Hacker shows how he '51% attacked' Ethereum clone CheapETH for $100

It’s not often you see a 51% attack of a blockchain from the hacker’s side. 

But an 18-year-old intern at venture capital firm Polychain Capital decided to show how such an attack works, for educational purposes.

“I've never seen a 51% attack against a live network (for good reason I suppose; most folks attacking networks for monetary gain probably don't want to publicize themselves),” tweeted Anish Agnihotri today, adding: “So I recorded it for you.”

A 51% attack is one of the main ways in which a blockchain can be attacked. The premise of most blockchains is that, as long as the majority of hash power is controlled by good actors, looking to support the network, then it will work normally. But if a bad actor takes control of the majority of the hash power, then they can cause some issues.

One of the main ways that bad actors profit from a 51% attack is by performing a double spend. Using their greater amount of hash power, they secretly mine a longer alternative version of the blockchain. They will then make a deposit to a crypto exchange and see their balance go up. Then they will broadcast their alternative (and crucially, longer) chain to the network, eroding their previous transaction. This leaves them with their original money and the balance on the exchange.

Performing the attack

Agnihotri chose a tiny clone of the Ethereum blockchain called CheapETH to run the experiment. It has much greater block sizes (similar to Bitcoin Cash), making it cheaper to send transactions. But unlike Ethereum’s 629 trillion hashes per second, it has just a measly 559 million hashes per second. This makes it much more vulnerable to attack.

To carry out the attack, Agnihotri rented mining power capable of performing 1.44 billion hashes per second. This enabled him to take up about 72% of the network’s hash rate. He also rented a virtual machine to run the blockchain on. The total costs were under $100.

The video shows how he attacked the network. Agnihotri explained that he disconnected from the network, mined solo in his own pool for a few minutes, and then broadcast the longer version of the blockchain to the network. Shortly after he did so, block explorers updated to show that he had mined all of the recent blocks.

While Agnihotri attacked the network, he did not carry out a double-spend attack at the same time. In the documentation within the video, he points out the points at which a bad actor would perform such an attack. Afterward, he said that he would airdrop tokens to any pools that were affected by his attack through loss of mining and transaction rewards.