What Happens During a 51% Attack?

The name makes it sound like a hostile takeover — like controlling 51% of a company's shares and doing whatever you want with it. That framing isn't quite right, and the misconceptions that follow from it matter. A 51% attack doesn't give an attacker control over a blockchain in any broad sense. What it gives them is a specific and narrow capability: the ability to rewrite recent transaction history on that chain.

That's still serious. But understanding exactly what it means — and what it doesn't — is the starting point for understanding which blockchains are actually at risk.

The Mechanism

To understand the attack, you need to understand how consensus normally works in proof-of-work blockchains.

Miners compete to find valid blocks by solving a computational puzzle. When a miner finds a valid block, they broadcast it and other miners add it to their chain. The rule everyone follows is simple: the chain with the most accumulated work is the valid one. This is why a 51% attack is sometimes called a "majority hash attack" — it exploits that rule directly.

Here's how the attack actually runs. An attacker who controls more than half the network's hash rate starts mining a private chain in secret, without broadcasting it. Meanwhile, they make a transaction on the public chain — say, sending cryptocurrency to an exchange, withdrawing funds, and converting them. On the public chain, that transaction is confirmed and the exchange considers it final.

Now the attacker reveals their private chain. Because they've been mining it with more than 50% of the hash power, it's longer than the public chain (more accumulated work). All nodes follow the rule: longest chain wins. They switch to the attacker's chain. In that chain, the original transaction to the exchange never happened. The attacker has their cryptocurrency back and the exchange is out whatever they withdrew.

This is a double-spend. The attacker spent coins twice: once on the public chain and once on their own private rewrite.

A few things worth being clear about: the attacker can also censor transactions — refusing to include certain addresses in any block they mine — and reverse their own transactions made during the attack window. What they can't do is change the rules of the protocol, steal coins from wallets they don't have private keys to, create new coins out of nothing, or reverse transactions that happened long before their attack. The deeper in history a transaction is, the more cumulative work sits on top of it, and the more work an attacker would have to redo to reach it.

Where Attacks Have Actually Happened

This isn't theoretical. Several smaller proof-of-work chains have been 51% attacked repeatedly.

Ethereum Classic (ETC) is the clearest case study. In 2020, ETC suffered three separate 51% attacks within two months. Attackers reorganized thousands of blocks and successfully double-spent significant amounts. ETC and Bitcoin use overlapping mining algorithms, but ETC has a fraction of Bitcoin's hash rate — which meant renting the hash power to attack it was economically feasible.

Bitcoin Gold (BTG) was attacked in 2018 and again in 2020, resulting in over $70 million in losses across exchanges. Same basic mechanism: rent hash power from markets like NiceHash, run a private chain, double-spend on exchanges, reveal the chain.

Bitcoin itself? No successful 51% attack, and none that would be economically rational. To accumulate 51% of Bitcoin's hash rate today would require an investment in ASIC hardware well north of $20 billion, plus ongoing electricity costs in the range of $10–15 million per day. The amount you could double-spend in the attack window would almost certainly be less than the cost of running it — and you'd still walk away with billions in depreciated ASICs you can't use for anything else.

The Proof-of-Stake Version

Proof-of-stake changes the attack surface. In PoS, "majority control" means owning more than 50% of the staked tokens rather than 50% of the hash rate.

For Ethereum, that's currently somewhere around $120–140 billion worth of ETH (the threshold varies with staking participation). That's not a realistic acquisition target. But more importantly, the protocol has an explicit response to detected 51% attacks: slashing. An attacker who submits conflicting blocks can have their entire stake confiscated by the protocol. The attack doesn't just fail to be profitable — it's financially catastrophic for the attacker. You'd spend $100B+ to acquire the attack position, and the protocol would burn it when you tried to use it.

This is why Ethereum is widely considered far more resistant to 51% attacks post-Merge than it was under proof-of-work, and why the attack scenario today is mostly a concern for smaller PoW chains with limited hash rate.

What's Changed

The biggest structural shift has been the availability of hashrate rental markets — platforms like NiceHash that let anyone rent mining power by the hour. This dramatically lowered the cost of attacking small PoW chains because attackers no longer need to own hardware. They can rent enough hash rate to exceed a chain's total, attack, and release the rental.

In response, some chains have adopted checkpointing — periodically publishing reference block hashes through out-of-band channels (social media, trusted validators) so nodes can reject any chain that diverges significantly from the canonical history. It's a pragmatic workaround that introduces a centralization tradeoff: someone has to publish the checkpoints, and that entity becomes a point of trust.

Finality by design is the more fundamental fix. Chains with explicit finality mechanisms — where blocks are cryptographically finalized by a supermajority of validators and cannot be reorganized — don't have 51% attack surfaces in the traditional sense. Ethereum's Casper finality finalizes blocks every two epochs (~12.8 minutes). Reorging finalized blocks would require the slashing of 1/3+ of all validators, which would destroy the attack capital.

Confirmation and Invalidation Signals

The structural risk is real for small PoW chains and essentially resolved for large PoS chains. Confirmation that this remains a live threat for small chains: continued successful attacks against low-hashrate PoW networks, persistent availability of hashrate rental markets, and exchanges not implementing deeper confirmation requirements for smaller chains.

Invalidation of the remaining concern: hashrate rental markets disappearing or becoming illiquid, small chains migrating to PoS with strong slashing conditions, or exchanges universally adopting deep confirmation requirements that make the attack window too short to be profitable.

Timing

Now: Small PoW chains remain genuinely vulnerable, especially those whose mining algorithms overlap with larger chains (hash power can be repurposed overnight). If you're running an exchange or custodying assets on a low-hashrate chain, confirmation depth matters.

Next: More small chains will likely migrate to PoS or merge into larger ecosystems, reducing the overall attack surface. The hashrate rental market is a persistent enabler as long as PoW chains exist.

Later: As PoW chains continue to decline in number and diversity, this attack vector becomes increasingly niche — relevant mostly in the context of new chains before they accumulate meaningful security budgets.

Boundary

This covers the mechanics of 51% attacks on proof-of-work and proof-of-stake chains, with documented historical examples. It doesn't address 66% or 34% attacks, which operate under different conditions in PoS systems, or the specific engineering decisions chains have made to respond. The deeper question of how exchanges should calibrate confirmation requirements by chain is a separate analysis.

The attack is specific, not general. Anyone describing it as "the ability to control a blockchain" is overstating it — which tends to generate both more fear and less useful caution than understanding the actual mechanism.