• Home
• Get Started
• 51 Percent Attack

What Is a 51% Attack? How It Works and Why It Matters

Last updated

March 19, 2026

Written by

Neill Velardo

Reviewed by

Graham Stone

A 51% attack is one of the most talked-about threats in cryptocurrency - but also one of the most misunderstood. At its core, it's a method of taking control of a blockchain by owning the majority of its consensus power, allowing an attacker to rewrite recent transaction history and spend the same coins twice. It sounds alarming, and for smaller networks it absolutely is. But for Bitcoin and other major blockchains, the sheer scale of the network makes such an attack economically and logistically near-impossible. This guide explains exactly what a 51% attack is, how it unfolds step by step, which cryptocurrencies have actually been hit, and what the industry has done to defend against it.

Manage your Bitcoin and other cryptocurrencies securely with the self-custody Bitcoin.com Wallet app.

Overview

If you've spent any time in the crypto world, you've probably heard the term "51% attack" thrown around as one of the biggest risks facing blockchain networks. But what does it actually mean? Who has pulled one off? And should you be worried about it happening to Bitcoin?

This guide breaks it all down - clearly, accurately, and without the hype.

The Core Idea: Majority Rules

Every blockchain network is maintained by a decentralized group of participants - miners (in proof-of-work systems) or validators (in proof-of-stake systems) - who collectively agree on the "true" version of the transaction history.

The protocol is designed around one principle: the majority decides. Whichever version of the blockchain has the most accumulated work (or stake) behind it is treated as the legitimate chain.

A 51% attack exploits this rule. If a single attacker - or a coordinated group - gains control of more than 50% of the network's total mining power (hash rate) or staked coins, they hold majority consensus. At that point, they can begin rewriting history.

How a 51% Attack Actually Works

Here's a step-by-step breakdown of what a real attack looks like in practice:

Step 1: Gain Majority Control

The attacker accumulates over 50% of the network's hash rate (for proof-of-work blockchains like Bitcoin) or over 50% of all staked tokens (for proof-of-stake chains). This is the biggest barrier - and the reason large networks are so resistant to this type of attack.

Step 2: Mine a Secret Chain

While the rest of the network continues building on the public chain, the attacker privately mines an alternative version of the blockchain. Because they control the majority of hash power, their private chain grows faster than the public one.

Step 3: Execute the Double Spend

The attacker broadcasts a transaction on the public chain - for example, sending 100 BTC to an exchange, converting it to another asset, and withdrawing. The exchange waits for confirmations and releases the funds.

Step 4: Release the Secret Chain

Once the funds are safely in hand, the attacker releases their secretly mined chain to the network. Because it's longer (more accumulated work), the protocol automatically accepts it as the "true" chain. The original transaction disappears from the record - as if it never happened.

The attacker has now spent their coins twice. This is the double-spend attack.

What a 51% Attacker Can and Cannot Do

Understanding the limits of a 51% attack is just as important as understanding what it enables.

They CAN:

• Double-spend their own coins - the core attack vector
• Reverse recent transactions they were involved in
• Block specific transactions from being confirmed
• Selectively exclude miners from earning rewards (known as "selfish mining")

They CANNOT:

• Steal coins from wallets they don't control - private keys remain secure
• Create coins out of thin air (beyond the normal block reward)
• Alter the fundamental protocol rules - hard-coded consensus rules remain intact
• Access or forge transactions from old, deeply buried blocks - rewriting ancient history is computationally infeasible even with majority control

This distinction matters. A 51% attack is a serious threat to network integrity and trust, but it is not the same as "hacking" someone's wallet or stealing funds arbitrarily.

Real-World 51% Attacks: It Has Happened

While Bitcoin has never suffered a successful 51% attack, several smaller cryptocurrencies have - serving as sobering case studies.

Ethereum Classic (ETC) - 2019 & 2020

Ethereum Classic, the original chain from the 2016 Ethereum split, was hit with multiple 51% attacks. In January 2019, attackers reorganized over 100 blocks and double-spent approximately $1.1 million worth of ETC. The attacks were repeated in August 2020, with over 4,000 blocks reorganized across three separate incidents. The network eventually upgraded its consensus mechanism in response.

Bitcoin Gold (BTG) - 2018 & 2020

Bitcoin Gold, a Bitcoin fork designed to be ASIC-resistant, was attacked in May 2018. Attackers double-spent roughly $18 million worth of BTG across multiple exchanges. A second, smaller attack followed in January 2020.

Vertcoin (VTC) - 2018

Vertcoin, another ASIC-resistant coin, suffered a 51% attack in December 2018 that resulted in 22 block reorganizations and an estimated $100,000 in double-spends.

Monero (XMR) - 2025

Even relatively established privacy coins aren't immune. In August and September 2025, Monero suffered a series of network reorganization attacks. A mining pool tied to Qubic, a Layer 1 blockchain project, temporarily seized more than half of Monero's hash power and pushed through a longer chain, undoing approximately 18 blocks and sending over 117 transactions back to the mempool - delaying payments and rattling confidence in the network.

The Common Thread

In each case, the targeted networks had relatively low hash rates - making it cheap to rent enough mining power (via services like NiceHash) to temporarily exceed 50%. The attacker didn't need to own the hardware; renting it was often economically viable for a short-time, targeted attack.

Why Bitcoin Has Never Been Successfully Attacked

Bitcoin's security against 51% attacks is a function of its sheer scale. As of March 2026, Bitcoin's hash rate sits at approximately 950–990 exahashes per second (EH/s) - an almost incomprehensible amount of computational power. This is actually down roughly 8–10% from its October 2025 all-time high, partly due to rising energy costs tied to geopolitical tensions in the Middle East and miners diversifying into AI/HPC operations. Even at this reduced level, the network remains overwhelmingly secure.

To launch a 51% attack on Bitcoin, you would need to:

1. Control more than 475 EH/s of mining hardware
2. Acquire or build hundreds of thousands of ASICs (specialized mining chips)
3. Power all of it - requiring electricity on a nation-state scale
4. Execute the attack before the network responds

Estimates put the cost of a one-hour Bitcoin 51% attack in the hundreds of millions to billions of dollars when factoring in hardware, energy, and logistics. And that's before accounting for the economic self-destruction: a successful attack would almost certainly crash Bitcoin's price, making the stolen funds worth far less than what was spent to steal them.

This combination of physical infrastructure requirements and economic disincentives makes Bitcoin uniquely resistant.

Proof-of-Stake and the 51% Problem

Proof-of-stake (PoS) networks like Ethereum face a variation of this attack, often called a "majority stake attack" or simply a PoS 51% attack.

Instead of controlling hash rate, an attacker would need to accumulate and stake over 50% of the circulating token supply. On Ethereum, that would currently mean controlling more than half of the approximately 37 million ETH actively staked - representing roughly 31% of total supply and a market value of around $112 billion as of early 2026.

PoS introduces some unique dynamics:

• Acquiring the majority stake drives up the token price, making the attack progressively more expensive as you buy more
• Slashing mechanisms in modern PoS systems can detect and financially penalize dishonest validators - destroying the attacker's own stake
• A successful attack would likely crater the token's market value, making the attacker's coins nearly worthless post-attack

These mechanisms make PoS 51% attacks expensive, detectable, and largely self-defeating on major networks - though smaller PoS chains with low total stake remain potentially vulnerable.

How the Industry Guards Against 51% Attacks

Blockchain developers and exchanges have developed several responses to this threat:

Longer confirmation requirements - Exchanges can require more block confirmations before crediting deposits for coins with lower hash rates. More confirmations means the attacker would need to maintain majority control for longer, increasing the cost.

Merge mining - Some smaller networks allow miners to simultaneously mine a larger network's chain alongside their own (e.g., Dogecoin and Litecoin merge mine together). This increases the total hash rate protecting the smaller chain.

Checkpoint systems - Some blockchains implement periodic "checkpoints" - finalized blocks that cannot be reorganized, limiting how far back an attacker could rewrite history.

Delayed finality and PoS slashing - Advanced PoS systems like Ethereum's Casper mechanism build in economic penalties for validators who attempt to reorganize finalized blocks.

MESS (Modified Exponential Subjective Scoring) - Used by Ethereum Classic after its attacks, this mechanism makes it exponentially more expensive to reorganize large numbers of blocks, specifically targeting the deep-reorg attack pattern.

Should You Be Worried?

For Bitcoin and Ethereum holders, a 51% attack is essentially a theoretical concern rather than a practical one. The economic and logistical requirements are simply too extreme.

For holders of smaller altcoins - particularly low-market-cap, low-hash-rate proof-of-work coins - the risk is real and has materially impacted investors before. When evaluating any cryptocurrency, it's worth asking: how much would it cost to attack this network? Tools like Crypto51.app (which estimates attack costs for various networks) offer a quick sanity check.

The general rule: the larger and more decentralized the network, the more secure it is against this type of attack. Security in blockchain is largely a function of scale.

Key Takeaways

• A 51% attack occurs when a single entity controls the majority of a blockchain's consensus power, allowing them to double-spend coins and reorganize recent transaction history
• Attackers cannot steal coins from other wallets, create new coins arbitrarily, or alter core protocol rules
• Several smaller cryptocurrencies - including Ethereum Classic, Bitcoin Gold, Vertcoin, and most recently Monero in 2025 - have suffered real 51% attacks with significant financial consequences
• Bitcoin has never been successfully attacked due to the enormous cost and energy requirements of controlling its hash rate
• Proof-of-stake networks face analogous risks but have additional economic disincentives built in
• The cryptocurrency industry has developed defenses including longer confirmation requirements, merge mining, checkpoint systems, and slashing mechanisms

Understanding the 51% attack is fundamental to understanding why decentralization and network size matter so much in the crypto space. It's not just a technical detail - it's the reason large, distributed networks are inherently more trustworthy than small ones.

Conclusion

The 51% attack is one of the most elegant - and unsettling - vulnerabilities in blockchain design. It doesn't exploit a bug in the code; it exploits the very mechanism that makes decentralized consensus work. Whoever controls the majority controls the truth.

But that's also why the solution is built into the system itself: make majority control so expensive, so logistically difficult, and so economically self-defeating that no rational actor would attempt it. Bitcoin has achieved exactly that. So has Ethereum. The networks that haven't are the ones that skipped the hard work of building real decentralization and hash rate.

For everyday crypto users, the takeaway is practical: stick to networks with proven security, use reputable exchanges that require sufficient confirmations, and be cautious with smaller, less-established coins - especially those with low hash rates and thin liquidity. The 51% attack isn't a ghost story. It has happened, it has cost people real money, and it will happen again to networks that don't take security seriously.

Understanding this attack doesn't just make you a more informed investor - it deepens your appreciation for why Bitcoin's scale and decentralization aren't accidents. They're the product of years of careful, hard-won growth, and they're ultimately what gives the network its value.

Frequently Asked Questions

Has Bitcoin ever been 51% attacked?

No. Bitcoin has never suffered a successful 51% attack in its entire history. Its hash rate is so large - currently around ~950–990 EH/s - that controlling the majority of it would require billions of dollars in hardware and energy, making any such attempt economically irrational.

What is a double-spend attack?

A double-spend attack is the primary goal of a 51% attack. It involves spending the same coins twice: first broadcasting a legitimate transaction to a recipient (like an exchange), then rewriting blockchain history to erase that transaction - effectively getting the value without the coins ever leaving your control.

Can a 51% attacker steal my Bitcoin?

No. A 51% attacker cannot access wallets they don't control, forge transactions, or steal funds from other users. They can only manipulate transactions they themselves are a party to. Your private keys - and the coins they protect - remain safe.

Which cryptocurrencies have been 51% attacked?

Notable victims include Ethereum Classic (ETC) in 2019 and 2020, Bitcoin Gold (BTG) in 2018 and 2020, Vertcoin (VTC) in 2018, and Monero (XMR) in 2025. All were smaller proof-of-work coins with low enough hash rates that renting the majority of their mining power was financially feasible.

How much would it cost to 51% attack Bitcoin?

Estimates vary, but a one-hour attack on Bitcoin is generally thought to cost hundreds of millions to over a billion dollars when accounting for hardware acquisition (or rental) and electricity. No such attack has ever been attempted.

Is Ethereum vulnerable to a 51% attack?

Ethereum moved from proof-of-work to proof-of-stake in September 2022. Under PoS, an attacker would need to control over 50% of all staked ETH - currently worth tens of billions of dollars. Additionally, Ethereum's slashing mechanism would penalize and destroy the attacker's own stake if dishonest behavior were detected, making an attack economically suicidal.

What is the difference between a 51% attack on PoW vs. PoS?

In proof-of-work, a 51% attack requires controlling the majority of mining hash rate - a physical infrastructure challenge. In proof-of-stake, it requires controlling the majority of staked tokens - a capital challenge. Both are expensive on large networks, but PoS adds the extra deterrent of slashing, where attackers risk losing their own stake if caught.

What does "block reorganization" mean in the context of a 51% attack?

A block reorganization (or "reorg") occurs when an alternative version of the blockchain replaces the currently accepted chain. During a 51% attack, the attacker privately builds a longer chain and then broadcasts it, causing the network to "reorganize" and accept the attacker's version - erasing transactions from the original chain in the process.

How do exchanges protect against 51% attacks?

Exchanges typically require a certain number of block confirmations before crediting deposits. More confirmations mean more blocks the attacker would need to reorganize, which increases the cost and time required to execute an attack. Exchanges dealing in smaller, riskier coins often require significantly more confirmations than those dealing in Bitcoin or Ethereum.

Is a 51% attack illegal?

In most jurisdictions, yes. Executing a 51% attack to double-spend funds would constitute fraud and potentially computer crime under existing laws. However, the pseudonymous nature of blockchain networks makes identifying and prosecuting attackers extremely difficult. Most known attacks have gone unpunished.