[hinkley]

Nicehash has .99% of what you need to have 51% of the hashrate, not .5%. But that's still too tiny.

However.

You don't need 51% of the hashes to have the longest chain. The longest chain is a lottery. If you had 25% of the TH/s out there, there are 3x as many hashes you don't control as do. The odds are 1:3 that you will still find the next hash. If that weren't the case, there'd be no point at all in me having .0001% of the TH/s. I'd be better off setting the money on fire to heat my house.

Bitcoin doesn't have a consensus algorithm on two counts. The obvious one is that everyone takes the longest chain, regardless of whether everyone already agreed to a shorter chain. In Raft, your history can roll back if there's a partition. In Bitcoin, things can be rolled back even if everyone is online. I need one attack (rewrite history), not two (rewrite history + DOS attack), and because of that, nobody but my pocketbook notices if I try and fail.

The second one is that there is no consensus on what transactions to include in the next hash. Any hasher could blacklist transactions that are unfavorable to them without really affecting their odds of finding the next hash. I think it's assumed that it's not in the interest of either mining hardware owners or frequent cryptocurrency spenders to do this, as they would destabilize their own investment. That only borrowed hardware would be used that way, and on short bursts of purchases. But is that really true? Or is there a zero-day attack out there already being used or waiting to be found?

I'm thinking of the epic embezzling scandals that have turned up. How many people out there were never caught, or were insufficiently prosecuted? Employees are usually subject to the laws where the office is located. These people could be on the other side of the world.

[AgentME]

If you had 1/4 the hash power, it's true that you have 1/4 chance of creating a block before anyone else, but to be clear, doing that once isn't enough to do a double-spend attack of a transaction with some N confirmations (usually people would aim for N=6). There's only a 2% chance an individual attempt would pull that off for 6 confirmations in a row when using 1/4 the global hash power, and the whole time you're attempting this, your hash power isn't making money mining unless you succeed. On average, you would make $144,000 just from the block rewards from mining for that much time with 1/4 global hashpower, so the expected amount of failures are very expensive in opportunity costs. If I'm doing probability right, then at a 2% chance, you could expect to fail about 25 times on average before succeeding, so 25 failures adds up to $3.6 million of expected opportunity cost. (This isn't counting the cost in acquiring 1/4 global hashpower to begin with.) You would have to double-spend a lot of transactions to make that worth it, and people are probably going to wait for more than 6 confirmations on bigger transactions, which means a much larger attack would have to be done to target those.

[labawi]

If you add opportunity cost and renting cost, you are double counting.

Assuming you can repeat your "totally legit" setup transactions until you succeed, with minimal cost other than rent, you would need to take more than either the opportunity cost (otherwise it's better to just mine), or the renting cost (otherwise you're still losing money).

[Rodyland]

Adding opportunity cost and renting cost isn't double counting.

Opportunity cost is the foregone block rewards that you lose because you didn't submit your blocks, because you were holding them hoping to build a long enough chain to double spend. When you fail, that reward that you would have earned is gone forever.

Renting cost is the actual $ outlay that it costs you to rent the hash power necessary to perform the attack.