51% Attack

What Is a 51% Attack?

Every public blockchain relies on a decentralised network of participants — miners or validators — to agree on which transactions are valid and in what order they occurred. This agreement process is called consensus. As long as no single party controls the majority of that consensus power, the network remains trustless and tamper-resistant. A 51% attack is what happens when that assumption breaks down.

The “51%” refers to the threshold of network control required to rewrite history. In a proof-of-work blockchain like Bitcoin, control means hash rate — the combined computational power of all mining machines. In a proof-of-stake network, it means staked capital. Once an attacker crosses this threshold, they can build an alternative version of the blockchain faster than the honest network and eventually broadcast it as the “true” chain — since blockchain protocols accept the longest valid chain as canonical.

The attack does not give the attacker unlimited power. They cannot create coins from nothing, cannot alter transactions in blocks they did not mine, and cannot access wallets belonging to other users. What they can do is selectively reverse their own recent transactions — specifically to spend the same coins twice, a problem known as double spending.

How Does a 51% Attack Work?

The mechanics follow a specific sequence that exploits how blockchain consensus resolves competing chains:

1. Attacker acquires majority hash rate — either by owning enough mining hardware outright or by renting it through a hash rate marketplace. For smaller networks, this can cost as little as a few thousand dollars per hour.
2. Attacker mines a private chain — while the honest network continues building the public chain, the attacker secretly mines an alternative version that omits or reverses their own recent transactions.
3. Attacker spends coins on the public chain — they send cryptocurrency to an exchange, convert it to another asset, and withdraw. On the public chain, this transaction looks final.
4. Attacker releases the private chain — because the attacker controls more than 50% of the hash rate, their private chain is longer than the honest chain. The network automatically switches to the longer chain, erasing the original deposit transaction.
5. Double spend complete — the attacker has both withdrawn funds from the exchange and recovered their original coins on the now-dominant chain.

Worked example: an attacker targets a small altcoin with a total network hash rate equivalent to 1,000 GPUs. They rent 1,100 GPUs for $2,000 over six hours. During that time, they deposit 500,000 coins (worth $50,000) to an exchange, trade them for Bitcoin, withdraw the Bitcoin, then broadcast their private chain — erasing the deposit. Net profit: $48,000 after rental costs.

Which Blockchains Are Most Vulnerable?

Small proof-of-work chains are the primary targets. The cost of a 51% attack scales directly with total network hash rate — the more miners securing a network, the more expensive it is to acquire majority control. Bitcoin’s hash rate is so vast that a sustained attack would require billions of dollars in hardware and electricity, making it economically irrational. Ethereum Classic (ETC), Bitcoin Gold (BTG), and Vertcoin have all suffered real 51% attacks precisely because their smaller networks were cheap to overwhelm.

Proof-of-stake networks are not immune but face a different economic dynamic. An attacker must acquire more than 50% of all staked tokens. On a large network, this is prohibitively expensive — and self-defeating, since successfully attacking the network would likely destroy the value of the tokens the attacker spent billions acquiring.

Newer or forked chains are especially at risk in their early days, before a substantial mining or staking community has formed. This is one reason why projects launching as forks of established chains can be vulnerable immediately after launch.

Why Is the 51% Attack Important for Traders?

For traders, a confirmed or suspected 51% attack on any asset is an immediate red flag. Exchanges typically respond by increasing the number of confirmations required before crediting a deposit — sometimes pausing deposits and withdrawals entirely for the affected coin. This creates severe liquidity problems and almost always triggers a sharp price decline as confidence collapses.

The broader implication for portfolio construction is that hash rate concentration is a measurable risk metric. Coins where a small number of mining pools control the majority of hash rate are structurally more vulnerable — even without an active attack. Monitoring the distribution of mining power across pools is part of sound due diligence on any proof-of-work asset.

On PrimeXBT, traders can take short positions on crypto assets through CFDs, which makes it possible to position around events like a 51% attack without holding the underlying asset. Since attacks typically cause rapid price drops, traders who identify elevated attack risk early can use this as a directional signal — while always managing downside with a stop-loss order given how unpredictable these events are in timing.

51% Attack vs. Sybil Attack

Both are network-level attacks on blockchains, but they exploit different vulnerabilities. A 51% attack targets the consensus mechanism directly by acquiring majority computational or economic power. A Sybil attack involves creating a large number of fake identities or nodes to gain disproportionate influence over a network — without necessarily owning the majority of real resources. Proof-of-work and proof-of-stake both largely neutralise Sybil attacks because influence is tied to real-world cost (hardware or staked capital), not to the number of identities. A 51% attack bypasses this by simply outspending the honest participants.

Key Takeaways

• A 51% attack occurs when a single entity controls more than half of a blockchain’s consensus power, enabling them to reverse their own transactions and double spend — but not to steal funds from other wallets or create coins from nothing
• The attack works by secretly mining an alternative chain, spending coins on the public chain, then broadcasting the private chain to overwrite the transaction history
• Small proof-of-work blockchains are the most common targets because their low total hash rate makes majority control cheap to rent — Bitcoin and Ethereum are effectively immune due to the scale of their networks
• Exchanges respond to confirmed attacks by increasing confirmation requirements or halting deposits, causing liquidity problems and sharp price declines in the affected asset
• Hash rate concentration among a small number of mining pools is a measurable early warning sign of 51% attack vulnerability, even before any attack occurs