Cryptocurrency networks operate via a distributed consensus, in which every participant agrees on the true state of the network, including the full transaction history and how many coins each address controls.
In a Proof of Work cryptocurrency this consensus forming involves miners, who are responsible for the confirmation of transactions when they mine a block. This process involves an element of democratic process, in which many users will accept the majority view in order to stay on the same the network and not end up on a fork.
If a single miner were to control more than half of the hashing power they would be able manipulate this process. Instead of a kind of democratic process in which all users come to a consensus agreement, this single user with 51% hashing power would become the network authority, able to impose their version of the network transaction history. This may allow them to:
Performing a ‘double spending’ attack in which the same coins are spent multiple times.
interrupt other miners, preventing them from mining valid blocks
interrupt regular users, refusing to confirm their transactions
In Bitcoin and most other networks the risk of a 51% attack is most associated with popular mining pools, which generally control a much larger amount of hashing power than solo mining operations.
Solutions to the 51% Attack Problem
A more decentralized network with a larger number of individual miners (who are not using the same mining pool) provides a more robust defense against the possibility of a 51% attack.
The rise of specialist ASICs is often cited as being a major cause of mining centralization, so ASIC-resistant algorithms and coins which have CPU mining only may be considered to be less susceptible to this problem.
Proof of Stake cryptocurrencies are also less susceptible to this attack, because buying more than half of all the coins on a network is likely to be more expensive than gaining 51% of the hashing power. Also, a person with such a large stake in the network would be taking a big risk with their own wealth by attacking the network in a way which may undermine its credibility. Proof of Stake has its own potential attack vector, however, known as ‘nothing at stake’.