Blockchain, despite being very secure, are not completely prone to attacks. One such attack which can affect blockchains is the 51% attack, also called the double spend attack. In this blog post, you will learn about this attack in detail along with its working.
In a standard blockchain, there are many nodes. Whenever some transactions occur, they get queued in the node’s mempool. Mempool is basically a waiting area where pending transactions have to wait before they are approved. From mempool, some of these transactions get picked up and added in a new block. This block is then mined, thus approving the transactions inside it.
Let’s study a scenario…
Let us take an example of a small blockchain system where few nodes are connected to each other. Each node has its own blockchain copy and a mempool.
Now as more people know about this blockchain, they will start joining this network. Now suppose a group of malicious nodes comes and joins this network. Let us label the malicious nodes by red color. Now the catch is, that number of malicious nodes exceed the count of non-malicious nodes. These new nodes, being a member of the network, will get a copy of blockchain as well.
Initially all these nodes behave in harmony and keep on mining new blocks. But after some time, all these malicious nodes stop broadcasting their mined blocks to the normal nodes. Though they keep on broadcasting the mined blocks within themselves (malicious nodes) only. Thus in a way, they start their own version of blockchain as the blockchain of the blue nodes will differ from the red ones.
Thus in a way, malicious nodes form their own independent network where they send their mined blocks only to other malicious nodes. The normal nodes, on the other hand keep on mining their own blocks as well. Thus both red and blue nodes will have different copies of blockchain.
Eventually, as the malicious nodes are more in number, they will be mining new blocks faster than the normal nodes. Thus the red chain will start becoming longer than the blue chain.
By the time the red blockchain grows longer, malicious nodes do one more thing. Through their agent present in the blue network, they perform some transactions (eg. some purchase) in the blue network. This malicious transaction eventually gets approved and listed in the blue blockchain. But since both the networks are separated, this malicious transaction will not appear in the red blockchain. The agent gets the ownership of purchased product after transaction gets listed in blue blockchain.
Now after the transaction gets approved and the product is acquired by the agent, the red nodes suddenly start broadcasting their blockchain again to the blue nodes.
As soon as the broadcast starts, each node in the network receives a copy of both the red and the blue blockchain, This creates a conflict. Now how will the nodes decide which blockchain of these two is the correct one?
This condition is called forking of blockchain. Forking occurs when the nodes have to choose between two conflicting copies of blockchain.
Whenever forking happens, all the conflicting transactions get rolled back again into the mempool and the funds are rolled back into they account of payee.
Now since the malicious transaction performed by agent is not present in both blockchains, it will also be rolled back to the mempool and agent will receive the money back in his account. Now this transaction will again have to wait to get picked by some block for mining.
By design, to diagnose forking, nodes wait for sometime and let both the blockchains grow a bit longer. Eventually they choose the blockchain which is longer and reject the other one.
Now the catch is that, since number of malicious nodes is more, they will together mine more number of blocks than the normal nodes. Also the malicious nodes, being more in number, will deliberately not include the malicious transaction while mining new blocks. The red blockchain eventually grows longer than the blue blockchain. So by design, all the nodes select the longer blockchain and reject the other one.
Since the malicious transaction is deliberately not included in the longer blockchain, it stays waiting in the mempool. Eventually after some time limit, it gets cleaned up from mempools also in order to make space for new transactions. Thus the amount gets rolled back to the agents account. The agent thus keeps the purchased product without paying any money. Agent can double spend this amount for something else. Thus this attack is also called double spend attack.
What do blockchains do to stay safe from this attack?
Most blockchains initially let their networks grow under testing environment initially. This helps them to keep an eye on malicious nodes and roll back any malicious activity. As the number of nodes becomes sufficiently large, then only they deploy the blockchain on main network. This way it becomes difficult for malicious nodes to outnumber others.
But blockchains like bitcoin have many mining pools in their network. Mining pools are a collective group of nodes with high mining power. These pools collectively mine the blocks and distribute the profit among themselves. Some of these pools like BTC.com and Antpool have hashrates as high as 22% and 11% respectively. Thus these pools raise concerns in the blockchain community as they might be able to perform 51% attack in future.