Is Your ICO Prepared for a “51% Attack”…?

Blockchain-based technologies are appealing because they theoretically offer decentralized transactions with no corruptible (or hackable) central management authority — but the reality of blockchain is proving somewhat different than the theory. If your ICO is built on the same basic principles as Bitcoin or Ethereum, you need to be prepared for the fallout of a possible “51% attack.”

As outlined here, a 51% attack is a case where 51% of all the miners in blockchain ecosystem are aligned with a single hashpool, or consortium of centrally controlled miners. (You could actually enact this attack with any absolute majority of miners in an ecosystem, so anything above 50%.) With a majority of miners under one controlling authority, the entire blockchain ledger is vulnerable to manipulation.

Now, blockchain was ostensibly designed to not require a central authority, but it doesn’t prevent anyone from creating one by cornering the market on miners. Recent research has shown that greater than 50% of mining on both Bitcoin and Ethereum is performed by four of fewer miners.

In a way, blockchain encourages centralization, as the more miners you control, the less variance in mining occurs — because you increase the likelihood that any transaction in the ecosystem will be routed to your miners for initial authentication. While “paying” miners in Bitcoin should theoretically encourage a diverse group of miners to all get in on the action, in reality it simply encourages the creation of bulk mining operations to get a nice stable chunk of the Bitcoin output available.

Similar unexpected externalities also seem to be encouraging the physical collocation of several blockchain mining operations. Hydro Quebec, a Canadian hydroelectric utility, ran a campaign to encourage tech companies to set up data centers in its service area, as cold weather and cheap power are ideal for inexpensive server farms. Instead of tech startups, they attracted Bitcoin miners. As a result, any major outage or disaster to befall Hydro Quebec could now have a non-trivial effect on the entire cryptocurrency ecosystem.

Most developers and investors assume that a blockchain ecosystem will be naturally decentralized and thus naturally resistant to any brute force attack or natural disaster. It turns out that the real-world implementation of blockchain – especially blockchain as it is implemented under Bitcoin – perversely encourages centralization in unexpected ways. And, because there is no Bitcoin version of the Federal Reserve to oversee these market-cornering mining operations, the risks posed by blockchain centralization are hard to assess and harder still to thwart.

That’s why every ICO needs to perform a full security and operational audit to ensure your blockchain-type technology is hardened against these unexpected brute-force attacks, and to establish protocols to respond if your blockchain is targeted for 51% majority manipulation.

If you want the market to have confidence in your ICO, you must ensure your ICO is hardened against market manipulation. Sign up for an ICO audit today.

Related Posts

About Us
closeup photo of

Practical Assurance helps companies prepare for compliance with SOC 1, SOC 2, HIPAA, ISO 27001, IISF, and provides ICO and smart contract audits.

Let’s Socialize

Popular Post