The attacker needs 51% of coins the existed at some point in the past.  He can attack the network with 0% of the coins that are currently considered as valid. That's why it's called "nothing at stake": he can attack the network using coins that were already spent!