What are 51% attacks in cryptocurrencies? – ET CISO
One of these ways is “”, which has evolved in recent years and has been quite successful. Numerous 51% attacks have taken place in recent years. In August 2021, SV (BSV) slid about 5 per cent value after an attack. Another Bitcoin fork, Bitcoin Gold (BTG), suffered a 51% attack in 2019. Classic (ETC), which forked from the original Ethereum blockchain after the infamous DAO hack of 2016, has seen 51% attacks several times.
What is crypto hacking and 51% attack?
A hack in can be many things. In simple words, if an attacker is able to exploit some area of a chain, smart contract, exchange or illegitimately withdraw cryptocurrency, it would be deemed as a hack or stealing.
Cryptocurrencies are encrypted using blockchain technology, which is a public ledger that helps verify and record transactions. Blockchain is constantly reviewed by a network of users, which makes it difficult to hack.
When it comes to blockchains that use proof of work , 51% of attacks involve the attacker being able to gain control of more than 50 per cent of the hashing power. By doing so, he or she is able to manipulate the data in the blockchain, said Avinash Shekhar, Co-CEO, ZebPay. “However, it’s almost impossible to pull that off in established blockchains like Bitcoin and Ethereum. This phenomenon has been experienced by some small chains that are not really decentralised,” he added.
Darshan Bathija, Co-founder & CEO, Vauld, said such attacks help hackers use one digital token more than once by duplicating the file. “51% attack enables them to rewrite transaction history and carry out double spends. In a double spend, transactions are erased once the goods are received. This means that the tokens can be used again.”
Blockchain: immutable or hackable?
Each crypto account is locked down by unbreakable cryptography and a private key — a string of letters and numbers — that serves as an identification code for each crypto account holder. But hackers have shown that blockchains are not immutable.
Vincent Lau, Managing Director of International Operations at Huobi Global, said: “A poorly coded smart contract can be hacked by someone sending certain instructions to it. In short, the smart contract itself can be hacked, but not the blockchain.”
If hackers get access to a wallet, they will be able to crack the private key to the account, which is another way of crypto hacking.
Shekhar of Zebpay said the data in the blockchain is immutable. Even in these hacks, the blockchain is mostly not compromised, he added.
The law and crypto hacking
Many countries have deemed crypto hacking illegal. The most common types of crypto hacking are phishing and social engineering attacks. However, when it comes to 51% attacks, there are not many laws that prevent miners from taking control of more than 50 per cent of a network’s computing power.
Though rare, more devastating attacks happen where smart contracts get hacked or exploited, giving the hacker access to large parts of a crypto company’s accounts and systems, said Huobi Global. “They are able to steal crypto tokens worth millions at one go,” he added.
However, hackings can be goodwill gestures, too. For example, when a hacker does it to point out a security vulnerability in a smart contract so that a spiteful person does not hack and steal the funds, causing losses to everyone.
How to prevent such attacks?
Such hacks can be prevented by tightening the security processes. And it comes at various levels. Here are a few tips recommended by experts to minimise the risk in decentralised finance (DeFi):
- Two-step authentication: Always activate a two-factor authentication system to secure your transactions. That will provide an extra layer of security to your wallet/exchange.
- Proper wallet management: The majority of your funds should sit in secure multi-sig cold storage wallets. Hot wallets, which are responsible for automating withdrawals, should have minimal funds because they are the most susceptible to hacks.
- Use separate wallet addresses: By using separate wallet addresses for each platform, you minimise your exposure to a loss. Even if one platform is hacked, the other would be safe. Don’t put all your tokens in the same wallet.
- Check your wallet approvals regularly: If you are no longer staking in a DeFi project, cancel the access rights for that project to your wallets.
- Keep off phishing links: These are ideally malicious ads or emails that duplicate affiliated organisations/identities that attempt to get your personal data for hacking At application level, add mandatory two-factor authentication checks for sensitive operations.