- 7th January 2019
- Posted by: admin_dev
- Category: BitCoin, Blockchain, coinbase
On 1/5/2019, Coinbase detected a deep chain reorganization of the Ethereum Classic blockchain that included a double spend. In order to protect customer funds, we immediately paused movements of these funds on the ETC blockchain. Subsequent to this event, we detected 8 additional reorganizations that included double spends, totaling 88,500 ETC (~$460,000)
Note: We will continue to monitor the status of the network and update this article with the most recent information we have. Current ETC network status can be found here.
Page 3 of Satoshi Nakamoto’s whitepaper, Bitcoin: A Peer-to-Peer Electronic Cash System, states the following:
“If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains.”
The “honest[y]” of more than half of miners is a core requirement for the security of Bitcoin and any proof-of-work cryptocurrencies based on Bitcoin. Honest action, in this context, means following the behavior described in the Bitcoin white paper. This is sometimes described as a “security risk” or “attack vector,” but is more accurately described as a known limitation to the proof-of-work model.
Failure to meet this requirement breaks several core guarantees of the Bitcoin protocol, including the irreversibility of transactions. Many other cryptocurrencies, such as Ethereum Classic, have also adopted proof-of-work mining.
The function of mining is to add transactions to the universal, shared transaction history, known as the blockchain. This is done by producing blocks, which are bundles of transactions, and defining the canonical history of transactions as the longest chain of blocks*. If a single miner has more resources than the entirety of the rest of the network, this miner could pick an arbitrary previous block from which to extend an alternative block history, eventually outpacing the block history produced by the rest of the network and defining a new canonical transaction history.
This is called a “chain reorganization,” or “reorg” for short. All reorgs have a “depth,” which is the number of blocks that were replaced, and a “length,” which is the number of new blocks that did the replacing.
This, on its own, might end up being nothing more than a minor inconvenience. After all, the transactions all still exist, but they might have been put into a different order, perhaps delaying some of them. However, imagine a miner who also owns a large number of coins. The miner could send those coins to a merchant in a transaction, T, while also secretly extending an alternative block history. The miner’s secret blocks do not include T, but rather include a transaction that sends the same coins used in T to a different address. Call that transaction T’. When the miner reveals this secret history, it will contain T’, not T. Because T and T’ attempted to send the same coins and T’ is now in the canonical history, this means that T is forever invalid, and the recipient of the coins sent in transaction T never even received them in the new, now-canonical history. More info on this can be found here.
What we observed
We observed repeated deep reorganizations of the Ethereum Classic blockchain, most of which contained double spends. The total value of the double spends that we have observed thus far is 88,500 ETC (~$460,000).
Note: A full blockchain analysis is beyond the scope of this article. Further research into the addresses sending the double spend transactions, the history of sends/receives from the addresses, the block fields such as timestamp, and the subsequent movement of miner rewards from attack blocks may shed light on the threat actor or actors behind these attacks.
We observed the following deep chain reorgs:
- Common ancestor: 7245623. Depth 4 / Length 7. No double spends were observed in this reorg. We noted that this was a reorg of unusual depth for ETC.
- Common ancestor: 7248488. Depth 5 / Length 6. No double spends were observed in this reorg. We noted that a second reorg of unusual depth was highly suspicious, but did not necessary indicate an attack as there was no double spend and the depth was still below the ETC confirmation limit for most services.
- Common ancestor: 7249343. Depth 57 / Length 74. A transaction of value 600 ETC in orphaned block 7249357 was double spent by a transaction in attacker block 7249361**.
We ceased interacting with the ETC blockchain upon observing this reorg. Coinbase was not the target of this double spend and no funds were lost.
- Common ancestor: 7254419. Depth 32 / Length 53. A transaction of value 4,000 ETC in orphaned block 7254430 was double spent by a transaction in attacker block 7254435**
- Common ancestor: 7254568. Depth 123 / Length 140. A transaction of value 5,000 ETC in orphaned block 7254646 was double spent by a transaction in attacker block 7254656**
- Common ancestor: 7255033. Depth 60 / Length 79. A transaction of value 9,000 ETC in orphaned block 7255055 was double spent by a transaction in attacker block 7255066*
- Common ancestor: 7255204. Depth 25 / Length 35. A transaction of value 9,000 ETC in orphaned block 7255212 was double spent by a transaction in attacker block 7255225.
- Common ancestor: 7255476. Depth 37 / Length 46. A transaction of value 15,700 ETC in orphaned block 7255487 was double spent by a transaction in attacker block 7255492.
- Common ancestor: 7255542. Depth 67 / Length 85. A transaction of value 15,700 ETC in orphaned block 7255554 was double spent by a transaction in attacker block 7255563.
- Common ancestor: 7255662. Depth 62 / Length 110. A transaction of value 24,500 ETC in orphaned block 7255669 was double spent by a transaction in attacker block 7255681.
- Common ancestor: 7255998. Depth 69 / Length 86. A transaction of value 5,000 ETC in orphaned block 7256012 was double spent by a transaction in attacker block 7256022.
The Coinbase team is currently evaluating the safety of re-enabling sends and receives of Ethereum Classic and will communicate to our customers what to expect regarding support for ETC. Coinbase takes security very seriously. As part of that commitment, we monitor blockchains for activity that could be harmful to our customers and take prompt action to safeguard funds. We want to emphasize to customers that Coinbase strives to be the most trusted and safest place to buy, sell, or store cryptocurrency.
* It is actually the chain with the most accumulated work, rather than the chain with the most blocks, that defines the canonical history. In most cases, these chains will be the same
** The block explorer does not properly handle reorgs and labels the transaction as confirmed. Click on the block to see that the block is orphaned.
This website may contain links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of Coinbase, Inc., and its affiliates (“Coinbase”), and Coinbase is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. Coinbase is not responsible for webcasting or any other form of transmission received from any Third-Party Site. Coinbase is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by Coinbase of the site or any association with its operators.
Unless otherwise noted, all images provided herein are by Coinbase.