Let's start with a brief reminder of how Proof-of-work consensus protocol works in the bitcoin blockchain
Transactions are stored in blocks in the Bitcoin blockchain. The decision about which transactions make it to a block is made by the mining node that proves it has spent resources on computation power (also called “hashing power”) by solving a hash puzzle the fastest. Nodes compete to solve a hash puzzle. The winning node creates the next block and as compensation receives an allocation of bitcoins + transaction fees.
The proof-of-work consensus protocol creates an incentive system that ensures honest behavior by the nodes. Nodes are the backbone of blockchain. If they’re investing time and money into building the blockchain then it is in their interest to ensure that transactions are validated correctly. If the blockchain loses credibility then the bitcoins allocated to them for their efforts will become worthless.
With several nodes competing, different nodes are the first to solve consecutive hash puzzles and hence different nodes create consecutive blocks, decentralizing the process of validation.
However, what happens if one entity gets control of over 50% of the hashing power?
That entity can cause serious damage by manipulating the validation of transactions.
It could exclude transactions from getting validated.
By building a private chain up from an earlier block instead of the previous block, it could invalidate previously approved transactions housed in blocks after the block it is building from.
It could reverse transactions and spend its own coins more than once. (double-spend problem)
However, to some extent the damage is contained as a 51% attack cannot do the following:
Reverse transactions validated by other nodes
Forge digital signatures
Prevent transactions from being created and broadcast to the network
Steal coins that didn’t belong to it
How likely is a 51% attack?
Smaller blockchains like Bitcoin Gold and Ethereum Classic have been victims of 51% attacks. Gaining control of 51% of hash power of these blockchains is not expensive. At the time of writing, according to Crypto51, the cost of a one hour 51% attack is $709k for Bitcoin and $406k for Ethereum but only $5,420 for Ethereum Classic and $371 for Bitcoin Gold if hackers rent the equipment.
It is important here to state that while the cost figures indicate that Bitcoin and Ethereum can be attacked for ~half a million dollars each, the equipment to carry out such an attack is not actually available for rent. Also, one hour is not sufficient to inflict major damage.
Data Source- Crypto51
How can the risk of a 51% attack be minimized?
Limit the size of mining pools.
Replace Proof-of-Work with Proof-of-Stake
Build coins using ERC20