UPDATE 14.1.2019: Gate.io published a more extensive report on the hack claiming that 54,200 ETC in total (worth $271,500 when the hack occured) had been transferred out of the exchange. In a separate statement on Jan. 8, Coinbase claimed that a total of more than $1.1 million in crypto had been affected during the 51% attack.
A 51% attack was confirmed to have hit the Ethereum Classic (ETC) network on January 7, by Bitfly, the operator of the Ethereum block explorer, the Ethernodes node explorers, and an Ethereum Classic mining pool.
We can confirm that there was a successful 51% attack on the Ethereum Classic (#ETC) network with multiple 100+ block reorganization. We recommend all services to closely monitored the chain and significantly increase required confirmations.
— Bitfly (@etherchain_org) January 7, 2019
When a 51% attack is successfully executed, hackers gain the ability to “reorganize” a blockchain or even replace a blockchain with their own version. In addition to a number of other opportunities for malicious behavior that this reorganization or replacement grants to the perpetrators of a 51% attack, hackers can “double spend”–that is, the same coins can be used multiple times in fraudulent transactions.
Rumors of 51% Attack on ETC Originally Appeared January 6
Reports that ETC may have been experiencing a 51% attack originally appeared on January 6 in CoinNess, a Chinese-based coin journal. The publication wrote that transaction rollbacks had triggered an alert for Chinese blockchain security firm SlowMist.
“The ETC community followed up on the development of the incident immediately and learned that there is a private mining pool…that achieves more than 50% of the total network hashrate at certain times,” the report read.
Ethereum Classic itself responded to the report with a Twitter post claiming that the ETC network was “operating normally.”
There have been rumors of a possible chain reorganization or double spend attack.
From what we can tell the ETC network is operating normally.
— Ethereum Classic (@eth_classic) January 6, 2019
However, the ETC team changed its tune less than eight hours later with another tweet imploring “all exchanges and mining pools” to “please allow a significantly higher confirmation time on withdrawals and deposits (+400).”
To all exchanges and mining pools please allow a significantly higher confirmation time on withdrawals and deposits (+400)
The FBS CopyTrade Team Introduces New ‘Risk-free Investments’ FeatureGo to article >>
— Ethereum Classic (@eth_classic) January 7, 2019
Then, without expressly confirming that the attack had taken place, the ETC team then retweeted the original CoinNess article.
At the time of writing, the attack appeared to have subsided–ETHNews reported that the ETC address that is suspected to be associated with the attack has been “silent” since it mined block #7,256,171 nearly twenty-four hours ago.
However, some controversy arose around the attack when US-based crypto exchange Coinbase came forward and said that it noticed a “deep chain reorganization of the Ethereum Classic blockchain that included a double spend” on Saturday, January 5th, a full day before the CoinNess report.
Ethereum Classic responded to the report with a tweet saying that “unfortunately [Coinbase] did not connect with ETC personnel regarding the attack.”
Regarding @coinbase account of recent events: they allegedly detected double spends but unfortunately did not connect with ETC personnel regarding the attack.
This is still very much an ongoing process. https://t.co/in1OGdV8T9
— Ethereum Classic (@eth_classic) January 7, 2019
Coinbase’s report on the 51% attack was posted on the company’s Medium blog on January 7. Coinbase Security Engineer Mark Nesbitt, who authored the post, wrote that Coinbase detected “a deep chain reorganization of the Ethereum Classic blockchain that included a double spend” on January 5. The post claims that since then, there have been at least eight more chain reorganizations worth around $460,000.
Exchanges React to Attack
A number of exchanges and other platforms that interact with ETC have taken precautionary steps to ensure that their users and the ETC community isn’t negatively affected by the attack. Among them, Bitfly has reportedly increased block confirmations on its mining pool.
US-based crypto exchange Kraken wrote in a post that “as the 51% attack appears to be ongoing, we have temporarily halted ETC deposits and withdrawals,” adding that “[we] will bring ETC funding back online only once we believe it is safe to do so.” Originally, the exchange increased the level of transaction confirmations necessary for ETC transactions from 120 to 500 to prevent false transactions.
Crypto exchange Gate.io posted on its website that although “Gate.io’s censor successfully blocked attacker’s transactions at the beginning and submitted them to the manual exam,” the censor did pass some false transactions, causing about $40,000 in losses.
“Gate.io will take all the loss for the users,” the post said. Finance Magnates interviewed Gate.io’s Vice President of International Affairs Virgilio Lizardo late in 2018. During the interview, Lizardo said that “Gate sets itself apart by prioritising security and [user] experience.”
At the time of writing, ETC’s valuation had sunk roughly seven percent within the last 24 hours to $4.96, according to data from CoinMarketCap.