[ad_1]
On Saturday, the Coinbase security team noticed something worrying. Someone had made a profound reorganization in the distributed book of Ethereum Classic, a smaller spinoff of the Ethereum currency. The attackers had removed the cryptocurrency equivalent of writing a check. The initial fraud reported by Coinbase on Monday was $ 460,000, but in the following days the total amount rose to over $ 1 million, spread over 20 different transactions.
He said Coinbase The Verge that portfolios controlled by the company or its customers were not involved. The security team of the company detected the attack only because, as security engineer Mark Nesbitt said The Verge, "Regardless of whether it was directed to us, it could have been." The company interrupted its negotiations for Ethereum Classic in the wake of the attack; it is not yet clear when the trading will be reopened.
Cryptocurrency portfolios are being hacked continuously, but this hack has been different, affecting the blockchain itself. The attackers were able to rewrite the alleged permanent transaction log, something that should be impossible. The cryptocurrency developers have known that such attacks have been possible for a long time, but only recently have they become something on which exchanges must defend themselves. This raises difficult questions about the future of the blockchain, especially for smaller coins.
In the most basic terms, the attackers have interrupted Ethereum Classic to spend the same money twice. They sold classic etereum coins for money, then rewrote the blockchain so that they came away with both money and coins. In a conventional payment system, it is up to the banks and other central executors to stop the double expense, but there is no such amount in the cryptocurrency. Instead, transactions are applied through a distributed ledger, collectively produced by currency miners.
But if miners work together, there's a way to write transactions from that register. All they have to do is split the blockchain at the right time, and rely only on the chain versions that do not include the unwanted transaction. All they need is enough mining power to overwhelm the rest of the mining pool – so, 51%. It is a fundamental weakness in the way cryptocurrencies work, recognized since the first writing on the cryptocurrency. Bitcoin and his brothers rely on a critical mass of what Satoshi called "honest miners".
In this case, the 51 percent attack was used to perform a double expense: write a wrong check and then extract it from the ledger. But it's not the only bad thing you can do once you have control. In a document last year, the NYU cryptographer, Joseph Bonneau, expressed concern about the majority attackers who have devastated the ledger of a currency to crater the price and reach a short position, something that defined a "Goldfinger attack" ".
Attacks like this hit a number of smaller currencies last year, doubling a total of $ 20 million in 2018, but Ethereum Classic is the most important victim so far. With so many competing cryptocurrencies, Bonneau says it's just too easy to overpower a smaller coin. "Someone can always appear out of nowhere with more computational power than everyone else," he said The Verge. "The question is: do we see a trend in which these attacks are mounted against ever larger coins?"
The attacks are particularly tempting because cryptocurrency prices have plummeted in the last six months. As prices fall, currency mining becomes less profitable, making it less expensive and easier to rent the amount of computing power needed to take over a currency. It is even easier when you can reuse mining hardware from an important currency, such as ETH (mainline Ethereum), to detect a smaller one, such as ETC (Ethereum Classic).
"The feasibility of a 51% attack depends exclusively on the availability and cost of mining equipment," Cornell cryptographer Emin Gün Sirer said. The Verge. As equipment becomes cheaper and more available, attacks become more common. "Bearish markets cause hashpower deactivation", continued Sirer, "which can then be rented and used for attacks".
At the same time, falling prices makes cryptocurrencies like ETC easier to extract. At the time of the hack, the difficulty of extracting a block of ETCs was roughly half of its September peak, which means that much less mining hardware is needed to reach 51% over four months. does. The result is a perfect storm for attackers, who can rent unused mineral resources to take over any weaker currency at the moment.
This is unlikely to affect Bitcoin, which has a data mining pool sufficient to withstand most 51% attacks and a chip-specific protocol that makes it less susceptible to reused equipment. But Ethereum has created a new generation of product-specific coins such as Filecoin and Bancor, often based on the Ethereum protocol and launched through Initial Coin Offerings (ICOs). The smaller coins are inherently vulnerable and the risk is only increasing.
For Nicholas Weaver, professor of IC Berkeley ISCI and skeptic of Bitcoin, it is a question of how fast miners burn through electricity. As Weaver says, it is "a beautiful illustration of how waste testing schemes can not be both efficient and safe". The more it costs a block, the more expensive it is to spend honest miners for a long time to reverse a transaction. Electricity prices range from miner to miner, but Weaver estimates that the Bitcoin network currently spends about $ 300,000 in electricity per hour, while the smaller Ethereum network costs about $ 100,000 an hour. . For Weaver, any coin much smaller than that is at risk of a 51% attack. Ethereum Classic watches come to around $ 5,000 an hour.
"Any currency that does not burn $ 100,000 at the moment should probably be considered insecure in the face of the attackers and should not be supported by any exchange," Weaver said. "The fact that Coinbase has supported a currency that has just $ 5,000 per hour of protection is negligence."
Coinbase did not comment on whether the attack would affect its support for Ethereum Classic, citing insider trading concerns. (Coinbase's support has a huge impact on the price of smaller currencies, so these statements are ripe for market manipulation.) But Nesbitt, the engineer in charge of handling such attacks, did not agree on fact that the support was negligent. "Weaver is right that there are different risk profiles in different currencies," he said. "I do not necessarily understand why you would draw the line above Ethereum Classic."
Source link
