In Proof of Work (PoW) cryptocurrencies, nodes typically are set up to recognize the blockchain with the most blocks (and therefore the most hashing power) as the correct version of history. Miners with > 50% of the network hashing power can take advantage of this by sending funds to one address on the main chain, while sending the same funds to another address on a forked copy of the blockchain that they are silently mining with more hashing power than the main chain.
Since other nodes only know about the main chain, they will see the first transaction as valid, and exchanges, etc will accept this transaction as valid. This malicious node can later release these silently mined blocks, and other nodes will accept this as the new 'correct chain' since it is longer. This will cause the original transaction to effectively dissappear, and nodes will recognize the funds as being sent to the address from the new chain instead. This is known as a 'double spend' attack.
Most bigger cryptocurrencies have sufficient mining capacity behind them, making it extremely expensive to acquire the necessary hardware to pull an attack like this off. Smaller cryptocurrencies have less hashing power securing the network, making it possible to simply rent hashing power from miners on a service like Nicehash for a few hours. This significantly reduces the capital costs of an attack.
In recent weeks there have been a number of 51% attacks including a high profile attack against Bitcoin Gold a few days ago where $18 Million was stolen.
Using the prices NiceHash lists for different algorithms we are able to calculate how much it would cost to rent enough hashing power to match the current network hashing power for an hour. Nicehash does not have enough hashing power for most larger coins, so we also calculated what percentage of the needed hashing power is available from Nicehash.
Note that the attack cost does not include the block rewards that the miner will receive for mining. In some cases this can be quite significant, and reduce the attack cost by up to 80%.
There are a number of possible solutions to this problem:
Hash rates are from Mine the Coin, coin prices are from CoinMarketCap, and rental pricing is from NiceHash. The data has been spot checked for accuracy, but please let us know if any data is incorrect, and we'll do our best to fix it.