Ethereum Classic (ETC) is currently being 51% attacked

On 1/5/2019, Coinbase detected a deep chain reorganization of the Ethereum Classic blockchain that included a double spend. In order to protect customer funds, we immediately paused movements of these funds on the ETC blockchain. Subsequent to this event, we detected 8 additional reorganizations that included double spends, totaling 88,500 ETC (~$460,000)

Note: We will continue to monitor the status of the network and update this article with the most recent information we have. Current ETC network status can be found here.

Background Info

Page 3 of Satoshi Nakamoto’s whitepaper, Bitcoin: A Peer-to-Peer Electronic Cash System, states the following:

“If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains.”

The “honest[y]” of more than half of miners is a core requirement for the security of Bitcoin and any proof-of-work cryptocurrencies based on Bitcoin. Honest action, in this context, means following the behavior described in the Bitcoin white paper. This is sometimes described as a “security risk” or “attack vector,” but is more accurately described as a known limitation to the proof-of-work model.

Failure to meet this requirement breaks several core guarantees of the Bitcoin protocol, including the irreversibility of transactions. Many other cryptocurrencies, such as Ethereum Classic, have also adopted proof-of-work mining.

The function of mining is to add transactions to the universal, shared transaction history, known as the blockchain. This is done by producing blocks, which are bundles of transactions, and defining the canonical history of transactions as the longest chain of blocks*. If a single miner has more resources than the entirety of the rest of the network, this miner could pick an arbitrary previous block from which to extend an alternative block history, eventually outpacing the block history produced by the rest of the network and defining a new canonical transaction history.

This is called a “chain reorganization,” or “reorg” for short. All reorgs have a “depth,” which is the number of blocks that were replaced, and a “length,” which is the number of new blocks that did the replacing.

This, on its own, might end up being nothing more than a minor inconvenience. After all, the transactions all still exist, but they might have been put into a different order, perhaps delaying some of them. However, imagine a miner who also owns a large number of coins. The miner could send those coins to a merchant in a transaction, T, while also secretly extending an alternative block history. The miner’s secret blocks do not include T, but rather include a transaction that sends the same coins used in T to a different address. Call that transaction T’. When the miner reveals this secret history, it will contain T’, not T. Because T and T’ attempted to send the same coins and T’ is now in the canonical history, this means that T is forever invalid, and the recipient of the coins sent in transaction T never even received them in the new, now-canonical history. More info on this can be found here.

What we observed

We observed repeated deep reorganizations of the Ethereum Classic blockchain, most of which contained double spends. The total value of the double spends that we have observed thus far is 88,500 ETC (~$460,000).

Note: A full blockchain analysis is beyond the scope of this article. Further research into the addresses sending the double spend transactions, the history of sends/receives from the addresses, the block fields such as timestamp, and the subsequent movement of miner rewards from attack blocks may shed light on the threat actor or actors behind these attacks.

We observed the following deep chain reorgs:

  • Common ancestor: 7245623. Depth 4 / Length 7. No double spends were observed in this reorg. We noted that this was a reorg of unusual depth for ETC.
  • Common ancestor: 7248488. Depth 5 / Length 6. No double spends were observed in this reorg. We noted that a second reorg of unusual depth was highly suspicious, but did not necessary indicate an attack as there was no double spend and the depth was still below the ETC confirmation limit for most services.
  • Common ancestor: 7249343. Depth 57 / Length 74. A transaction of value 600 ETC in orphaned block 7249357 was double spent by a transaction in attacker block 7249361**.

We ceased interacting with the ETC blockchain upon observing this reorg. Coinbase was not the target of this double spend and no funds were lost.

Next Steps

The Coinbase team is currently evaluating the safety of re-enabling sends and receives of Ethereum Classic and will communicate to our customers what to expect regarding support for ETC. Coinbase takes security very seriously. As part of that commitment, we monitor blockchains for activity that could be harmful to our customers and take prompt action to safeguard funds. We want to emphasize to customers that Coinbase strives to be the most trusted and safest place to buy, sell, or store cryptocurrency.

* It is actually the chain with the most accumulated work, rather than the chain with the most blocks, that defines the canonical history. In most cases, these chains will be the same

** The block explorer does not properly handle reorgs and labels the transaction as confirmed. Click on the block to see that the block is orphaned.

This website may contain links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of Coinbase, Inc., and its affiliates (“Coinbase”), and Coinbase is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. Coinbase is not responsible for webcasting or any other form of transmission received from any Third-Party Site. Coinbase is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by Coinbase of the site or any association with its operators.

Unless otherwise noted, all images provided herein are by Coinbase.

Add a comment