What Is a 51% Attack?
A 51% attack (also called a majority attack) is the most feared security threat in proof-of-work blockchains. It occurs when a single miner or coordinated group controls more than 50% of a network's total hashing power — the computing power that secures the chain. With majority control, an attacker gains the ability to rewrite recent blockchain history, double-spend coins, and censor unwanted transactions.
Think of it this way: In a proof-of-work system, the longest chain wins because it represents the most work. If you control the majority of hashing power, you can produce blocks faster than everyone else combined, effectively letting you decide what goes into the ledger.
In simple terms: A 51% attack is like someone buying more than half the votes in an election. They decide the outcome every time.
How a 51% Attack Works
The Mechanics
When an attacker secures majority hashrate, they gain three dangerous abilities:
- Transaction censorship: They can prevent certain transactions from being confirmed by simply not including them in the blocks they mine. If they control block production, they control what gets through.
- Block monopolization: They can mine every subsequent block themselves, depriving other miners of rewards and effectively centralizing the network during the attack.
- Double-spending: This is the big one. The attacker spends cryptocurrency (e.g., at an exchange), receives goods or fiat, then uses their hashrate to mine an alternative chain where that transaction never happened. Since their chain contains more work (they control >50% of hashrate), the network eventually accepts their version as true — and the original spend disappears.
The Double-Spend Sequence
Here is exactly how a double-spend unfolds:
- Preparation: The attacker buys BTC or altcoin on Exchange A and sends it to the exchange's deposit address
- Withdrawal: Exchange A credits the attacker (fiat or other crypto) after confirmations
- Rewriting: The attacker secretly mines a private chain that excludes the deposit transaction
- Overwriting: The attacker publishes their longer private chain to the network
- Outcome: The network reorganizes to accept the attacker's chain. The deposit to Exchange A never happened. The attacker keeps both the coins and the withdrawal
Critical detail: This only works for recent blocks. The deeper a transaction is buried in the chain, the more computational work is required to overwrite it. An attacker cannot change transactions from months ago without impossibly massive resources.
Which Cryptocurrencies Are Vulnerable?
The Hashrate Reality Check
Not all blockchains are equally at risk. Vulnerability depends entirely on the cost to acquire 51% of the network's hashrate:
| Network | Approximate Hashrate | Estimated Cost Per Hour for 51% Attack | Risk Level |
|---|---|---|---|
| Bitcoin | ~600 EH/s | $1,000,000+ | Extremely low |
| Ethereum (PoS) | N/A (stake-based) | Billions in ETH | Extremely low |
| Litecoin | ~800 TH/s | ~$15,000-30,000 | Low |
| Bitcoin Cash | ~3 EH/s | ~$8,000-15,000 | Medium |
| Small Altcoins | Varies | $50 - $5,000 | High |
Pro tip: Smaller proof-of-work cryptocurrencies with low hashrates are the primary targets. Documented 51% attacks have occurred on coins like Ethereum Classic, Bitcoin Gold, and Verge — where attackers spent relatively small amounts renting hashrate and executed double-spends worth hundreds of thousands of dollars.
Why Bitcoin Is Practically Immune
Bitcoin's security rests on sheer scale:
- Hashrate: At 600+ exahashes per second, no single entity comes close to controlling 51%
- Cost: Acquiring enough ASIC miners would cost billions of dollars
- Economic defense: Even if someone managed it, the resulting crash in Bitcoin's price would destroy the value of the very asset being attacked
- Full node validation: Thousands of independently operated full nodes would detect and reject an obviously malicious chain reorganization
Real-world example: In 2014, the Ghash.io mining pool briefly exceeded 40% of total Bitcoin hashrate. The community reacted with alarm, miners voluntarily left the pool, and its share fell back down. This incident proved that Bitcoin's economic incentives naturally resist centralization.
Real 51% Attacks That Actually Happened
Ethereum Classic (2019 & 2020)
Ethereum Classic suffered multiple 51% attacks:
- January 2019: Attackers double-spent about $1.1 million in ETC
- July-August 2020: Three separate attacks resulted in over $5 million in losses
- Method: Attackers rented hashrate from services like NiceHash rather than buying hardware
Bitcoin Gold (2020)
- Two 51% attacks within days of each other
- Approximately $72,000 double-spent
- Exchanges responded by increasing confirmation requirements for BTG deposits
Lessons learned: These attacks show that hashrate rental markets make small PoW chains vulnerable even without owning mining equipment. Anyone with sufficient capital can temporarily "borrow" a majority attack.
Why 51% Attacks Matter for Traders
Trading Implications
You might think 51% attacks are abstract network security concerns, but they hit traders directly:
- Exchange risk: If you deposit an attackable coin at an exchange, the exchange may not honor withdrawals if a double-spend reverses your deposit. Many exchanges now require dozens or hundreds of confirmations for small-cap PoW coins.
- Price impact: News of a successful 51% attack typically causes the attacked coin's price to drop 20-60% within hours. Anticipating this information (or being caught on the wrong side) matters.
- Counterparty risk: OTC trades and peer-to-peer deals with attackable coins carry additional risk not priced into standard due diligence.
How You Can Protect Yourself
- Check confirmation requirements: Before depositing small-cap PoW coins at exchanges, verify how many confirmations are needed. 500+ confirmations for some altcoins is not unusual.
- Monitor hashrate distribution: Services like blockchain explorers show mining pool concentration. If a pool approaches 40%+, treat it as a warning sign.
- Prefer large-cap coins: Bitcoin, Ethereum (post-PoS), and other high-value networks have economic defense mechanisms that make 51% attacks practically impossible.
Common Mistakes and Key Considerations
- Confusing 51% attacks with Sybil attacks: A 51% attack requires control of computing power (PoW) or stake (PoS). A Sybil attack involves creating fake identities — different vulnerability, different defense.
- Assuming all blockchains are equally secure: A coin being "decentralized" does not mean it is safe from 51% attacks. Decentralization and security are related but distinct properties.
- Ignoring PoS vulnerabilities: Proof-of-stake networks cannot suffer traditional 51% hashrate attacks, but they have analogous risks from staking concentration, long-range attacks, and nothing-at-stake problems.
- Overestimating the cost: Hashrate rental services have dramatically lowered the barrier to executing 51% attacks. You no longer need to buy ASICs — you just need capital and a wallet address.
- Underestimating detection: Modern blockchains and monitoring services can detect ongoing 51% attacks in real time by analyzing chain reorganization depth and hashrate anomaly detection.
Frequently Asked Questions
Q: Has Bitcoin ever been hit by a 51% attack? A: No. Bitcoin has never been successfully 51% attacked. Its immense distributed hashrate makes acquiring majority control prohibitively expensive — estimated at over $1 million per hour in electricity and hardware costs alone, plus the catastrophic price impact that would follow.
Q: Can a 51% attack steal coins from arbitrary wallets? A: No. A 51% attack cannot steal funds from wallets it does not control. It can only double-spend its own coins by rewriting transaction history. Private keys remain safe — the attack targets transaction finality, not wallet access.
Q: How many block confirmations are safe against a 51% attack? A: It depends on the network's hashrate and the attacker's resources. For Bitcoin, 6 confirmations (about 1 hour) is considered extremely safe. For small-cap altcoins, some exchanges require 500+ confirmations (multiple days) because attack costs remain low.
Q: Does switching to proof-of-stake eliminate 51% attacks? A: It eliminates hashrate-based 51% attacks but introduces analogous risks. In PoS, controlling 51% of staked tokens could enable similar attacks. However, PoS systems typically implement additional security measures like slashing conditions that penalize malicious validators and make attacks economically self-destructive.
Q: What happens to a cryptocurrency after a 51% attack? A: Recovery varies. Some coins execute a hard fork to change their mining algorithm, making existing attack hardware obsolete. Others increase confirmation requirements across the ecosystem. Some never fully recover — trust, once broken in crypto, is brutally hard to rebuild.
Related Terms
- Hashrate – The computing power that secures a proof-of-work blockchain
- Proof of Work (PoW) – The consensus mechanism vulnerable to 51% attacks
- Double Spending – The primary exploit enabled by majority control
- Consensus Mechanism – How blockchain networks agree on transaction validity
- Blockchain – The distributed ledger technology underlying these security considerations
- Mining – The process by which hashrate is contributed to the network
Further Reading
Want to explore this topic further? Read:
- Crypto Market Structure Guide – Understand how market infrastructure affects security and trading
- How to Detect Market Manipulation in Real Time – Learn to identify anomalous chain activity before it affects your positions