51% Attacks Explained: Lessons from Ethereum Classic, Bitcoin Gold, and Beyond

Key Takeaways

• A 51% attack allows a single malicious entity to rewrite blockchain history and double-spend funds by controlling more than half of a network’s mining power or hash rate.
• Smaller and newer blockchains are disproportionately vulnerable, with research showing that 85% of successful attacks between 2018 and 2024 targeted chains in their first three years.
• Defenses like increased confirmation requirements, proof-of-stake transitions, hybrid consensus models, and real-time hash rate monitoring can significantly reduce risk for exchanges and platform operators.

In August 2025, a project called Qubic claimed it had seized majority control of Monero’s hash rate, executing a six-block reorganization of the ledger. Major exchanges like Kraken immediately halted deposits, and the token’s price dropped by over 16% in a single week. 

Whether this incident was a hostile takeover or, as Qubic framed it, a benign “experiment,” the market’s reaction underscored a sobering reality: 51% attacks remain one of the most disruptive threats to blockchain security. 

A 2026 peer-reviewed study confirmed the scale of this security gap. While executing a 51% attack on Bitcoin would cost upward of $6 billion, younger networks can be compromised for as little as $50,000. This security disparity spans three to four orders of magnitude, making understanding this threat no longer optional for anyone building, investing in, or operating within the digital asset ecosystem.

For anyone building, investing in, or operating within the blockchain ecosystem, understanding this threat is no longer optional.

How Does a 51% Attack Work?

A 51% attack primarily targets the consensus layer of a proof-of-work (PoW) blockchain.The term “51%” signifies that once a single entity or colluding group controls more than half of the network’s total mining power (hash rate), they gain majority control over block validation and production.

Once an attacker secures this monopoly, they can manipulate the blockchain’s state by altering the transaction confirmation process. 

The most common attack is double-spending. The exploit typically follows these steps:

1. The Deposit: The attacker deposits cryptocurrency onto an exchange and converts it into another asset or withdraws it.
2. The Private Fork: Simultaneously, the attacker uses their majority hash power to privately mine an alternative, parallel chain that excludes that initial deposit transaction.
3. The Reorg: Once this private chain becomes longer (or accumulates more heavy work) than the public one, the attacker broadcasts it to the network.

It is important to note what a 51% attacker cannot do. They cannot create new coins, forge signatures, or spend funds belonging to other users. The attack does not break cryptography. It exploits control over transaction ordering and chain history by gaining majority mining power.

Real-World 51% Attacks That Shook the Industry

The following table summarizes the most consequential 51% attacks in blockchain history.

Ethereum Classic stands out as the most frequently targeted network. In August 2020 alone, it suffered three separate attacks that reorganized over 14,000 blocks collectively. ETC’s core vulnerability was its position as a secondary chain sharing the same mining algorithm as Ethereum. Miners on the larger network could redirect their machines at negligible cost. At the time, an hourly attack on ETC cost roughly $3,800 compared to $513,000 for Bitcoin.

Bitcoin Gold followed a similar arc. Created as a GPU-friendly fork of Bitcoin, it lacked the hash rate density to make attacks economically impractical. After the $18 million exploit, the development team changed mining algorithms, but the reputational damage proved irreversible. BTG lost over 98% of its value within two years.

The Monero incident introduced a new dimension. Qubic used an economic incentive model to draw miners away from independent Monero pools, growing its network share from under 2% in May to over 51% by August 2025. The event proved that even larger PoW chains are exposed when economic incentives shift.

Why Are Some Blockchains More Vulnerable to 51% Attacks?

Not all proof-of-work networks face equal risk. Several factors determine how resistant a chain is to majority hash rate exploits.

• Low hash rate makes it cheaper to overpower the network. The Crypto51 tracker provides real-time estimates, and figures for smaller chains can be alarmingly low.
• Shared mining algorithms expose secondary chains because miners on a dominant sibling chain can redirect hardware at almost zero cost.
• Hash rate rental markets like NiceHash let attackers rent computational power for hours rather than investing in physical infrastructure.
• Network immaturity correlates strongly with vulnerability. Research confirms that chains under three years old with sub-$100M market caps face disproportionate risk.
• Limited validator or miner participation: When block production is concentrated in a smaller number of participants, the network has less decentralization and fewer independent actors securing consensus, which makes majority capture easier.

Understanding the blockchain trilemma helps contextualize this problem. Networks that optimize for decentralization and scalability sometimes sacrifice the security depth needed to resist consensus-level attacks.

How Can Blockchain Networks Prevent 51% Attacks?

No single defense is foolproof, but layered strategies significantly reduce risk.

• Increase confirmation thresholds. Requiring more block confirmations before crediting deposits forces attackers to sustain costly mining operations for longer periods.
• Transition to proof of stake. PoS eliminates the hash rate vector entirely, as attacking would require acquiring and risking a majority of staked tokens. Ethereum’s 2022 Merge is the most prominent example.
• Adopt hybrid consensus models. Combining PoW with PoS elements means attackers must overcome two independent security layers.
• Implement finality mechanisms. Protocols like the MESS system on Ethereum Classic make deep reorganizations exponentially more expensive.
• Lead a unique mining algorithm. Being the dominant chain on a given algorithm removes the risk of hash power redirection from larger sibling networks.
• Monitor hash rate in real time. Active detection of unusual mining concentration enables exchanges and platforms to trigger protective measures before damage occurs.

Building a More Resilient Blockchain Future

Every major 51% attack has driven the industry forward. ETC hardened its consensus rules. BTG changed algorithms. Monero’s community accelerated research into new defense proposals. The pattern is consistent. Attacks expose weaknesses, and the ecosystem responds with stronger infrastructure.

For exchanges, custodians, payment platforms, and financial institutions operating in digital assets, the lesson is clear. Security is not a feature. It is the foundation. Dynamic confirmation policies, robust transaction monitoring, and partnerships with infrastructure providers that understand blockchain security at the protocol level are essential layers of defense.

ChainUp provides the enterprise-grade infrastructure that exchange operators and financial institutions need to build on that foundation. From white-label exchange solutions and institutional MPC wallets to advanced liquidity technology and award-winning Know-Your-Transaction (KYT) Solution, our full-stack platform is built for security, scalability, and trust. 

Talk to our team today to see how ChainUp can support your next phase of digital asset growth.