How much would it cost to execute a 51% attack?

27

6

I know that it's commonly said that they're not really in the realm of possibility right now, but how much would it really cost to execute a 51% attack on the network? And are there any organizations out there who might have a goal in mind for which such an attack would be worth it?

I have created a new question (https://bitcoin.stackexchange.com/questions/75684/is-possible-to-destroy-the-bitcoin-for-just-500k-51-attack) based on renting the hash power from https://www.crypto51.app/

– Enrique – 2018-05-29T18:55:30.133

Answers

17

Adding to David's quote of $65,415 per hour here's a quick analysis of non-EC2 attacks (i.e. buy and run ALL the hardware to sustain a 51% attack) Since power efficiency will be HUGE for this scale of an operation, let's use the most power efficient card we can find. This lovely pastebin doc tells us that is the Radeon 5850 at 1.595 MH/W. At present you need 12.42 TH/s to pull off a 51% attack, which would require 51,585 of these cards. Assuming we put four cards to a rig it also requires 12,897 computers to run them all. Assuming the PCs take a scant 200 watts, each rig requires 804 watts of power, 10,365,735 watts in all. Assuming a fairly high efficiency cooling system, we can bump that up to about 14,619,916 watts. Before anyone claims that this alone is impossible, keep in mind it's about 0.7% of the peak output of Hoover Dam. Speaking of Hoover Dam, I'm going to use my local energy rate of 11.28 cents per kW/h (I live in Vegas) to find that it would cost$39,579.04 to run and cool these rigs for a single day.

Since these cards cost $192 at the cheapest outlet I could locate, we'd spend$9,904,320 on cards and at if we spent a scant $500 on each rig's other hardware they'd cost us$6,448,120 as well for a total hardware cost of $16,352,440. If we amortize that cost over a year of operation before the parts die or become too obsolete to pull off our attacks any more, we can estimate$44,770.54 per day in hardware costs.

Total cost in amortized hardware and electricity to run a 51% attack for one day on the bitcoin network: $84,349.58 - but also recall that our total startup costs were 16.35 million dollars, and all that would buy you is the ability to double-spend for a time, so no it wouldn't really be worth it. 1I think you could get system power, exclusive of the GPUs, down to 80 watts. Also, FPGAs have a better hash/watt, but the initial cost is much higher so the overall numbers will likely be worse. – David Schwartz – 2011-09-16T04:36:06.790 1Impressive numbers. I think it's also important to include the costs of storing these computers somewhere. They'll need to be racked in a datacenter. The monthly cost of a rack is pretty much never below$700/month, and you'll need a huge number of racks for 12,897 computers - particularly if they're the type that can accommodate four full size PCI cards. – Ken Simpson – 2011-09-16T18:45:20.833

7A related point is: why bother mounting such an attack? If you were indeed successful and started building your own block chain, then confidence in Bitcoin would plummet and investors would sell out their positions (assuming their positions could be sold out). The price would drop through the floor and the value of your exploit would be reduced to nothing. – Ken Simpson – 2011-09-16T18:47:01.877

6As far as I can tell the only rational reason is to attempt to destroy Bitcoin. – Chris Rico – 2011-09-26T21:27:38.137

1With the 2014 US NIP budget of ~$50B/year, or ~$137M/day, this would take around 0.06% of the US intelligence budget to pull off. – hamboy – 2015-05-29T18:05:33.557

8

I think this question primarily relates to the integrity of BTC, and withstanding a government mounted attack against it (from what I understand, any currency which could undermine the value of our US dollar is a threat to national security).

Take into account another factor or two. DDoS attacks have taken place against several smaller mining pools, which effectively discount any mining they perform. If the largest pooled mining efforts were hit with denial of service attacks for long enough, the difficulty and network strength would drop. Then the network would become particularly vulnerable.

It is my belief that the BitCoin client should be coded to disallow connecting to nodes which overpower the last known status of the network. Along with distributing the blockchain, the client should also broadcast a list of possible problem nodes, and possibly some statistics of the state of the network if the client were offline.

2

I don't really think what you propose is a good solution to the problem. A better solution, I think, would be a distributed mining pool, something like this.

– Chris Rico – 2011-09-26T21:32:39.000

4

It should be pointed out that David Perry's answer is an upper bound on the attack price, and I'm fairly sure you could do better than that. For reference, his key numbers were $40k/day and$16M upfront.

1. While you mine you earn bitcoins. The bitcoins you mine you can sell for USD at an exchange. How much will you get back? Well with half the global hashrate you will mine half the coins, which currently means 3600 per day. At the price of $5/BTC that's$18,000 per day recouped.

2. Lets assume you invest in (more or less) the most efficient hardware. Therefore, if you are losing money mining then most others will be losing money too. Question: Why would people be mining if they were losing money? Answer: they wouldn't, they would switch off their rigs, at least temporarily. There is already hard evidence that people switch off their rigs when it ceases to become profitable. This would increase your bitcoin mining rate substantially. Simple economics would indicate that enough people would switch off their rigs that the mining cost per Thash would equal mining revenue per Thash. It's an equilibrium point. There will be friction, but you should expect to recoup almost all your electricity costs in mining revenues.

3. Based on 2. above, you don't have to add capacity equal to the current global hashrate, you have to add capacity equal to half the global hashrate. This is because if done slowly, every extra Thash/s you add, someone else will switch off a Thash/s to maintain parity between mining costs and mining revenue.

Based on 2 and 3 above, the total cost would be $8M upfront with little or no running costs. And this is assuming no resale value on the hardware. 3People ARE running at a loss right now and have in the past. They mine because they believe not because it's profitable. There have been times when the only folks making money are those with free electricity or FPGAs and yet the network hashrate has not dropped that much. Research before you criticize the work of others please. – David Perry – 2011-09-26T19:05:09.967 3Some people are running a loss, and some people have quit. Mining is currently breakeven with the more efficient rigs. I did research, and I didn't criticize, I qualified. – newmeraire – 2011-09-26T21:31:17.290 0 If miners are egoistic and can mine other coins with the same hardware an attack would be much cheaper. You haven't to buy the mining power you need for the attack you can just lease it. Costs for leasing are just a little bit more than miners can earn with their hardware in the time of the attack. So today leasing costs for one hour of bitcoin mining power is when you trust the calculations of digiconomist.net about 1 million$.

During the attack you also earn for mining a little bit less than the leasing costs. So large costs only come to you, I've the currency goes down during you attack.

In worst case scenario - currency goes down directly - you have thrown away the leasing costs of 1 million \$ per hour, in best case scenario - nobody notices your attack during you do it - you have the win of double spending and mining during the attack minus leasing costs.

If the value of the double spended transaction is great enough there's a positive profit expected! You can only prevent this if you don't trust large transactions. But this makes the currency maybe inefficient as you see in the discussion here.

-3

This depends of the network hash rate. Let us assume that the hashrate will decrease to 1 TH/s. That time everyone who has switched off 1 TH/s miner will be able to perform 51% attack only for the cost of electricity.