Ethereum Classic Hit With Two 51% Attacks In Single Week, Community Grapples With Need For Security Upgrades

On Saturday, August 1 various figures from the Ethereum Classic community took to Twitter to warn users that there was a problem with the ETC blockchain.

Founder of Ethereum Classic Labs James Wo soon sent out a tweet confirming the issue and stated that it was imperative exchanges halt deposits and withdrawals on the chain. While initially claiming that the disruption was not malicious, the Ethereum Classic team was soon forced to admit that the issue was a 3,000 block reorganization attack which resulted in hackers making off with $5.6 million worth of crypto.

In the ETC team’s earliest report, they stated that a miner using outdated software had caused disruptions in the network’s node syncing protocol. The chain split destabilized the network and miners were working on the 3,000 block-inserted chain. It was advised that miners continue mining the chain as-is, including the inserted blocks. The report concluded that the split was not an attack.

“It doesn’t appear actively malicious. It might be a deliberate attack as well, but it doesn’t seem there was any major double-spend attack,” the report read.

PC: Ethereum Wallpaper via ETC on Flikr

However, four days later blockchain forensics firm Bitquery published research demonstrating that the reorganization was a carefully crafted 51% attack resulting in millions worth of crypto being double-spent.

A 51% attack occurs when a single entity manages to gain a majority of the hash power on the network. A miner’s power is based on hash power, which is their ability to solve computational problems to process blocks and collect block rewards in a proof-of-work system. Hash power is distributed to nodes throughout the network ensuring decentralization. If one body is able to gain 51% hash power they can wreak havoc on the system by reordering the transaction pool, erasing transactions or even reversing their own transactions carried out while in control, allowing double-spend. To carry out their plan, hackers used a 51% attack model to double-spend $5.6 million worth of crypto.

Bitquery’s report states that the mastermind behind the attack spent $192,000 worth of BTC renting hash power from Nicehash to gain the majority hash power necessary for the attack. The hackers opened five wallets with crypto exchange OKEx and deposited $5 million worth of ZEC on the platform. They then exchanged the ZEC for ETC and moved it out of the exchange.

The hackers used their purchased majority hash power to mine blocks on the Ethereum Classic network without broadcasting newly mined blocks, which created a private alternate chain. This alternate chain included 807,260 ETC the hackers had purchased on OKEx and moved to external addresses, according to a more recent analysis of the hack by OKEx. They then deposited the 807,260 ETC back onto OKEx, which was confirmed on the ETC mainnet, however on their alternate chain the hackers switched the destination from OKEx to their own personal address.

“The conclusion of this process was that the attacker(s) successfully completed a double-spend: the 807,260 ETC was both moved to OKEx on the ETC mainnet and remained on the second wallet address on the ETC shadow chain,” the report explained.

This process allowed the hackers to essentially duplicate their cryptocurrency holdings, which is frequently called double-spend.

PC: Visual presentation of the 51% attack via Bitquery

OKEx absorbed the entire cost of the attack and in its report called out the Ethereum Classic community, stating that they did not communicate well with the rest of the crypto world in the wake of the attack. The exchange has since suspended all ETC deposits and withdrawals and plans to extend confirmation times on the chain. The exchange even went so far as to threaten delisting ETC if security concerns are not addressed.

“Additionally — given OKEx’s responsibility to protect users from similar incidents that threaten the security of their funds — the exchange will consider delisting ETC, pending the results of the Ethereum Classic community’s work to improve the security of its chain,” the statement reads.

Five days after the first 51% attack was carried out, a second one struck Ethereum Classic increasing the urgency of security upgrades. Concerned that security issues will cause other exchanges to consider delisting ETC, community leadership is debating how to address security issues on the network.

During a Discord call on Thursday, August 13 co-founder of Ethereum network Charles Hoskinson pitched his plan for a decentralized treasury protocol, which is also outlined in a report released by his firm IOHK. The creation of a decentralized treasury would mean that a portion of block rewards would go to the treasury instead of entirely to miners. The treasury funds would be used to conduct research and development work for Etheruem, which would surely include security upgrades. The treasury plan is not popular among the Ethereum community with many worrying that a decreased block reward for miners will cause them to stop working the network.

Hoskinson’s theory is that the creation of a treasury and funds allocated for improving the network would lead to a domino effect: improving the network would attract developers, which would increase utility of the chain, which would attract miners, which would grow the consensus network reducing the chance of attacks. A 51% attack on the Bitcoin blockchain, for instance, has been deemed virtually impossible because the network is so large that a hacker would not be able to achieve 51% hash power.

By Emily Mason

New York-based blockchain media company covering everything crypto. Check us out at