Majority Attack

The primary and most feasible action for an attacker. By controlling the majority of consensus power, they can:

• Exclude or reverse recent transactions from the canonical chain.
• Spend the same coins twice by creating a private, longer chain where the initial transaction never occurred, then broadcasting it to overwrite the public ledger.
• This directly undermines the immutability and finality guarantees of the blockchain for a limited time window.

An attacker can prevent specific transactions from being confirmed.

• They can refuse to include transactions from certain addresses in the blocks they mine or validate.
• This can be used for targeted denial-of-service, to freeze assets, or to extract value (e.g., via MEV extraction).
• However, they cannot alter or forge transactions they do not control the private keys for, nor can they prevent transactions from being broadcast to the network.

A critical limitation of a majority attack. The attacker cannot:

• Create transactions from addresses they do not own, as this requires the private key.
• Change the block reward or arbitrarily mint new coins (outside of the protocol's rules).
• Alter the history of transactions buried under sufficient confirmations (e.g., blocks older than the reorg depth). Their power is generally limited to recent chain tips.

The attacker's power is constrained by the existing consensus rules. They cannot:

• Change fundamental protocol parameters like the block size, difficulty algorithm, or reward schedule for the entire network.
• Force other honest nodes to accept invalid blocks or transactions; they can only present an alternative valid chain.
• Permanently fork the network unless a significant portion of the economic majority (users, exchanges, developers) chooses to follow their chain.

A successful attack often destroys the value it seeks to capture. Consequences include:

• Loss of trust from users and exchanges, leading to a plummeting token price.
• Network forking as the community rejects the attacked chain.
• The attacker's own stake or mining hardware drastically loses value.
• This economic disincentive is a primary defense, making attacks financially irrational on large, established networks.

In May 2018, Bitcoin Gold, a fork of Bitcoin, was hit by a 51% attack resulting in a confirmed double spend. The attackers gained majority control of the network's hashpower, allowing them to reverse transactions and steal an estimated $18 million worth of BTG from several exchanges. This attack exploited the network's use of the Equihash algorithm, which was vulnerable to concentration by large mining pools.

In April 2018, attackers exploited a bug in Verge's code, not by controlling hashpower, but by manipulating the network's timestamp validation—a variant of a majority attack. By spoofing timestamps, they artificially reduced the block difficulty, allowing them to mine blocks far faster than the honest chain. This resulted in a deep chain reorganization and the theft of roughly 35 million XVG (worth about $1.75 million at the time).

Modern Proof-of-Stake (PoS) networks like Ethereum 2.0 are designed to make majority attacks economically prohibitive through slashing and inactivity leaks. If a validator attempts to finalize two conflicting blocks (a key part of an attack), a significant portion of their staked ETH is automatically burned. This creates a strong economic disincentive, making an attack catastrophically costly for the attacker.

Exchanges are primary targets for double-spend attacks. In response to historical incidents, major exchanges have implemented stricter policies:

• Increasing confirmation times for deposits from vulnerable chains.
• Halting deposits and withdrawals upon detecting unusual chain reorganization depth.
• Using advanced monitoring to detect potential chain splits and orphaned blocks. These measures shift the economic risk back to the attacker, who must sustain the attack longer.

A majority attack occurs when an attacker controls more than 50% of a blockchain's consensus power, allowing them to double-spend coins and censor transactions. In Proof of Work, this means controlling the majority of the computational hashrate. In Proof of Stake, it means controlling the majority of the staked cryptocurrency. The attacker can then:

• Create a private, longer chain of blocks.
• Release it to the network, causing a chain reorganization that invalidates legitimate transactions.
• Reverse their own payments, effectively spending the same coins twice.

Majority attacks have successfully targeted smaller, less secure blockchains, demonstrating the practical risk.

• Bitcoin Gold (2018, 2020): Suffered multiple 51% attacks, resulting in over $18 million in double-spends. The attacker rented hashpower from mining marketplaces.
• Ethereum Classic (2019, 2020): Attacked at least three times, with one reorganization erasing 7,000 blocks.
• Verge (2018): Exploited a flaw in its algorithm, not raw hashrate, to execute a similar majority-style attack. These events highlight the vulnerability of chains with low hashrate or staking participation.

In Proof of Stake, a majority attack requires controlling >50% of the total staked tokens, which is economically prohibitive on major networks but theoretically simpler on smaller ones. Key dynamics include:

• Slashing: Penalties can destroy the attacker's staked funds, making attacks costly.
• Long-Range Attacks: A historical variant where an attacker acquires old private keys to rewrite history from an early block.
• Delegate Centralization: In Delegated Proof of Stake (DPoS) systems, attacks can target a small set of block producers. Networks like Ethereum use Casper FFG and LMD-GHOST to penalize malicious validators and ensure finality.

Blockchain networks employ several strategies to deter and mitigate majority attacks.

• Increased Network Decentralization: A larger, more geographically distributed set of miners or validators raises the attack cost.
• Checkpointing: Periodically finalizing blocks to prevent deep reorganizations.
• ChainLocks & InstantSend (Dash): Using a network of masternodes to lock transactions and blocks.
• Economic Disincentives: Slashing in PoS and the enormous hardware/energy cost in PoW make attacks unprofitable.
• Monitoring & Alerting: Services track hashrate distribution and stake concentration to provide early warnings.

Majority attacks are related to other consensus vulnerabilities.

• Nothing-at-Stake Problem: In early PoS, validators could vote on multiple blockchain histories without cost, encouraging forks. Mitigated by slashing penalties.
• Selfish Mining: A minority miner (e.g., >25% hashrate) withholds found blocks to gain a disproportionate reward advantage, which can lead to centralization and pave the way for a majority attack.
• Sybil Attack: Creating many fake identities to influence peer-to-peer networks, a prerequisite for influencing consensus in some models.

For developers and projects, assessing majority attack risk is critical.

• Hashrate Distribution: Use blockchain explorers to monitor mining pool concentrations.
• Staking Distribution: Analyze the distribution of staked tokens among validators/wallets.
• Attack Cost Calculators: Tools estimate the USD cost to rent sufficient hashrate for a 1-hour attack on various PoW chains.
• Consensus Code Audits: Regular security reviews of the consensus client implementation to prevent protocol-level exploits that could lower the practical attack threshold.

The process where nodes switch to a different, longer, or heavier chain as the canonical blockchain. This is the primary mechanism by which a majority attack is executed. Key aspects:

• Natural Reorgs: Small, frequent reorgs of 1-2 blocks happen due to network latency.
• Malicious Reorgs: Deep reorgs are a hallmark of an attack, invalidating many previously confirmed blocks.
• Finality: Some consensus mechanisms (e.g., Tendermint, finality gadgets) are designed to make reorgs impossible after a certain point, providing absolute finality.

The original security model introduced by Bitcoin's Satoshi Nakamoto, which makes majority attacks costly but not impossible. Its core tenets are:

• Longest Chain Rule: The chain with the most cumulative Proof-of-Work is valid.
• Probabilistic Finality: A block's security increases with each subsequent confirmation as the cost to rewrite it grows exponentially.
• Economic Incentives: It assumes rational miners are profit-driven and that attacking the network is less profitable than securing it (the honest majority assumption).