[pat2man]

Since it took a while for me to understand this. A 51% attack doesn’t let you steal money from anyone. It essentially lets you block all transactions from making it to the blockchain. Nodes will still verify all transactions and ignore transactions that are invalid.

Edit: you can also create multiple forks and switch between them. External viewers will see both forks and if they don’t or can’t handle the difference they could experience a double spend.

That being said any miner has the ability to sort transaction any way they want which can give them an advantage. So if someone has a lot of hashing power they can use that ability to delay certain transactions or to give preference to others.

[lordnacho]

> A 51% attack doesn’t let you steal money from anyone.

1. You deposit BTC at an exchange. The exchange credits you the amount in their non-BTC ledger.

2. You send off a chain of blocks overwriting the the original deposit so that you never did it.

3. You fill in the form to withdraw your credited amount from the exchange.

Now you have 2x the coins.

Of course there are a LOT of details to this that I won't get into, and a number of mitigations for the exchange. But that's the basic outline.

[pat2man]

Yeah exchanges and all other external systems need to handle this. Effectively they should look at the possibility of a deep reorg and the potential cost to them and use that to adjust how many transactions they require until the risk is mitigated.

[Retric]

A presumably legal and profitable 51% attack can be to simply ignore other miners. Effectively someone with 45% hashing power get’s 45% of the block rewards + fees. However someone with 55% hash power can get 100% of the rewards plus fees a significant bonus. Alternatively, double spends let someone sell the same coins to multiple people though at legal risk for doing so while also theoretically collecting all block rewards.

However, the largest risk is from the software side. The physical owner of the hardware spends money, a hacker only spends their opportunity costs.

[tromp]

> However someone with 55% hash power can get 100% of the rewards plus fees a significant bonus.

Note that, until the 2-week boundary where difficulty adjusts, they only get 100% of the roughly 45% less frequent rewards, since the 45% orphan rate will slow down overall progress.

[7777fps]

If you can hash faster than everyone else combined you can re-write history. So you could make a transaction and then re-write that transaction out of history allowing you to spend that money again.

When you make a valid transaction, you have the necessary details for both that valid transaction and no transaction at all. Just because you can't make invalid transactions doesn't mean you can't effectively steal.

This is why lightning network is a shitshow, because you have to be constantly alert for that behaviour.

[pat2man]

It’s an eventually consistent system, so you can defraud people who don’t take that into account. But internally it will always be consistent.

[7777fps]

And by "don't take that into account" you mean "transact anything off chain" including other currencies, goods, services, etc.

[pat2man]

You can transact off chain. You just have to calculate the likelihood that your transaction will go through, and adjust accordingly. The cost of a 51% attack for 24 hours is a lot higher than the cost for one hour, so if you want for 24 hours the likelihood goes way up.

[yangl1996]

It does, however, allows "double spending" attacks. In such attacks the attacker first spends a coin to buy some real goods from the victim. She then launches a 51% attack on the blockchain and "rewrites" the ledger to remove the transaction to the victim. Now the attacker gets back her money, plus the goods from the victim.

[pat2man]

Yeah stores that accept crypto Currency need to understand this, or use an underlying abstraction that does. Of course for most chains this would make transactions very slow which is not good for commerce.

[urvader]

Stores that sell goods worth 700k in BTC?

[yodsanklai]

My understanding is that the goal is double-spending. The attacker will make a transaction to a victim. The victim would be convinced it owns the coins, as the transaction appears in the chain. The attacker will then start mining a new chain (starting at a block before the transaction) which does not contain the transaction to the victim. If the attacker has enough computing power, it will be able to make the new chain the "official" one, invalidating the first chain.

[pat2man]

Yeah. Is the part where they are convinced that is the actual double spend.

[skitout]

Or they can double spend some crypto, that is generally the main goal here

[pat2man]

As far as the block chain is concerned they cannot. No single branch can have a double spend. But of course with deep reorgs they can defraud exchanges or other parties who end up on the wrong branch.

[skitout]

As far as the block chain is concerned they cannot... when they are not under attack. The attack can rewrite part of the history to double spend some crypto

[pat2man]

They cannot rewrite history. But they can create multiple histories and switch between them.