I love blockchain and I love bitcoin. I have written (in Dutch) about the wonderful characteristics of bitcoin before. I’ve written about why and how you need to buy bitcoin and why blockchain and especially VeChain’s IoT NFC and RFID technology is awesome. But lately I have been reading a lot about 51% attacks, hashing power and the comparison of POW (Proof Of Work) protocol versus the POA protocol (Proof Of Authority) that VeChain uses. It made me think, how secure is bitcoin’s POW really? Is bitcoin really more secure than ‘just’ the 101 Authority nodes from VeChain? In this article I will put both technologies to the test in three, fictional scenarios.
Before raising any offensive thoughts with you guys: I’m invested in both. And I love both equally!
That being said: Could this really work? To make my point, you first need to know some simple facts.
Bitcoin facts and figures – hashing power and mining pools
Fact number 1
81% of the BTC hashing power is now in China (march 2019)
Fact number 2:
Only 5 or 6 mining pools in China hold more than 51% of the hashing power. (march 2019)
- Source 1: https://www.buybitcoinworldwide.com/mining/pools/
- Source 2: https://www.blockchain.com/en/pools?timespan=4days
- Source 3: https://www.buybitcoinworldwide.com/mining/china/
Incentives for a 51% attack on bitcoin
So why would I want to attack bitcoin? Here are just a few made up examples. They might be far fetched but hey, maybe not… That’s for you to decide. All I know is that global history tells us this much: crazy stuff happens every now and then, even when everybody says it is impossible.
Nothing is impossible.
Why to attack bitcoin – a few incentives
1. Stealing a company with bitcoin
I am the Chinese government or a Chinese company that buys a billion dollar company owned by the US. I pay in bitcoin and in the days after I get full control over the company. When all is set, I walk into the 5 biggest mining pools in China. I tell them: here is 50 million US dollar in cash, right here right now. All you need to do is revert the transactions that were done the days before.
Remember, you only need to pay off 5 mining pool owners/rulemakers to make this work.
They take the money, do a 51% attack, revert your transactions and voilá:
- You are now owner of a multi-billion dollar company.
- You have your billion dollars worth of bitcoin back.
- All you needed to spend was just a merely 50 million * 5 = 250 million. A bargain.
2. Financial terrorism with bitcoin
I am a bank, a BIG bank. Or a number of big banks. We don’t like bitcoin so much. It is disturbing our businesses and we need to make sure bitcoin loses trust and people go back to the banks because hey, banks are safe right? I spend a few million, hire a small but well organized army with Soldiers of Furtune and invade the 5 mining pools at the same time. I put AK’s to their heads and tell them to start the 51% attack. It will completely disrupt the bitcoin system for ‘only’ a few million dollars.
Much cheaper than actually buying your way into the hashing power itself!
- You have succesfully attacked the network
- The network loses trust
- The media will jump on it like bees on honey
- You will start a media campaign. You see sheeps of the world: bitcoin is unsafe, Don’t do it! Trust the banks instead.
3. Criminal activities with bitcoin
I have a billion dollar worth of bitcoin and I would like to make even more money. I spread my bitcoin over a number of exchanges and brokers and sell for euro’s, dollars and pounds. I also sell a few hundred million dollars worth of bitcoin OTC (over the counter) to reduce the impact on the price that day. Another few hundred million I will just swap to different crypto using exchanges. Monero, Dash, whatever. Preferably privacy coins.
So now I sold all my bitcoins. I have a few hundred million in dollars, euro’s and pounds and I also have a few hundred million in other crypto assets.
I really am a bad guy. So I spend a few million and hire a small but well organized army with Soldiers of Furtune and invade the 5 mining pools at the same time. I put AK’s to their heads and tell them to start the 51% attack. I need to revert the transactions that I did the day before, because I want my bitcoins back. I succeed and I have only spent a few million dollars.
So what do I have now?
- I have 1 billion dollars worth of bitcoin (got them back)
- I have a few hundred million in cash
- I have a few hundred million in other crypto assets
I nearly doubled my wealth in just one or two days. #winning!
Fun fact: Above examples could theoretically also work on the Ethereum network because the mining pools are very, very centralized as well. Source: https://u.today/10-best-and-biggest-ethereum-mining-pools
So how does this compare to my other favorite crypto, VeChain?
VeChain uses a system of ‘only’ 101 authority nodes that can write transactions to the blockchain. In theory, you would need to take control over at least 52 Authority nodes to pull off a 51% attack. At the time of writing, only a handful of Authority nodes are actually owned by major companies around the world, and many (I think even most) of them are still controlled by the VeChain foundation. Attacking the network today would be somewhat easy I would say.
But for the sake of the argument let’s just assume that all 101 Authority nodes have been sold to companies similar to the current existing partnerships around the world. It would mean a proper distribution of nodes all around the world. These nodes are owned by big companies that have no incentive to help each other out or work together, because they operate in many different markets and countries.
- BMW in germany (automotive)
- DNV-GL in Norway (certifications)
- PICC in China (insurance)
- PwC in the UK (insurance/certifications)
- BitOcean in Japan (exchange)
- LVMH in france (logistics & authenticity)
In theory, the three examples I mentioned above would be way more difficult to execute with 101 Authority nodes that are spread all over the world. This is mainly because it would require an operation in dozens of countries. Attacking so many authority nodes at the exact same time would be very difficult to pull off.
bitcoin really is safe. But will it be safe in the future?
bitcoin has been waving the ‘we are un-hackable and we are decentralized flag‘ for years now and for good reason. The network has seen a nearly 100% uptime and nobody has ever succeeded in attacking it. This is a huge accomplishment.
But that doesn’t necessarily mean that it will stay that way. Governments, criminals and terrorists are creative. It will always be a cat and mouse game. It is just that the slow but steady centralization of mining pools and hashing power towards China is just not really helping bitcoin in terms of safety, robustness and reliability. This is something that we, the community and shareholders, need to be aware off.
Agree or disagree? Let me know!
I would really appreciate your thoughts on this article. Please forgive me for grammatical and/or spelling errors, English is not my first language.
A small donation? Just for a cup of coffee and to keep my website running. Cheers!
Donate VET or VTHO