06 Aug 2020 Josphat Kariuki
Ethereum Classic Suffers From Two Double-Spend Attacks In A Week
Ethereum Classic, which is a product of a hard fork on the original Ethereum blockchain network, appears to be under the direct hits of organized hack attacks. Data from Etherfly shows that since 1st August 2020, the ETC network has been hacked twice with attackers gaining control on over 51% of the ETC blockchain.
The two attacks, which occurred in less than a week, provided hackers with direct control on information, stored and transacted over the Ethereum Classic blockchain. Information in around 3,800 blocks have been altered, resulting in a double-spent attack, which gained a gross ROI of 27x for the attackers.
In addition, the data analysis company Bitquery noted that hackers took control оf blocks in the range from 10904146 to 10907740, forcing them for block acceptance of replaced blockchain history with attacker`s data. The attack, however, resulted in forks, with nodes running on Geth and Hyperledger Besu accepting the altered blocks. Open Ethereum, previously announcing that they will skip support for ETC, remained on the old forked chain and rejected acceptance.
During the 51% attack 807,260 ETC ($5.6 million) were double-spent. Hackers also received 13,000 ETC tokens in mining rewards, which are excluded in the double-spent calculations. In order to successfully complete the attack, hackers had to pay 17.5 BTC ($192K) to gain hash power.
The attack started with the withdrawal of 807,000 ETC tokens between July 29 and July 31. Between 17:00 and 17:40 UTC on July 31, the attackers created several private transactions between their own wallets and inserting those transactions into the mined blocks. However, as the transactions were private, their actions remained unnoticed.
After the forfeit blocks mining, attackers sent ETC to crypto exchanges in small batches and with a long attack period (around 12 hours). On August 1, the attackers pushed their versions of blocks 10904146 to 10907740 and executed the blockchain reorganization. The result of the hackers efforts is the successful swap of real transactions with the ones they created privately, resulting in double-spending.
However, there are only 11 ETC transactions, five of which were with large amounts of ETC tokens. Interestingly, other miners did not receive the transactions in their memory pools.
“ETC should just switch to proof of stake. Even given its risk-averse culture, at this point making the jump seems lower-risk than not making it.” Buterin tweeted. However, the community behind Ethereum Classic disagreed with Buterin, opting in for the current Proof-of-Work mechanism.
Price-wise, shortly after the first attack, ETC’s price slumped down to $6.91 from a 90-day high of $8.23, as visible below.