Why Exchanges List Small-Cap Coins Despite 51% Attacks

It is profitable for exchanges to list low market-cap coins, despite the potential for 51 percent attacks, say two VCs from Dragonfly Capital.

AccessTimeIconFeb 11, 2020 at 8:30 p.m. UTC
Updated Dec 11, 2022 at 2:12 p.m. UTC
AccessTimeIconFeb 11, 2020 at 8:30 p.m. UTCUpdated Dec 11, 2022 at 2:12 p.m. UTC
AccessTimeIconFeb 11, 2020 at 8:30 p.m. UTCUpdated Dec 11, 2022 at 2:12 p.m. UTC

Ashwin Ramachandran is a junior partner at Dragonfly Capital, a cross-border crypto venture fund. Haseeb Quereshi is a managing partner. 

On January 23, bitcoin gold was 51 percent attacked and $72,000 was double-spent. This is the second time bitcoin gold (BTG) has been attacked, and its aftermath left many people wondering: Why don’t exchanges delist bitcoin gold and other easily 51 percent-attackable proof-of-work (PoW) coins? 

Turns out, there’s a simple answer. But first, let’s examine the circumstances of how this attack was performed.

Bitcoin gold is a fork of bitcoin that uses the ASIC-resistant ZHash mining algorithm. ZHash is optimized for efficient GPU mining and increases the difficulty of ASIC development due to its high memory requirements. GPUs are widely available for rental since they are commoditized and in large supply relative to ASICs, so it’s easy to rent enough hash power to dominate the bitcoin gold network. Hash power marketplaces, such as NiceHash and MiningRigRentals, have dramatically decreased the costs of performing a 51 percent attack, and similar marketplaces are popping up left and right (see Warihashhttps://warihash.com/, Luxor, etc).

NiceHash Hash Power Marketplace
NiceHash Hash Power Marketplace

The recent attack on bitcoin gold required up-front capital costs of $3,400 (0.4 BTC to reorganize a total of 29 blocks assuming linear slippage), but note that this cost was recouped through block rewards on the reorganized chain. Because of the inexpensive overall cost, this attack could have been performed entirely using spot GPU rental markets. Furthermore, because GPU rental markets are becoming increasingly liquid, the cost of overtaking a GPU mineable network is decreasing (see NiceHash pricing). Thus, the up-front capital required by the attackers is only the bitcoin gold they wanted to double-spend, plus the hash power costs. The BTG attackers double-spent an estimated $72,000 and paid only $3,400 (recouping roughly $4,200 through block rewards), giving them an ROI of about 96.6 percent, making this a wildly profitable attack. 

And, of course, the primary victims of 51 percent attacks are exchanges. The attack generally goes like this: The attacker deposits coins on an exchange, those coins are traded for some other liquid coins like BTC, and then the BTC is withdrawn. The original deposit transaction is later reverted by the 51 percent attacker, allowing them to get back their original deposit and essentially double their money. Because of this vulnerability, exchanges wait a confirmation period (originally 12 blocks on Binance for bitcoin gold) before allowing coins to be withdrawn. But while these confirmation periods increase security, they cannot prevent attacks outright. For more on the mechanics of 51 percent attacks, check out this tweetstorm on the ethereum classic (ETC) attack last year.

SingleQuoteLightGreenSingleQuoteLightGreen
It is more profitable for Binance to list low-mid market cap PoW coins, even with their potential losses due to 51 percent attacks.
SingleQuoteLightGreenSingleQuoteLightGreen

Bitcoin gold’s 51 percent attack was the second in just two years (the first bitcoin gold attack was much larger), yet BTG remains traded on exchanges like Binance to this day. Naturally, the question arises: why doesn’t Binance delist BTG?

Binance currently trades about $4.13 million in BTG/BTC volume per week. So Binance makes around $429,000 per year in total profit on the BTG/BTC trading pair alone (assuming average fees of 20 basis points (maker/taker) per trade and low BNB usage).

After calculating profits for all low-mid market capitalization PoW coins, a trend crystalizes. It is more profitable for Binance to list low-mid market cap PoW coins, even with their potential losses due to 51 percent attacks. The chart below shows estimates of the percentage of hash rate available for rent, along with Binance’s profit estimates (assuming current market prices).

Vulnerable PoW coins. Assumes current exchange rates. Sources: Binance API, NiceHash, MiningRigRentals.com
Vulnerable PoW coins. Assumes current exchange rates. Sources: Binance API, NiceHash, MiningRigRentals.com

Note: All rented hash power increases the total hashrate of the network. Thus, an attacker must acquire 100 percent of the current hashrate to launch a successful 51 percent attack. All hash power acquisition estimates are also vulnerable to linear market price slippage, which can vastly increase attack costs.

As long as it’s sufficiently profitable, we expect that Binance and other high-volume exchanges will continue to list vulnerable PoW coins. Exchanges can always reduce the probability of a 51 percent attack by increasing the number of confirmations required for withdrawals (Binance increased this for BTG from 12 to 20 following the attack). But, of course, this does not prevent attacks outright and instead merely increases an attacker’s capital costs. Exchanges can further engage in attack prevention by performing prudent anomaly detection on user deposits of small-cap PoW coins. But note that there is no way to directly detect a 51 percent attack before it happens, since renting hashrate does not cause the on-chain hashrate to drop in any way.

The most recent bitcoin gold attack was worth about $72,000, while Binance expects to make $429K from bitcoin gold this year. Likewise, the ethereum classic 51 percent attack netted the attacker approximately $1.1 million, while Binance expects to make about $3.2 million off its trading fees. This is yet another reason why coins do not die after 51 percent attacks.

That said, 51 percent attacks are still an enigma. They seem like a fundamental violation of the proof-of-work security model. But 51 percent attacked coins continue to trade on top exchanges, and often, bizarrely, increase in price after an attack (see ETC, BTG, XVG). We can partly explain this phenomenon by seeing 51 percent attacks as a tax on exchanges and modeling their continued incentives to list vulnerable coins. But as for why 51 percent-attacked coins sometimes appreciate, unfortunately that still remains a mystery.

The authors thank Tom Schmidt and Ivan Bogatyy for reviewing drafts of this post, a version of which also appears on Medium.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.


Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.