States can no longer destroy Bitcoin and Ethereum networks through a 51% attack due to the “astronomical” costs involved, according to CoinMetrics experts.
How much does it cost to 51% attack Bitcoin and Ethereum?
To find out, we simulated what an attack would look like.
Our paper, Breaking BFT, was published today with some interesting results ⬇️https://t.co/fpcpkPhy5B pic.twitter.com/wMbm6b2v0Z
— Lucas Nuzzi (@LucasNuzzi) February 15, 2024
Theoretically, concentrating 51% of the mining power in a PoW network like Bitcoin allows a malicious actor to conduct various nefarious activities. These include profiting from double-spending transactions, manipulating fees, or executing a deep blockchain reorganization.
For Ethereum, as a PoS protocol, this threshold is 34% of the total number of validators.
CoinMetrics researchers Lucas Nuzzi, Kyle Water, and Matias Andrade used a metric called TCA to determine the cost of such an attack on the blockchain.
2/ These are the boogieman of blockchain security but their costs and expected utility remain a mystery.
To better understand these risks, we simulated these attacks using a new model called Total Cost to Attack (TCA).
TCA is the sum of expenses an attacker would incur. pic.twitter.com/dnQgqK4akv
— Lucas Nuzzi (@LucasNuzzi) February 15, 2024
The experts concluded that there are no profitable ways to carry out malicious actions with network control. This nullifies the financial incentives for 51% attacks on the blockchains of the two largest cryptocurrencies.
They noted that even in the most profitable double-spending scenario, an attacker could potentially earn $1 billion but only after spending $40 billion.
There remains the possibility of a state attempting to attack the network to destroy it, the experts suggested. However, to conduct such an attack on Bitcoin, it would require purchasing 7 million Antminer S21 ASIC miners at a cost of about $20 billion.
5/ But what if a nation-state attacker was resourceful enough to manufacture ASICs for an attack?
We simulated that too. As we describe in the paper, the only model that could be plausibly reverse-engineered is the S9, with a manufacturing cost north of 20B.
The S21 would… pic.twitter.com/vZ4mv4GuH3
— Lucas Nuzzi (@LucasNuzzi) February 15, 2024
Such a volume of installations simply does not exist on the market, the researchers emphasized. If such a malicious actor finds a way to produce their own mining equipment, they would spend a similar amount. According to the experts, it is most feasible to reproduce the Bitmain Antminer S9. Based on performance, 40 million units would be needed.
A 51% attack on Bitcoin has also never been so costly in terms of electricity expenses: depending on the scenario, the amount would range from $5 billion to $22 billion.
6/ Accounting for all attack scenarios and factoring in OpEx (electricity), it has never been this expensive to attack Bitcoin, from the “naive” scenario of 5B all the way to 22B USD: pic.twitter.com/tBnAy7jLlU
— Lucas Nuzzi (@LucasNuzzi) February 15, 2024
The Risk of a “34% Attack” on Ethereum is Overstated
Based on TCA modeling for Ethereum, researchers noted that common narratives about the threat of takeover through liquid staking platforms like Lido with a 34% validator share are misplaced.
According to their calculations, using LSD protocols to attack the blockchain would be extremely labor-intensive and costly. Due to withdrawal restrictions from staking, it would take about six months.
7/ We also simulated TCA for Ethereum.
Contrary to popular belief, an attacker could not leverage LSDs to buy access to block templates.
Just like the S9 scenario, we need to assume the attacker would have to purchase ETH.
We estimate an attack on Ethereum would take 6 months… pic.twitter.com/hIAWLQ8iBw
— Lucas Nuzzi (@LucasNuzzi) February 15, 2024
“It would cost over $34 billion. The attacker would have to manage more than 200 nodes and spend $1 million just on AWS services,” the experts noted.
Nick Carter, general partner at Castle Island Ventures, co-founder and board member of CoinMetrics, called the research “extremely important.”
previous ‘cost to attack’ analyses of bitcoin have been vague or theory driven. no longer. the CM team developed mine-match, which meant they were able to identify virtually every ASIC mining on bitcoin (based on karim helmy’s research). this, combined with ASIC 2ndary…
— nic ? op_cat-er (@nic__carter) February 15, 2024
“Previous analyses of the cost to attack Bitcoin were vague or theory-driven. Not anymore. The team developed a mine-match function, which allowed them to identify virtually every ASIC miner in coin mining,” he wrote.
Combined with secondary market data, this allowed for the first time to estimate the “actual probable cost” of equipment to gain control over the digital gold blockchain, Carter emphasized.
In January, Trezor analyst Josef Tetek suggested that Bitcoin miners controlling 51% of the power could theoretically lift the coin’s supply cap. However, experts in rebuttals noted that in practice, even 75% might not be enough.