A 51% attack fundamentally violates the proof-of-work security model, but exchanges are unwilling to delist the attacked cryptocurrencies because it is still profitable for them.
Written by: Ashwin Ramachandran and Haseeb Qureshi, the former is a junior partner at Dragonfly Capital, a blockchain venture capital firm, and the latter is the managing partner at Dragonfly Capital.
On January 23rd, Bitcoin Gold (BTG) fell victim to a 51% attack, resulting in $72,000 being double-spent. This is the second attack on Bitcoin Gold, raising questions as to why Bitcoin Gold and other PoW tokens vulnerable to 51% attacks are not delisted from exchanges.
The answer is simple. But first, let's examine how this attack was executed.
Bitcoin Gold is a Bitcoin fork that uses the ASIC-resistant ZHash mining algorithm. ZHash is optimized for efficient GPU mining, and due to its high memory requirements, it increases the difficulty of ASIC development. With GPUs widely available for rent due to their commoditization and abundant supply compared to ASICs, attackers can easily rent enough hashing power to gain dominance over the Bitcoin Gold network. Mining pools like NiceHash and MiningRigRentals have significantly lowered the cost of executing a 51% attack, and similar markets such as Warihash and Luxor are emerging.
The recent attack on Bitcoin Gold required an initial capital cost of $3,400 (reorganizing 29 blocks cost 0.4 BTC), compensated by block rewards. As the overall cost is low, this attack can be carried out entirely using the spot GPU rental market. Additionally, with the increasing liquidity in the GPU rental market, the cost of surpassing the network's mining power with GPUs is decreasing. Therefore, attackers only need the initial capital for the Bitcoin Gold they want to double-spend, plus the hashing power cost. If an attacker double-spends $72,000 in BTG, they are expected to pay only $3,400 (earning around $4,200 through block rewards), resulting in a return on investment of approximately 96.6%, making this attack highly profitable.
Of course, exchanges are the primary victims of 51% attacks. Typically, attackers deposit tokens into an exchange, exchange them for other liquid tokens like Bitcoin, then withdraw the Bitcoin. After the transaction is completed, the attacker reverts the initial deposit through a 51% attack, allowing them to retrieve the original deposit, essentially doubling their money. Although exchanges require a confirmation period (initially set at 12 blocks on the Binance platform for Bitcoin Gold), which enhances security, it does not completely prevent attacks. For more insight into the mechanics of 51% attacks, refer to @hoseeb's series of tweets from last year on the Ethereum Classic (ETC) attack.
The 51% attack on Bitcoin Gold is the second in two years (the first was much larger), but BTG is still traded on exchanges like Binance. Naturally, the question arises: why doesn't Binance delist BTG?
Currently, the trading volume of BTG/BTC is approximately $4.13 million per week. Therefore, with just the BTG/BTC trading pair, assuming an average fee of 20 basis points per trade (maker/taker) and low BNB usage, Binance's annual profit is about $429,000.
After calculating the profits from listing lower and mid-market PoW tokens, a trend emerges. For Binance, listing lower and mid-market PoW tokens is more profitable, even though they may suffer losses due to 51% attacks.
The chart below shows estimated percentages of hash power available for rent and profit estimates for Binance (assuming current market prices).
Note: All rented hash power increases the total network hash rate. Therefore, attackers must acquire 100% or more of the current hash power to successfully launch a 51% attack. Hash power acquisition estimates are also susceptible to market price decreases, which could significantly increase attack costs.
We can summarize the listing/delisting decisions for vulnerable PoW tokens with the following simple formula:
As long as the above conditions persist, we expect Binance and other profitable exchanges to continue trading vulnerable PoW tokens. Exchanges can reduce the likelihood of 51% attacks by increasing the number of confirmations required for withdrawals (Binance increased BTG's confirmations from 12 to 20 after the attack).
However, this does not completely prevent attacks but only raises the attacker's capital cost. By carefully monitoring abnormal deposits of low-market-value PoW tokens from users, exchanges can further enhance attack prevention. However, note that renting hash power does not decrease the network's hash rate in any way, making it impossible to detect a 51% attack directly before it occurs.
The recent Bitcoin Gold attack was valued at approximately $72,000, but Binance is expected to profit $429,000 from Bitcoin Gold this year. Similarly, the Ethereum Classic 51% attack netted attackers around $1.1 million, but Binance stands to earn $3.2 million from its trading fees. This is another reason why tokens do not perish after a 51% attack.
Nevertheless, 51% attacks remain a mystery. They seem to fundamentally violate the proof-of-work security model. Cryptocurrencies hit by 51% attacks continue to trade on top exchanges and sometimes even bizarrely surge in price after the attack (see ETC, BTG, and XVG). We can view 51% attacks as a tax levied on exchanges, and we can simulate their intrinsic motivation to continue listing vulnerable cryptocurrencies for trading, partially explaining this phenomenon. However, why cryptocurrencies subject to 51% attacks sometimes rise in price remains a mystery.
This article is authorized for reposting by ChainNews. Source: ChainNews (ID: chainnewscom).
Join now to get the most comprehensive information on fintech, blockchain innovations, and industry examples! [Click here to join](https://lin.ee/pl4ELGl).
