Someone successfully undermined the integrity of the Ethereum Classic blockchain in a fashion that allowed the attacker to “double spend” – that is to spend the same units of digital currency more than once.
Beginning on January 6th UTC (January 5th in the USA), analysts at SlowMist, a Chinese blockchain security firm, and CoinNess, a real-time cryptocurrency news and information service, raised alarms, and the team at Coinbase, a large USA-based cryptocurrency exchange, began to make a series of announcements indicating that they had serious concerns about the Ethereum Classic blockchain’s integrity, with Coinbase noting that folks at the exchange “detected a deep chain reorganization of the Ethereum Classic blockchain that included a double spend,” and that the exchange immediately took action: “In order to protect customer funds, we immediately paused interactions with the ETC blockchain.” Over the next few days, the exchange informed the public that it continued to detect more than a dozen other suspicious activities, totaling over $1 Million in fraud. Simultaneously, various other exchanges also froze trading of Ethereum Classic or began to require significantly longer settlement times for transactions in order to perform additional verification.
A 51% attack on a “proof of work” blockchain such as the one used by Ethereum Classic refers to an attack by a group of miners controlling more than 50% of the network’s computing power. Transactions in such blockchains are recorded within “blocks” that are added to the chain by miners who perform complicated mathematical calculations as part of block creation; normally, the majority of miners working on a public blockchain of this type are honest, and create an honest chain that grows faster than any possible fraudulent chain being built onto it by crooks. The honest chain is, as it grows, accepted as legitimate by the consensus of the miners.
However, if the majority of power is controlled by crooks, they can accept blocks onto the chain that contain bogus transactions – for example, they can create multiple blocks containing transactions sending the same units of cryptocurrency to different parties, allowing them to sell the same asset more than once to unsuspecting victims, who will ultimately suffer a loss once the fraud is discovered. This appears to be what happened in the case of Ethereum Classic – the attackers involved effectively rewinded the legitimate blockchain by 100 blocks – causing blockchain users to ignore payments that the crooks had already made and which were recorded in the last 100 blocks – and re-spent money that they had already spent. (Besides “double spending,” 51% attackers can also prevent legitimate transactions from being confirmed, block legitimate payments between users, and reverse recent legitimate transactions.) Some experts theorize that, today, the cost of renting sufficient computer power to execute a 51% attack may be sufficiently low so as to provide strong incentives for criminals to launch such attacks, especially against smaller-cap, yet liquid, cryptocurrencies.
Interestingly, on January 6th, the official Twitter account of Ethereum classic tweeted that “There have been rumors of a possible chain reorganization or double spend attack. From what we can tell the ETC network is operating normally,” yet several hours later, the same account instructed exchanges and mining pools to “please allow a significantly higher confirmation time on withdrawals and deposits (+400).”
An examination of various blocks within the Ethereum Classic blockchain does seem to show anomalies. More details will certainly emerge over the upcoming days. Interestingly, if not surprisingly, the price of Ethereum Classic has not dropped significantly since the problems were discovered.