Ethereum Classic suffers a 51% attack

January 5, 2019

Summary #

Ethereum Classic, a well-known cryptocurrency, experienced a 51% attack in January 2019. The attackers managed to double-spend ETC coins and caused significant losses for users and exchanges.

Attackers #

The identity of the attackers behind the Ethereum Classic 51% attack remains unknown. It is suspected that the attackers rented the required hash power from mining marketplaces, such as NiceHash, instead of owning and operating the necessary mining hardware themselves. This indicates a high level of knowledge and understanding of the cryptocurrency mining landscape and the vulnerabilities present in Ethereum Classic’s network.

Losses #

During the Ethereum Classic 51% attack, it was reported that around 219,500 ETC coins were double-spent by the attackers, worth approximately $1.1 million at the time of the attack.

Timeline #

January 5, 2019: The 51% attack on the Ethereum Classic network begins. The attackers successfully gain control of over 60% of the network’s hash rate.
January 6, 2019: The attack continues, with the attackers double-spending ETC coins and causing financial losses for Ethereum Classic users and exchanges.
January 7, 2019: Blockchain security firm SlowMist and Coinbase security team publish posts that attract public attention to the ongoing attack and cause the price of ETC to fall by more than 7%. At least 15 chain reorgs have been identified, including 12 that resulted in double-spends. The total amount of double-spent coins is estimated to be around 219,500 ETC, worth approximately $1.1 million at the time of the attack. ETC developers dismiss the claims and suggest that the network changes are caused by new ethash ASIC miner, produced by Linzhi.
January 8, 2019: Ethereum Classic Cooperative, which acts as the project foundation, publically confirms the attack. Kraken, Coincheck, BitFlyer, Gate.io, and other exchanges suspend all ETC transactions.
January 9, 2019: The attack ends. SlowMist and Bitrue release additional details on the attack, confirming Coinbase team findings.

Security Failure Causes #

Vulnerable mining algorithm: Ethereum Classic’s Ethash mining algorithm was susceptible to attacks.
Proliferation of hashing power marketplaces: NiceHash and other hashing power marketplaces allowed attackers to easily rent hash power for short periods of time to gain control of the network’s transaction validation process.
Lack of proactive network monitoring: Binance, Gate.io, and other major exchanges lost significant amounts of ETC to fraudulent withdrawals that have been reversed on the blockchain due to reorgs. In contrast, Coinbase avoided losses thanks to proactive network monitoring by their security personnel that spotted the attack and paused ETC transactions.
Lack of security awareness: Ethereum Classic community didn’t pay enough attention to potential network vulnerabilities. In addition to the insufficient educational and proactive monitoring efforts, protocol and client developers in charge of ETC Foundation dismissed early warnings by security professionals who warned about potential network weaknesses and spotted the ongoing attack.

Market Health Metrics API

Benford's Law

Volume distribution analysis

Time-of-Trade

Buy/Sell Ratio

VWAP

Attack Types

Entity Types

Target Entities

51% Attacks

Custodian Attacks

Flash Loan Attacks

Lockout Scams

Phishing Attacks

Reentrancy Attacks

Rug Pull Scam