Coinbase, the largest cryptocurrency exchange in the United States, announced yesterday in a blogpost that it had stopped the movement of customer funds on the Ethereum Classic blockchain due to signs that the network is under attack.
Half a Million USD Double-Spent
The company pointed out on its website that it had detected “deep reorganizations” within the Ethereum Classic (ETC) blockchain which led to roughly $500,000 USD of the cryptocurrency being spent twice. This type of intervention, known as a “51% Attack,” occurs when a majority of computers supporting a network falsify transactions on the blockchain.
Ethereum’s development team assured users via Twitter that they are investigating the incident and have not yet reached any conclusions.
We are working with Slow Mist and many others in the crypto community. We recommend exchanges and pools significantly increase confirmation times (400-4000+) https://t.co/mKlhFjCodz
— Ethereum Classic (@eth_classic) January 7, 2019
Meanwhile, Coinbase reported that one of its analysts had detected that ETC’s hashrate was originating from a single mining pool, resulting in a massive reorganization of mined blocks.
This latest development comes just a few weeks after ETCDEV, the main team behind Ethereum Classic, announced that it would be shutting down its operations due to a lack of funding.
Kyle Samani, managing partner of crypto hedge fund Multicoin Capital, commented “I’m surprised that ETC is not down 50 percent or more. The most probable explanation is that the biggest holders store their assets off-exchange, leaving them unable to transfer them back and sell.”
No agreed time of the attack
The exact time of the attack is disputed. Blockscout reported that the attack took place between 02:00 UTC and 05:00 UTC on Monday. Bitfly, however, tweeted that the block reorganization was still ongoing at 17:00 UTC. This coincides with Coinbase’s estimation.
Blockscout project lead Andrew Cravenho stated in an interview with Coindesk that even though the last block reorganization occurred 14 hours ago, the network is still “fluctuating and people are always switching their hashing power.” As such, it is expected that the disruption could last a while.
He also pointed out that the attack may have started before it was reported by Blockscout. Coinbase revealed via a blog post that it initially noticed the attack on January 5th, two days before the first reports surfaced.
Not a 51% attack
Ethereum Classic development advisor Cody Burns commented that the reorganization could not be regarded as a 51% Attack and should instead be classified as “a selfish mining attack” caused by a “client-local phenomenon.”
He later tweeted that “…the entire Ethereum network doesn’t ‘reorganize’ simultaneously. It would be more likely that someone discovered all of the Coinbase ETC nodes and ‘surrounded’ them.” Burns further added that companies offering services using ETC should take steps to ensure that their users are protected: “The best course of action for businesses and exchanges using ANY Ethereum based chain is to increase the number of confirmation blocks to >400 blocks.”
Crypto exchange Kraken responded to the attack by announcing that it was increasing the number of confirmations required to deposit ETC. Bitfly is looking to take similar action. Poloniex revealed that it was disabling ETC wallets and hasn’t set a definite timeline for them to be re-enabled.
Linzhi responsible for the attack
According to Ethereum Classic’s Twitter account, the high hashrate may have originated from crypto miner-manufacturer Linzhi. The mining company revealed that it was testing new machines with a 1,400Mh/s hashrate.
Meanwhile, Linzhi Shenzhen director of operations Wolfgang Spraul responded that they “categorically deny such claims,” calling them “entirely baseless’ and asserting that “they may be part of the attack itself.” The company is yet to launch any of its products. He explained that if Linzhi would choose to test its ASICs, “we would never do that on any mainnet,” but would instead rely on either a test net or a private net, further adding that the company “would most likely invite independent industry figures like David Vorick or Anthony Lusardi to observe what we are doing.”