The attack on Ethereum Classic highlights a cryptographic weakness



[ad_1]

The promise of digital cryptocurrencies like bitcoins are that it is not necessary to trust the people to whom you send or receive money, because the software makes it technically impossible for anyone to cheat the system. Instead of relying on humans and their imperfect judgment, you rely on the laws of mathematics. But a recent attack on the cryptocurrency Ethereum Classic – not to be confused with the original Ethereum project – shows once again how difficult it is to remove human frailty from digital systems.

Like other cryptocurrencies, Ethereum Classic is based on a decentralized ledger known as blockchain created and shared by machines that process transactions on the network. This log ensures that no one can spend their virtual tokens twice. Unless, that is, someone can take over at least 51 percent of the machines in the network. This is what seems to have happened last weekend.

Currency exchange Coinbase announced on Monday that it had taken over double spending on the Ethereum Classic on Saturday and had suspended transactions relating to Ethereum Classic. Kraken, another exchange, followed the example with a similar one ad. Coinbase security engineer Mark Nesbitt wrote in a blog post that the company had identified 12 double-expense Ethereum Classic token cases, totaling approximately $ 1.1 million.1 Ethereum Classic is not as popular as some other cryptocurrencies: Friday had a total market value of $ 553.5 million, according to CoinMarketCap; in comparison, ether, the currency created by the original project of Ethereum, had a value of $ 16.3 billion and bitcoin worth $ 67.5 billion.

Nesbitt told WIRED that Coinbase is "very confident" about the fact that double expenses are the result of someone taking more than 51% of the Ethereum Classic network, allowing those attackers to rewrite history.

The Ethereum Classic team announced on Twitter that is examining the problem but has not confirmed that double losses have occurred. Also the company complained that Coinbase had not contacted before announcing the suspension. Nesbitt says that Coinbase tried in vain to contact the Ethereum Classic team on Monday, but is now in touch. Ethereum Classic has not responded to our request for comment.

It is unclear how someone would be able to gain control of 51% of the Ethereum Classic network. Cryptocurrency observers have known for years that blockchains are vulnerable to such an attack, but major cryptocurrency projects have not yet seen a successful acquisition, in part because it would have been so expensive to install enough computers to enhance the rest. of the network.

If someone has gained the power to rewrite the Ethereum Classic ledgers and spend the tokens multiple times, software developers and owners of machines running that software will have to decide what to do. The team could release a new version of the software with a new version of the blockchain that reverses the double spent and hope that users will adopt the new version. But making changes to the blockchain would be against the raison d'être of the project.

Ethereum Classic was founded in 2016 after a hacker stole about $ 50 million from an investment scheme known as the DAO (Decentralized Autonomous Organization). The robbery was the result of errors made by DAO programmers, not an ethereal blockchain attack. But the Ethereum team decided to change the blockchain to restore the token stolen from their previous owners.

Ethereum Classic was created by members of the Ethereum community who rejected the idea of ​​modifying the blockchain. In essence, its users have chosen to continue using the version of the ledger Ethereum which shows the stolen cryptocurrency found in the virtual DAO hacker's portfolio and ignores subsequent transactions carried out on the original Ethereum network, which also ignores transactions carried out on the Ethereum Classic network. Attacking the Ethereum Classic network does not affect the original Ethereum project.

The attack on Ethereum Classic is different from the attack on DAO as it appears to have directly modified the Ethereum Classic blockchain, which is more serious than exploiting bugs in software developed outside of the project. The community could find this attack a more valid justification for reversing the offending transactions. But it will be up to the community to decide what to do, not the software. It is also another black eye for cryptocurrencies and remembers that blockchains are not really immune to human politics and judgment.

1 CORRECTION, January 8, 19.40: Coinbase identified 12 double-expense cases on the Ethereum Classic network. An earlier version of this story wrongly claimed to have identified 21 of these cases.


Other great stories WIRED

[ad_2]
Source link