency (significant meaning market cap in the range of a hundred million or more) to be 51% attacked for the purpose of profit.

If $ETC is doomed due to being so vulnerable, why then would the title of this article be that $ETC is saved?

Crime Doesn’t Pay (as much)

It’s possible that 10% of the $400M worth of GPUs (well over 1 million units) currently mining Ethereum or a mix from other coins could be re-purposed for a 51% attack on Ethereum Classic. But GPU mining is so very profitable on so many altcoins, there’s little incentive to undergo the risky and (relatively) unprecedented action of 51% attacking any coin for profit — it would be like putting poison in the GPU mining well!

And while it may be appropriate to conclude that Ethereum Classic was possibly the coin at the most significant risk of a 51% attack, it will likely get a pass this time thanks to the GPU shortage that is one result of this huge altcoin rally.

GPU Supply Chain Wiped Out

$ETC gets a pass because this rally has involved so many altcoins and has totally and completely sucked up nearly every last GPU in the supply chain. This rally was so intense that even some used GPUs are selling for 30% or more of the retail price paid when sold brand new! It will take a very long time for the GPU supply to catch up to demand — especially since a major GPU manufacturer is just about to release a new model and not likely to continue producing extra supply of the now “sold-out” varieties. And even then, once available, new stock might take a couple months to reach retailers when sent by ocean vessel.

51% Attack — Inevitable, just not for $ETC, at least not today

Thus instead of Ethereum Classic becoming the case study where we learn that the threat of 51% attacks is still very real and truly very dangerous, $ETC will likely be able to whistle on by due to the circumstance of there being a huge rally for it and its peers.