It concludes that double spend attacks against Proof-of-Work (PoW) blockchains are profitable and easy to accomplish when:
there is enough rentable hashpower to perform the attack
the attack does not reduce the market price of the stolen currency
the victim does not counterattack2
The 51% attack risk against major forks (ETC, BSV, BCH, and so on) will increase as rentable hashpower increases. Hundreds of millions of dollars are already vulnerable to savvy attackers.
The natural target for these attacks are centralized exchanges, which pool large quantities of funds, and cross chain DEXs which have little ability to respond in a coordinated way.
Proposed solutions have their disadvantages.
Enforce long confirmation times. This is a capitulation that worsens customer experience.
Buy insurance. This protects customer funds but fails to remove attackers’ incentive for future attacks.
Delist vulnerable coins. While exchanges can make this choice, they lose business in the process.
Take legal action against mining rental providers who enable majority attacks. This is unlikely to yield results in the short term and cannot prevent attacks.
The best solution is counterattack. As long as the attack victim can spend equal to the value of the at-risk funds to counterattack, there is no profit incentive for double spend attacks on that victim.
I hope we will see a service addressing this need before long. In the meanwhile, I’d urge any exchange listing a vulnerable chain to set up monitoring capacity for attacks and prepare a counterattack plan in case they become a target.
Investors should think carefully about whether they will be made whole after a double spend attack before entrusting their funds to an exchange.