How to Attack Blockchain Cheaply?

Published 13.10.2023

When people talk about a blockchain attack, the 51% attack is most often mentioned. It is usually said that the attacker must gain dominance over the resource that is used in the given network consensus. That should be costly. However, the attacker does not always have to buy the resource directly. What if the resource can be obtained through social engineering, for example, or by hacking several computers?

It Is Too Expensive

Blockchain networks are inherently vulnerable. Their security is based on the assumption that the attack is extremely costly, i.e. that the attacker will not be willing to spend more resources on the attack than honest participants.

Gaining dominance in holding an expensive resource, i.e. ADA coins in the case of Cardano or hash rate in the case of Bitcoin, is a safe bet. But this attack is really extremely expensive.

Having a dominant position in resource possession allows the attacker to outpace the rest of the network in block production. Many possibilities open up for the attacker to abuse the dominant position.

The minimum cost of a 51% attack on Cardano would currently be 3B USD. We only calculate the nominal market value of ADA coins that an attacker would need to own. Increased demand that would increase the market value of coins is not included in the calculation. The attack could thus be more expensive, but we can only speculate about the real amount.

The cost of a 51% attack on Bitcoin is roughly 2x higher. The market value of all ASISs in use for BTC mining is roughly 6B USD. Currently (during the bear market), the energy cost for an attack lasting one month would be 1B USD.

For context, the US defense budget for 2023 is 816B USD. In terms of money, the US would potentially need about 1% of its defense budget and have enough funds to attack any blockchain network.

Let's assume that no one is willing to risk losing billions of dollars to attacks on blockchain networks. However, there are cheaper ways to attempt a 51% attack without having to own the resources.

How to Get Decentralization Resource Cheaper?

The attacker has other options to get to the resource. They can try to convince delegators to delegate to their pools. They can delegate ADA coins or hash rate to a pool of attackers without suspecting that the delegated power will be misused for an attack sometime in the future. Or he can try to convince the pool operators to cooperate in the attack.

This type of attack requires social engineering and may not be completely free. The attacker must establish a pool (or several pools) and somehow convince the delegators to delegate to him. In order to increase the attractiveness of his nefarious business, the attacker must offer some extra reward to the delegators.

In the case of Cardano, the attacker would have to give higher rewards than what the protocol offers. They would have to offer staking rewards + some other tokens or stablecoins. An attacker would have to bribe the delegators and hope to get enough stake.

The second option is to have zero fees. This would not help the attacker much in the case of Cardano, as there are already pools that have a zero margin fee (however, operators receive a fixed fee, currently 340 ADA per epoch). Delegators delegate to these pools, for example, because they want to support a specific operator for his work for the community.

In the Bitcoin ecosystem, miners are forced to reduce costs. The existence of pools with zero fees would be attractive. And such pools exist. The two dominant pools, Foundry USA (39% share of hash rate) and AntPool (24% share of hash rate) have zero fees. Miners like to delegate to these pools as it increases their profits.

An attacker could try to compete with these pools by offering miners something extra, such as regular loyalty rewards. Of course, this could be expensive and there is still a risk that the attacker will not get enough of the delegated hash rate.

This type of attack is possible but has one major drawback. The resource owners can change the delegation at any time, thus weakening the attacker. In the case of Bitcoin, the change in delegation is reflected almost immediately. With Cardano, the change will take effect with a delay (Cardano accepts changes in the stake distribution through snapshots it takes every 5 days), so the damage done may be higher. Additionally, an attacker may attempt to censor transactions that change delegation.

I think this attack is only theoretical and hardly feasible in the real world. The diversity of delegates is relatively high and many of them will be conservative or suspicious of overly attractive offers. An attacker could get maybe 10%, maybe 20%, but then many members of the community would be alarmed and start warning delegates about the possible risk.

An attacker could attempt a Sybil attack, i.e. run multiple pools (or be multiple MPOs in Cardano). This attack would be more sophisticated, but still difficult, as it is difficult for new pool operators to obtain delegates.

So what to persuade the pool operators to cooperate on the attack?

Pool operators are economically motivated to run a fair business, but an attacker may try to bribe them to cooperate in an attack. It is difficult to estimate the amount of the bribe, and each person has a different threshold beyond which they are willing to betray the ecosystem. Let's say that a bribe worth a hundred times the annual reward (profit for running the pool) would convince a significant number of operators.

In the Cardano ecosystem, an attacker would have to convince several dozen operators (depending on their stake). Let's say 50 operators. He would have to give each say 5M USD. An attacker would spend on the order of hundreds of millions of dollars on such an attack, which is less than if he had to buy ADA coins.

The question is whether it is possible to find and contact all pool operators and ensure that they do not reveal the offer to the public. The more people that need to be contacted, the more complex the attack. High decentralization is a good prevention for this type of attack.

In the case of Bitcoin, the attacker would have to get at least one dominant pool operator on his side, or both (together they have over 62% of the hash rate). Their pools have zero fees, so we don't know why they are in business and what their real profit is. Would the dominant pool operators in the Bitcoin network be bribed as cheaply as the operators in the Cardano network when they have such a large market share? We don't know, but they would probably ask for a higher bribe.

Stealing the Resource

If it's not possible to fool people through social engineering, how about stealing their resources?

This may be the cheapest attack option for the attacker, but on the other hand, it is difficult from the point of view of feasibility.

ADA coins can be stolen from centralized exchanges. Alternatively, it is possible to bribe the CEO of the exchange to allow the theft. In this way, an attacker can obtain several percent (perhaps up to several tens of percent) of ADA coins from the total circulation. For an exchange, a big hack always means a loss of reputation, so the bribe would have to be very high. Hacking an exchange is a cheap option, but it requires a very skilled hacker or exchange insider.

It is possible to try to steal ADA coins from the wallets of stakers and pool operators, but if they use hardware wallets (a necessary security measure for pool operators), it is almost impossible. Thus, a hacker has to attack a large number of individuals. Is it possible to steal say 10% of ADA coins this way? It seems unlikely to me.

Can the hash rate be stolen? Temporarily probably yes, but not permanently like ADA coins. A hacker could probably break into a mining company's computers and redirect the hash rate to another pool. However, the company's employees would probably be able to ward off the attack soon thanks to their physical presence.

However, it is possible to imagine that such an attack would be carried out on several mining companies at the same time and it would be possible to temporarily obtain a larger amount of hash rate on the attacker's side.

In the case of Bitcoin, the weak point is the 2 dominant pools. If it were possible to influence their activity (short-term elimination or abusing the assignment of work to miners), the attacker would be able to temporarily gain control over the network. Miners may not be able to react to an attack immediately and it may take some time to figure out what is actually happening.

Can ASIC miners be seized or stolen? It is almost impossible to steal large numbers of ASIC miners in such a quantity to gain significant control over the network. However, confiscation is possible. In the history of Bitcoin, it has already happened that the government seized a large number of ASIC miners. However, the government did not use them to attack Bitcoin or for business, but let them be destroyed.

Miners can be attacked politically. For example, by imposing a high tax on electricity consumption for BTC mining. The introduction of such a tax has been considered in the US.

Because PoW uses a physical resource and mining is largely centralized, it is easy to find locations where mining is taking place. Mining companies are mostly registered with the authorities of the given country. Big miners can be easily found, unlike stakers who can remain anonymous.

If an attacker wanted to use brute force to gain control of the network, he could start physically destroying large mining halls. However, doing so commits a crime and I don't think anyone would be capable of that. The anonymity of staking and the fact that the coins are only virtual is an advantage from this point of view. As for offering bribes for cooperation (or coercing cooperation by blackmail), the attacker has an easy time finding suitable candidates among miners.

If an attacker steals ADA coins, he has a stake in the Cardano network forever. Hash rate is more difficult (almost impossible) to steal, but it is possible to temporarily redirect it, or cut off the miner from the pool. On the other hand, finding stakers (as well as SPOs) can be tricky. An attacker can easily track down miners.


What is the best defense against the attack vectors described? The answer is almost always high decentralization and the absence of resource accumulation in one place. Decentralization is about the absence of a single point of failure in the network. In practice, however, centralization often occurs and these tend to be honey pots for attackers. The complexity of the attack increases with the number of actors that must be tricked or convinced to cooperate. The gradual centralization that occurs with almost all blockchains will weaken security.

Every existing blockchain network has weaknesses. The attacker has time, he can combine different forms of attacks, and wait for a suitable moment to attack. For example, at the bottom of a bear market, when the market capitalization of projects is generally the lowest and attacks are usually cheaper.

I don't think we'll see these types of attacks in practice on a scale that puts networks at risk. The social and economic importance of blockchains is not yet high enough for someone to attempt an attack with a large enough capital. Governments do not have to attack the blockchain through an expensive resource, but (cheaply) through the people who participate in the operation of the network. I am an optimist and think that governments will accept the existence of blockchain technology and will not attack it.


Related articles

Did you enjoy this article? Other great articles by the same author