Ever since the alternative cryptocurrency Bitcoin launched, it’s had a known potential security flaw. If any single miner or collective group of miners (known as a pool) were ever able to account for 51% of the total hashing power on the network, those miners would be able to exert significant power over the entire blockchain. (See here for our intro primer to Bitcoin and an explanation for how the network functions). In five years, that’s never happened, because the BTC mining community has aggregated into a number of large players rather than a single network with disproportionate influence. Now, for the first time, that’s changed — Ghash.io passed the 51% mark for more than 12 hours this week, after promising to never do so back in January. This could be potentially devastating to the stability and reliability of the world’s most popular cryptocurrency.

How the 51% attack works

The record of all past Bitcoin transactions is known as the blockchain, but this information isn’t stored in any central server. The blockchain is stored across multiple pools and continuously checked and rechecked. Periodically, a mining pool will mine a block that isn’t part of the conventional blockchain — this is known as an orphan block. When the orphaned block is validated against the pre-existing blockchain, it will be discovered and tossed out of the pool. The diagram below shows this process.

In this graph, purple blocks are orphan blocks while the black blocks are the validated block chain.

When two or more blockchains are presented for validation, the Bitcoin protocol declares that the valid blockchain is the blockchain that’s been worked on the most. This is the flaw in Bitcoin’s armor — any attacker that can account for 51% of the network’s total hashing power can create their own blockchain and pour work into it faster than the main blockchain updates. One of the chief problems with this is that the 51% network can double-spend coins by simply removing the transactions from its own blockchain after spending them (thereby returning the coins to the original user’s wallet).

A mining pool with control of 51% of the network hash rate can make certain addresses unspendable by rejecting transactions aimed at those addresses. It can drive other pools out of business by refusing to incorporate their data, thereby orphaning their blocks. While most of these behaviors make no sense for anyone who cares about Bitcoin’s future, unscrupulous investors and those seeking a quick get-rich payday have plenty of reason to subtly degrade their competitors’ performance.

Ghash.io has refused requests for comment and has not addressed this concern directly.

The Internet responds

Ghash’s breaking the 51% mark has so far resulted in a sustained DDOS attack against the network from some corners (perpetrators unknown), and calls to fork the Bitcoin standard in others. Researchers Ittay Eyal and Emin Gün Sirer have published a blog post in which they argue that this latest event represents a complete breakdown in Bitcoin’s trustworthiness. As they note, the website in question already has been caught red-handed in engaging in double-spend attacks.

“The Bitcoin narrative, based on decentralization and distributed trust, has collapsed. This is far more important than the Bitcoin economy, which is about as healthy as it was yesterday, and the Bitcoin price, which will likely remain afloat for quite a while. But the Bitcoin economy and price are trailing indicators. The core pillar of the Bitcoin value equation has collapsed.”

The short-term response from the Bitcoin mining community will likely be to attempt to block Ghash.io from accounting for quite so much mining firepower. The longer-term action is unclear. Some of the techniques that a 51% miner can exploit can themselves be fixed. Pooled mining could be disincentivized, and though this is incredibly unlikely to happen (it would destroy the financial model the entire cryptocurrency industry is based on) it might be the best long-term solution.

This is the type of deep structural problem that could bring Bitcoin down entirely. If Ghash.io continues gathering mining hardware, it will eventually be able to exert de facto control over the BTC standard. At that point, the difference between Bitcoin and the centralized fiat currencies it sought to replace would be largely eradicated, save that Ghash.io isn’t subject to the laws of any particular government nor the oversight that modern nations extend over the banking industries.

How much hash rate are we talking?

As of this writing, DDOS attacks have knocked Ghash down to about 38% of total network hash rate. To account for 51% of the total network hash rate, Ghash had to be providing 58,120 THash/s.

Let me put that in perspective. Bitcoin mining got its start on GPUs; in 2011, a Radeon 5970 (dual GPU) could crunch perhaps 700 MHash/s. A modern Radeon R9 290X can do 800-900 MHash/s on a single card. The Radeon HD 7990 could crunch 1200-1300 MHash.

To put this in perspective — you’d need more than 44 million Radeon 7990 cards to reach the current hash rates. Of course, that’s a ludicrous number — but this is why ASICs have surged into the gap. A modern Butterfly Labs ASIC box is $250 for 10 GHash/s — almost 10x faster than the HD 7990. [Read: AMD destroys Nvidia at Bitcoin mining, can the gap ever be bridged?]

It makes racks of hardware like this look almost quaint.