Exchanges that list low-profile, low hashing rate coins, especially newly launched Bitcoin forks, may be vulnerable to having their finances drained through a 51% attack.
The attack works by funding an exchange balance, then forcing the network to roll back the transaction. The exchange credits a database balance, which then allows trading. However, the exchange would be at a loss, since the original deposit would be missing from its wallet.
Such a move could do little to harm regular coin owners - but could wipe out smaller exchanges. Developers see the 51% attack as a technical challenge, but it also has immediate financial repercussions. Those attacks also have a calculable price, meaning hackers can decide to point resources to a network in exchange for much higher rewards.
The price estimation of an attack takes into account renting the hashing power from the NiceHash service. But it is also possible to build a small pool for one of the more prominent coins, then point the hashing power to mine a newer coin with a lower difficulty.
The only recourse of exchanges is to increase the requirement for confirmations, thus making it more difficult for the malicious miner to immediately roll back the transaction. For small-scale networks, gathering the requisite number of confirmations can take a long time, with many blocks passing in the meantime.
An attack’s price can be calculated by its hourly rate. A recent app was deployed, calculating the theoretical cost of the hashing power takeover. In practice, cashing out may not be so straightforward. Additionally, for larger trades, exchanges require user verification, thus breaking anonymity.
The silver lining is that almost all coins are vulnerable - including Bitcoin. Some believe 51% attacks may be attempts to undermine projects, or create short-term gains. Bitmain, the most accused mining giant, has defended itself against accusations of being responsible for the 51% attack. But even the presence of an entity ready and willing to attack a low hashrate blockchain may spell doom for lesser coins, which have no defense against malicious mining. At this point, ASIC-mined coins may indeed have a better chance of survival.