Let's imagine a situation where someone has an infinite source of money and is willing to spend it on attacking blockchain networks. How much money would such an attack cost?
The essence of blockchain security
The security of decentralized networks is based on a scarce resource. This resource is expected to have a high market value. It should be very costly for an individual to acquire a large share of the resource. At the same time, it is assumed that it will be distributed among the maximum possible number of independent individuals. Resource distribution is important to the network because if a significant amount of the resource were owned by a single entity (or a few entities), they would have control over the network.
The principle behind the 51% attack is that the attacker tries to get a larger amount of the resource than everyone else combined. If the attacker succeeds, he will gain a dominant position and produce the majority of blocks in the network.
The amount of resources sufficient for an attacker to gain control of the blockchain varies based on network consensus. For Cardano and Bitcoin, an attacker needs more than 1/2 the resources. In the case of Ethereum, a little more than 1/3 of the resource is enough to disrupt the consensus.
To attack Cardano, an attacker needs to obtain more than 50% of staked ADA coins. ADA coins are a finite and non-renewable digital resource with a certain market value. Scarcity can play a role in the attack, as higher demand increases market value. If an attacker tries to buy a large number of coins in a short period of time, their market value will skyrocket. This can generate interest from other buyers, which in turn will drive the market value up. This will increase the cost of the attack.
On the other hand, once the attacker gets more than half of the coins, the defenders cannot get another resource anywhere else. The attacker thus gains permanent control over the network.
To attack Bitcoin, an attacker needs to get more than a 50% of the hash rate. Hash rate can be obtained by purchasing ASIC hardware that consumes electrical energy. Both hardware and electricity have a certain market value and are renewable resources. In different places around the world, these resources may have different market values. It is very easy to get a discount when buying a larger quantity.
If the attacker gains dominance, the defenders can try to acquire additional resources for defense, as both hardware and energy are theoretically infinite resources. The attacker is not sure that he will have dominance permanently.
How much does an attack on Cardano cost?
The attacker needs to get more than half of the coins that are currently staked. At the time of writing, there are over 22.7B staked ADA in the Cardano consensus. The attacker needs to get more than 11.36B ADA cois. The current market value of ADA is 0.29 USD. So the minimum cost of the attack is 3.3B USD.
See how the cost of the attack increases with the growth of the market value of ADA, assuming that approximately 11B ADA coins are permanently staked.
Currently, the cost of attacking Cardano is relatively low as we are at the bottom of a bear market (let's assume). It is important to note that this is a minimum cost. The sudden demand would start to pump up the market value of ADA. If the attacker started buying at 0.33 USD, somewhere along the way (or towards the end of the purchase) the market value would go up to easily 5 USD. If the attacker was missing say the last 1B ADA coins, that would represent 5B in USD value.
The attacker can be smart and spread the purchases over a longer period of time. However, he risks that after the next (and the next) bull market, the market value of ADA will not fall to the current minimum. Let's add that in the last bear market in 2020, the lowest value of the ADA coin in the market was 0.03 USD. So, in the current bear market, the value is 10x higher than in the last one.
Once the market value of ADA remains above 1 USD, the minimum cost of an attack will be in the order of tens to hundreds of billions of dollars. This also applies to a long-term slow purchase of ADA, which would not noticeably increase the market value.
How much does an attack on Bitcoin cost?
Calculating the cost of a Bitcoin attack is relatively difficult, but possible. It will be necessary in some cases to rely only on rough estimates. The result will not be as accurate as in the case of Cardano where it was enough to multiply the market value of ADA with the number of coins needed for the attack to get the minimal cost of the attack. The market value of ADA coins is the same everywhere in the world.
In the case of Bitcoin, it is more complicated, as the cost of ASIC hardware and electricity varies from country to country.
It is difficult to estimate how long it would take an attacker to obtain a needed number of ASIC miners and what discounts the attacker could get from the manufacturers. It is not necessary to acquire new pieces of hardware for the attack, as the attack would rather only take days or weeks, certainly not longer than a few months. It is more profitable for an attacker to buy older pieces from large miners.
Areas such as China, Russia, and America are most suitable for attack since electricity is cheap in these locations.
Hardware manipulation and the need for large halls is another barrier to attack, but for our imaginary attacker with an infinite amount of fiat currency, this is not a problem.
Bitcoin mining is centralized and run by publicly traded companies. It might be most advantageous for an attacker to buy several large mining companies at once. This would eliminate a lot of complications. An attacker could be honest and mine BTC at the beginning of the attack. This would give him more money to attack and time to buy more equipment or mining companies.
We will not deal with tactics further. Similar to Cardano, attackers need to be smart if they want to reduce the cost of an attack. Let's look at the numbers.
At the time of writing, the Bitcoin hash rate is 445.35M TH/s (445 EH/s). 1 EH/s (1M TH/S) will generate 10,000 ASIC miners with a power of 100 TH/s. It would take 4,450,000 ASIC miners with a power of 100 TH/S to reach the current Bitcoin hash rate.
Let's look at a few common miners on the market, their performance, and their energy consumption.
In the next table, you can see the number of pieces that would need to be obtained for the attacker to reach the current hash rate of Bitcoin and the total acquisition costs. We have taken into account the normal market cost per piece.
As we mentioned, the attacker would not need to buy new pieces of hardware, so consider this as the maximum possible cost. Also, keep in mind that it could take a long time for manufacturers to deliver that many pieces of products.
Another figure we need to know is the average cost of energy in different countries of the world. In the table, you can find the countries in which bitcoins are mined.
In the following table, you can see the energy cost for a one-day attack. For the calculation, we assume that the average ASIC miner has a daily consumption of 90 kW and that it is necessary to have approximately 3,800,000 of them to attack. We took the energy costs from the previous table from the column for business. We believe that in many cases miners are able to negotiate more favorable terms.
The current market value of BTC is 29,300 USD. Approximately 900 bitcoins are mined per day, making the total worth 26.3M USD. As you can see, mining would pay off only in Kazakhstan. Therefore, we think that miners (especially the big ones) have negotiated more favorable terms with energy suppliers than shown in the table above.
For example, in China, it would be worthwhile for hobby miners to mine, because the energy cargoes are very favorable.
Bitcoin's daily security budget is currently roughly 30M USD. This is not even one percent of the cost of acquiring ASIC miners. Attacking Bitcoin for one full month would cost about 900M USD in electricity.
Comparison of attack costs to PoS and PoW networks
If we were to consider the tabular cost of the attack, the current minimum cost for Cardano is 3.3B USD while for Bitcoin it would be roughly 6.66B USD (hardware + energy). Attacking Bitcoin is roughly 2x more expensive. But that's too simplistic a view. In the case of Cardano, it was only about the minimum possible cost, assuming that the market value of ADA would not increase with increased demand for coins. In the case of Bitcoin, we considered the acquisition costs of new ASIC miners. I dare say that an attacker could significantly reduce the cost by buying older pieces, say by half, or maybe ⅔. The cost of an attack on both networks can be comparable.
In the case of Bitcoin, we neglected the costs of renting halls, cooling, transporting hardware, employees, etc. I do not think that these costs would be significant in the context of the costs of acquiring hardware and energy.
Attacking Cardano is easier in this regard, as it can be carried out by a single person with a computer connected to the Internet and a bank account.
When comparing, it is good to notice other aspects.
Bitcoin's market cap is 571B USD, while Cardano's is 10B USD. Cardano's market capitalization is 57x lower than that of Bitcoin, while the attack costs are comparable.
Bitcoin is a financially and socially more important asset, so its security should be significantly higher than that of the competition. However, we do not observe this difference. If the financial and social importance of Cardano grows (it will approach Bitcoin and Ethereum), there is a chance that the market capitalization will also grow and with it the cost of a possible attack.
There is currently 25.5M ETH staked in Ethereum. 1/3 of that amount multiplied by the market value of ETH (1800 USD) comes out to 15.3B USD. Attacking Ethereum is more expensive than attacking Bitcoin (as with Cardano, it's a minimal attack cost).
It is important to note that the cost of an attack goes up and down with the current mood of the markets. Network security is highest at the top of a bull market and lowest at the bottom of a bear market. Security develops dynamically.
In the case of Cardano and Bitcoin, reducing the number of coins in the reserve plays a significant role. Both of these networks will in a few years only depend on how much is collected in fees and what the market value of the coins will be. The future is difficult to predict, but if the number of users and the market value of coins do not gradually increase, security may collapse.
Bitcoin will likely encounter this problem sooner than Cardano, as 19.4M BTC (92.6%) is currently mined. If, after the halving, the market value of BTC would be the same as it is today, the daily security budget would be only half that, i.e. 15M USD. In order for the security to remain the same as today, the value of BTC must not fall below 60K USD. In the case of Cardano, only 77.8% of ADA coins are in circulation so far, so we may have a little more time. Cardano has the advantage that even if the market value of ADA coins does not increase, the same amount of them can still be staked, so the security can be similar even in 10 or 20 years.
The article mainly focused on tabular costs. Attacker tactics, actor behavior, and market conditions would play a significant role in a potential attack. We have not yet seen many successful attacks on blockchain networks. In the past, small PoW networks were often attacked, but they survived and are still with us. No one has yet managed to successfully attack PoS networks, so we don't know how difficult it is to get the necessary amount of coins for an attack.
Cardano had a fair distribution of coins, so there are a large number of them in circulation. So the attacker has to buy coins from current stakers.
It is important to note that if the current stakers do not sell the coins, the attacker has no chance of getting them. PoW networks are mainly protected by the high cost of acquiring hardware. However, it is only a commodity that can be produced and sold in the same way as electricity. Cardano is protected by a kind of imaginary mental anchor located in the heads of stakers. The more the coin distribution grows and there are more enthusiastic stakers, the more difficult it will be for an attacker to get ADA coins from these people. It can be said that Cardano is protected by greed to some extent. Of course, everyone has their own limit when they are willing to sell, but in some cases, it can be very high.