Bitcoin and Ethereum could now be resilient to 51% attacks, according to new research from on-chain analytics firm CoinMetrics.
A 51% attack refers to an attack on a blockchain by a group of miners or malicious actors that control more than half the network’s mining hash rate in a Proof-of-Work (PoW) environment or nodes in a Proof-of-Stake (PoS) setting, putting them in control over the network.
Of course, the bigger the network is, the harder it becomes to control the majority of hashing power, and now it appears it might be too difficult to execute an attack on the two largest blockchains – Bitcoin and Ethereum.
Researchers quantified the Total Cost to Attack (TCA) of these blockchains and found that it’s more expensive to carry out a malicious act like this than to participate in the network honestly.
Lucas Nuzzi, CoinMetrics’ head of research and development, shared excerpts from the academic paper’s findings on X. By the researchers’ estimates, in order to attack Bitcoin, someone would have to buy 7 million ASIC miners – the cost of which would likely be higher than $20 billion, based on how the market would react to a relentless buyer.
4/ But these ASICs are not for sale!
How do you buy 51% of them?
One way to do that is to simulate using historical ASIC market data (thanks to https://t.co/C4YC0XjzxI) to see how that market would react to a relentless ASIC buyer
In one scenario, that cost alone is close to… pic.twitter.com/fnS6DrLSY8
— Lucas Nuzzi (@LucasNuzzi) February 15, 2024
Even if a nation-state attacker had the financial resources to manufacture their own ASICs for the attack, the only model that could be reverse engineered would be the Bitmain AntMiner S9, which also has a manufacturing cost of over $20 billion.
Meanwhile, the researchers estimate that the total cost to attack Ethereum would be more than $34 billion, with an ETH price of $2,279 (the current price of ETH is $2,830), the total amount of ETH staked at 28.8 million, and a validator count of 899,840. This would also take more than six months due to the churn limit preventing stake from being deployed all at once
One major concern that industry watchers have raised over the years is the potential threat from Liquid Staking Derivatives (LSDs) provided by staking services like Lido and RocketPool. Lido, in particular, controls 31% of staked ETH, close to Ethereum’s economic security threshold of 33%, meaning that network finality could be disrupted if these nodes colluded.
“Contrary to popular belief, an attacker could not leverage LSDs to buy access to block templates,” said Nuzzi.
9 We also find no ways for a nation-state attacker to continuously run a 51% / 34% attack if the goal is to destroy these networks.
The possibility of retaliation techniques makes ideologically driven attacks costly at each retaliation round.
In the end, the network survives.
— Lucas Nuzzi (@LucasNuzzi) February 15, 2024
Updated on Feb. 16, 2024, at 6:34 am EST: A previous version of the article misstated the cost to attack Ethereum as $34 million rather than $34 billion. Unchained regrets the error.
Updated on Feb. 16, 2024, at 7:30 am EST: Change the title from “51% Attacks on Bitcoin and Ethereum Impossible: CoinMetrics” to “Attacking Ethereum Costs More Than an Attack on Bitcoin: CoinMetrics”
