By Satoshi Nakamoto’s precepts, bitcoin is a fully independent currency and payment system. But as bitcoin’s capitalization rose to billions of dollars, the issue of blockchain control became one of the most pressing. To an even greater extent, this applies to the later cryptocurrencies, which were created from the outset with the expectation of multiple growth in value in the future.
The most effective method of control is the covert control, of which the controlled object is not even aware. You can’t fight what you don’t know. But even partial and indirect control can bring huge profits to whoever can establish it.
Despite the open source nature of most cryptocurrency projects and the transparency of blockchain transactions, partial or full interception of control is possible in most of them. Developers, security experts, and other enthusiasts often conduct research on centralizing any of the blockchain functions that give direct or indirect control over cryptocurrencies.
In this article we summarize the vulnerable aspects of popular blockchains: How an attacker or organized group, from a team of hackers to the government, could take over or disrupt a blockchain in order to bring it down. A successful attack on the basic architectural elements of blockchain risks not only direct technical and financial consequences, but also an inevitable crisis of confidence in the attacked blockchain and the industry as a whole.
The first part of this article focuses on the threat of centralization at the underlying blockchain level – the consensus level where transactions are confirmed and new coins are created.
Centralization of Issue: Mining and Stacking Vulnerabilities
In most cryptocurrency projects, the issuance of new coins is directly tied to transaction validation. The creation of new blocks is the level of consensus, the theoretical and practical foundation of all blockchains, upon which the “unbreakable chain” is built.
For Proof-of-Work-based blockchains, the process of block creation is called mining; for Proof-of-Stake-based blockchains, it is called stacking. There are other, less popular consensus methods, as well as blockchains with combined consensus.
The creation of new blocks is the most important point of failure for both the basic blockchain and all its superstructures. For example, stopping the creation of blocks in the base chain of Etherium paralyzes not only the turnover of ETH. Linked sidechains and superstructures (Polygon, NEAR, Arbitrum, and so on) will suffer or stop completely. The crisis will hit the entire decentralized app ecosystem, with hundreds of billions of dollars in capitalization and thousands of smart contracts and millions of users.
If users can’t send and receive transactions (payment and beyond), the entire system will become useless. Even a temporary shutdown of the blockchain is a disaster for all its users. And creating a permanent threat of transaction stoppages will cause all assets in the vulnerable blockchain ecosystem to plummet in value. Therefore, ensuring “zero-touch” consensus security is paramount to protocol developers.
<blockquote
Imagine, for example, that you put money in a bank that keeps all of its assets in an underground bunker under a high mountain. One day this mountain was blown up, and the entrance to the vault was littered with thousands of tons of stones.. All the customers’ money has become Schrodinger’s money – it may or may not be there anymore. And the bank cannot conduct any operations until it has access to the vault and finds out the state of the assets. The stopped blockchain is stored on all users’ computers with the full wallet version, but they can’t do anything with their coins until they start mining or stacking.
The ability to hijack control of coin and block creation varies greatly depending on the consensus method. Let’s look at the two main options.
Proof-of-Work
The world’s first blockchain, Bitcoin, and its forks, such as Bitcoin Cash or Litecoin, are based on the Proof-of-Work consensus. Interception of control over mining is possible through the centralization of the capacity of equipment and pool servers.
The first threat is more serious because the “right miners” can’t quickly increase capacity. Until this happens, the attacker will have an undeniable advantage. The concentration of capacity on one pool without simultaneous control of equipment is less significant, because independent miners can freely migrate between pools. There have been similar cases in Bitcoin’s history: after an alarm was raised in the community, at least some of the miners left the dominant pool.
The owner of the superiority in computing power of mining (the so-called 51% attack) can:
-
Modify consensus rules for nodes under his control (by modifying the wallet code that directly forms the blocks).
-
Selectively approve only necessary transactions or refuse to approve those that interfere with it.
-
Stop approving transactions altogether, leaving only empty blocks.
-
Double or even multiply spending of your assets.
He CANNOT:
-
Conduct transactions with other people’s coins.
-
Hijacking other people’s hardware.
-
Change consensus rules for unsupervised nodes.
-
Make changes to blocks that were created before control was overridden. This limitation has caveats: pre-planned overwriting of recent history is possible, the depth of it depends on the degree of superiority over other miners.
Centralization of mining through capacity dominance requires constant high costs. They include operating costs (electricity, infrastructure, etc.) and the additional purchase of equipment to stabilize their superiority over all other miners. If there is dominance in hashing power, there is no need to use a public pool.
Using one pool’s dominance to conduct a 51% attack is highly likely to be short-lived and one-time. The detection of the attack would destroy the reputation of the pool and lead to the departure of miners, that is, it would actually destroy the business of the pool operator.
The cost of centralizing mining is directly related to the current hashing power of the blockchain and the equipment used.
The cost of an attack
Bitcoin’s current hash rate is about 320 eps. In order to gain control of the blockchain, you must, at a minimum, control equipment with a hash rate of more than 160 ech/s. One of today’s top ASIC miners, Antminer S19j Pro+, has a hash rate of 120 Tx/s, consumes 3,300W and costs $2 380 (according to manufacturer’s website).
More than 1 333 334 of these asics are needed to intercept control in the Bitcoin blockchain. Their purchase at retail price would cost nearly $3.2 billion. They require 4.4 GW of electrical power, not including cooling and other overhead.
Thus, an effective 51% attack on the Bitcoin blockchain, according to conservative estimates, would cost $4 billion, with the attacker having to shell out the full amount and wait for all of these devices to be delivered and running. It is impossible to rent even 10% of that capacity on the open market without a multiple increase in rental rates and inevitable publicity.
Attacking some fork of Bitcoin is much cheaper. For example, take Bitcoin SV – the “true bitcoin” according to Craig Wright. His current hash rate is slightly below 600 pps, which means that to attack 51% it is enough to have 300 pps. This capacity corresponds to the 2500 Antminer S19j Pro+, which cost about $6 million and consume just over 8 MW.
That’s the kind of hashing power even a single farm of an average industrial miner can provide. Equipment for this purpose can be partially or completely rented, which means that a short-term attack will cost much less.
PoW blockchains with relatively high coin values and low hash rates are the most vulnerable to attacks via mining. For example, the Ethereum Classic blockchain has been repeatedly attacked in the past years.
Proof-of-Stake
With PoS-based blockchains, it is more difficult to form a unified picture because the differences in consensus between variations of the protocol are very large. Twelve years have passed since the launch of Peercoin, the first Proof-of-Stake blockchain, and more than a dozen variations of this consensus have appeared since then. The main ones today are modifications of delegated DPoS share proof (BNB, Cardano, Solana and so on), PoS 2.0 (Ethereum) and Tendermint (Cosmos, TON).
Later versions of PoS are better protected against control grabs, but no consensus-level technical measures can guarantee complete security. And the risks for PoS operators (stackers and validators) are much higher than for PoW miners, because the return on investment (ROI), without taking into account changes in the rate of coin, is much higher for them. In addition, the attacker can initiate the liquidation of deposits of “defeated” validators.
Dominance in PoS is achieved by acquiring control over the required number of base blockchain coins in circulation by any means. The controlling fraction may vary depending on the rules and technical features of a particular protocol. On modern versions of the protocols, a value of 33% to 67% can be used, but the “ironclad” simple majority (50+%) remains just as effective in the long run.
Unlike Proof-of-Work, where coin ownership offers no consensus-level benefits, blockchain dominance capture on PoS is much more dangerous. To take away once achieved advantage without violating the rules of the consensus by administrative measures “off-line” is practically impossible. Ready to go all the way, an attacker can actually destroy the blockchain, and it can only be restored with a hardfork for the time before the hijacking.
For more details on the types of attacks on Proof-of-Stake protocols, including through achieving centralization, described in this article. I will not repeat the details already laid out, but I will try to compare the main risks of attacks by analogy with Proof-of-Work.
The owner of a controlling stake in most blockchains on Proof-of-Stake can:
-
Modify consensus rules for nodes under his control (by modifying the wallet code that directly forms the blocks).
-
Change consensus rules for all nodes in the network (by initiating changes through holder voting, not available in all blockchains).
-
Unilaterally assign validators that form blocks (DPoS blockchains).
-
Selectively validate only desired transactions or refuse to validate those that interfere with it. This includes promoting their own MEV bots and hindering the work of others.
-
Stop confirming transactions altogether, generating only empty blocks.
-
Conduct double or even multiple spends on your assets (within a state’s finalization range).
-
Penalize (deprive part or all of your deposit) validators who violate its consensus rules. This allows in the long term to achieve 100% dominance. Works in Ethereum 2.x and some other blockchains.
He CANNOT:
-
Conduct transactions with other people’s assets (except to “punish” violators). Coins lying passively in the wallet cannot be affected.
-
Manage other people’s smart contracts, except to deny transactions.
-
Change consensus rules for unsupervised nodes in non-voting protocols.
-
Make changes to blocks created before control interception. Depends on the architecture of the particular blockchain, such as setting checkpoints across a certain number of blocks, or epochs in Etherium.
Blockchain developers on PoS are implementing various methods to protect against the dominance of large holders. For example, the Etherium team declares the sufficiency of 1/3 bona fide validators to maintain control. However, it is obvious that all such measures can only be effective against a “dumb” attacker who is not proactive and cannot be the first to apply the same measures against bona fide users. In reality, such a situation is hard to imagine.
A PoS blockchain attack could be initiated by a major exchange that actually controls customer assets, or by hackers who hacked it. Also, the possibility of government services seizing the wallets is not ruled out.
Cost of the attack
If you calculate the cost of an attack on a PoS blockchain from scratch, it’s easy enough: you need to calculate the number of coins needed to attack a particular protocol, and multiply by the current market value of the coin. After that, allocate money and buy. For example, half of the current issue of ETH is worth only $111 billion, and with the growth of the price in the mass buying the amount may grow several times. It would seem that such an attack costs ten times as much as an attack on Bitcoin, and that is more than enough protection. But there are nuances.
The first, and most obvious, is that steaking usually involves a small fraction of the total issue. For example, less than 15% of coins are blocked in the Ethereum stack. Half of them would be worth about $17 billion at the date of publication, and a third would be worth $11 billion.
The main difference between PoS and PoW, however, is the initial distribution of coins and its impact. For PoW, pre-generation of a significant portion of coins (called pre-mining) is the exception rather than the rule, and does not affect blockchain control in any way. However for PoS this is a necessity, and all 100% of coins for initial distribution are generated immediately. The exception is Etherium, which worked on Proof-of-work for more than 7 years. However, in it, too, the first 60 million ETH were sold at the ICO and distributed in the first block.
In order to start stacking in the new blockchain, it is necessary to have a sufficient number of coins at once, which can be blocked in the stackers’ wallets. Profits from steaking also go to the original holders. And they are free to dispose of it – to sell or retain it, increasing their share and becoming whales. All major holders in the new PoS blockchain are determined at the start. Their costs consist of buying tokens at the ICO, or the labor involved in developing and promoting the project, for which they are rewarded in tokens.
Initial distribution is very often among a narrow circle of people involved in the project, even if the coins are sold at a public auction.First, the coins of new projects are not always popular, and second, an interested player who is not strapped for cash, it is not difficult to buy most of the auction lots for himself. A significant portion of the coins generated in the first block, as a rule, remains under the control of the developers. Some of them are subsequently distributed through giveaways and rewards, but the share of developers rarely falls below 10-15%, and these are only “declared” coins. Nothing prevents the developers, for example, to sell some of the coins at auction to themselves, thereby increasing the hidden control. All of these coins go to them completely free or with minimal fees.
Another crucial feature of PoS is that, from the perspective of the controlling share, once purchased coins do not depreciate or become obsolete. Also, they do not require any maintenance, but on the contrary, they are profitable. If all the coins the whale has are involved in stacking, then their number increases according to the algorithm, and the share gradually increases, since no blockchain has 100% of its coins in stacking.
Thus, in most PoS blockchains, the possibility of covert control is inherent, and the share of large holders gradually increases due to steaking and validator commissions. They can reduce their share only at their own will by selling some of the coins on the market.
Economically, PoS implements a perfect monopolistic model – even with the most perfect implementation of consensus rules, the rich get richer and the poor get poorer in a natural, or rather, predetermined way. Redistribution of assets is possible only at the initiative of the “rich.
A final comparison of PoW and PoS centralization risks
Let’s summarize the key features of the two main consensus methods and their associated centralization risks.
Dominance parameter
Features
PoW
PoS
Managing Resource
Hashing power
Coin ownership
Proportion of confident control
>50%, 100% guaranteed
From 33%, guaranteed above 67%.
The Randomness Factor
Average
Low (zero in DPoS)
Cost of initial acquisition without premine
Doesn’t depend on premayn. Formed from the market value of the equipment and infrastructure.
Very high
Cost of initial purchase with premine
Depends on initial stake and distribution involvement
Cost of retention
High
Negative (retention is profitable)
.
Gradual depreciation of the resource
There’s
No
The cumulative effect of owning a resource
No
Yes
Long-term share accumulation
No
Yes
General level of control
Average
High
Full blockchain shutdown option
Yes, it is (while maintaining the cost of operation)
Yes, there is (no operating costs)
Yes, there is (no operating costs)
Possibility of confiscating other people’s coins
No
Yes (if conditions are met)
Ability to return control without administrative intervention
There is
No
In the second part of this article, we’ll talk about the other, less obvious risks of centralizing cryptocurrencies.
To be continued.