Ethereum Classic 51% Attack — The Reality of Proof-of-Work

Published at: Jan. 10, 2019

Just two weeks into the new year and the cryptocurrency community is grappling with the reality of an alleged “51 percent attack” on the Ethereum Classic (ETC) blockchain.

While there is still no clear idea of who is responsible for the manipulation of ETC’s blockchain by controlling the majority of CPU power in the mining pool, the circumstances raise some big questions concerning the security and power of proof-of-work (PoW) algorithms.

It is worth taking a look at the chain of events leading up to the confirmation that ETC had indeed been the target of a blockchain reorganization.

On Jan. 7, ETC developers were alerted of a possible attack on the network by Chinese blockchain security firm SlowMist, which was relayed to the wider community on Twitter.

A tweet from the ETC Twitter handle, which has since been deleted, speculated that testing of new 1,400/Mh ethash machines by application-specific integrated circuit (ASIC) manufacturer Linzhi may have been a potential cause.

ETC developers said that the attack was “most likely selfish mining,” noting that they had not detected any double spends at the time.

Following this, American cryptocurrency exchange and wallet service Coinbase also detected what it described as a 51 percent attack. The company then paused all ETC transactions.

Coinbase had identified a “deep chain reorganization” of the ETC blockchain which included a double spend on Saturday, Jan. 5. By the evening of Jan. 7, the company had taken stock of multiple double spends on the network:

“At time of writing, we have identified a total of 15 reorganizations, 12 of which contained double spends, totaling 219,500 ETC (~$1.1M).”

The Coinbase team seems to have conducted a thorough blockchain analysis and provided specific instances of blockchain reorganization.

Crypto exchanges Coincheck and BitFlyer followed suit, announcing halts of ETC transactions on their platforms.

On Jan. 9, SlowMist released a detailed report on the 51 percent attack, corroborating the same chain reorganizations released by Coinbase, as well as other transactions targeting Binance and Bitrue wallets. Bitrue also confirmed the attack on Twitter.

SlowMist also believes that a concerted effort by all the exchanges involved could help identify the perpetrator:

“Through our intelligence analysis, the identity of the attacker can be finally located if the relevant exchanges are willing to assist.”

Cryptocurrency exchange Gate.io also confirmed that it had picked up at least seven double spend transactions after conducting its own investigation into the attack. Users of the exchange were guaranteed to be paid back for any losses experienced.

Unpacking blockchain reorganization

The notion of a 51 percent attack is not new, and there have been instances of this over the years — even being popularized by the Hollywood sitcom Silicon Valley.

An attack on a blockchain that uses a PoW algorithm for consensus is possible if the attackers have over 50 percent control of the network hash rate.

If this is the case, the controlling CPU power will allow an attacker to create a seperate chain from any previous block in the blockchain. Given that it has the majority of computing power, its new chain will eventually overtake the accepted chain by the network, thereby defining a new transaction history.

In this new chain, the attackers are able to double spend virtual currency, meaning that the funds that have already been spent on the network’s chain could be spent again on the attackers chain.

As Emin Gün Sirer, a developer and professor at Cornell University, told Cointelegraph, a 51 percent attack is bad, but it does not give attackers omnipotent power:

“Miners at 51 percent or more have a lot of powers, but they do not have the ability to change the actual rules of the system, nor can they usurp funds. They can rewrite the existing blockchain in a limited fashion: they cannot introduce transactions that don’t already exist, they can omit any transaction that they want, and they certainly cannot change any of the existing rules.”

The reality of consensus

Proof-of-work consensus requires a network of miners to process transactions. This is clearly set out in Satoshi Nakamoto’s Bitcoin white paper, which also makes it clear that more than half of the network must be so-called “honest” workers:

“If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains.”

Thus, vulnerability is inherently built into PoW consensus algorithms, as the network assumes that mining nodes are honestly validating transactions. The evolution of mining has seen the rise and domination of ASIC chips — as well as the amassing of hash power by massive groups of mining pools, which then share the rewards of their combined work.

These large pools potentially pose a threat to any cryptocurrency using PoW algorithms, as a concerted effort to pool resources that would combine hash rate over 50 percent of the total network gives them control. In this instance, the network becomes centralized like a bank.

Following the ETC attack, Litecoin (LTC) founder Charlie Lee said this vulnerability is a necessary point of weakness for a fully decentralized cryptocurrency:

“By definition, a decentralized cryptocurrency must be susceptible to 51% attacks whether by hashrate, stake, and/or other permissionlessly-acquirable resources. If a crypto can't be 51% attacked, it is permissioned and centralized.”

Gun Sirer was far less positive in a thread of posts on Twitter, noting that the immutability of the blockchain was completely compromised:

“A deep reorg is a rewrite of the blockchain, a rewriting of history. As such, it marks complete failure of immutability. Since immutability is ETC's main claim to fame, this is technically a catastrophic failure. Let's see what the exchanges will do in response.”

Changes to Ethereum proof-of-work

While the ETC blockchain comes to grips with this most recent debacle, Ethereum (ETH) core developers reached a tentative consensus to implement a new PoW algorithm on Jan. 4.

The move aims to address the apparent divide in efficiency between ASIC and GPU mining on the Ethereum network.

ASIC mining has been developed to efficiently mine cryptocurrencies using specific algorithms. Ethereum was originally designed to be ASIC-resistant, although ASIC chips were eventually developed that were able to run the ethash algorithm.

Nevertheless, changes have been on the horizon for Ethereum for some time now. Core developers are expected to make a more detailed call on the implementation of “ProgPoW” on Jan. 18.

This is all in line with an end goal of transitioning entirely to a proof-of-stake (PoS) consensus system. The first major move to this eventuality is the Constantinople hard fork, which is expected to take place this month as well.

The hard fork will also include other Ethereum Improvement Proposals (EIPs) to streamline the transition from PoW to PoS.

While Ethereum forges ahead, the ETC developers will be pondering their next move. Smaller cryptocurrencies using PoW algorithms are at more risk of these types of attacks, but that is not to say they are going to be targeted by attackers.

Donald McIntyre, a member of the ETC development team, wrote a succinct post on Medium, unpacking the attack and possible ways forward for ETC.

“My personal opinion is that what happened is a significant setback, but I think ETC still has a unique positioning as a PoW + Turing-complete network with an active community with sound principles. The question is whether a recovery in the medium or long term is plausible or if the network, unless it grows significantly, is perpetually vulnerable, therefore unusable.”

Once the ETC development team and community have taken stock of the damage, the way forward can start to be considered. Whether this encompasses a change in the method of consensus remains to be seen.

Tags
Related Posts
Fight fire with fire: MIT scholar suggests ETC counters 51% attacks
The recent 51% attacks on Ethereum Classic (ETC) have raised fresh questions about the security of proof-of-work blockchains. Not only has ETC been attacked three times within a month, but these assaults have been enabled with rented hashrate power. One of these attacks cost OKEx $5.6 million as it paid out its customers in full. The major cryptocurrency exchange then threatened to delist Ethereum Classic if it doesn’t improve its security soon. Some questions being asked last week were: Is this problem unique to Ethereum Classic, or are all PoW blockchains vulnerable? Would regulating hashrate rental firms help? If not, …
Altcoin / Sept. 15, 2020
Ethereum Classic 51% Attackers Allegedly Returned $100,000 to Crypto Exchange
The Ethereum Classic 51 percent attacker has reportedly returned $100,000 to cryptocurrency exchange Gate.io, a post on the official exchange’s blog reports on Jan. 12. The company further noted that they tried contacting the attacker but didn’t get any reply until now, and that they do not know the reason why the funds have been returned. The exchange declared: “If the attacker didn't run it for profit, he might be a white hacker who wanted to remind people the risks in blockchain consensus and hashing power security.” A white hat hacker is a hacker with a strong professional ethic who …
Altcoin / Jan. 13, 2019
Ethereum Classic Upgrades Network Protocol to Ensure Mining Remains Viable
Ethereum Classic (ETC) has now successfully implemented a protocol upgrade that will ensure that mining remains viable in future, according to ETC Block Explorer data yesterday, May 29. The fork, dubbed ECIP-1041, has removed the so-called “Difficulty Bomb” feature from the ETC network at block 5,900,000. The ‘bomb’ was a component of the original Ethereum (ETH) code that was designed to exponentially increase the difficulty of mining to the point where it would become impractically slow, thereby triggering the need to transition to a Proof-of-Stake (PoS) consensus algorithm. This feature has commonly been referred to as the ‘Ethereum Ice Age,’ …
Altcoin / May 30, 2018
Ethereum Classic 51% Attack Would Cost Just $55 Mln, Result in $1 Bln Profit: Research
A Brazilian researcher has calculated that it could take just $55 mln to hack a major cryptocurrency network for $1bln profit in new findings, TNW reports Friday, May 22. Husam Abboud of FECAP University in São Paulo used the example of Ethereum Classic (ETC) to demonstrate the hackability of cryptocurrency networks using Proof-of-Work (PoW) algorithms. “We can safely estimate The Cost of a 51% attack on Ethereum Classic today to be between 55 to 85 million [USD] (averaged $70 million),” Abboud reported. The findings seemingly contradict previously-held assumptions that conducting network attacks - successful 51% attacks to control hashpower - …
Altcoin / May 25, 2018
These 3 altcoins have completely ignored the bear market in the last 90 days
The cryptocurrency market overall endured a bad summer on back-to-back pieces of bad news, ranging from Terra's collapse to the Celsius Network's liquidity crisis. But some tokens have bucked the downtrend and have actually seen their valuations go up over the summer. Specifically, the last 90 days have seen these so-called alternative cryptocurrencies, or "altcoins," outperforming top coins like Bitcoin (BTC) and Ether (ETH). Here are three among them Chiliz (CHZ) Chiliz's (CHZ) return in the last 90 days comes to be above 80%, the highest among the top-cap cryptocurrencies. Moreover, CHZ is down only 26% year-to-date compared with BTC …
Bitcoin Price / Aug. 29, 2022