There’s a common belief that controlling over 50% of the hash rate in Bitcoin or Ethereum—or two-thirds of the stake in proof-of-stake systems—lets you do anything on the network. Some even think attackers could take others’ coins or print new ones arbitrarily. But that’s not entirely accurate.
Let’s clarify what a 51% attack can and cannot do.
What a 51% Attack Can Actually Achieve
A majority attacker can:
- Censor transactions: They can block specific transactions from being included in the blockchain.
- Reorganize the chain: They can reverse a number of blocks and alter the order of transactions, enabling double-spending.
However, they cannot change the core rules of the system. This means:
- They cannot mint new tokens outside the protocol’s emission rules. For example, Bitcoin’s block reward is fixed at 6.25 BTC per block—it can’t arbitrarily become 1 million BTC.
- They cannot spend coins from an address without its private key.
- They cannot produce blocks larger than the consensus rules allow.
While 51% attacks are disruptive—especially due to double-spending risks—their power is constrained by cryptographic and consensus rules.
How Blockchain Security Models Work
In networks like Bitcoin and Ethereum, the valid chain isn’t just the longest one; it’s the chain with the highest total difficulty that also follows all protocol rules.
Every full node validates two key aspects:
- Validity: All state transitions (e.g., transactions, rewards) must comply with protocol rules.
- Chain selection: Among valid chains, the one with the most accumulated proof-of-work (or stake) is accepted.
This is different from traditional client-server systems. In blockchains, users run full nodes to independently verify the chain’s integrity. If a miner produces an invalid block, nodes reject it—even if it has high computational backing.
The Role of Full Nodes and Trust Decentralization
Many users run full nodes to interact with blockchains like Bitcoin or Ethereum. This practice is culturally and functionally important: it decentralizes trust. If most users relied on others to validate, miners could be tempted to produce invalid blocks.
Think of it like separation of powers in a democracy: miners order transactions, but they don’t make the rules. The community—through node operators—enforces validity.
But what if running a node becomes too expensive? If only large entities (like exchanges or stakers) can run nodes, the trust model shifts. Users lose direct control, and consensus can be manipulated more easily.
Can Light Clients Be Trusted?
Not every user can run a full node—especially on mobile devices. Light clients offer a practical alternative. They don’t validate entire blocks but check consensus proofs like total difficulty or stake weight.
However, light clients can be tricked into following chains with invalid blocks. Enhancements like data availability checks and fraud proofs can mitigate this. Ethereum, for example, plans to integrate these features to make light clients more secure.
👉 Explore secure blockchain interaction methods
What About Sidechains?
Sidechains are popular for scaling. They operate as independent chains linked to a mainchain (like Ethereum) via a bridge. But their security model is weaker:
- Sidechain security depends heavily on the bridge. If the bridge is deceived, assets on the sidechain can be stolen.
- Unlike full nodes, bridges usually validate only consensus—not state validity. They’re vulnerable to data availability attacks.
Zero-knowledge proofs can improve bridge security by verifying state correctness, but risks remain. In general, sidechains don’t offer the same security guarantees as mainchains.
How Does This Relate to Sharding?
Sharding is a scaling approach that maintains decentralization. By splitting the network into smaller segments (shards), each node processes only a fraction of transactions. This keeps hardware requirements low, allowing more users to run nodes and preserve security.
Without sharding (or similar techniques), scaling often means larger blocks and higher node costs—shifting power toward larger players.
Frequently Asked Questions
What is a 51% attack?
A 51% attack occurs when a single entity controls most of the network’s mining power or stake. They can censor transactions or reverse blocks but cannot break cryptographic rules or create coins arbitrarily.
Can a 51% attack steal my coins?
No. Attackers can’t spend from your address without your private key. They can only double-spend their own coins or reorganize recent blocks.
How do full nodes prevent invalid blocks?
Full nodes validate every block against protocol rules. If a block is invalid, they reject it—even if it comes from a majority miner.
Are proof-of-stake networks immune to 51% attacks?
No. PoS networks can suffer similar attacks if a majority of stake is controlled by one party. However, penalties (slashing) and social consensus add extra layers of protection.
What’s the difference between a sidechain and a rollup?
Sidechains have their own security model and rely on bridges. Rollups post data and proofs to a mainchain, inheriting its security. Rollups are generally considered safer.
Can a 51% attack rewrite ancient history?
Theoretical yes, practical no. Rewriting long-confirmed blocks would be obvious and rejected by the community. Networks with finality (like PoS Ethereum) make reversals impossible after checkpointing.
In summary, 51% attacks are limited in scope. They can disrupt recent transactions but cannot alter fundamental rules or steal properly secured funds. Decentralized validation via full nodes remains critical for maintaining security—especially as scaling solutions evolve.