Blockchain Attacks: 51% Attacks, Double Spending, and More

Blockchain technology is renowned for its security, but it is not invulnerable. Understanding the attack vectors that threaten blockchain networks is crucial for anyone holding or transacting in cryptocurrency. While the blockchain protocols themselves have proven remarkably resilient — Bitcoin has never been successfully attacked at the protocol level — the broader ecosystem of wallets, exchanges, bridges, and smart contracts faces constant threats.

This guide catalogs the major categories of blockchain attacks, explains how they work, provides real-world examples, and offers practical guidance on protecting your assets.

Protocol-Level Attacks

These attacks target the blockchain protocol itself — the consensus mechanism, the network topology, or the cryptographic foundations.

51% Attack (Majority Attack)

A 51% attack occurs when a single entity or coordinated group gains control of more than 50% of a Proof of Work network's hash power (or more than 33%/67% of stake in Proof of Stake networks, depending on the attack type).

How it works:

1. The attacker accumulates majority hash power, either by building/buying mining hardware or by renting hash power from services like NiceHash.
2. The attacker begins mining a private chain — a fork of the blockchain that only they know about.
3. On the public chain, the attacker sends cryptocurrency to an exchange and sells it for fiat or another crypto.
4. Once the exchange credits the sale, the attacker broadcasts their private chain, which is longer (has more accumulated work) than the public chain.
5. The network accepts the longer chain as the valid chain, and the attacker's original transaction disappears — the funds return to the attacker's wallet.
6. The attacker has effectively spent their coins twice: once on the exchange (received payment) and once on the private chain (coins returned).

Cost of a 51% attack:

Network	Estimated 1-Hour Attack Cost (2026)
Bitcoin	$10+ billion (practically impossible)
Ethereum (PoS)	$30+ billion (acquire 33% of staked ETH)
Litecoin	~$500K-$1M
Bitcoin Cash	~$100K-$300K
Ethereum Classic	~$10K-$50K

Real-world examples:

• Ethereum Classic (2019, 2020): Suffered multiple 51% attacks resulting in millions of dollars in double-spends.
• Bitcoin Gold (2018, 2020): Attacked multiple times, with one attack resulting in $70,000+ in double-spends.
• Verge (2018): Attacked multiple times due to its multi-algorithm PoW design.

Key insight: 51% attacks are primarily a threat to smaller PoW chains. Bitcoin's hash rate is so massive that a 51% attack is economically infeasible. For larger PoS chains like Ethereum, the cost of acquiring sufficient stake (and the certainty of losing it through slashing) makes the attack similarly impractical.

Double-Spending Attack

Double spending — using the same funds for two different transactions — is the fundamental problem that blockchain was designed to solve. While a 51% attack is one method of double-spending, other techniques exist for smaller amounts:

Race attack (zero-confirmation):

1. The attacker sends a transaction to a merchant with a low fee.
2. Simultaneously, the attacker sends a conflicting transaction (spending the same coins) to themselves with a higher fee.
3. If the merchant accepts the payment before it is confirmed, the higher-fee transaction is more likely to be confirmed first, and the merchant's payment disappears.

Finney attack:

1. A miner pre-mines a block containing a transaction sending coins to themselves.
2. The miner then sends a conflicting transaction to a merchant.
3. After receiving goods/services, the miner releases the pre-mined block, invalidating the merchant's payment.

Protection: Always wait for sufficient block confirmations before considering a transaction final. For significant amounts, 6 Bitcoin confirmations or Ethereum finalization (~15 minutes) provides strong protection.

Selfish Mining

Selfish mining is a strategy where a miner with significant (but not majority) hash power withholds discovered blocks, releasing them strategically to waste honest miners' work.

How it works:

1. A selfish miner finds a block but does not broadcast it immediately.
2. While honest miners waste effort on an outdated chain tip, the selfish miner continues extending their private chain.
3. The selfish miner strategically releases blocks to orphan honest miners' work, capturing a disproportionate share of block rewards.

Impact: Research has shown that selfish mining can be profitable for miners with as little as 25-33% of total hash power (the exact threshold depends on the miner's network connectivity). However, in practice, selfish mining has not been a significant issue on major networks because the strategy is detectable, risky (the private chain could be orphaned), and the economic incentives generally favor honest mining.

Sybil Attack

A Sybil attack involves creating many fake identities (nodes) to gain disproportionate influence over the network.

How it works:

1. An attacker creates thousands of fake nodes on the blockchain network.
2. These nodes surround honest nodes, controlling the victim's view of the network.
3. The attacker can then censor transactions, feed false information, or disrupt the network's peer-to-peer communication.

Protection: Blockchain consensus mechanisms are specifically designed to prevent Sybil attacks. In PoW, creating fake nodes is useless without hash power — each node must prove work to contribute to consensus. In PoS, each validator must stake real capital. The cost of mounting a Sybil attack on a well-designed blockchain is the cost of acquiring the resources (hash power or stake) required for consensus participation.

Eclipse Attack

An eclipse attack targets a specific node rather than the entire network, isolating it from honest peers.

How it works:

1. The attacker identifies the target node's peer connections.
2. The attacker floods the target with connection requests from attacker-controlled nodes.
3. The target's peer connections are gradually replaced with attacker-controlled nodes.
4. Once eclipsed, the target sees only the attacker's version of the blockchain.
5. The attacker can feed the target false transactions, delay or censor information, or facilitate double-spend attacks against the eclipsed node.

Real-world impact: Eclipse attacks have been demonstrated in research papers against Bitcoin and Ethereum nodes. They are most dangerous for lightweight clients that connect to few peers.

Protection: Running a full node with diverse peer connections, using multiple data sources to verify the chain state, and maintaining static peer connections to trusted nodes.

Long-Range Attack (PoS specific)

In Proof of Stake systems, a long-range attack exploits the fact that old validator keys may become available (through key leakage, social engineering, or purchase from validators who have exited).

How it works:

1. An attacker obtains private keys of validators who were active at an earlier point in the chain's history.
2. The attacker creates an alternative chain history starting from a past block.
3. Because there is no physical cost to "re-staking" in the past (unlike PoW, where re-mining requires electricity), the attacker can create a competing chain cheaply.

Protection: Modern PoS systems mitigate long-range attacks through:

• Weak subjectivity checkpoints: Nodes periodically record the chain state, and any fork older than the checkpoint period is automatically rejected.
• Social consensus: New nodes request the current chain state from trusted community sources.
• Key deletion: Validators are encouraged to delete old signing keys after exiting.

Network-Level Attacks

BGP Hijacking

The Border Gateway Protocol (BGP) controls how internet traffic is routed between networks. A BGP hijack redirects internet traffic through an attacker-controlled network.

Impact on blockchain: An attacker who hijacks traffic between blockchain nodes can delay block propagation, partition the network, or intercept and modify communication between nodes.

Real-world examples: Research by ETH Zurich (2017) demonstrated that hijacking just a few internet service providers could partition the Bitcoin network. In 2018, suspicious BGP events redirected traffic destined for Amazon's Route 53 DNS service, enabling the theft of ~$150,000 in Ethereum.

Time-Jacking

By manipulating a node's perception of time, an attacker can cause it to accept blocks with incorrect timestamps, potentially isolating it from the honest network.

Protection: Most blockchain clients implement strict timestamp validation rules and do not rely solely on peer-reported timestamps.

Denial of Service (DoS)

Flooding a node or network with requests to overwhelm its capacity. While blockchain networks are inherently resistant to DoS (transaction fees make spam expensive), individual nodes or services (exchanges, block explorers, RPC providers) can be targeted.

Solana has experienced multiple network outages partly attributable to transaction floods from bot activity, highlighting that high-throughput chains can be vulnerable to spam attacks that do not exist on fee-constrained chains like Bitcoin.

Smart Contract Attacks

Smart contract vulnerabilities represent the largest source of financial losses in the cryptocurrency ecosystem. See our Smart Contracts Guide for detailed coverage.

Reentrancy Attack

How it works: A malicious contract calls back into the vulnerable contract during execution, before the victim contract has updated its state.

Notable example: The DAO hack (2016) — $60M drained from Ethereum's largest decentralized fund.

Flash Loan Attack

Flash loans are uncollateralized loans that must be borrowed and repaid within a single transaction. Attackers use them to temporarily command massive amounts of capital to manipulate DeFi protocols.

Common pattern:

1. Borrow millions in crypto via a flash loan (no collateral needed).
2. Use the borrowed funds to manipulate a price oracle or liquidity pool.
3. Exploit the manipulated price to extract value from a vulnerable protocol.
4. Repay the flash loan.
5. Keep the profit.

Scale of damage: Flash loan attacks have caused hundreds of millions in losses across DeFi. Notable examples include Euler Finance ($197M, 2023), Cream Finance ($130M, 2021), and Pancake Bunny ($45M, 2021).

Oracle Manipulation

Smart contracts that rely on external data feeds (oracles) are vulnerable if the oracle can be manipulated. Attackers exploit thinly-traded tokens or low-liquidity pools to create artificial price movements that trigger favorable conditions in lending protocols, synthetic asset platforms, or derivatives markets.

Governance Attack

Some DeFi protocols allow token holders to vote on protocol changes. An attacker who accumulates sufficient governance tokens (potentially through flash loans) can pass malicious proposals that drain the protocol's treasury or change parameters in their favor.

Example: Beanstalk Farms (2022) — an attacker used a flash loan to acquire enough governance tokens to pass a proposal that transferred $182M from the protocol's treasury.

Infrastructure Attacks

Bridge Exploits

Cross-chain bridges — smart contracts that enable asset transfers between blockchains — have been the single largest source of cryptocurrency theft.

Why bridges are vulnerable:

• They hold massive amounts of locked assets (the "backing" for wrapped tokens).
• They involve complex multi-chain logic that is difficult to audit.
• Many bridges use multi-signature wallets where compromising a threshold of keys grants full access.

Major bridge exploits:

Bridge	Year	Amount	Attack Vector
Ronin (Axie Infinity)	2022	$625M	Compromised validator keys
Wormhole	2022	$320M	Signature verification bypass
Nomad	2022	$190M	Message verification flaw
Harmony Horizon	2022	$100M	Compromised multi-sig keys

Protection: Minimize funds held in bridge contracts. When possible, use native bridging mechanisms (like rollup bridges that inherit L1 security) rather than third-party bridges. Be aware that wrapped assets on other chains carry bridge risk.

Exchange Hacks

Centralized exchanges hold vast amounts of cryptocurrency in hot wallets, making them prime targets. Major exchange hacks include:

Exchange	Year	Amount
Mt. Gox	2014	850,000 BTC (~$450M at the time)
Coincheck	2018	$530M (NEM)
FTX	2022	$477M (post-bankruptcy drain)
DMM Bitcoin	2024	$305M

Protection: Never leave large amounts on exchanges. Use self-custody wallets for long-term storage, and protect your seed phrase with proper cold storage methods.

MEV and Front-Running

What Is MEV?

Maximal Extractable Value (MEV) refers to the profit that block producers can extract by strategically ordering, including, or excluding transactions within a block. While not technically an "attack" in the traditional sense, MEV extraction often comes at the expense of regular users.

Types of MEV

Front-running: The attacker sees a pending transaction in the mempool and submits a competing transaction with a higher fee to execute before it.

Sandwich attack: The most common form of MEV exploitation targeting DEX trades:

1. A user submits a large token swap on a DEX (e.g., buying 100 ETH worth of Token X).
2. An MEV bot sees this pending transaction and submits a buy order for Token X just before the user's transaction.
3. The user's large purchase pushes the price up.
4. The MEV bot sells Token X immediately after, capturing the price increase.
5. The user receives fewer tokens than expected due to the inflated price.

Back-running: The attacker submits a transaction immediately after a target transaction to capture arbitrage opportunities created by the target's price impact.

MEV Scale

MEV extraction on Ethereum totals hundreds of millions of dollars annually. While some forms of MEV (arbitrage, liquidations) are considered beneficial for market efficiency, others (sandwich attacks, front-running) directly harm users.

Protection Against MEV

• Private transaction submission: Services like Flashbots Protect, MEV Blocker, and some wallets (Cowswap, 1inch Fusion) submit transactions directly to block builders, bypassing the public mempool.
• Limit orders: Using limit orders instead of market swaps prevents sandwich attacks.
• Slippage settings: Setting tight slippage tolerances limits the maximum price impact you accept.
• Batch auctions: Protocols like CoW Protocol batch multiple trades and find optimal execution prices, eliminating front-running.

Cryptographic Threats

Quantum Computing

Quantum computers could theoretically break the elliptic curve cryptography (ECDSA) used by Bitcoin and Ethereum to generate signatures. A sufficiently powerful quantum computer could derive private keys from public keys.

Current status (2026): Quantum computers have not yet reached the scale needed to threaten blockchain cryptography. Current quantum computers have hundreds to a few thousand qubits; breaking ECDSA would require millions of error-corrected qubits. Most experts estimate this is 15-30+ years away.

Mitigation: Post-quantum cryptographic algorithms are being developed and standardized (NIST completed its post-quantum standards in 2024). Bitcoin and Ethereum can upgrade their signature schemes via soft forks before quantum computing becomes a practical threat. Bitcoin addresses that have never had their public key exposed (unused receive addresses) are resistant to quantum attacks because only the hash of the public key is on-chain.

Hash Function Vulnerabilities

If SHA-256 (Bitcoin) or Keccak-256 (Ethereum) were discovered to have a fundamental weakness allowing collisions or pre-image attacks, the blockchain's integrity would be threatened. However, no such weakness has been found despite decades of cryptanalysis, and the blockchain community would migrate to a new hash function well before a complete break occurred.

Protecting Yourself

For Individual Users

1. Secure your seed phrase: Use a secure generation method and store backups in multiple secure locations using cold storage methods.
2. Wait for confirmations: Do not consider transactions final until they have sufficient confirmations (6+ for Bitcoin, finalization for Ethereum).
3. Use established protocols: Interact with audited, time-tested smart contracts rather than new, unaudited ones.
4. Minimize exchange holdings: Transfer assets to self-custody wallets for long-term storage.
5. Enable MEV protection: Use wallets and DEX interfaces that route transactions through private channels.
6. Verify addresses: Always double-check recipient addresses. Address poisoning attacks — where an attacker sends small amounts from a similar-looking address hoping you will copy it for future transactions — are increasingly common.

For Developers

1. Security audits: Have smart contracts audited by multiple independent firms before deployment.
2. Bug bounties: Offer financial incentives for responsible vulnerability disclosure.
3. Formal verification: Use mathematical proofs to verify critical contract logic.
4. Battle-tested libraries: Use OpenZeppelin and other audited libraries for standard functionality.
5. Upgrade mechanisms: Implement time-locked upgrade patterns that give users time to react.
6. Oracle diversity: Use multiple oracle sources and implement circuit breakers for extreme price movements.

SafeSeed Tool

The most common way individuals lose cryptocurrency is not through sophisticated blockchain attacks — it is through poor key management. Compromised seed phrases, phishing attacks, and lost backups account for far more losses than all protocol-level attacks combined. Use the SafeSeed Seed Phrase Generator to create a cryptographically secure seed phrase, and follow our security guide to store it safely. Your keys, your coins — but only if your keys are secure.

FAQ

Has Bitcoin ever been hacked?

The Bitcoin protocol itself has never been successfully attacked. Bitcoin has operated continuously since January 3, 2009, without a single instance of double-spending or chain corruption on the main network. However, applications built on top of Bitcoin — exchanges (Mt. Gox), wallets, and bridges — have been hacked numerous times. The distinction is critical: Bitcoin's blockchain is secure; the services and software that interact with it may not be.

Can a 51% attack destroy Bitcoin?

A 51% attack could temporarily disrupt Bitcoin by enabling double-spends and censoring transactions, but it could not destroy Bitcoin. The attacker cannot steal coins from wallets (private keys are still required to sign transactions), create new coins outside the protocol's rules, or change the protocol's code. The community could also respond by changing the mining algorithm (a nuclear option that would invalidate the attacker's hardware). The extreme cost of a 51% attack on Bitcoin (~$10+ billion in hardware plus ongoing electricity) makes it one of the most improbable attack scenarios in the crypto space.

What is the most common type of blockchain attack?

Smart contract exploits and bridge hacks are the most common and financially damaging attack vectors in the blockchain ecosystem. In 2022 alone, over $3 billion was lost to bridge exploits. For individual users, phishing attacks, seed phrase theft, and address poisoning are the most common threats. Protocol-level attacks (51% attacks, double-spends) are rare and primarily affect smaller, less-secured chains.

Are Proof of Stake blockchains more or less vulnerable to attacks?

PoS blockchains face different attack vectors than PoW chains. They are immune to 51% attacks in the traditional sense (no hash power to accumulate) but face equivalent threats if an attacker acquires sufficient stake. PoS has additional protections (slashing) that make attacks directly costly to the attacker. However, PoS introduces unique risks like long-range attacks and stake concentration. Neither consensus mechanism is universally more or less secure — they have different threat models.

How can I tell if a DeFi protocol is safe to use?

No DeFi protocol is completely risk-free, but several indicators suggest higher security: multiple independent security audits from reputable firms, a substantial bug bounty program, time-locked or governance-gated upgrades, significant total value locked over an extended period without incidents, open-source and well-documented code, and a diverse, active development team. Even with all these factors, smart contract risk is never zero. Only deposit what you can afford to lose.

What happens to my funds if the blockchain is attacked?

It depends on the attack type. In a 51% attack, only transactions made during the attack window are at risk — existing wallet balances are not affected. In a smart contract exploit, only funds deposited in the compromised contract are at risk — funds in your personal wallet are safe. In an exchange hack, only funds held on the exchange are at risk. This is why self-custody and proper key management are the most effective defenses against most attack types.

Should I worry about quantum computing?

Not in the near term. Practical quantum computers capable of breaking blockchain cryptography are estimated to be 15-30+ years away. The blockchain community has ample time to adopt post-quantum cryptographic standards. Bitcoin addresses that have never broadcast a transaction (only received) are even more resistant because their public keys are not exposed. Staying informed about quantum computing developments is prudent, but it should not be a primary security concern for current cryptocurrency holders.

Related Guides

• What Is Blockchain Technology?
• How Blockchain Works
• Consensus Mechanisms Explained
• Smart Contracts Explained
• The Blockchain Trilemma
• Seed Phrase Security Guide
• Cold Wallet Storage Guide