Since the creation of the Internet, the question of virtual currency has always been at the heart of concerns, with the persistent problem of double spending. Satoshi Nakamoto, with the proof of work, proposed an elegant solution to this problem for Bitcoin. However, the fear of a 51% attack on these networks remains. Recently, a team of researchers wanted to assess the cost of such an attack on Bitcoin and Ethereum, raising questions about the viability of these threats.
On February 15, Lucas Nuzzi, Kyle Waters and Matias Andrade published the results of their study, seeking to determine the total cost of an attack against these cryptocurrencies. Their formula takes into account the initial and operational expenses required to launch and sustain an attack, offering valuable insight into the economic challenges associated with such ventures.
The Bitcoin network, by virtue of its size and complexity, seems invulnerable to a shutdown. However, the idea that a state entity could invest massively to acquire 51% of the hashrate and thus compromise the network has been examined. Researchers estimate that it would take at least 7 million ASIC rigs, a considerable investment made difficult by the limited availability of such equipment.
But, once again, the bill will be high:
"In this far-fetched scenario, the attacker's production costs would exceed USD 20 billion, as it would have to produce nearly 40 million units of the S9. It would be unlikely that the attacker in this scenario would not run into constraints related to the availability of microprocessors."
So, for the minimum 7 million ASICs required, it would cost a cool $3.5 billion. And that only includes the cost of production, not the electricity needed to power the machines.
According to an estimate made for the study, the electricity needed to operate these machines would cost the attacker around $1.5 million per hour.
Ethereum, with its move to proof-of-stake, introduces a new dynamic. To compromise this network, an attacker would need 34% of all ETH in staking. By December 31, 2023, this would represent around 9.8 million ETH, equivalent to $22.3 billion, an astronomical sum that is difficult to gather given the market's low liquidity.
And then there's the question of how to get hold of them:
"However, as with Bitcoin ASICs, the ETH at stake is not for sale. An attacker could not buy 34% of the ETH staked to launch an attack on the network."
What's more, the market doesn't have enough liquidity. As the study explains:
"To successfully break Ethereum as the threshold is pushed back, the attacker would need to reach 15.09 million ETH that day. This is more than the total ETH held by the exchanges covered by Coin Metrics (Bitfinex, Bitstamp, BitMEX, Binance, Bittrex, Gemini, Huobi and Kraken)."
All the more so as these validators would need to be able to reach the network. Indeed, Ethereum has a limit on the number of validators that can join the system at each epoch. According to the study, it would take 37,493 epochs, or 166 days, for all the attacker's validators to reach the network.
Liquid staking, particularly through projects such as Lido, has raised concerns about its influence on Ethereum's security. However, stETH holders cannot influence block production, and only Lido's governance decisions could theoretically affect network security.
The study concludes that Bitcoin and Ethereum remain secure against attack threats, thanks to prohibitive acquisition and operation costs. Over time, these networks become increasingly robust, making attacks less and less likely. Ethereum continues to strengthen its security with a steady influx of ETH in staking, recently exceeding 30 million ETH.
Register for free to the Summit Research newsletter
and receive our weekly newsletter every Saturday at 10 am (CET).
We make the world of blockchain and cryptocurrencies accessible by building a transparent and understandable ecosystem together.