What is a 51% attack?
A 51% attack is a malicious attempt to control a blockchain’s hash rate by utilising a proportionate amount of computational power. With the ability to mine new blocks faster than the rest of a network, individuals exploit the ‘Longest Chain’ rule to control which blocks are accepted by the consensus. By doing this they can reverse, falsify and prevent transactions from being confirmed.
How a 51% attack occurs – Double Spending.
In normal circumstances a networks hash rate is constituted by various different groups or individuals mining the chain. Newly mined blocks are broadcast to the rest of the network from various locations allowing for a consensus to be reached regarding which blocks are accepted.
In the case of a 51% attack an individual with more than 50% of a network’s hash rate will mine the chain privately but NOT broadcast the new blocks as depicted below.
In doing so, they can then make purchases or spend their cryptocurrency on the public version of the blockchain, but also choose NOT to include these transactions in their privately mined blockchain. When they have spent a sufficient amount of funds or have acquired their purchases, they broadcast their longer private version of the chain to the network. The attacker’s version of the blockchain is accepted by the consensus as depicted below causing any of the transactions previously instigated on the public chain to be invalidated.
The attacker retains their original balance because the transactions they used to make their purchases were NOT included on this version of the chain, they can then spend their funds once again (giving way to the term double spending).
How can exchanges prevent them?
In most cases these attacks are not detectable until after the damage has been done, which leaves exchanges with limited methods to protect their users.
Exchanges can take steps to make it more difficult for 51% attacks to affect them, but these precautions are not solutions, and would all undoubtedly impact user experience negatively.
References & further reading: