How Expensive Is Attacking Cardano and Bitcoin?

Let’s imagine a situation where someone has an infinite source of money and is willing to spend it on attacking blockchain networks. How much money would such an attack cost?

This article was prepared by Cardanians with support from Cexplorer.

Read the article:


I think the situation is far worse for Bitcoin than outlined:

  • You just need compute power, not necessarily ASICs. There is a lot of excess compute power in the world that is not currently committed to solely mining Bitcoin. How much would it cost for a Govt to combine some super computers with other resources for a few hours or a day? Maybe they can combine that available compute resource with some extra high tech ASIC miners to get to 51%?
  • When taking into account the cost, you also need to take into account the potential profit from an attack. To attack Bitcoin, you don’t need to own any Bitcoin. You can therefore open up a very large short and profit from the downside. You can’t open a significant short on Ada if you own over half of the total staked supply. Destroying Ada’s price would therefore destroy the attacker’s own capital.

Assuming fees don’t skyrocket, further Bitcoin halvings double the profit motive relative to the attack costs. That PoW design problem must have an expiry date.


Attacking Cardano or Bitcoin is costly and risky due to financial and legal risks. Despite these challenges, their security measures remain crucial for various use cases.

Here is the really interesting question in my mind:

If we think about the economic security of a chain as the cost to control 51% of it’s block production, then I can’t see how the total value of ancillary tokens sitting on that chain can be higher than it’s economic security. In other words, if it costs say only 10 billion USD to own 51% of the staking tokens, required to control 51% of the block production, then there can’t be a trillion dollars of stable coins and other assets sitting on this chain.

The natural conclusion I draw is that if a proof-of-stake blockchain is successful enough to have hundreds of trillions of USD value in stable coins, NFTs, and other tokenised assets sitting there relying upon it’s protocol security, then the value of it’s staking token has to be higher.

I would be very interested to hear what @HeptaSean, @Neo_Spank, @johnshearing, and others think about this view. Can it be economically secure to have more value in ancillary assets dependent on a chain’s protocol than that chain’s staking token is worth?


According to the video linked here, only 3 mining pools control 51% of bitcoin processing power.

When the international central banking cartel finds the most profitable moment, they will set energy policy for our US and European governments which forces these three mining pools to shut down. If any of those mining pools are in countries that will not cooperate with ESG mandates then the mining pools will be destroyed in a drone strike under the pretext of anti-terrorism or in some made up war under the pretext of human rights and democracy.

Then a much smaller group of mining pools controlled by the cartel will be in control of the 51% processing power required to double spend.

At that point bitcoin will just be another central bank digital currency controlled by the central banking cartel.

This attack could be accomplished today. The only reason they haven’t done it yet is because now is not the most profitable moment for the international central banking cartel to take control of bitcoin.

I don’t think this type of attack can be executed against Cardano. I think the attacker would have purchase more than half of all staked ADA in order to execute a 51% attack.

1 Like

Hello @Terminada

Absolutely it can! :slightly_smiling_face:
I don’t really see a linear correlation from on-chain asset value to price of staking token.

I see that as saying that a safe you are using to store your valuables becomes more expensive depending on price and amount of valuables in it.

While I can see that higher token demand from creation, sale and use of “ancillary assets” can lead to higher token price, I can’t see any 1:1 correlation to on-chain asset value increase and token price increase.

There is a theoretical price level a token can have which may indicate to the rest of the world that it is safe from most 51% exploits. However, this not some set value. It’s more like a market sentiment, since there are ways to attack 51% block production with out having 51% of the token supply.
For example: There are only 62% of available ₳ staked. That means you only need 31% of available supply to be able to to do 51% attack. If you control and build pools properly and execute on-line attacks against other pools that number may go even lower.

It is also not necessary to have protocol token mirror value of it’s holdings.

Just like shares of a bank are not worth sum total of it’s deposits. Shares of a bank are usually worth some x multiple of dividend it generates to it’s share holders. It has to do a lot more with efficiency that bank achieves trough it’s operation, then value of it’s holdings.

I believe that IF you prioritize security in protocol development AND take care of incentives for users you can achieve very high security standards for all on-chain assets as well as whole protocol, with staking token market cap that is only a fraction of all on-chain assets value.


It is interesting to think about: Say you are a Trillionaire and you want to securely store 100 Billion or more of tokenised assets on a blockchain whose total market cap for it’s staking token is only 9 billion. And, you want to transfer these assets around, use them as collateral, put them to use in smart contracts etc. so you don’t want the possibility of someone re-writing the history of some of your 100 Billion dollar transfers. As you say, an attacker only needs 51% of the staked tokens which might only be 31% of the total supply, or around 3 billion worth.

Are you going to trust that level of economic security with your assets that are worth over 30 times the amount? Or are you going to buy enough of the staking token yourself to be sure nobody can mount a 51% attack without some of your stake?

I don’t think large players (banks, companies, nation states) will trust that sort of out-sized multiple for the value of their dependent assets relative to the economic security provided by the staking token. In other words, I think a multiple of 30 seems too high. But, maybe 2 or 3 times is OK because you can assume that any attempt to purchase such large amounts of staking token would drive up the price significantly. It seems like a catch-22 to me, that big players won’t trust it enough until the economic security is high enough.

Maybe the staking token market cap needs to be at least somewhat proportional to, or higher than, the largest user’s dependent assets value?

Yes, and I think this value must increase as the value of the dependent tokenised assets increases.


But they already trust exactly such high multiples.
Example: Shares of Bank of America have market cap of around $200 Billion. To gain 51% control of the bank you have to spend around $100 Billion. Bank of America secures total deposits of about $2 Trillion, which gives it deposits to “51% attack value” ratio of about 20x. If you include all assets they secure and not just deposits that number is x30.

And this is one of the well financed banks. Here in Canada most banks major banks have that ration near x40 or higher.


I don’t think a bank is a compatible analogy. If the bank gets 51% attacked, this won’t result in your mortgage document disappearing or being owned by someone else because the legal system adjudicates such things. Same for your money because this is also not a bearer asset, your money at the bank is an unsecured loan to the bank and big players know this. Furthermore, contracts like your mortgage documents are not bearer assets. So in other words, big players are not relying on the stability of the bank to secure their wealth.


You are correct, it is not a perfect analogy. However, it is the closest one I can think of for those amounts. Banks have a risk of failure just like anything else and large investors have to weigh in their risk to reward rations where ever they invest.

In crypto we are suppose to rely on protocol code to replace the legal system and protocol operations to remove third parties such as banks from being a middle-man.

Also, there is no built in mechanism that will just increase a price of a staking token according to assets held on-chain, nor is there any mechanism that will prevent price of a token to plummet well below the value of assets on-chain.

The only way price of a token would fluctuate is through usage demand or speculation. Thus, expecting price to match on-chain assets as a security feature for a protocol is unreasonable.

Any large investor would be cognizant of such fact and if they open a business on such protocol they either have to be fine with security as is or invest their own money to support the price.

As I can see from most large crypto investors, they are willing to pour billions of dollars in protocols that are worth zero if they think they can come out ahead. So, I don’t think having ratios of 100x (or even more) would be a barrier to such investors.

Anyone looking for a place where they can be hands-off investor with safe guards for their money should not be looking at crypto. This is more like an ETF territory.


Thanks @Neo_Spank I appreciate your thoughts.

I think that is the key. The security of bank deposits, mortgages, insurance contracts, all financial contracts, etc. is based upon the legal system which in effect is underpinned by the whole of society, rule of law, democratic processes, govt elections.

Blockchain technology has attempted to remove the legal system along with all it’s middle man processes to replace it with code. So with this removed, the security of the blockchain itself is the only thing underpinning the value of all the assets recorded on the ledger. We are reminded of this fact daily when we look into Ethereum’s robbery forest to see all the hacks and assets stolen without any recourse. So everyone is forewarned that if the code is flawed, or the staking model fails through a 51% attack rewriting the ledger, then the value of your assets is at risk. The big players know this.

The value of the staking token is the basis of the economic security. Consequently as on-chain asset values increase, I think the value of the staking token must somehow increase.

I think that is the mechanism. As big players store some valuable assets on-chain they will want to hold some of the staking token to guarantee their “access rights” and “governance rights”. As they store even more value on chain they will want more access rights and governance rights and so they will want more of the staking token.


Greetings All,

Above in this thread I claim that removing three of the largest bitcoin mining facilities by military strike would greatly reduce the cost of a 51% attack such that it becomes not only feasible for the government backed banking cartel (IMF) accomplish, but moreover, likely that they will do it.

I know that Cardano is much more decentralized than bitcoin and that gaining control of the 20 or so largest stakepools would be required to double spend on the Cardano blockchain.

What I am not clear on is what would happen if these same 20 or so stakepools were physically destroyed in a military strike rather than taken over. Does physically destroying stakepool hardware change the cost of a 51% attack as it does in a proof of work system? I would guess not because destroying stakepool processing power does nothing to harm the ADA that is staked. Still, I am not sure if I am thinking clearly on this matter

Much thanks in advance for your answers.

1 Like

That is an interesting thought experiment.

A Cardano stake pool is really only a virtual thing represented by it’s blockchain keys so it can exist anywhere and it’s location can easily be changed.

Scenario 1: Someone blew up my block producer.

I could simply reconfigure one of my other relays to run in block producer mode and copy over the required keys. And a few minutes later my pool is back up running again and producing blocks.

Scenario 2: Someone blew up all my registered relays and my block producer.

Well, then I could spin up another cardano-node running machine anywhere in the world, get it quickly synced using Mithril, copy over the stake pool keys and connect it to other relays in the usual manner. The block producer would start producing blocks again immediately it was fully synced. Other relays would still pull blocks from my new relays and block producer via the P2P mechanism but I would be a bit less well connected to the rest of the Cardano relays. This is because other relays wouldn’t know where to find my new relays.

However, if I was using DNS records for my relays in my on-chain pool certificate (which I am), then I just need to update the DNS records for my new relay addresses and once these new DNS records propagate, I would be back to receiving the same number of incoming connections from other peers and be just as well connected to the rest of the cardano network as before. If I didn’t register my relays in my pool certificate using DNS records then I just need to create a new certificate with the new IP addresses. Though the DNS changes / new pool certificate are only to help increase my pool’s connectedness because currently the P2P mechanism looks at the “square of the stake distribution to randomly pick new ledger peers”. The pool will still get connected to other Cardano relays without such changes and the P2P mechanism will eventually employ additional gossip techniques in the future.

Scenario 3: Someone destroyed all of my relays, and block producer, and destroyed me too, and all access to my pool keys, and destroyed everyone who had access to my pool keys.

Well, now we do have a problem. My pool will be down for good and can’t be re-created because the pool keys are gone. Those who were staked to my pool would have to shift their stake because it would no longer be able to make any blocks. If I was a large multi-pool operator, the cardano network would keep functioning but it would reduce the cost to control 51% of the block production.

In my case I am not a multi-pool operator so the impact would be minimal. I guess, hopefully someone inherits the access to any Ada I had and starts a new stake pool, or at least re-stakes my Ada with another honest pool operator.

1 Like

Thanks for the answer @Terminada.

Today is 911. My brother was a volunteer at ground zero in the search for survivors.
His job was to play with the search dogs after they would discover a corpse.
This was done because the search dogs would become depressed after finding a corpse and would stop searching for survivors. So my brother would play with the dogs in order lift their spirits and get them back on the job in the shortest possible time. My brother suffered lung damage from breathing all that dust but made a full recovery thank God. He is one of many heroes that responded to the attack.

Much information points to a military strike on the Twin Towers by the United States government, on its own people, in order to rally citizens into a profitable war against Iraq.

So today in particular, it is not too hard to imagine a military strike against a few bitcoin mining facilities or even Cardano stakepools if the profit would be high and the cost of the attack low. Clearly the cost of taking out enough Cardano stakepools to accomplish a 51% attack is higher than the potential profit.
This is thanks to the large amount of single pool operators we have in our community.

Good thing because the Cardano protocol is our best hope of defunding (starving) this beast which feeds on endless war.

If we never suffer a military strike on our community, we can thank IOG for designing the protocol and our single pool operators for making sure cost for the attack is greater than the profit.

You guys are heroes too.

1 Like

The US Govt isn’t going to blow up or even sabotage some bitcoin mining facilities. It doesn’t need to, because the US Govt already knows that Bitcoin is going to die by itself. It only needs another halving or 2 and it’s security problem, stemming from it’s proof-of-work design, will become obvious to everyone.

Here is another video outlining how Govts could control Bitcoin with a “subsidy attack”.

But even without any Govt level attack, I just can’t get past the fact that with each Bitcoin halving the rewards for securing it’s blockchain are halving relative to the potential rewards from attacking it. Furthermore, unlike proof-of-stake, you don’t need to hold any Bitcoin to be a Bitcoin miner, so this makes it easy for an attacker to make blocks at the same time as shorting Bitcoin. Fundamentally, the incentives of Bitcoin miners are not aligned with Bitcoin holders. Bitcoin miners don’t actually care how they make a profit.

Another big assumption that Bitcoin maxis make is that hashing power is only useful for mining Bitcoin. I argue hashing power is simply compute power. I do understand that ASICs are specialised chips designed for crunching out hashes, but a well connected attacker could achieve enough hashing power via other means such as renting some super-computers for a period of time. Furthermore, even ASIC chips could be put to alternative uses so an attacker could rent compute power, build an alternative secret chain, double spend, and profit from shorting. Then proceed to re-purpose the compute power to look for extra-terrestrial life in the universe, or something.

At the end of the day, if Bitcoin miners are just compute power then as the profits reduce relative to price then more compute power in the world will be doing stuff other than Bitcoin mining. And, this rest of world compute power keeps increasing. So unless we keep dedicating a massive percentage of our entire world compute power just for Bitcoin mining then eventually it becomes easier and cheaper to rent some of this “rest of world” compute power to attack the Bitcoin blockchain.

Then there is the problem of economic incentives related to earning yield and the utility of Bitcoin as an asset:
Say you had 1 million $ to deposit in a bank. Bank Bitcoin pays 0% and Bank Cardano pays 4%. Which one do you pick?

Now consider that bank Cardano also allows you to use your $ as collateral to borrow against, or you could use a portion of it to loan out to someone else for additional yield. IE: Bank Cardano allows you to put your $ to work under your control where you get to choose what risks you will take for additional yield above that 4% risk free rate.

Whereas at bank Bitcoin all you can do is leave your $ untouched and chant HODL HODL HODL to yourself.

Which bank do you put your $ in now?

It is simple economics at the end of the day. I can’t see how anyone picks bank Bitcoin once they get their head around the economics.

Eventually people build secure bridges to allow Bitcoin holders to transfer the asset value to other more useful chains as synthBitcoin tokens where they can put their synthBitcoin to work to earn some yield or use it as collateral to borrow against. But, this just exacerbates Bitcoin’s security problems because now nobody is using the Bitcoin chain to do anything and all the Bitcoin tokens are just locked in bridge contracts.

Anyway, I could go on. I view Bitcoin as a ponzi scheme now. I think many astute investors knows this and are pumping the narratives of

  • “blue chip”
  • “original”
  • “proven security for longest time”
  • “proof-of-work is the only secure sybil resistance method because it requires real world energy use”

I believe these people are hoping for another Bitcoin pump so they can offload at higher prices.

Bitcoin doesn’t solve any of the real world problems Cardano is trying to solve.

1 Like