Bitcoin's most cited vulnerability centers on the 51% attack, a scenario where one miner or pool controls enough of the network's hashing power to manipulate the blockchain. While mining power consoli
Bitcoin's most cited vulnerability centers on the 51% attack, a scenario where one miner or pool controls enough of the network's hashing power to manipulate the blockchain. While mining power consolidation concerns the community, fears spike whenever a single pool nears majority control. But Matt Corallo, a Blockstream co-founder, argues that the focus on 51% itself misses the point.
At a recent SF Bitcoin Devs meeting, Corallo presented research on blockchain mechanics and network attacks. He pushed back against the conventional wisdom that reaching 51% hashrate represents some kind of threshold for successful attacks. Instead, he showed that attacks become viable at much lower percentages.
"I want to talk a minute about hash power attacks and what you actually can do with 51 percent hash power or, more specifically, what you can do with 40 percent, 45, and 51... There's this misnomer in the community that you need 51 percent [of the network hashrate] to pull this off. You really don't, not even close," Corallo said.
The math backs this up. Satoshi Nakamoto's original Bitcoin white paper includes calculations showing the probability of successful double-spending at different hashrate levels. At 45 percent control, an attacker's odds of mining a competing chain of six or more blocks shift in their favor. "At 45 percent hash power, their likelihood of winning — if they are trying to mine a fork or six blocks or whatever — is pretty damn high. It's all just a probability," Corallo explained. "With 51 percent, you're also still not guaranteed; you're only guaranteed to win in the very long run — not for a very short fork."
Confirmation counts don't work as simple on-off switches either. When Corallo discussed how merchants evaluate transaction safety, he separated the concept of confirmations from actual finality. Each block added to the chain increases the work needed to reverse a transaction, but the amount required depends on the attacker's hashing power. The security of a payment isn't a black-and-white matter.
Merchants accepting payments after one confirmation should rethink that threshold. Corallo urged users to calculate their own attack probabilities based on today's mining pool distribution. "If you're someone who is currently accepting coins with one block, you should reconsider that. If you're currently accepting coins with six blocks of confirmations, you should sit down and do the math with today's mining pools... It's not as cut and dry as 51 percent [versus] 50 percent; it's not at all."
Corallo's goal wasn't to scare users away from Bitcoin but to encourage informed decision-making. He acknowledged that six confirmations remain a sensible default for most transactions. "I'm not trying to present this as like, 'Oh, Bitcoin isn't secure, and we should all be waiting for 20 confirmations.' Six is probably fine... and that's why six was chosen. It's a reasonable tradeoff. For reasonable amounts of money, it's going to be secure — even with [the] current hashing power distribution. People should be very aware of this. Don't just blindly follow what's happening."
