Ethereum Classic Suffers Second 51% Attack in a Week

6 August 2020

Ethereum Classic has suffered its second 51% attack in a week after more than 4,000 blocks were reorganized Thursday morning.

Mining pool Ethermine’s parent entity Bitfly and crypto exchange Binance reported the reorganization, announcing all Ethereum Classic payouts, withdrawals and deposits had been suspended due to the attack.

The reorganized transaction history is currently the longest chain on the network. However, the majority of Ethereum Classic miners – such as mining pool Ethermine – are continuing to mine on the shorter version of the network.

Developers behind Ethereum Classic said in a tweet minutes before Bitfly’s report that exchanges and mining pools are advised to “significantly raise confirmation times on all deposits and incoming transactions” in light of “recent network attacks.”

A chain reorg occurs when a party gains more hashing power than the rest of the network miners. The adversary can then rewrite the chain’s history and “double-spend” the blockchain’s native currency (in this case, ETC). Hashing power on Ethereum Classic looks to have decreased considerably since Monday, August 3 dropping nearly 20% from 1.6 TH/s to 1.3 TH/s as of press time. 

Read more: Ethereum Classic Suffers Reorganization That Resembles 51% Attack Amid Miner Complications

This fresh attack to Ethereum Classic’s network follows on from a recent attack that occurred between July 29 and Aug. 1, according to blockchain analytics firm Bitquery.

While Ethereum Classic developers initially said the network did not suffer from a reorganization or a 51% attack in that previous attack, Bitquery said Wednesday that an attacker double-spent a little over 800,000 ETC (about $5.6 million), and paid about 17.5 BTC ($204,000) to acquire the hash power for the attack.

The monetary value of Thursday’s 51% attack in terms of the double spends is not yet known. However, at $23.44 per block reward on Ethereum Classic, the attacker has most likely earned $93,760 from block rewards alone.

The attack follows the deprecation of the OpenEthereum client on July 16. Nearly half of the network’s nodes – including important mining and exchange connections – operated on OpenEthereum software which became immediately outdated following the first chain reorg on July 31.

Ethereum Classic developers have urged node operators to switch to Besu or Core-geth implementations as soon as possible.

Ethereum Classic’s price was $7.03 as of press time, down less than 1% over 24 hours.

Not the first

The network has suffered major reorg attacks at least twice in the last two years.

In the more recent attack, the perpetrator moved more than 807,000 ETC from an unspecified crypto exchange to several wallets between July 29-31, according to Bitquery.

The attacker then started mining blocks after purchasing the hash power from a user on cryptocurrency mining platform Nicehash.

On July 31, the attacker sent money to their own wallet address via private transactions and then implemented the transactions into the blocks they were mining.

The attacker then sent back money to a crypto exchange, which Bitquery alleges belongs to Malta-based OKEx.

By August 1 the attacker published their blocks and initiated the chain reorg.

As of press time, none of the funds compromised in the 51% attack have moved from the OKEx exchange, according to Bitquery.

Nikhilesh De, Wolfie Zhao, William Foxley and Christine Kim contributed reporting.