Proof of Work needs to be destroyed

A few weeks ago, a friend and me carried out a 51% attack against a proof of work cryptocurrency. It was an exciting operation that challenged the limits of our skills to deliver a sizeable profit for us. More importantly to me, it allowed us to shut down one of the myriad of pump and dump schemes that have come into existence on the Internet in recent years based around “blockchain” technology. People see cryptocurrency as a method for them to get rich quick, because the people who first invested money into the phenomenon did get rich quick.

As with most technologies however, any real profit that’s not merely a redistribution of wealth can only come from the fundamental value the technology produces for society. The amount of money that can be withdrawn from a cryptocurrency is never more than is invested into it. Some of the money that is withdrawn from it has to be used to pay the electricity bills necessary to keep the scheme going. As a consequence cryptocurrencies merely serve to redistribute wealth, from those who invest in them during a speculative mania to those who originally set them up. It’s theoretically possible that the cryptocurrency serves some ulterior value to society that doesn’t originate from the fact that it redistributes money, by serving as an actual payment system. In practice however, the world’s cryptocurrencies serve around 1% of the transaction value of Apple pay, while consuming vast amounts of resources.

I’d say it’s fair to characterize cryptocurrency as a technology that currently serves no clear benefit to society beyond its role as a wealth redistribution mechanism. The reason it’s tolerated is because of the logistical complexity involved in eliminating the phenomenon. Countries home to billions of people have banned cryptocurrency, because of the damage it causes to society. China is about to ban cryptocurrency mining, correctly recognizing the phenomenon as an energy-guzzling zero-sum game activity that delivers no clear benefit to society.

Most analysts agree with the idea that Bitcoin needs to die in a fire, but “blockchain technology” will one day serve some sort of societal benefit. So far however, the blockchain is primarily a distributed database structure with extremely niche use cases, the main one being its use in legally dubious online financial transactions. The reason serious analysts hate Bitcoin is because it makes use of the Proof of Work protocol, where the integrity of the system is dependent on the assumption that those who are able to spend huge amounts of electricity to keep the system going must have the best intentions for the system. The problem with this is that it inevitably causes enormous amounts of environmental pollution. In the words of former Bitcoin enthusiast Mark Karpeles: “For proof-of-work to be an effective method of blockchain protection, it needs to be an ecological disaster.

The sad thing is that many governments so far don’t seem to take the ecological and societal impact of proof of work cryptocurrencies seriously. They tend to expect that proof of work will wither away and more energy-efficient forms of blockchain technology will replace them. This is probably correct, but in the meantime the industry is failing to self-regulate and move beyond this destructive technology. Numerous uninformed individuals are losing their life savings and vast sums of carbon dioxide are poured into the atmosphere, because companies are offering an “investment product” that inevitably has no long-term viability.

In 2019, Bitcoin is estimated to spend 2.7 billion dollars on electricity to sustain itself for a year. Those 2.7 billion dollar will be coming from primarily naive and desperate individuals who put mortgages on their houses or take their children’s college savings, in an effort to become rich. Rather than generating wealth out of thin air for the world’s poor and desperate, Bitcoin is pouring carbon dioxide into the atmosphere that will cause devastation for future generations.

We can dispute whether “blockchain technology” has some sort of genuine future, smart minds disagree on this. What’s clear however, is that proof of work is an environmental catastrophe, the cost of which defies any attempt at justification. It’s a nice idea that this phenomenon will simply eradicate itself in the years to come, but the problem is that the evidence for this assertion is so far lacking. In 2018, the value of the world’s cryptocurrencies declined from around 800 billion to around 120 billion. Simultaneously however, the energy consumption by this technology sector continued to grow. 


The six biggest proof of work cryptocurrencies are thought to consume as much electricity put together as Belgium does. It seems rather self-evident to me that when it comes to addressing climate change this is a case of very low hanging fruit. We can supply electricity to an entire country, or we can enrich a cabal of anti-social libertarian computer programmers. The conclusion I draw is thus that these systems need to be destroyed.

When it comes to destroying these systems, I’d like the government to do it for us, but the problem is an international phenomenon: The crypto-nerds have essentially placed a bounty on wasting electricity. If China bans Bitcoin mining, the total electricity demand from Bitcoin mining is not affected. Rather, the Bitcoin mining moves to Canada, Russia or some other country. The only way China’s ban on Bitcoin mining can reduce the total electricity demand is if it somehow negatively affects the Bitcoin price, which it might by sending a strong message that Bitcoin has no role in a civilized society.

How to destroy Proof of Work

Governments can help, but they can’t end the problem on their own. What will destroy Proof of Work cryptocurrencies is when the faith in this model of blockchain protection is undermined. Proof of Work is not just expensive for participants in a cryptocurrency, it’s susceptible to various attack vectors. The most important attack vector is of course the 51% attack. There are some methods to address a 51% attack, but all of these methods tend to undermine the original design philosophy that led to proof of work in the first place. As a result, most blockchains tend to wait with implementing 51% protection, until after they have fallen victim to an attack. The reason this happens is because the purpose of the blockchain is to enrich its founders. When 51% protection is implemented in advance, people will refuse to “invest” money in the scheme because they’ll claim it’s not “decentralized”. After the attack has taken place, protection is necessary because the cryptocurrency will simply fall apart without protection.

A cryptocurrency requires artificial scarcity to function, but a 51% attack allows malicious actors (like me) to spend the same coin multiple times. If you can spend a single coin numerous times on the same exchange, the price eventually approaches zero. The amount of work people are willing to do to earn one dollar worth of cryptocurrency, generally tends to approach one dollar. As a consequence, by reducing the price of a cryptocurrency, you reduce the amount of work people are willing to do to sustain the scheme. This results in less electricity being wasted.

The cryptocurrency I attacked consumed roughly 1,300 dollar per day worth of electricity, before I attacked it. After falling victim to an attack, its valuation dropped by around fifty percent within a couple of days. As a consequence, we can estimate that we reduced the electricity wasted on this cryptocurrency by roughly 650 dollar per day. Perhaps most importantly, we created a strong incentive to participants in this scheme to stop engaging in this activity: By orphaning their blocks, the miners suddenly received no financial reward for the work they were doing. The exchange found that listing this cryptocurrency led to hundreds of dollars worth of costs for them in the form of coins they’re missing, rather than enriching them. This is essentially the money that we needed to pay for our attack. We were left with some profit, but slippage in the order books led to less profit than you might expect.

My intention is to use the profit from our previous succesful attack to fund attacks on bigger blockchains. The problem however is that naive proof of work is a dying breed. The biggest cryptocurrencies have the luxury of not having to change their consensus algorithm: Funding an attack on Monero, Litecoin, Ethereum or Bitcoin is too expensive for most regular individuals. In addition, the kind of double spends needed to make the activity rewarding would raise alarm bells on most exchanges.

How the developers tend to prevent attacks

It would be fine if people responded to these attacks by moving away from proof of work. Some people are in fact moving away from proof of work, but others simply implement various forms of protection against 51% attacks. I’m going to outline some responses here that are commonly seen against 51% attacks:

-Advanced automatic checkpoints. Once every few blocks, every node on the network declares the first block it sees at a particular height to be the “correct” block. When an attacker shows up with a new version of the block, his new chain that contains the new block is rejected, meaning that the attacker wasted his money. This is used by Bitcoin Cash.

-Hybrid Proof of Work/Proof of Stake. In this system, you are also allowed to produce blocks if you can prove that you own some coins. As a consequence, attacking this blockchain requires you to have an active “stake” in its proper functioning. The value of your stake tends to exceed the profits you can reap from destroying the system. This system was originally invented by Peercoin, but many other coins adopted this system.

-The Pirlguard system. This system punishes people for not immediately revealing a block they produced.

I only mentioned the systems that maintain a proof of work scheme. It needs to be mentioned here, that all of these attempts at protecting against 51% attacks create new attack vectors.

Let’s consider advanced automatic checkpoints first. If a blockchain has checkpoints once every five blocks, an attacker can mine five blocks in secret and release his five blocks simultaneously once the legitimate chain finds five blocks. This then leads to a race, where people end up on one version of the blockchain or the other, depending on which block they receive first. Once the blockchain has split, you can spend your coins twice, once on both forks. The blockchain would not automatically recover, its creators would be forced to manually intervene to get everyone back on the right chain.

In Hybrid proof of stake, you get the benefits and the flaws of both systems. If the system treats stake blocks and work blocks as equal, you can simply release a long chain of work blocks that overrides all the valid chain’s blocks. If the system needs at least some stake blocks once in a while to accept a chain as valid, you can destroy the system using a relatively small share of the currency’s total supply, when compared to a pure proof of stake system.

What about the Pirlguard system then? In this case, you increase the incentive to destroy the system through other means. If I set up a large number of nodes, that pretend to pass on all blocks from one node to another, but actually refuse to pass on certain blocks during critical moments, I thereby create conditions where the network starts rejecting its own blocks and legitimate participants in the system start banning each other.

I don’t dispute that some of these techniques make it more difficult to disrupt a blockchain. However, they don’t solve the problem and generally tend to create new attack vectors. To introduce these new measures tends to be an act of desperation, as evidenced by the fact that none of the biggest proof of work cryptocurrencies have implemented these measures.

The 51% attack is not the only attack vector

What’s generally ignored is that the 51% attack is not the only genuine attack vector that proof of work cryptocurrencies have. You need to keep in mind that you can attack the currency itself, but you can also attack the ecosystem built around the cryptocurrency. As an example, a proof of work cryptocurrency makes use of mining pools, where people submit shares to showcase all the pointless work their computers performed. Once in a while a computer finds a share that allows them to create a block. The actor now has two options: He can forward this share to his mining pool, or he can simply throw it away. He will continue to get paid for all the work he performs, but whenever he gets a block, he doesn’t deliver the reward to the pool operator. As a simple example, imagine a couple of poor men working in a diamond mine. They keep digging up rocks and bringing them to the surface, but whenever they find a rock that contains an actual diamond, rather than giving it to their boss they simply throw it away.

Throwing away the diamonds might not benefit you, but it hurts your boss. There is a way it can benefit you however. Imagine there are just three diamond mines in the world. You own one of the mines, the other two are owned by your competitors. Imagine you could bribe some of the workers in those mines and give them some money in exchange for throwing away their diamonds whenever they find diamonds. This benefits you, because you now deliver a bigger share of the world’s scarce supply of diamonds. I did not discover this attack vector, it was discovered by game theorists who study the bitcoin protocol.

When someone has 20% of overall capacity on the network and uses this attack, they’re able to raise their own revenue by 6%. This doesn’t sound like much, but you have to consider that profits are a mere fraction of overall revenue for mining pools. As a consequence, a malicious actor can dramatically increase his profit margins through this method.

The carbon savings from destroying a cryptocurrency

I pointed out that I carried out a 51% attack that brought down the value of a cryptocurrency by roughly 50%. This lead to a reduction in electricity spent on the cryptocurrency of 650 dollar per day. Bitcoin consumes $2,7 billion dollar worth of electricity per year, with a carbon footprint estimated at 26,000 kiloton of CO2. This is a carbon intensity of 9.66 kilogram of carbon dioxide per dollar of electricity. If the cryptocurrency I attacked is similar, that means carbon emissions would have gone down by 6.279 ton of carbon dioxide per day as a consequence of the attack. That’s the equivalent of two round-trip flights from Amsterdam to New York, per day.

This might sound ridiculously high, but there are a few things to consider: To start with, cryptocurrency is inherently incredible wasteful of energy. Additionally, the energy savings calculated here make more sense when you consider that we had to rent off entire industrial facilities full of cryptocurrency miners for a period of a few hours to carry out the attack. When understood in this context, the numbers start to sound more believable.


I’ve outlined some of the main reasons proof of work needs to be destroyed. I’ve also outlined some methods that can be used to target actors within the proof of work cryptocurrency system. Because these methods are profitable, the endeavor can be self-sustaining. I hope to develop the skills in the months ahead that will allow me to attack more complex proof of work cryptocurrencies.

1 Comment

  1. Overtime Block reward reduces and price hits sigmoidal saturation, total mining reduces, it only needs to be higher than attackers hashrate, most stuff get shunted to layer 2&3. Btc being a dynamic system ends up consuming less electricity than the legacy systems it destroys.

    Dont extrapolate dynamic systems linearly

    There are scenarios where the hashrate decreases to a fraction.

Leave a Reply

Your email address will not be published.