What I Learned from the Ethereum Classic 51% Attack
Beginning January 5 2019 Ethereum Classic was the victim of a 51% attack allowing the malicious party to successfully double spend tokens to exploit one exchange. I cover a timeline of the events, some learnings, and end with applicable excerpts from the original Bitcoin white paper.
On January 6, the Ethereum Classic organization contradicted rumors of an attack on ETC:
Several hours later they sent a warning to mining pools and exchanges urging extra precaution:
After the initial warning, in cooperation with SlowMist, they confirmed the attack:
The next day on January 7, Coinbase publicly confirmed the attack as well providing details on the deep chain reorgs of ETC:
The attack is acknowledged by Gate.io, one of the exchanges compromised in the attack. They clearly state they will cover the losses for their users:
Another targeted exchange that had thwarted the attack, acknowledged what had happened as well:
Haseeb Qureshi of MetaStable Capital released an excellent description of 51% attacks. I highly suggest you read it:
Finally, the organization that tipped Ethereum Classic off to the attack, released their final report:
Update: The attacker has returned the funds to Gate.io. You can see the transaction here. We don’t know the motivations for returning the ETC. My guess is either the attacker was afraid of getting caught or they simply wanted to expose vulnerabilities to help prevent double spend attacks in the future.
It was amazing to see a cryptocurrency’s leadership, exchanges, mining pools, and researchers come together to address this issue. Typical security breaches offer little information to the public, but the open nature of blockchain encourages immediate assessments of attacks.
Now, onto the learnings:
- Understanding a 51% attack and “double spending” is a great way to understand how blockchains actually work. Haseeb’s tweet thread is a great start.
- The market does not fear 51% percent attacks. I predicted the attack would not only affect the price of ETC but also Bitcoin. After all, the goal of a blockchain is to maintain consensus. My next two reasons may explain why the market fears not.
- Funds in your wallet are safe. 51% attacks are only practical for changing recent transactions. The more blocks between when your wallet received the funds and the present, the more secure your funds are and the harder it becomes for a 51% attack to successfully undo it.
- 51% attacks are mostly targeted at exchanges. After all, attackers need a way to sell their double spent tokens to profit. And what better way to do this than on an exchange.
- Top blockchains are easier to attack than I thought. Crypto51 estimates that it would take an estimate of $350k to 51% attack Bitcoin for one hour. For a highly capitalized entity like a government, this really isn’t a high bar.
- Jeff Bezos could afford to 51% attack Bitcoin for 36 years. And likely even longer than that given Crypto51‘s estimates assume you are renting the mining equipment.
- Anyone can visit the scene of a blockchain crime. From the SlowMist report, you can see for yourself one of the wallets the attacker used.
- The market encourages these attacks, sort of. Because the price remains stable even when a 51% attack is acknowledged, this allows the malicious actors to retain value when they sell.
- Exchanges should come together and create a mining pool that activates when they detect a coin is under attack. This would not only help ensure their protection, but also ensure the protection of the attacked blockchain.
- It’s possible a malicious actor is mining a separate Bitcoin chain right now, waiting to unleash it. The alternate chain need not be made public as it is happening.
- Every 15 minutes Google makes enough profit to 51% attack the Bitcoin network for one hour.
- Google makes $12.5m in revenue per hour which equates to an hourly incentive to keep their systems operating. It costs $355k to 51% attack the Bitcoin network for one hour.
A 51% attack is something that every Proof Of Work consensus algorithm is vulnerable to. Including Bitcoin, as Satoshi Nakamoto discussed in the Bitcoin white paper released in 2008.
Satoshi discusses how the incentive structure of Bitcoin encourages those with a majority amount of computing power to act honestly:
If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules that favour him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.
Satoshi goes on to explain the limits of a 51% attack:
We consider the scenario of an attacker trying to generate an alternate chain faster than the honest chain. Even if this is accomplished, it does not throw the system open to arbitrary changes, such as creating value out of thin air or taking money that never belonged to the attacker. Nodes are not going to accept an invalid transaction as payment, and honest nodes will never accept a block containing them. An attacker can only try to change one of his own transactions to take back money he recently spent.
51% attacks will always be a reality in any Proof of Work consensus mechanism. The question always will be whether the cost of carrying out an attack is prohibitively expensive and is there enough of an incentive to keep would be attackers honest.
Though the cost prohibition and incentive structure begin to break down when the attacker does not care about the health of a cryptocurrency’s network, the value of the token, and only wishes to harm others who rely on it. As our reliance increases on a given cryptocurrency, an attack like that increasingly makes more and more sense. It’s a brave new world.