A blockchain security research firm called Slowmist has released a full report on the attack that recently took place against the Ethereum Classic. The report shows that many exchanges are the victims of a concerted 51% attack.
Notably, the researchers report that the attack begins January 5th at 19:58:15 UTC. Days pass before anyone notices. The attacker duplicates several exchanges in the process including Coinbase, Bitrue, and Gate.io. The analysis focuses heavily on Bitrue. To the attack was the owner of address 0x24fdd25367e4a7ae25eef779652d5f1b336e31da. The earliest movement is a little over 5,000 ETC from Binance to this address.
The Attack Begins With Coins From Binance
From there the coins move to a mining node, which mined block 7254355. Later, in block 7254430, to deposit is made to Bitrue in the amount of 4,000 ETC. Ethereum Classic chain. It was sent to verified Bitrue address 0x2c9a81a120d11a4c2db041d4ec377a4c6c401e69. If you can click on that address, the official history does not show any such deposits.
But Bitrue's own records remember. Bitrue tweets them:
💔! ️Ethereum Classic (ETC) 51% Attack Detected On @BitrueOfficial
We've experienced an ETC 51% attack yesterday morning. The attacker tried to withdraw 13,000 ETC from our platform but got halted by our system. As demonstrated below: pic.twitter.com/V7YWzkldIv
– Bitrue (@BitrueOfficial) January 8, 2019
Another 9000 ETC attack later happens the same way. The attacker moves the coins to other addresses, makes deposits, then withdraws them to safe addresses. Its attack: make a deposit, then make a withdrawal. He has the hashpower to ensure that the he wants to exist. In essence, he doubles his money simply by moving the coins to other addresses. Then he moves the original coins to safety.
Coinbase Just One Victim
Of course, this all adds to the confirmed damage at Coinbase. The report goes into some detail about that. It says that once Coinbase and other exchanges began blacklisting attacker addresses, the attack being stopped on January 8th.
The report confirms two addresses certainly involved in the attack:
Combined, these addresses possess over 53,000 ETCs at time of writing. They will struggle to find any liquidity for these tokens, as most exchanges have likely banned them from depositing. Security is fundamentally important to exchanges. These tokens can essentially be considered "tainted."
Early in the hours of January 8th, Marshall Long says he thinks he knows the attacker personally:
I am pretty sure I know who reorged $ ETC. And I mean personally
If anybody with weight is interested
– Marshall Long [Jan/3➞₿ 🔑∎] (@OGBTC) January 8, 2019
Another user seems to indicate he knows the actual attacker:
"I am pretty sure I know who reorged"
No you have zero clue.
– Seb Green (@ sebseb7) January 9, 2019
Either way, the 51% attack against the Ethereum Classic is over and done with. For now. Some of the gains are very real.
Conclusions After a Real Attack
Exchanges must adapt their security policies to chains with smaller hashrates. Declining markets lead to reduced hashpower. It happens in all proof-of-work systems. Unsavory people view as an investment opportunity. If the token is worth enough, dedicating massive hashpower to the chain in order to defraud legitimate exchanges is worth the effort.
As the report says:
[W]and recommend that all digital asset services platform block transfers from the above malicious wallet addresses. And strengthen the risk control, maintain a high degree of attention.
The incident provides lessons for the players in the blockchain ecosystem. The reality of decentralization is that every player is on their own. Exchanges can increase the number of confirmations required. They are also force users to register. Billions of dollars across the markets are actually on the line. 51% against exist because proof-of-work is fair.
Featured image from Shutterstock.
[ad_2]Source link