What is a 51% Attack?
A 51% attack occurs when a single miner, mining pool, or coordinated group controls more than 50% of a Proof-of-Work blockchain’s total computational hash rate. With majority control, the attacker can temporarily outpace the honest network in mining new blocks, allowing them to reorganize recent blockchain history and double-spend transactions. The attack exploits a fundamental property of Nakamoto consensus: the longest valid chain is the canonical chain, and whoever produces blocks fastest controls history.
The term “51%” is a threshold, not an exact requirement. In practice, an attacker with even 30–40% of hash rate can occasionally produce blocks faster than the network during favorable variance windows, but sustained chain reorganization requires sustained majority hash power. The more hash power above 50%, the longer and deeper the reorg the attacker can sustain. At exactly 51%, an attacker can eventually outpace the honest chain given enough time; at 60%+, they dominate almost immediately.
51% attacks are primarily a concern for smaller PoW chains. Bitcoin, with a hash rate exceeding 700 EH/s (exahashes per second) as of mid-2025, is economically impractical to attack — acquiring enough ASIC miners would cost tens of billions of dollars and the attack would be immediately visible. However, smaller chains like Ethereum Classic, Bitcoin Gold, and Vertcoin have been successfully attacked precisely because their total hash rates are low enough that an attacker can rent sufficient hash power from cloud mining services like NiceHash for a few thousand dollars per hour.
It is important to understand what a 51% attack cannot do. An attacker cannot steal funds from arbitrary addresses (they don’t gain private keys), create new coins out of thin air (consensus rules still apply), or change the block reward. They can only reorganize their own transactions — effectively “undoing” a payment they already made and then spending those same coins again.
How It Works / Key Mechanics
The Double-Spending Mechanism
- Deposit phase: The attacker sends a large amount of cryptocurrency to an exchange or merchant, waits for the required number of confirmations (typically 6–100 blocks depending on the chain), and receives something of value in return (e.g., withdraws a different cryptocurrency, or receives goods).
- Forking phase: In secret, the attacker begins mining an alternative chain starting from a block before their deposit transaction. Because they control >50% of hash power, their private chain grows faster than the honest chain.
- Reveal phase: Once the attacker’s private chain is longer than the honest chain, they broadcast it to the network. Because the consensus rules dictate that the longest valid chain wins, the network accepts the attacker’s chain. The original deposit transaction is now orphaned — it never happened on the winning chain. The attacker still has their original coins and the value they withdrew.
Hash Rate Rental Economics
The cost of a 51% attack depends on the chain’s total hash rate and the rental market:
| Chain | Hash Rate (approx) | Attack Cost/Hour | Incident |
|---|---|---|---|
| Bitcoin | ~700 EH/s | ~$1M+/hr (impractical) | Never attacked |
| Ethereum Classic | ~150 TH/s | ~$5,000–$10,000/hr | Attacked multiple times |
| Bitcoin Gold | ~50 MS/s | ~$1,000–$3,000/hr | Attacked Jan 2020 |
| Vertcoin | ~1 GH/s | <$500/hr | Attacked Dec 2018 |
Attackers often rent hash power from NiceHash or similar marketplaces, where they pay a premium over normal mining rewards but don’t need to purchase hardware. The NiceHash marketplace typically has enough idle hash power for smaller chains to make this feasible. Switch-mining ASICs that can mine multiple algorithms further lower the barrier — an attacker mines the most profitable chain, then quickly redirects to attack a less profitable one.
Exchange Defenses
Exchanges are the primary victims of 51% attacks (because attackers typically double-spend into exchanges to withdraw other assets). Their primary defense is increasing confirmation requirements:
| Chain | Confirmations Required | Time |
|---|---|---|
| Bitcoin | 3–6 | ~30–60 minutes |
| Ethereum | 12–50 | ~3–12 minutes |
| Ethereum Classic | 4,000+ | ~6 days |
| Smaller PoW chains | 500–10,000+ | Hours to days |
These long confirmation times make the attack more expensive (the attacker must sustain majority hash rate for longer) but also make legitimate deposits painfully slow for users.
Real-World Examples / Notable Cases
Ethereum Classic (January 2019): Unknown attackers gained majority hash rate and reorganized over 100 blocks, double-spending approximately $1.1 million worth of ETC on exchanges. Coinbase suspended ETC deposits and withdrawals for weeks afterward and raised confirmation requirements to 4,000 blocks (~6.5 days). ETC was attacked again in July 2020 with a 4,000-block reorganization valued at approximately $5.6 million, and again in August 2020 with a 3,693-block reorg.
Bitcoin Gold (January 2020): Attackers double-spent approximately $18 million worth of BTG across multiple exchanges using rented hash power. Bittrex delisted BTG entirely following the attack. This was the second 51% attack on Bitcoin Gold — the first occurred in May 2018, also with approximately $18 million double-spent. The repeated attacks effectively destroyed BTG’s exchange credibility.
Vertcoin (December 2018): Vertcoin suffered a 51% attack that reorganized 607 blocks. The attackers double-spent approximately $100,000 worth of VTC. The attack was notable because Vertcoin had specifically designed itself to be “ASIC-resistant,” but this meant its hash rate was low enough to be easily overwhelmed by rented GPU hash power — the very design choice intended to democratize mining created a security vulnerability.
Ethereum Pool Concentration (2016): Mining pools like Etherdig and DwarfPool approached or exceeded 50% hash rate on multiple occasions during Ethereum’s early PoW era. While no malicious double-spending was confirmed, the community responded by promoting pool decentralization. This concentration risk was one of the motivations behind Ethereum’s eventual transition to Proof of Stake.
Risks / Considerations
- Smaller PoW chains are inherently vulnerable: Any PoW chain where total hash rate can be cheaply rented is at risk. Security scales with economic value, but small chains have low value AND low security — a structural flaw.
- Cloud mining marketplaces lower the barrier: NiceHash and similar platforms make it possible to rent hash power on-demand without purchasing hardware. Attackers can spin up, attack, and disappear within hours.
- Exchange delistings: Projects that suffer 51% attacks often face exchange delistings, severely damaging liquidity and project viability. Bittrex delisted BTG after its attacks.
- Switch-mining ASICs: Some ASIC chips mine multiple algorithms, allowing an attacker to redirect from a profitable chain to attack a less profitable one at very low opportunity cost.
- Transition to Proof-of-Stake: Ethereum’s transition to PoS (September 2022) eliminated 51% hash rate attacks entirely. In PoS, the equivalent attack requires controlling >33% of staked ETH, with economic slashing making this far more expensive and punishable — an attacker would need approximately $15 billion+ in ETH that would be slashed if the attack succeeds.
Frequently Asked Questions
Q: Can Bitcoin be 51% attacked? A: Theoretically yes, practically no. Bitcoin’s hash rate exceeds 700 EH/s, and acquiring enough ASICs to match it would cost tens of billions. Furthermore, the attack would be immediately visible and would crash BTC’s price, destroying the attacker’s own mining hardware investment. The economic incentives make a sustained Bitcoin 51% attack deeply irrational.
Q: What is the difference between a 51% attack and a 34% attack? A: A 34% attack refers to Proof-of-Stake networks where some BFT consensus algorithms (like Tendermint) require only 1/3 of validators to halt the chain (liveness attack) or 2/3 to finalize malicious blocks (safety attack). The thresholds differ from PoW’s simple majority. In Ethereum’s Gasper/Casper FFG, an attacker controlling >33% of staked ETH can cause finality delays, while >66% can finalize conflicting blocks.
Q: How do exchanges protect against 51% attacks? A: The primary defense is increasing confirmation requirements — requiring more blocks before considering a deposit final. For high-risk chains, exchanges may require hundreds or thousands of confirmations. Some exchanges also monitor for chain reorganizations in real-time and freeze deposits if detected.
Q: Does Proof-of-Stake solve the 51% attack problem? A: PoS changes the economics fundamentally. Instead of renting hash power (which is cheap for small chains), an attacker must purchase and stake tokens. If they attack, their stake gets slashed (destroyed). For Ethereum, attacking PoS requires acquiring ~$15B+ worth of ETH, which would be slashed upon a successful attack — a devastating financial loss that deters rational attackers.