Ashwin Ramachandran is a junior partner at Dragonfly Capital, a cross-border crypto venture fund. Haseeb Quereshi is a managing partner.
On January 23, bitcoin gold was 51 percent attacked and $72,000 was double-spent. This is the second time bitcoin gold (BTG) has been attacked, and its aftermath left many people wondering: Why don’t exchanges delist bitcoin gold and other easily 51 percent-attackable proof-of-work (PoW) coins?
Turns out, there’s a simple answer. But first, let’s examine the circumstances of how this attack was performed.
Bitcoin gold is a fork of bitcoin that uses the ASIC-resistant ZHash mining algorithm. ZHash is optimized for efficient GPU mining and increases the difficulty of ASIC development due to its high memory requirements. GPUs are widely available for rental since they are commoditized and in large supply relative to ASICs, so it’s easy to rent enough hash power to dominate the bitcoin gold network. Hash power marketplaces, such as NiceHash and MiningRigRentals, have dramatically decreased the costs of performing a 51 percent attack, and similar marketplaces are popping up left and right (see Warihash, Luxor, etc).
The recent attack on bitcoin gold required up-front capital costs of $3,400 (0.4 BTC to reorganize a total of 29 blocks assuming linear slippage), but note that this cost was recouped through block rewards on the reorganized chain. Because of the inexpensive overall cost, this attack could have been performed entirely using spot GPU rental markets. Furthermore, because GPU rental markets are becoming increasingly liquid, the cost of overtaking a GPU mineable network is decreasing (see NiceHash pricing). Thus, the up-front capital required by the attackers is only the bitcoin gold they wanted to double-spend, plus the hash power costs. The BTG attackers double-spent an estimated $72,000 and paid only $3,400 (recouping roughly $4,200 through block rewards), giving them an ROI of about 96.6 percent, making this a wildly profitable attack.
And, of course, the primary victims of 51 percent attacks are exchanges. The attack generally goes like this: The attacker deposits coins on an exchange, those coins are traded for some other liquid coins like BTC, and then the BTC is withdrawn. The original deposit transaction is later reverted by the 51 percent attacker, allowing them to get back their original deposit and essentially double their money. Because of this vulnerability, exchanges wait a confirmation period (originally 12 blocks on Binance for bitcoin gold) before allowing coins to be withdrawn. But while these confirmation periods increase security, they cannot prevent attacks outright. For more on the mechanics of 51 percent attacks, check out this tweetstorm on the ethereum classic (ETC) attack last year.
It is more profitable for Binance to list low-mid market cap PoW coins, even with their potential losses due to 51 percent attacks.
Bitcoin gold’s 51 percent attack was the second in just two years (the first bitcoin gold attack was much larger), yet BTG remains traded on exchanges like Binance to this day. Naturally, the question arises: why doesn’t Binance delist BTG?
Binance currently trades about $4.13 million in BTG/BTC volume per week. So Binance makes around $429,000 per year in total profit on the BTG/BTC trading pair alone (assuming average fees of 20 basis points (maker/taker) per trade and low BNB usage).
After calculating profits for all low-mid market capitalization PoW coins, a trend crystalizes. It is more profitable for Binance to list low-mid market cap PoW coins, even with their potential losses due to 51 percent attacks. The chart below shows estimates of the percentage of hash rate available for rent, along with Binance’s profit estimates (assuming current market prices).
Note: All rented hash power increases the total hashrate of the network. Thus, an attacker must acquire 100 percent of the current hashrate to launch a successful 51 percent attack. All hash power acquisition estimates are also vulnerable to linear market price slippage, which can vastly increase attack costs.
As long as it’s sufficiently profitable, we expect that Binance and other high-volume exchanges will continue to list vulnerable PoW coins. Exchanges can always reduce the probability of a 51 percent attack by increasing the number of confirmations required for withdrawals (Binance increased this for BTG from 12 to 20 following the attack). But, of course, this does not prevent attacks outright and instead merely increases an attacker’s capital costs. Exchanges can further engage in attack prevention by performing prudent anomaly detection on user deposits of small-cap PoW coins. But note that there is no way to directly detect a 51 percent attack before it happens, since renting hashrate does not cause the on-chain hashrate to drop in any way.
The most recent bitcoin gold attack was worth about $72,000, while Binance expects to make $429K from bitcoin gold this year. Likewise, the ethereum classic 51 percent attack netted the attacker approximately $1.1 million, while Binance expects to make about $3.2 million off its trading fees. This is yet another reason why coins do not die after 51 percent attacks.
That said, 51 percent attacks are still an enigma. They seem like a fundamental violation of the proof-of-work security model. But 51 percent attacked coins continue to trade on top exchanges, and often, bizarrely, increase in price after an attack (see ETC, BTG, XVG). We can partly explain this phenomenon by seeing 51 percent attacks as a tax on exchanges and modeling their continued incentives to list vulnerable coins. But as for why 51 percent-attacked coins sometimes appreciate, unfortunately that still remains a mystery.
The authors thank Tom Schmidt and Ivan Bogatyy for reviewing drafts of this post, a version of which also appears on Medium.