Beginning January 5 2019 Ethereum Classic was the victim of a 51% attack allowing the malicious party to successfully double spend tokens to exploit one exchange. I cover a timeline of the events, some learnings, and end with applicable excerpts from the original Bitcoin white paper.
On January 6, the Ethereum Classic organization contradicted rumors of an attack on ETC:
There have been rumors of a possible chain reorganization or double spend attack.— Ethereum Classic (@eth_classic) January 6, 2019
From what we can tell the ETC network is operating normally.
BlockScout's "Reorg" section shows nothing of the sort.https://t.co/Yi2cXusCz9 pic.twitter.com/HdUtS0DJZK
Several hours later they sent a warning to mining pools and exchanges urging extra precaution:
To all exchanges and mining pools please allow a significantly higher confirmation time on withdrawals and deposits (+400)— Ethereum Classic (@eth_classic) January 7, 2019
cc @OKEx @ExchangeXGroup @HuobiGroup @digifinex @binance @bitfinex https://t.co/m5cxcKBVXa
After the initial warning, in cooperation with SlowMist, they confirmed the attack:
"Chinese blockchain security firm SlowMist sent out an alert that the Ethereum Classic (ETC) network might have been targeted by a 51% attack."— Ethereum Classic (@eth_classic) January 7, 2019
Exclusive: One $ETC Private Pool Claimed over 51% Network Hashrate - Reported via @SlowMist_Team https://t.co/Bshi6OWCaJ
The next day on January 7, Coinbase publicly confirmed the attack as well providing details on the deep chain reorgs of ETC:
On 1/5/2019, Coinbase detected a deep chain reorganization of the Ethereum Classic blockchain that included a double spend. In order to protect customer funds, we immediately paused movements of these funds on the ETC blockchain. Read more here: https://t.co/vCx89dz44m— Coinbase (@coinbase) January 7, 2019
The attack is acknowledged by Gate.io, one of the exchanges compromised in the attack. They clearly state they will cover the losses for their users:
[https://t.co/8kWqgDWNXb Research] confirms the ETC 51% attack.— Gate.io Exchange (@gate_io) January 8, 2019
4 of the 7 rollback transactions detected were created by the attacker; transferring 54,200 ETC in total.
Gate will be covering the 40k ETC loss for all of the users.
See details: https://t.co/BhEYHZyP3z pic.twitter.com/pSXrsZrc7q
Another targeted exchange that had thwarted the attack, acknowledged what had happened as well:
💔‼️Ethereum Classic (ETC) 51% Attack Detected On @BitrueOfficial— Bitrue (@BitrueOfficial) January 8, 2019
We've experienced an ETC 51% attack yesterday morning. The attacker tried to withdraw 13,000 ETC from our platform but got halted by our system. As demonstrated below: pic.twitter.com/V7YWzkldIv
Haseeb Qureshi of MetaStable Capital released an excellent description of 51% attacks. I highly suggest you read it:
Ethereum Classic ($ETC) was 51% attacked yesterday. This is the largest cryptocurrency that has ever been 51% attacked, and it has really interesting implications for the future of PoW currencies. Thread. 👇— Haseeb Qureshi (@hosseeb) January 9, 2019
Finally, the organization that tipped Ethereum Classic off to the attack, released their final report:
Beijing time On January 06, 2019, we warned of the possibility of the ETC 51% attack in SlowMist Zone based on the information analysis of SlowMist Zone Intelligence and the BTI system. Now we are publishing the analysis of this attack for the first time. https://t.co/fscSQTLyub pic.twitter.com/x4oYraUAtr— SlowMist (@SlowMist_Team) January 9, 2019
Update: The attacker has returned the funds to Gate.io. You can see the transaction here. We don’t know the motivations for returning the ETC. My guess is either the attacker was afraid of getting caught or they simply wanted to expose vulnerabilities to help prevent double spend attacks in the future.
The recent ETC 51% hacker has returned $100k worth of ETC back to https://t.co/8kWqgDWNXb on the 10th of January. We have raised the ETC confirmation number to 4000 and launched a strict 51% detection for enhanced protection.— Gate.io Exchange (@gate_io) January 12, 2019
See details: https://t.co/xX8cVIWdC2 pic.twitter.com/MUQX3hpMPV
It was amazing to see a cryptocurrency’s leadership, exchanges, mining pools, and researchers come together to address this issue. Typical security breaches offer little information to the public, but the open nature of blockchain encourages immediate assessments of attacks.
Now, onto the learnings:
- Understanding a 51% attack and “double spending” is a great way to understand how blockchains actually work. Haseeb’s tweet thread is a great start.
- The market does not fear 51% percent attacks. I predicted the attack would not only affect the price of ETC but also Bitcoin. After all, the goal of a blockchain is to maintain consensus. My next two reasons may explain why the market fears not.
- Funds in your wallet are safe. 51% attacks are only practical for changing recent transactions. The more blocks between when your wallet received the funds and the present, the more secure your funds are and the harder it becomes for a 51% attack to successfully undo it.
- 51% attacks are mostly targeted at exchanges. After all, attackers need a way to sell their double spent tokens to profit. And what better way to do this than on an exchange.
- Top blockchains are easier to attack than I thought. Crypto51 estimates that it would take an estimate of $350k to 51% attack Bitcoin for one hour. For a highly capitalized entity like a government, this really isn’t a high bar.
- Jeff Bezos could afford to 51% attack Bitcoin for 36 years. And likely even longer than that given Crypto51‘s estimates assume you are renting the mining equipment.
- Anyone can visit the scene of a blockchain crime. From the SlowMist report, you can see for yourself one of the wallets the attacker used.
- The market encourages these attacks, sort of. Because the price remains stable even when a 51% attack is acknowledged, this allows the malicious actors to retain value when they sell.
- Exchanges should come together and create a mining pool that activates when they detect a coin is under attack. This would not only help ensure their protection, but also ensure the protection of the attacked blockchain.
- It’s possible a malicious actor is mining a separate Bitcoin chain right now, waiting to unleash it. The alternate chain need not be made public as it is happening.
- Every 15 minutes Google makes enough profit to 51% attack the Bitcoin network for one hour.
- Google makes $12.5m in revenue per hour which equates to an hourly incentive to keep their systems operating. It costs $355k to 51% attack the Bitcoin network for one hour.
A 51% attack is something that every Proof Of Work consensus algorithm is vulnerable to. Including Bitcoin, as Satoshi Nakamoto discussed in the Bitcoin white paper released in 2008.
Satoshi discusses how the incentive structure of Bitcoin encourages those with a majority amount of computing power to act honestly:
If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules that favour him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.
Satoshi goes on to explain the limits of a 51% attack:
We consider the scenario of an attacker trying to generate an alternate chain faster than the honest chain. Even if this is accomplished, it does not throw the system open to arbitrary changes, such as creating value out of thin air or taking money that never belonged to the attacker. Nodes are not going to accept an invalid transaction as payment, and honest nodes will never accept a block containing them. An attacker can only try to change one of his own transactions to take back money he recently spent.
51% attacks will always be a reality in any Proof of Work consensus mechanism. The question always will be whether the cost of carrying out an attack is prohibitively expensive and is there enough of an incentive to keep would be attackers honest.
Though the cost prohibition and incentive structure begin to break down when the attacker does not care about the health of a cryptocurrency’s network, the value of the token, and only wishes to harm others who rely on it. As our reliance increases on a given cryptocurrency, an attack like that increasingly makes more and more sense. It’s a brave new world.