Ethereum Classic Under Attack
One of the top 20 coins by market capitalization Ethereum Classic (ETC) has suffered a serious attack and a possible double spend. ETC is down by more than 8% in the last 24 hours (UTC 06:50 AM.)
Monday evening, popular US-based exchange Coinbase announced that they have temporarily disabled all sends and receives for ETC, while “buy and sell is not impacted.”
“The Coinbase team is currently evaluating the safety of re-enabling sends and receives of Ethereum Classic and will communicate to our customers what to expect regarding support for ETC,” the company said in a blog post.
Tuesday morning, Kraken exchange also followed up with an update to their customers where they said that a “51% attack appears to be ongoing,” and that ETC deposits and withdrawals have been halted as a result.
Meanwhile, OKEx announced that their team have assessed the situation “and our advanced risk management system is able to maintain market order. Our ETC trading, depositing, and withdrawal will remain open and continue normal operations.” The exchange has temporarily increased the number of confirmations required for depositing to 100 and for withdrawal to 400.
Also, Gate.io exchange has confirmed that it will be covering the ETC 40,000 loss for its users:
So far, few other exchanges have come out with public statements regarding the situation.
Coinbase claims it has detected a “deep chain reorganization”* on the Ethereum Classic blockchain on January 5.
The exchange said that the observed deep chain reorganization included a double spend of ETC 219,500 (USD 1.1 million). This would only have been possible if a miner (or miners) with more than 51% of the computing power on a network decided to do it.
As Coinbase writes in its blog update, “the “honest[y]” of more than half of miners is a core requirement for the security of Bitcoin and any proof-of-work cryptocurrencies […]” Just like Bitcoin, Ethereum Classic is also a proof-of-work cryptocurrency.
ETC price chart:
The Ethereum Classic team, however, has its own take on the events. On Monday, the official Ethereum Classic Twitter account published this tweet, saying no double spends had been detected. The team further suggested that the unusual activity on the network may have been caused by a mining machine manufacturer testing new hardware. However, a couple of hours later, the team changed their tone, saying the report by Coinbase on double spending on the ETC network “may be true”:
It is well-known that conducting a 51% attack, that is having one miner or a pool of miners controlling more than 51% of the network, and then attack the rest of the network, would be close to impossible to carry out on heavily mined cryptocurrencies like Bitcoin, Litecoin, or Ethereum. For some small-cap coins like Verge and Bitcoin Gold, however, it has happened in the past. As reported by Cryptonews.com, the cost of attacking a cryptocurrency network is decreasing along with the market crash, and the possibility of a malicious actor or group seizing the majority of computing power in theory becomes more realistic.
In theory, you’d need USD 7,939 to launch an hour-long attack on Ethereum Classic by renting out enough hashing power from cloud mining marketplaces, according to crypto51.app, a website that tracks costs of a 51% attack.
____
Community reactions:
____
____
_____
____
____
*- Chain reorganization:
A malicious miner with enough computing power can mine enough coins in private, without telling anyone else, that their chain becomes the legitimate one. This is called selfish mining. When other miners find this longer, “selfish” chain, they will discard the “honest” one that they’ve been working on, thus also discarding any transactions in those blocks, and start working on the new one. This is called a chain reorganization, or “reorg.” All reorgs have a “depth,” which is the number of blocks that were replaced, and a “length,” which is the number of new blocks that did the replacing.
The discarded chain now contains transactions that are no longer valid, even though the funds potentially already went through – and including the same transaction in the new, longer chain means that the same funds are being spend again. This is called a double spending attack.
