What Is a 51% Attack?

A 51% attack is an attack on a cryptocurrency blockchain by a group of miners who control more than 50% of the network’s mining hash rate. Owning 51% of the nodes on the network gives the controlling parties the power to alter the blockchain.

The attackers would be able to prevent new transactions from gaining confirmations, allowing them to halt payments between some or all users. They would also be able to reverse transactions that were completed while they were in control. Reversing transactions could allow them to double-spend coins, one of the issues consensus mechanisms like proof-of-work were created to prevent.

Understanding a 51% Attack

A blockchain is a distributed ledger—essentially a database—that records transactions and information about them and then encrypts the data. The blockchain’s network reaches a majority consensus about transactions through a validation process, and the blocks where the information is stored are sealed. The blocks are linked together via cryptographic techniques where previous block information is recorded in each block. This makes the blocks nearly impossible to alter once they are confirmed enough times.

The 51% attack is an attack on the blockchain, where a group controls more than 50% of the hashing power—the computing that solves the cryptographic puzzle— of the network. This group then introduces an altered blockchain to the network at a very specific point in the blockchain, which is theoretically accepted by the network because the attackers would own most of it.

Changing historical blocks—transactions locked in before the start of the attack—would be extremely difficult even in the event of a 51% attack. The further back the transactions are, the more difficult it is to change them. It would be impossible to change transactions before a checkpoint, where transactions become permanent in Bitcoin’s blockchain.

Attacks Are Prohibitively Expensive

A 51% attack is a very difficult and challenging task on a cryptocurrency with a large participation rate. In most cases, the group of attackers would need to be able to control the necessary 51% and have created an alternate blockchain that can be inserted at the right time. Then, they would need to out-hash the main network. The cost of doing this is one of the most significant factors that prevent a 51% attack.

For example, the most advanced application-specific integrated circuit (ASIC) miner is the Bitmain S19 XP Hydro. It costs more than $19,800 and has a hash rate of 255 terahashes per second (TH/s).

The top three mining pools by hashrate are:

• FoundryUSA, at 54.42 exahashes per second (EH/s); 23.75% of the total Bitcoin network hashrate
• AntPool, at 41.49 EH/s; 18.12% of the total Bitcoin network hashrate
• Binance Pool, at 34.48 EH/s; 15.06% of the total network hashrate

Combined, these three pools make up 56.93% of the network hashrate, a whopping 130.4 EH/s (1.304 million TH/s). To equal that hashrate, the attackers would need more than 511,373 S19 XP Hydros—which would put fixed costs close to $10.13 billion, plus a building to host the equipment, maintenance staff, electricity, and cooling.

Major cryptocurrencies, such as Bitcoin, are unlikely to suffer from 51% attacks due to the prohibitive cost of acquiring that much hashing power. For that reason, 51% attacks are generally limited to cryptocurrencies with less participation and hashing power.

After Ethereum’s transition to proof-of-stake, a 51% attack on the Ethereum blockchain became even more expensive. To conduct this attack, a user or group would need to own 51% of the staked ETH on the network. It is possible for someone to own that much ETH, but it’s unlikely; according to Beaconchain, more than 13.8 million ETH were staked at the end of September 2022. An entity would need to own more than 6.9 million ETH (more than $9 billion worth) to attempt an attack.

Once the attack started, the consensus mechanism would likely recognize it and immediately slash the staked ETH, costing the attacker an extraordinary amount of money. Additionally, the community can vote to restore the “honest” chain, so an attacker would lose all of their ETH just to see the damage repaired.

Attack Timing

In addition to the costs, a group that attempts to attack the network using a 51% attack must not only control 51% of the network but must also introduce the altered blockchain at a very precise time. Even if they own 51% of the network hashing rate, they still might not be able to keep up with the block creation rate or get their chain inserted before valid new blocks are created by the ‘honest’ blockchain network.

Again, this is possible on smaller cryptocurrency networks because there is less participation and lower hash rates. Large networks make it nearly impossible to introduce an altered blockchain.

Outcome of a Successful Attack

In the event of a successful attack, the attackers could block other users’ transactions or reverse them and spend the same cryptocurrency again. This vulnerability, known as double-spending, is the digital equivalent of a perfect counterfeit. It is also the basic cryptographic hurdle blockchain consensus mechanisms were designed to overcome.

Successful 51% attackers may also implement a Denial-of-Service (DoS) attack, where they block the addresses of other miners for the period they control the network. This keeps the “honest” miners from reacquiring control of the network before the dishonest chain becomes permanent.

Who Is at Risk of 51% Attack?

The type of mining equipment is also a factor, as ASIC-secured mining networks are less vulnerable than those that can be mined with GPUs; they are much faster. Cloud services such as NiceHash—which considers itself a “hash-power broker”—theoretically make it possible to launch a 51% attack using only rented hash power, especially against smaller, GPU-only networks.

Bitcoin Gold has been a common target for attackers because it is a smaller cryptocurrency by hashrate. Since June 2019, the Michigan Institute for Technology’s Digital Currency Initiative has detected, observed, or been notified of more than 40 51% attacks—also called chain reorganizations, or reorgs—on Bitcoin Gold, Litecoin, and other smaller cryptocurrencies.

What Is the Asian Infrastructure Investment Bank (AIIB)?

The Asian Infrastructure Investment Bank (AIIB) is a new international development bank that provides financing for infrastructure projects in Asia. It began operations in January 2016.

How the Asian Infrastructure Investment Bank (AIIB) Works

The Asian Infrastructure Investment Bank (AIIB) is a multilateral development bank headquartered in Beijing. Like other development banks, its mission is to improve social and economic outcomes in its region, Asia, and beyond. The bank opened in January 2016 and now has 105 approved members worldwide, as of Jul. 30, 2022.

The History of the Asian Infrastructure Investment Bank

China’s leader Xi Jinping first proposed an Asian infrastructure bank at an APEC summit in Bali in 2013. Many observers have interpreted the bank as a challenge to international lending bodies, which some consider too reflective of American foreign policy interests such as the International Monetary Fund (IMF), the World Bank and the Asian Development Bank.

In this bank’s case, China controls half of the bank’s voting shares, which gives the perception that the AIIB will function in the interests of the Chinese government. The U.S. has questioned the bank’s governing standards and its social and environmental safeguards, perhaps pressuring allies not to apply for membership. However, despite American objections, approximately half of NATO has signed on, as has nearly every large Asian country, with the exception of Japan. The result is widely considered in an indicator of China’s growing international influence at the expense of the United States.

The Structure of the Asian Infrastructure Investment Bank

The bank is headed by a Board of Governors composed of one Governor and one Alternate Governor appointed by each of the 86 member countries. A non-resident Board of Directors is responsible for the direction and management of the Bank such as the Bank’s strategy, annual plan and budget and establishing policies and oversight procedures.

The bank staff is headed by a President who is elected by AIIB shareholders for a five-year term and is eligible for re-election once. The President is supported by Senior Management including five Vice Presidents for policy and strategy, investment operations, finance, administration, and the corporate secretariat and the General Counsel and Chief Risk Officer. Mr. Jin Liqun is the current President.

Asian Infrastructure Investment Bank Priorities

The bank’s priorities are projects that promote sustainable Infrastructure and to support countries that are striving to meet environmental and development goals. The bank funds projects linking countries in the region and cross-border infrastructure projects for roads, rail, ports, energy pipelines and telecoms across Central Asia and maritime routes in South East and South Asia and the Middle East. The bank’s priorities also include private capital mobilization and encouraging partnerships that stimulate private capital investment such as those with other multilateral development banks, governments, and private financiers.

An example of an AIIB project is a rural road connectivity initiative that will benefit approximately 1.5 million rural residents in Madhya Pradesh, India. In April 2018, the AIIB announced the project, which is also expected to improve the livelihoods, education, and mobility of the residents of 5,640 villages. The project is a U.S. $140-million jointly financed by the AIIB and the World Bank.

What Does Accepting Risk Mean?

Accepting risk, or risk acceptance, occurs when a business or individual acknowledges that the potential loss from a risk is not great enough to warrant spending money to avoid it. Also known as “risk retention,” it is an aspect of risk management commonly found in the business or investment fields.

Risk acceptance posits that infrequent and small risks—ones that do not have the ability to be catastrophic or otherwise too expensive—are worth accepting with the acknowledgment that any problems will be dealt with if and when they arise. Such a trade-off is a valuable tool in the process of prioritization and budgeting.

Accepting Risk Explained

Many businesses use risk management techniques to identify, assess and prioritize risks for the purpose of minimizing, monitoring, and controlling said risks. Most businesses and risk management personnel will find that they have greater and more numerous risks than they can manage, mitigate, or avoid given the resources they are allocated. As such, businesses must find a balance between the potential costs of an issue resulting from a known risk and the expense involved in avoiding or otherwise dealing with it. Types of risks include uncertainty in financial markets, project failures, legal liabilities, credit risk, accidents, natural causes and disasters, and overly aggressive competition.

Accepting risk can be seen as a form of self-insurance. Any and all risks that are not accepted, transferred or avoided are said to be “retained.” Most examples of a business accepting a risk involve risks that are relatively small. But sometimes entities may accept a risk that would be so catastrophic that insuring against it is not feasible due to cost. In addition, any potential losses from a risk not covered by insurance or over the insured amount is an example of accepting risk.

Some Alternatives to Accepting Risk

In addition to accepting risk, there are a few ways to approach and treat risk in risk management. They include:

• Avoidance: This entails changing plans to eliminate a risk. This strategy is good for risks that could potentially have a significant impact on a business or project.
• Transfer: Applicable to projects with multiple parties. Not frequently used. Often includes insurance. Also known as “risk sharing,” insurance policies effectively shift risk from the insured to the insurer.
• Mitigation: Limiting the impact of a risk so that if a problem occurs it will be easier to fix. This is the most common. Also known as “optimizing risk” or “reduction,” hedging strategies are common forms of risk mitigation.
• Exploitation: Some risks are good, such as if a product is so popular there are not enough staff to keep up with sales. In such a case, the risk can be exploited by adding more sales staff.

What Are Assurance Services?

Assurance services are a type of independent professional service usually provided by certified or chartered accountants such as certified public accountants (CPAs). Assurance services can include a review of any financial document or transaction, such as a loan, contract, or financial website. This review certifies the correctness and validity of the item being reviewed by the CPA.

Understanding Assurance Services

Assurance services are aimed at improving the quality of information for the individuals making decisions. Providing independent assurance is a way to bring comfort that the information on which one makes decisions is reliable, and therefore reduces risks, in this case, information risk.

Providers of assurance services will help clients navigate the complexities, risks, and opportunities in their partner networks by proactively managing and monitoring risks presented by third-party relationships. Businesses use assurance services to increase the transparency, relevance, and value of the information they disclose to the market and their investors. Many find by sharing business performance better, it becomes a sustainable growth and competitive differentiation strategy.

Technical guidance for certified accountants who wish to engage in assurance services can be found in the International Standard on Assurance Engagements (ISAE) 3000 and in The Assurance Sourcebook published by the Institute of Chartered Accountants in England and Wales (ICAEW) that also includes practical advice for firms choosing among different assurance services.

Certain regulations over the past years have increased the demand for assurance services, such as the Sarbanes-Oxley Act of 2002, with the goal of protecting investors from false financial information.

Types of Assurance Services

Assurance services can come in a variety of forms and are meant to provide the firm contracting the CPA with pertinent information to ease decision making. For example, the client could request that the CPA carefully go over all of the numbers and math that are on the client’s mortgage website to ensure that all of the calculations and equations are correct. Below is a list of the most common assurance services.

Risk Assessment

Entities are subjected to greater risks and more precipitous changes in fortune than ever before. Managers and investors are concerned about whether entities have identified the full scope of these risks and taken precautions to mitigate them. This service assures that an entity’s profile of business risks is comprehensive and evaluates whether the entity has appropriate systems in place to effectively manage those risks.

Business Performance Measurement

Investors and managers demand a more comprehensive information base than just financial statements; they need a “balanced scorecard.” This service evaluates whether an entity’s performance measurement system contains relevant and reliable measures for assessing the degree to which the entity’s goals and objectives are achieved or how its performance compares to its competitors.

Information Systems Reliability

Managers and other employees are more dependent on good information than ever and are increasingly demanding it online. It must be right in real-time. The focus must be on systems that are reliable by design, not correcting the data after the fact. This service assesses whether an entity’s internal information systems (financial and non-financial) provide reliable information for operating and financial decisions.

Electronic Commerce

The growth of electronic commerce has been hindered by a lack of confidence in the systems. This service assesses whether systems and tools used in electronic commerce provide appropriate data integrity, security, privacy, and reliability.

Healthcare Performance Measurement

The motivations in the $1 trillion healthcare industry have flipped 180 degrees in the last few years. The old system (fee for service) rewarded those who delivered the most services. The new system (managed care) rewards those who deliver the fewest services.

As a result, healthcare recipients and their employers are increasingly concerned about the quality and availability of healthcare services. This service provides assurance about the effectiveness of healthcare services provided by HMOs, hospitals, doctors, and other providers.