How Ethereum Classic Was Saved [Narrator: It Wasn’t]

[Update 2: Jan 7th, 2019–51% attacks against Ethereum Classic are a thing now, with multiple 100 block reorgs occurring. Some exchanges are requiring 100+ confirmations on the Ethereum Classic blockchain before crediting for deposits now, with recommendations they wait 400 confirmations! Bye, Bye $ETC (at least as a minority hashrate PoW coin.]

[Update: May 25, 2018 — Looks like the risk of a 51% attack for purpose of profit against minority hashrate coins is a topic finally getting attention (great work Husam ABBOUD!)]

All proof-of-work (PoW) cryptocurrencies (of which Bitcoin is one) are vulnerable to the 51% attack. What this means is that an attacker (or miner cartel) with control of 51% of a coin’s combined total mining hashrate has the ability to double spend the attacker’s own transactions — even transactions that have confirmed.

The theory to explain why this doesn’t happen to a coin like Bitcoin is that it is more economically rational for the 51% attacker to simply use that hashrate capacity and just mine the coin. But there could be other motivations to attack where economics isn’t the primary motivator — such as if a nation state were to do a 51% attack intending to disrupt a coin, or when a competing coin attempts to thwart an unwanted competitor even.

Bitcoin Is Protected

But the supply chain simply doesn’t have another 340,000 Antminer S9's (even when substituting hashrate capacity sold by competitors Canaan and Bitfury). And there is essentially a near-zero capacity of this hashrate that is being used for mining other coins. Bitcoin has essentially 100% of the hashrate produced by all SHA-256 mining hardware.

So Bitcoin is not just protected because of the cost of the attack, but also because it already receives so much of the hashrate for that mining hardware class. One could compute a vulnerability ratio (for a 51% attack) by dividing market cap by the cost of the attack. Ignoring that even $500M can’t get you your 340,000 Antminer S9s today allows this ratio for Bitcoin to be calculated and the result is 72 (~$36,000M/~$500M). The lower the vulnerability ratio, the stronger a coin’s protection is. Bitcoin’s ratio shows weakness, but only because the true cost of succeeding in an attack would be enormous due to limits in the hardware supply and cannot be calculated.

Litecoin Is Protected Too

Again, this ratio level shows Litecoin to be weak but only because the true cost of acquiring the necessary hardware (i.e., producing your own chips or otherwise effecting additional supply to occur) isn’t known.

How about coins mined using a GPU?

ZCash is insanely well protected today relative to its market cap— there are currently $150M worth of GPUs protecting a coin whose market cap is $300M. This gives ZCash a very good, low vulnerability ratio of 2 (~$300M /~$150M).

Now if the cost of an attack were the only barrier preventing such an attack from happening, hitting a coin like UBIQ ($UBQ) would make much more sense. With even fewer than $1M worth of GPUs, an attacker can be guaranteed technical success in double spending transactions on UBIQ — a coin with a $25M market cap. So UBIQ’s vulnerability ratio is 25 (~$25M/$1M).

Why isn’t such an attack happening today? Perhaps because an attack just isn’t likely to return a profit.

The 51% Attack — For Fun And No Profit

With the withdrawn Bitcoins secured, the attacker then releases the private chain which, with majority of the hashrate, then becomes the longest public chain and the result is the prior deposit transactions to the exchanges essentially and immediately disappear — as if they had never even been made.

As a result, the attacker’s wallet would still have all the $UBQ (which was worth $1.5M when deposited to the exchanges) as well as the roughly $1.5M worth of $BTC bought and withdrawn. Subtract the $1M cost for mining hardware (assuming this required acquisition of new GPU hardware), and this attacker/cartel would have just earned a cool $0.5M profit on this attack!

The flaw in this scenario is that there simply isn’t a market to dump $1.5M worth of $UBQ without incurring extreme slippage. Even a quarter of this volume dumped suddenly on exchanges might decimate the exchange rate for that nascent coin. Additionally, a double spend only happens if the trading counterparty (e.g., an exchange) is caught unaware which would be the only way that the exchange not only would allow the recently deposited $UBQ to be dumped in record volumes but also then would allow all the proceeds (e.g., $BTC) of said dumping to be subsequently withdrawn as well. Exchanges are (hopefully) wiser than that. But even if that happens, the attack still might be a financial bust for the attacker.

The most significant reason this 51% attack might succeed on a technical level but fail to earn a profit is that the attacker still wants to later spend those $1.5M worth of $UBQ that were double spent. But this attack on UBIQ would probably end up being failure fatal to the UBIQ project as a whole, causing those $UBQ coins the attacker “stole” from the exchanges to become essentially worthless. Or another possible outcome is that the coin’s dev team responds to the attack by simply releasing a hard fork reversing those transactions involving stolen coins. This is similar to what Ethereum did in 2016 to get back the coins that the DAO thief controlled.

The Sweet Spot

You can go up and down the crypto coin chart and there are very few coins that fit that description today. Bitcoin, Litecoin and ZCash are excluded for reasons given above. Ethereum, requiring $400M of GPU hardware to 51% attack also does not make an ideal target — even with a relatively high vulnerability ratio.

Ratio of Mark Cap versus Cost of 51% Attack (May 27, 2017)

Ethereum Classic Should Be Considered Vulnerable

So Ethereum Classic is perhaps the coin most vulnerable and likely to be the first significant crypto currency (significant meaning market cap in the range of a hundred million or more) to be 51% attacked for the purpose of profit.

If $ETC is doomed due to being so vulnerable, why then would the title of this article be that $ETC is saved?

Crime Doesn’t Pay (as much)

And while it may be appropriate to conclude that Ethereum Classic was possibly the coin at the most significant risk of a 51% attack, it will likely get a pass this time thanks to the GPU shortage that is one result of this huge altcoin rally.

GPU Supply Chain Wiped Out

51% Attack — Inevitable, just not for $ETC, at least not today