Vertcoin (VTC), which vows to eliminate “all the hard parts about cryptocurrency,” has been robbed of an equivalent of $100,000, according to a blog post from Mark Nesbitt, a security engineer at Coinbase.
The Vertcoin attack involved four separate incidents in which attackers took control of more than 50 percent of the Vertcoin blockchain’s computing power. The attacks, which varied in duration from less than a day to more than a week, took place between mid-October and early December.
In Vertcoin’s case, the attacker(s) were able to perform “reorganizations” of the Vertcoin blockchain, which meant that they modified data that had previously been recorded on the blockchain. By changing this data, which consisted of records of Vertcoin cryptocurrency transactions, the attackers effectively stole about $100,000 worth of Vertcoin tokens.
The identity of the person or group that carried out the Vertcoin attack remains unknown, and it appears unlikely that Vertcoin investors will recover lost funds.
What Is a 51 Percent Attack?
A 51 percent attack is what it sounds like: a breach of a blockchain network in which malicious actors take control of more than 50 percent of the computing power on the network. (The term “51 percent attack” is slightly misleading in that attackers need not control exactly 51 percent of the computer power; controlling any amount in excess of 50 percent is sufficient.)
Such a move allows attackers not only to control which new data is recorded on the blockchain but also to modify data that was recorded previously.
They can do this because most blockchain consensus algorithms require each node on the network to perform cryptographic operations that require a significant amount of computing power in order to verify data stored on the blockchain. Thus, if one malicious node or group of nodes is able to perform more operations than all other nodes combined, the malicious group effectively gains sole control over the data.
The risk of a 51 percent attack is inherent to the way blockchains work. Since the creation of Bitcoin a decade ago, most blockchains have been designed with the assumption that a majority of the nodes on their networks will be controlled by people who want the network to remain secure. Fifty-one percent attacks happen when that assumption turns out to be wrong.
To be clear, what counts in a 51 percent attack is computing power that a group controls, not the number of nodes it runs. Adding just one node to a blockchain network could suffice to execute a 51 percent attack if that node’s computing resources outweigh those of the rest of the network’s combined. And because cloud-based cryptocurrency mining services make it easy for attackers to gain access to a large amount of computing power quickly for relatively little money, temporary 51 percent attacks have become easier to execute, especially against smaller blockchains, like Vertcoin’s, whose total compute power is minimal compared with that of large blockchains, like Bitcoin.
Why the Vertcoin Attack Might Be Good News for Crypto
Vertcoin is by no means the first blockchain to suffer a 51 percent attack. Similar attacks have affected Bitcoin Gold, Verge and ZenCash (now Horizen), to name just some of the highest-profile incidents.
However, the Vertcoin attack comes at a particularly bad time for the crypto ecosystem. The value of bitcoin is in free fall, taking with it that of most other cryptocurrencies. Gartner has moved blockchain technology into its dreaded “trough of disillusionment” (although the analyst firm remains keen to point out that it still sees real value in some blockchain applications). Many of the ICOs of the past two years have failed to deliver the results they promised — or anything at all, in some cases.
The last thing the crypto world would seem to need at this point is an attack that highlights one of the potential technical risks of blockchains.
Yet perhaps the Vertcoin attack is not all bad news. In one respect, it’s a good thing for larger blockchains like Bitcoin and Ethereum, because executing a 51 percent attack against these much bigger networks would be many magnitudes more costly. Thus, the Vertcoin breach could potentially drive investors from small-scale coins toward the cryptocurrency world’s bigger players. That would in turn lead to more consolidation within the crypto market, which would help to stabilize the large coins and the overall ecosystem.
In addition, the Vertcoin incident could be the tipping point that spurs blockchain developers to build better defenses against 51 percent attacks. Although complete assurance against such attacks is impossible on most blockchain architectures, developers can increase security by instituting measures that require attackers to expend more computing power in order to rewrite a blockchain’s existing data.
They could also shift from a proof-of-work consensus algorithm to alternative models, such as proof of stake, that don’t grant so much influence to nodes that control the most computing power. Fifty-one percent attacks against a proof-of-stake network could happen, too, but they would require attackers to buy a great deal of cryptocurrency on that network, which makes attacks less feasible.