A “rewrite attack”, or more commonly referred to as a 51% attack, happens whenever a malicious actor takes over enough of a network computational power and substitutes the natural progression of the network with their own version of it; they are “re-writing” the history of the chain.
A rewrite attack happens as follows:
1) an attacker gains enough control over a network [block #15500]
2) while the network is progressing at its own pace the malicious attacker is mining away at their own version of the chain (happening faster and undetected in parallel [1 block every 10min vs 1 block every 8 min]
3) Whenever the attacker is ready they push their verison of the chain to the network and due to the consensus in Proof-of-Work (longest chain wins) all of the active node detect a new longer chain and all switch over to that version [block 15,600/15,720].
4) this means that all of the activity that happened between blocks 15,500 and 15,600 (100 blocks x 10 min = 1,000 minute/~16.667 hours) are replaced! Merchants lose their products, wallets lose their balances, exchanges lose their profits…