What Is a 51% Attack? Which Chains Are Vulnerable
Today we’re tackling two issues:
First, understanding exactly how a 51% attack happens, so you’re not left in the dark if your assets are lost;
Second, knowing which chains are most vulnerable, so you can avoid pitfalls when trading or holding coins.
A few days ago, I chatted with a friend who does quantitative trading, and he dropped a truth bomb: Many people worry about exchanges running off with their funds, but overlook the fact that the chain itself can be “tampered with.” What he was referring to is the 51% attack. By the way, a 51% attack isn’t about hackers stealing your private key—it’s about them directly manipulating the “consensus” layer you thought was the safest.
A leading global cryptocurrency platform,suitable for both beginners and experienced traders.
New user benefit: 20% off trading fees upon registration!!
Let’s break this term down piece by piece.
The reason blockchain doesn’t need banks or middlemen is that all nodes (think of them as computers keeping the ledger) jointly maintain a single record. When you send a transaction, the majority of nodes have to nod and say, “Yes, that money was really spent,” for it to count. This voting mechanism usually depends on computing power or the amount of staked tokens. A 51% attack, simply put, is when someone controls more than half of the voting power. At that point, they can play dirty.
How dirty? The simplest and most direct move is double-spending. You send out some coins, and the transaction is confirmed on the normal chain. But the attacker secretly builds another, longer chain behind the scenes, erasing your transfer. When they release this chain, the whole network sees it’s longer and accepts it. Your transfer vanishes into thin air, and the coins return to the attacker’s pocket—meaning you’ve spent the same money twice.
Many people easily miss this: Attackers can’t create coins out of thin air. They can’t change Bitcoin’s total supply or crack your private key. All they can do is selectively ignore certain transactions while they control the voting power, then take back the coins they sent out.
So, how costly is it to pull off this kind of attack?
That depends on the chain’s consensus mechanism. For proof-of-work chains that rely on computing power, the attack cost mainly comes down to how many mining rigs or how much hash power you can rent. There are dedicated hash power rental platforms with clear pricing. Renting an hour’s worth of hash power to attack a small altcoin chain often doesn’t cost much.
There’s real data on this, and it’s pretty alarming. I checked a case from May this year, when the Ethereum Classic (ETC) chain was attacked. On-chain data monitors found that the attacker mobilized hash power through rental platforms before and after the attack, costing roughly just $3,400. That $3,400 caused double-spending losses worth millions of dollars. The attack lasted several days, with multiple reorganizations (overturning already confirmed blocks). Many exchanges’ ETC wallets only survived because they required a high number of confirmations, but services with lower confirmation thresholds took real financial hits.
To give you a clearer sense of which chains are easy targets, I’ve put together a comparison. I won’t dive into complex models here—just the most practical metric: how much it costs to attack for one hour.
| Coin (Attack Method) | Type | Approx. Cost for 1-Hour Attack (USD) | Vulnerability Feel |
| Bitcoin (BTC) | Rent Hash Power | Over $1.5 million | Extremely hard, no one can afford it |
| Litecoin (LTC) | Rent Hash Power | $50,000–$80,000 | Relatively safe, cost is high |
| Bitcoin Cash (BCH) | Rent Hash Power | $15,000–$30,000 | Under pressure, needs monitoring |
| Ethereum Classic (ETC) | Rent Hash Power | Under $5,000 | Very dangerous, has happened multiple times |
| Various New Small Mining Coins | Rent Hash Power | Hundreds or even tens of dollars | Could be “practiced on” at any time |
These costs are dynamic—you can check real-time data on a site called Crypto51. For many small coins, the cost to attack for an hour is just a few hundred RMB. That means any hacker with a bit of financial muscle can run a “live drill” whenever they want.
At this point, it’s clear which chains are most at risk. Coins that have just forked, use the same consensus algorithm as major coins but have extremely low total network hash power, are the hardest hit. For example, ETC and ETH use the same mining algorithm, but ETC’s hash power might be a fraction of ETH’s. So large miners holding ETH hash power, or anyone who can easily rent GPU hash power on the market, can bully ETC with ease. Many exchanges now have to raise ETC’s deposit confirmation count to thousands or even tens of thousands—by the time you receive the funds, it’s too late. That’s how scared they’ve become.
Some might ask: Are proof-of-stake chains immune? No. Proof-of-stake relies on the share of staked tokens. If you buy up a large amount of tokens on the market or borrow coins to gather over 51% of the staked supply, you can launch an attack too. However, this route is usually more expensive, because if you buy heavily, you’ll drive up the price, making costs uncontrollable. And if you succeed in the attack, the large stash of coins you hold will become worthless. So for major coins with high market caps, the incentive to attack is suppressed by this “hostage effect.” But for many small-cap, low-staking-rate proof-of-stake chains, the barrier to gathering attack chips isn’t as high as you’d think.
How can ordinary people guard against this? Here are some practical tips to share with you:
- If you’re an exchange user, don’t rush to use small coins with weak hash power. Check their confirmation requirements—the higher the confirmation count a platform demands, the stronger its ability to withstand reorganizations in theory.
- If you’re doing on-chain transfers yourself, when dealing with new, unfamiliar small chains, it’s better to wait a bit longer for large amounts. Let dozens more blocks run, making it harder for attackers to catch up.
- Monitor the coin’s hash power distribution. If 91% of a coin’s hash power is concentrated in a single mining pool, the pool might not be malicious, but it means the risk of “centralized evil” is concentrated—so stay alert.
In truth, a 51% attack isn’t a system vulnerability in blockchain. It’s more like a known “cost” baked into the system design—a native risk that decentralized operations must bear. For Bitcoin, this risk is negligible. But for many chains trying to cut corners with low-cost consensus, this sword hangs constantly over their heads.
Next time you see some new public chain hyped to the skies, boasting instant transfers and near-zero fees, take a moment to check its 51% attack cost per hour. If that number is pitifully small, then no matter how fast its transfers are, it’s just a castle built on sand—gone with the first wave.
