A fifty-one percent attack has been launched against EthereumClassic (ETC), causing a single malicious player to take control of the network. Several blocks have been re-written, resulting in double spends for what could be several hundred thousand dollars worth of the platform’s tokens. In response, a number of exchanges, including CoinBase, have suspended withdrawals. Also, the price of EthereumClassic has fallen more than five percent.
The EthereumClassic developers have acknowledged that a single player has acquired a majority of the hash power, but deny that double spends have occurred. Rather, the developers assert that the situation is the result of a new generation of ASIC miners that are being tested, and is nothing more than “selfish mining.” However, CoinBase has posted evidence of what it claims to be double spends beginning on January 5th. Officials at the exchange claim that thus far 88,500 ETC have been subject to double spending, worth approximately $460,000.
During the past 12 months attacks such as these have become more frequent. Verge and Bitcoin Gold are two of the more popular platforms to suffer chain reorganizations. Others have included Vertcoin and Einsteinium. The later of these, which took place in October, was announced in advance and live streamed.
Such attacks were once considered nearly impossible for established cryptocurrency platforms, but a series of factors has made them relatively easy to pull off. Firstly, the decline in market caps has substantially reduced the mining on lesser altcoins, thus weakening their networks. For most proof-of-work coins, far less hash power is needed to gain control.
Another factor is the emergence of hashing power brokers, the most prominent of which is Nicehash. These services enable individuals to buy or sell mining power in an open marketplace. Using such a service, a malicious actor can rent enough power to control a network for a brief time, thus enabling a fifty-one percent attack. In some instances a network can be controlled for a few hundred dollars per hour. Websites have even emerged that track the cost of taking control of networks in real time.
Mining pool collusion is another way by which a network can be controlled. As crypto mining becomes more commercialized, a number of large pools have come to dominate the networks. These pools could, in theory, work together to gain a majority of network power. This vulnerability is an especially acute concern for Bitcoin, as more than eighty percent of all Bitcoin mining is controlled by handful of Chinese-based pools.
It is too early to determine the source of the EthereumClassic attack, or how damaging it will be to the platform in the long-term. More details will no-doubt emerge. Although the platform may recover, this attack indicates that no cryptocurrency is immune from manipulation, and greater measures will be needed moving forward if blockchain security is to be assured.