This article was published on January 8, 2019

Ethereum Classic hackers steal over $1.1M with 51% attacks

Decentralized networks aren't always as decentralized as they seem

Ethereum Classic hackers steal over $1.1M with 51% attacks
Matthew Beedham
Story by

Matthew Beedham

Editor, SHIFT by TNW

Matthew is the editor of SHIFT. He likes electric cars, and other things with wheels, wings, or hulls. Matthew is the editor of SHIFT. He likes electric cars, and other things with wheels, wings, or hulls.

Ethereum Classic, one of the most popular forks of the second most valuable cryptocurrencies by market cap has suffered a 51-percent attack.

After Chinese blockchain security firm SlowMist raised the alarm, an analyst at CoinNess dug a little deeper. The analyst found that a private mining pool had managed to increase its hash power to 3,263 GH/s, making it – temporarily – the most powerful mining pool at around 11:00am UTC on 6 January.

After this brief spike in power, the mining pool returned to its normal state of around 300 GH/s. However, ten hours later the same thing happened again, and the pool’s hash rate began to climb. At the time CoinNess’ article was published the illicit mining pool’s power equated to around 63-percent of the total network hash rate.

Shortly after these attacks Coinbase paused all Ethereum Classic transactions, it initially detected that around 88,500 ETC ($460,000) had been double-spent. However, the cryptocurrency exchange has since uncovered another 12 attacks that “included double spends, [now] totaling 219,500 ETC ($1.1 million).”

How does a 51-percent attack work?

Decentralized blockchains like Bitcoin or Ethereum rely on “honest” nodes holding more than 51-percent of the networks computing power. All these honest nodes work together to confirm and verify the true order and history of transactions on that network. In doing so, they create an immutable history of who has paid what and to who it was paid.

However, when dishonest nodes can control the majority of a blockchain’s computing power they can effectively rewrite history, and get back their spent cryptocurrency. The dishonest miners do this by building a new blockchain that leaves off from a block that was mined before their transactions took place.

Let’s say I send David 2 ETC to pay him back for the pizza we shared at lunch. When I get home I fire up my super powerful mining rig – that has over 51-percent of the network’s power – and start mining from a block that was mined before I sent David those 2 ETC and start a new blockchain.

When this happens, I obviously get to keep the pizza, and the transaction I sent to David is not accepted as true, so I get to keep my money and David is left without payment. As the cryptocurrency can be spent again, this is known as “double-spending.”

In this case, the attackers went back 100 blocks and started a new blockchain which allowed them to release over $1.1 million worth of Ethereum Classic to be spent again.

It’s bad, real bad

It should be pretty clear that being able to roll-back and create a new blockchain that takes off from a point in history prior to other confirmed transactions to effectively defraud merchants, is really quite bad.

The whole idea of blockchain is built on the concept of decentralization, not just of technology but of power too. When a single entity can control the majority of the network’s power, it’s technological and political power is no longer decentralized.

When a 51-percent attack occurs, it’s the first sign that a blockchain has potentially become too centralized to be considered trustworthy. Incidents like this are enough to get coins delisted from cryptocurrency exchanges. Last year, Bittrex delisted Bitcoin Gold following a similar incident which saw hackers steal over $18 million wroth of BTG.

To some, this attack might not be all that surprising. Last year, mining operations began shutting down all over the world as operating costs far outstripped the rewards of mining. All this has done is put more power in the hands of the remaining miners, enough power it seems to start launching 51-percent attacks.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with