“If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains.”
For any proof-of-work cryptocurrencies, the honest approval of half of the miners (nodes) is required to alter the blockchain – otherwise known as validating a transaction. Ideally, that half would always have an opinion that benefits the blockchain, but that isn’t always the case.
Chain Under Fire
Should 51 percent of nodes be taken over, the system will fall under attack:
“Failure to meet this requirement breaks several core guarantees of the Bitcoin protocol, including the irreversibility of transactions. Many other cryptocurrencies, such as Ethereum Classic, have also adopted proof-of-work mining. If a single miner has more resources than the entirety of the rest of the network, this miner could pick an arbitrary previous block from which to extend an alternative block history, eventually outpacing the block history produced by the rest of the network and defining a new canonical transaction history.”
According to the post, this process is called a “chain reorganization.” Each one has “depth” which means the number of blocks that were replaced. Then, it has a “length” which is how many blocks replaced the previous ones.
What Ethereum Classic suffered from was this, resulting in what is called a “double-spend attack” – when a digital token is spent more than once. It is duplicated, in a sense. The value of this attack seems to be 88,500 ETC ($460,000) reads the Coinbase Blog. This was the result of over 100 blocks being “reorganized.” The information has been validated by Bitfly and Blockscout – block explorers monitoring the blockchain.
Also, Coiness reported on one of their analysts finding an “abnormal hash rate” heading into one mining pool, which was the first sign of the attack. SlowMist, a security company from China, had made the attack public on Monday morning and revealed their attempts to track it.
When discussing their next steps, Nesbitt ended the post with:
“Coinbase takes security very seriously. As part of that commitment, we monitor blockchains for activity that could be harmful to our customers and take prompt action to safeguard funds. We want to emphasize to customers that Coinbase strives to be the most trusted and safest place to buy, sell, or store cryptocurrency.”
A Possible Culprit
No one can agree on the length of the attack, however. Blockscout reported reorganization at 02:00 UTC and 05:00 UTC this Monday. However, at 17:00 UTC, Bitfly stated that the attack could be ongoing, which the Coinbase post echoed. As revealed via CoinDesk, Blockscout project lead Andrew Cravenho claimed that the Ethereum Classic network is “fluctuating and people are always switching their hashing power.”
Cravenho’s explanation isn’t universally accepted, however. In an e-mail to Coindesk, Ethereum Classic advisor Cody Burns believes the attack was more of a “selfish mining” put in place by a “client-local phenomenon.” Then, Burns tweeted that “the entire Ethereum network doesn’t ‘reorganize’ simultaneously. It would be more likely that someone discovered all of Coinbase ETC nodes and ‘surrounded’ them.”
Regardless of the reasons behind the attack, companies working with Ethereum Classic should do whatever they can to protect their user base.
The official Ethereum Classic Twitter account stated that the crypto mining hardware manufacturer Linzhi could be the culprit. Allegedly, the group was testing new machines with a 1,400mH/s hash rate. Yet, a director of operations Wolfgang Spraul claimed:
“We are categorically denying such claims, they are entirely baseless and may be part of the attack itself.”