Anish Agnihotri, an 18-year-old intern at the venture capital firm Polychain Capital, demonstrated in practice a 51% attack on the network of a functioning cryptocurrency.
"I have never seen a 51% attack against an in-service network. I think this happens for a reason, because most of the attacks are carried out with the aim of extracting economic benefits, so hackers do not want to publicly disclose themselves, " he wrote. – So I wrote it down for you."
The 51% attack is one of the main threats to blockchain networks. It is assumed that the blockchain remains secure as long as most of the computing power acts in the interests of the network and its users. However, if the vast majority of computing power is captured by an attacker, he will be able to re-spend transactions. In this case, a miner with superior resources usually secretly creates a longer version of the chain, after which he transfers his own assets to the exchange and transfers his variation of the blockchain to the nodes, rewriting previous transactions. As a result, he still has assets both on the exchange and in the blockchain.
For the attack, Agnihotri chose a small clone of the Ethereum blockchain called "CheapETH". It uses much larger blocks, while its hashrate is 559 million hashes per second, compared to 629 trillion for Ethereum. Because of this, the CheapETH network is much more vulnerable to attacks. Agnihotri rented the computing power to process 1.44 billion hashes per second, so that 72% of the network's hashrate was under his control. He also rented a virtual machine to run the node. The total cost was less than $100.
He recorded the attack process on video. Agnihotri explained that he disconnected from the network and formed the blockchain independently for several minutes, after which he passed the longer version of the chain to the other nodes. Soon after, blockchain reviewers picked up on his version, rewriting all the blocks extracted during this time. The researcher did not re-spend the transactions and agreed to distribute the rewards received among the pools affected by his actions.