Punishing the Byzantine Fault: Application of US law to a 51% attack (or threat)

The 51% attack is the blockchain equivalent of a terrorist action. Not only is there the direct threat of the attacker illicitly acquiring or double spending tokens, but also the less direct, but likely bigger threat of gravely damaging public confidence in the impugned blockchain protocol. The attacker could likely make more money shorting a cryptocurrency on an exchange in advance of announcing a successful attack than they can make directly through the attack. Such ill-gotten gains would also be harder to trace. Notwithstanding the potential damage, United States law may not be ready for application to the prevention and reparation of 51% attacks.

It does not happen often, but it can happen

About a month ago, Vertcoin suffered a successful 51% attack. The Proof of Work based decentralized cryptocurrency saw 603 genuine blocks replaced with 553 artificial blocks. It was the second such successful attack in a year. Vertcoin itself claims to be a Bitcoin alternative targeted at achieving wider decentralization of blockchain participants through a user friendly mining protocol. Putting aside the merits of Vertcoin itself, the hack raises the question of what laws are violated (in the United States) when a single entity[1] gets control of 51% of the validating function.

It is not so far-fetched to think that a 51% attack can happen on a more established blockchain. Here are a few recent statistics in terms of how much it would cost to finance a one hour 51% attack on a few of the proof-of-work protocol blockchain.

Bitcoin Cash — $72,000

Litecoin — $64,000

DASH — $15,000[2]

ETH Classic — $10,000[3]

There are at least two enabling factors that facilitate carrying out a successful 51% attack:

  1. Specialized ASIC miners built for specific PoW mining algorithms that allow concentrated hoarding of hashing power; and
  2. The provision by services like NiceHash of readily available inexpensive hashing power from ASIC miners on a rental basis (eliminating the need for a large hardware investment).

In context, even Bitcoin and Ethereum aren’t beyond a 51% attack. A foreign government or very wealthy backer could afford to attack even the most distributed of proof of work networks.

The dubious legality of 51% the Attack (or the public threat thereof) [4]

There is no legal definition of a “51% attack.” From a software engineering perspective, obtaining 51% control of a protocol’s hashing power is bad. That said, from a legal perspective, that by itself is likely not illegal. It does set the stage, however.

Once a single actor has control they can[5]:

  1. Exclude or modify the ordering of transactions;
  2. Reverse transactions that occurred while they were in control (also known as a “double spend”);
  3. Prevent any or all transactions occurring on the network; and
  4. Prevent other miners from confirming blocks on the network

They cannot (just be virtue of control of 51% of hashing power):

  1. Change elements of the protocol such as block reward amount, creating coins, or steal coins directly from other users; or
  2. Reverse transactions made by other users[6]

Legally speaking, holding 51% of the hash power, without anything further, probably does not break any law. You can think of it like holding fishing gear next to a lake outside of fishing season. Cast that rod and you have broken the law. Sit there staring longingly at the lake and you are still a law abiding citizen. In contrast, actions that involve direct theft are an easy call. Pretty much all states (and the federal government by way of the wire fraud statutes) would bring out the handcuffs for an intentional double spend.

At what point does holding 51% of protocol hashing power turn into a criminal act?

What about a scenario when an attacker prevents certain transactions from happening on the network? Or if an attacker prevents other miners from confirming blocks? How about an attacker that does nothing other than publicly demonstrate that they could have done something more nefarious?

In the United States, no act is criminal unless there is an effective statute that makes it so.[7] While legislators have turned some attention to digital assets and transactions therein, the effective laws have not specifically delineated what actions a holder of 51% of protocol hashing power might take to run afoul of criminal law. We do have a few federal statutes that might apply however.[8]

51% Attacks and the Computer Fraud and Abuse Act

The most relevant statute to this issue is the Computer Fraud and Abuse Act (the “CFAA”). Under the CFAA, it is a crime to “knowingly cause the transmission of a program, information, code, or command, and as a result of such conduct, intentionally cause damage without authorization, to a protected computer.”[9] Conspiracy to commit, or an “attempt to commit” these acts is similarly a crime.[10]

Breaking down that legalese, under the CFAA[11], it is a crime if all of the following are satisfied:

  1. There is a “transmission of a program, information, code or command”;
  2. There is a resulting “intentional” causation of “damage” under the CFAA means any impairment to the integrity or availability of data, a program, a system or information;[12]
  3. The causation of the damage is “unauthorized”; and
  4. The damage is to a “protected computer,” which includes “computers…used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States …”

Reading the elements, one can only wonder how much protection the CFAA can provide. The law is clearly focused on activities that are localized to a particular computer (or group of computers).[13]

Is there a “transmission” if the controller of 51% of the hashing power earns the right to create new blocks of validated transactions, but does not transmit those new blocks to the validating nodes for addition to the blockchain.[14] The attacker could also just shut the nodes that they control down to drop the transaction speed of the blockchain? Would this lack of transmission prevent liability under the CFAA?

How does a blockchain as a distributed system fit into the CFAA’s “protected computer” definition? Since damage to the blockchain may not involve “unauthorized” damage to a physical “protected computer,” the CFAA might not apply. Moreover, if the attack is the mere public demonstration that an attack can take place, the CFAA may not apply.

The CFAA lack of authorization requirement is also murky in the world of public blockchains. The attacker in question has 51% of the hashing power, they have authority to control those nodes. Even if you expand “protected computer” to include the conceptual blockchain, from whom does one need authority. Blockchain protocols already contemplate the rogue actor and have protections in place. Does the existence of those penalties demonstrate that all behavior is authorized, subject to the price/penalty designed into the protocol.[15] Absent blatant fraud or theft doesn’t a miner maintain a right to confirm transactions in any way that they please. If mining fees can be used to incentivize faster confirmations why can’t a miner’s other agendas play a factor in their mining decisions?

In short, the CFAA may deter the more obvious criminal actions of theft and fraud, but does not provide ideal protection to the general public that may suffer indirect losses (in the form of a sudden drop in token price or the vanishing of use case functionality).

51% Attacks and the Commodities Exchange Act

The Commodities Exchange Act (the “CEA”) establishes the powers and duties of the Commodities Futures Trade Commission (the “CFTC”). As defined in the CEA, the term “commodity” is extremely broad and generally applies to almost all digital assets[16] (even digital assets considered to be securities are also commodities (though the CFTC and SEC have an understanding as to what organization takes jurisdiction over most securities)). Of particular interest is section 6, which states “it shall be unlawful for any person, directly or indirectly, to use or attempt to use in connection with a sale of a commodity in interstate commerce, any manipulative or deceptive device or contrivance, in contravention of [CFTC] rules”.[17] To the extent that mere public disclosure of a successful 51% attack generates a market environment upon which the attacking party profits through trading of a digital asset, Section 6 of the CEA would appear to cover it.

Courts may not agree, however. While a 51% attack would appear to be “manipulative” and potentially deceptive, the legal acquisition of 51% of the hashing power of a blockchain protocol may not actually trigger liability. Liability under Section 6 of the CEA rests on four elements:

  1. The alleged manipulator had Intent to manipulate the market price in a manner specifically misrepresenting the legitimate forces of supply and demand;
  2. The alleged manipulator had the ability to influence commodity market price;
  3. Artificial price existed;
  4. The actions of the alleged manipulator caused the artificial price

The most difficult aspect to prove that the attacker had manipulative intent. The CFTC has opined in past decisions that “in order to prove the intent element of a manipulation or attempted manipulation it must be proven that the accused acted with the purpose or conscious object of causing or effecting a price in the market that did not reflect the legitimate forces of supply and demand.”[18] Even the mere intent to affect prices is not enough; rather, the CFTC must show that Defendants intended to cause artificial prices.

In CFTC v. Wilson, the court for the Southern District of New York significantly decreased the reach of the CFTC to punish market manipulation. Finding against the CFTC stated that “[i]t is not illegal to be smarter than your counterparties in a swap transaction, nor is it improper to understand a financial product better than the people who invented the product.”[19]

The Wilson case involved a defendant that had entered into agreements pursuant to which the market price of a particular swap, measured at the same time each day determined the interest that the defendant paid to its counterparty. The Defendant then put high bids in place during that period of the day, counting on the lack of a liquid market to result in no counterparty accepting the high bid. By doing so, they decreased their interest payment.

In context of a 51% attack, the Wilson decision appears to provide an open door for the attacker to create a drop in market prices through public announcement. Yes, the attacker is gaming the system. That by itself may not violate the CEA.

51% Attacks and the Securities Exchange Act of 1934

The Securities Exchange Act of 1934 and the rules and regulations promulgated thereunder (the “Exchange Act”), if applicable may provide more protection. Of course, the question of whether a particular token would be considered a “security” is a dubious one. Start with the fact that there are few to no legally compliant securities exchanges or alternative trading systems on which tokens are listed to trade.[20] That said, the securities laws are much more developed than the CEA when it comes to market manipulation. Section 10(b) and Rule 10(b)-5, in summary, make it unlawful for an person use in connection the purchase or sale of a security to use or employ any

“manipulative or deceptive device or contrivance in contravention of such rules and regulations as the [SEC] may prescribe as necessary or appropriate in the public interest or for the protection of investors.”

In other words, where the CFTC must rely on the language of the CEA, the SEC can develop some flexibility to address new methods of market manipulation. Still, at some point the question arises; is the mere disclosure of ability to carry out a 51% attack sufficiently manipulative?

The Takeaway?

The easy cases should be covered. Use a 51% attack to corrupt a blockchain or double spend tokens, you are likely going to do the time to match the crime. A bit more creativity to avoid the CFAA and CEA violations and a creative trader might find a (currently) legal way to take advantage of market reactions.

Whistling Past the Graveyard

Ultimately, the strength of a public decentralized blockchain protocol has to come from the protocol itself. Depending on government to protect what is effectively an end-run around government regulation is both ironic and pollyannaish. Lest anyone forget, even if the law catches up with the technological edge cases, the US legal system takes years and is limited in terms of geographical reach. At the end of the day, on-chain governance is the only real source of protection.

[1] Including consortiums and similar single purpose groups.

[2] Subsequent to the indicated statistic, Dash introduced a protocol called ChainLocks that they claim will prevent 51% attacks. A discussion of ChainLocks is beyond the scope of this article, but the write up can be found at https://github.com/dashpay/dips/blob/master/dip-0008.md

[3] https://www.exaking.com/51

[4] This article should not be taken as either legal or investment advice.

[5] Not an exhaustive list (which would be beyond the author’s expertise)

[6] https://www.binance.vision/security/what-is-a-51-percent-attack

[7] It is a fundamental precept of constitutional law that any criminal action must be based upon a proven violation of a Penal Code statute (some of which are referenced by other statutes outside of the Penal Code); criminal punishment absent such violation is ordinarily an unconstitutional denial of due process of law.

[8] An examination of state law would be voluminous and is beyond the scope of this article.

[9] 18 U.S.C. § 1030(a)(5)(A)

[10] 18 U.S.C. § 1030(b)

[11] For purposes of this article, we are going to assume that acquiring control of 51% of protocol hashing power is intentional, and that the “knowledge” requirement is satisfied.

[12] 18 U.S.C. § 1030(e)(8)

[13] 18 U.S.C. § 1030(e)(2)(B); see also United States v. Trotter, 478 F.3d 918, 920–22

[14] Preventing the addition of new blocks to the chain comes at the price of not receiving the token rewards associated with a proof of work consensus algorithm. That said, the negative market reaction might be enough for the wrong-doer to not worry about the cost.

[15] The fact that many protocols are established with a specific intent to be beyond regulation of government argues towards the result that the applicable persons (whoever they may be) intended that the CFAA not apply to the protocol.

[16] In re Coinflip, Inc.,CTFC №15–29, 2015 WL 5535736, at *3 (Sept. 17, 2015).

[17] There are other provisions of the CEA targeted at fraud and deceptive statements. The nature of a 51% attack, however, is not grounded in falsehood. The attack, though against the intended design of the blockchain protocol would not appear to involve an actual false representation or omission of material fact.

[18] In re Indiana Farm Bureau(CFTC 1982)

[19] CFTC v. Wilson, 27 F. Supp. 3d 517, 526 (S.D.N.Y. 2014)

[20] We are aware of some shares of stock that are memorialized on a blockchain share ledger and branded as “tokens.” In truth, there is not much difference from a utility perspective between a properly crafted share of non-voting common stock electronically recorded and a similar token that is not designated as a share of stock. Shares of stock are defined as securities and subject to certain other conditions, should be legal to sell in regulated venues.

All Rights Reserved for Josh Lawler

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.