It would be interesting to add the currency rewards the attackers would gain from the hashing process. I bet the cost may be greatly reduced, and may even make the operation profitable, without much illegality...
Even if the 51% attack by itself might not be illegal, using it to double spend almost certainly is. On the civil side I'd expect you to be liable to pay the receiver in order to fulfill the contract you made when you exchanged the coins deposited on the old chain. Plus I'd expect criminal fraud charges.
The attack itself is legal. Sure you will cause some property damage if you split and roll back an hour worth of transactions. People might try and bring a civil suit against you. That would be interesting.
Of course, if you try to double-spend as part of the attack: it's fraud!
You'd get perhaps ~51% of the blocks over a one hour period, though that's an average on a bell-curve. With only about six blocks in play for Bitcoin you could hope to score three at best. That's a $361K average gain.
You'd make way more money on some kind of double-spend attack. If you've got 51% for sure you would probably hit up multiple exchanges at the same time to magnify your reward.
Yeah, no. 51% means just that, 51% of getting a block.
If you control more than half you can dictate terms, you can fight back against the other miners, and in a protracted battle you will ultimately prevail. With 49% they can always eventually override you.
Suppose you control 51% of the network and want to do a double spend against a merchant requiring 6 blocks of confirmation. To do that, you make the spend and allow the chain to operate normally. While it is doing so, you work on your own chain. After the main chain achieves 6 blocks, you wait until you have more than the main chain, then publish your chain. Now, everyone switches over to your chain. In particular, the last 6 blocks (or more, if you had to wait longer to overtake the main chain) are all your's because you were the only one working on your chain during that time.
If someone else has a block in those last 6, it would mean that someone else (who I assume is an honest node) saw your block. At this point, your entire chain will be published and likely overtake the mainline (otherwise, the honest miner wouldn't have bothered with it). Now, it appears to the merchant that your transaction has not yet made it onto the chain, so you have to wait for another 6 blocks confirming the transaction.
The only way I see around this is if you can partition the network. However, not only is this difficult, if you can partition the network, then you no longer require 51% to do an attack. In fact, if you can assure that the target is on the smaller partition, you require 0 mining power to do the attack.
EDIT: Essentially, at 51% you can make a "rule" that all blocks must be yours.
51% of the network means you singlehandedly get to decide consensus. And if you decide that consensus is that every new block in the chain is yours, then who's going to stop you?
I did some back of the napkin math for a few coins, and this reduced the cost Ip-90% in some cases. I couldn't find a consistent place to get this data from for all coins, but I may manually go through and add it, since it can reduce the cost substantially as you noted.
To be honest, I think you could even reap the benefits of arbitraging hash difficulty. Eg. just as a new difficulty level is set, flood the network with additional nodes and hash away till the next difficulty update. Then kill the nodes, and wait for difficulty to adjust up and then back down, and then attack again.
