The increasing amount of hashing power securing major cryptocurrencies like Bitcoin, Litecoin, and Ethereum may be good for the security on those networks, but it is simultaneously compromising the security of smaller cap Proof of Work (PoW) cryptocurrencies. For example, someone can take a small fraction of the hash power securing Litecoin, the #1 Scrypt coin, and conduct a 51% attack on a Scrypt coin with a much lower network hash rate. Vertcoin (VTC) is the latest cryptocurrency to experience a series of 51% attacks, and USD $100,000 was lost due to the associated doublespends. Bitcoin Gold (BTG), Verge (XVG), and MONA have also been victims of 51% attacks in the past year.

A 51% attack stems from the inherent decentralization of PoW cryptocurrencies. Whoever has the most hash power creates the longest chain, and the longest chain is the blockchain that determines a cryptocurrency’s transaction history. Satoshi Nakamoto designed Bitcoin so miners can essentially vote via their hash power, and created the incentive system of block rewards to discourage 51% attacks, but 51% attacks are always a possibility for PoW cryptocurrencies.

During a 51% attack an attacker sends cryptocurrency to an exchange and is simultaneously mining an alternative version of the blockchain where these transactions never happened. The attacker then releases the alternate blockchain, which becomes the longest chain since the attacker has 51% or more of the hashing power. This causes the transactions sent to the merchant or exchange to disappear, and the cryptocurrency re-appears in the attackers wallet. This is called a double spend. In the time between the initial transaction to the exchange and the deployment of the alternate chain, the attacker can trade for other types of cryptocurrency and withdraw from the exchange. In this way an attacker can double their money, and receive a majority of a cryptocurrency’s mining rewards on top of that in the process. Exchanges can require many confirmations to try and prevent a 51% attack, but Vertcoin’s latest 51% attack was 307 blocks deep, making the requirement of confirmations an ineffective countermeasure.

Vertcoin is particularly susceptible to 51% attacks since they banned ASIC mining, the most powerful mining machines, via having the Scrypt-N PoW algorithm instead of normal Scrypt. This caused Vertcoin’s network hash rate to be much lower than if they just used Scrypt. The point was to increase profitability for CPU and GPU miners, but ultimately this does not make sense if it helps lead to 51% attacks, since a 51% attack is extremely damaging to a cryptocurrency’s reputation and value. Vertcoin has been under assault since October 2018, and the 51% attacks continue to this day. Mark Nesbitt finally brought Vertcoin’s 51% attacks into the public view on 2 December 2018, yet exchanges continue to support Vertcoin and the price of Vertcoin has barely reacted. This is creating ideal conditions for the attack to continue.

The reason Vertcoin, Bitcoin Gold, Verge, and Mona were attacked in the past year is because the network hash rate for major PoW cryptocurrencies has gone up by orders of magnitude in a short amount of time. This implicitly means large amounts of hash power have become cheap relative to the past, and many small cap PoW coins no longer have a relatively secure amount of hashing power. The site Crypto51 calculates that numerous cryptocurrencies are susceptible to a 51% attack, and the attacker does not even need actual hardware, they can rent hashing power on a cloud mining service like NiceHash to make it happen. Some cryptocurrencies cost less than USD 10 to attack, and most are well less than USD 1,000 for a 1 hour attack. Even fairly well-known cryptocurrencies like Ethereum Classic are at risk according to Crypto51.

The lesson that cryptocurrency traders and investors need to learn from this is that many small cap PoW cryptocurrencies are not safe long term investments, since they can easily be 51% attacked. It is best to only own cryptocurrencies with the highest network hash rates, like Bitcoin, Ethereum, and Litecoin. There are many other cryptocurrencies that do not use PoW as well, and instead use algorithms like Proof of Stake (PoS) or Proof of Capacity (PoC), and are safe from 51% attacks. Exchanges need to be proactive about 51% attack susceptibility, and should be wary of offering PoW cryptocurrencies with small network hash rates in order to protect themselves and their users.