Skip to content

What Is a 51% Attack?

What it actually means for one entity to control more than half a blockchain's mining power or stake, and why that's dangerous in a much narrower way than people assume.

Last updated July 2026

What a 51% attack actually is

Our guide to Proof of Work vs Proof of Stake covers how a blockchain decides who gets to add the next block: miners competing with computing power on a PoW chain, or validators staking coins on a PoS chain. A 51% attack is what happens when that process stops being distributed. A single entity, or a group of people coordinating together, ends up controlling more than half of a network's total mining power (on a PoW chain) or more than half of its total staked value (on a PoS chain).

That threshold matters because block-adding power on most chains works by majority. Whoever controls more than half the mining power or stake can consistently out-produce everyone else and effectively decide which version of the chain's recent history "wins." It's a majority-rules system, and a 51% attack is what happens when one party quietly becomes the majority.

What an attacker with majority control can actually do

With over half the network's power behind them, an attacker can reorder or block certain transactions from confirming, at least for a while. But the capability that actually matters, and the one nearly every real-world 51% attack has been used for, is called a double-spend.

Here's how it works. The attacker spends a coin, say, sending it to an exchange in return for a different asset or a payout. They wait for that transaction to get enough confirmations that the exchange treats it as final and releases the funds. Then, using their majority control, they build an alternate version of the chain that never included that original spend, and push it past the length of the honest chain. Because the network follows whichever valid chain is longest (or has the most accumulated work or stake behind it), the honest chain gets discarded and the attacker's version takes over. The original transaction disappears, but the attacker still has the coins they "spent," and they also keep whatever they received in exchange for them. Same coin, spent twice.

What they can't do (this is where most confusion happens)

A 51% attack sounds like it hands someone the keys to the whole network, and that's the part people usually get wrong. Majority control does not let an attacker steal coins out of other people's wallets. It doesn't let them forge a transaction they never signed, spending someone else's funds without that person's private key. And it doesn't let them create new coins outside the rules the protocol already enforces, block rewards and supply limits are still fixed by the software every node runs, not by whoever happens to be producing the most blocks.

The attack is narrow and specific: rewriting very recent transaction history to enable double-spending. It's not arbitrary theft, and it's not a way to break the protocol's core rules. That distinction is worth holding onto, because "51% attack" gets thrown around as shorthand for "the network got hacked," when what actually happened is closer to a very expensive, very targeted form of fraud against whoever accepted an unconfirmed or lightly-confirmed payment.

Why smaller chains are far more vulnerable

Pulling off a 51% attack means acquiring more mining power or staked value than the rest of the honest network combined, and that cost scales directly with the size of the network you're attacking. A blockchain with a small amount of total mining power, or a small amount of total value staked, can sometimes be attacked relatively cheaply. In some cases an attacker doesn't even need to buy hardware outright, they can rent mining power from marketplaces that exist specifically for that purpose, pointing rented computing power at a target chain for just long enough to pull off the attack.

A chain secured by an enormous amount of mining power or stake, like the largest networks in the space, is a different story entirely. Acquiring more than half of that would require an almost implausibly large amount of capital and hardware, likely more than the attack itself could ever profit from. At that scale, the attack is still technically conceivable, but economically irrational; nobody rational spends more than they stand to gain. Smaller Proof of Work chains with modest hash power have historically been targeted by real, well-documented 51% attacks precisely because the economics work out very differently at their scale. For a refresher on the underlying blocks-and-hashing mechanics this all builds on, see what blockchain actually is.

Why exchanges wait for multiple confirmations

This is exactly why exchanges and merchants don't treat a transaction as final the instant it appears on-chain, especially for larger amounts. Each additional confirmation means another block has been built on top of the one containing your transaction, and an attacker attempting to reverse it would need to out-build all of those blocks too, not just the original one. Waiting for more confirmations directly raises the cost and difficulty of the attack, which is why deposit limits and confirmation requirements tend to scale up with transaction size and scale down with how established and well-secured a given chain is.

The takeaway

Network security in crypto is fundamentally an economic argument, not just a technical one. A blockchain is secure because attacking it costs more than any plausible payoff from doing so, and that cost is directly tied to how much real value, mining power or staked coins, is actually behind the network defending it. That's why the size and age of a blockchain matters so much when you're sizing up how safe it actually is to rely on: more hash power or more stake locked in means a higher price tag on rewriting history, and a higher price tag is what keeps everyone honest. If you come across a term in this space that isn't clicking yet, the crypto and trading glossary is a fast way to look it up.

Keep learning the fundamentals

Free · No sign-up · Part of the LabelYX Learn series