Hackers Launch Third 51% Attack on Ethereum Classic This Month

Strategies to protect the Ethereum Classic blockchain from 51% attacks might be too little, too late. For the third time in August, hackers gained control of the Ethereum Classic blockchain in a 51% attack that reorganized over 7,000 blocks. 

Though Ethereum Classic developers are rushing to protect the blockchain from future attacks, these three attacks raise concerns over the network’s security. OKEx, for instance, has considered delisting the coin to protect itself from future losses.

What is a 51% attack?  

Hackers conduct a 51% attack to take over the blockchain. Blockchains are so-called decentralized ledgers because they distribute all the work of validating transactions across a global network of computers, called miners.

Each transaction must be approved by over 51% of miners. So the theory goes, it’s very difficult for a single actor to control 51% of the network, since that would require an immense amount of computational power.

But if someone managed to control the network, they’d be able to bend the blockchain to their will—credit their accounts with free cryptocurrency, for instance, or divert other people’s transactions to their own people’s wallets. 

Impossible! They’ll never do it! Not so for Ethereum Classic—the un-forked version of the more popular Ethereum blockchain—which this month was thrice exploited by hackers. 

So what happened? 

The latest attack took place last night. Hackers managed to once again brute-force their way to majority control over the network and managed to reorganise more than 7,000 blocks, or about two days of mining.

The attack was identified by Austrian mining company Bitfly, which also identified the first and second attacks, wherein hackers reorganised almost 8,000 blocks and took home around $9m in double spend transactions, much of it from crypto exchange OKEx. 

ETC Cooperative, the non-profit that watches over the Ethereum Classic blockchain, said in a tweet late last night that it is “aware of today’s attack and are working with others to test and evaluate proposed solutions as quickly as possible.”

Not much is known about the latest attack. 

One of the reasons it occurred was that there’s far less computational power backing Ethereum Classic than on larger blockchains, like Ethereum or Bitcoin, meaning it’s not so difficult to briefly rent enough computational power to gain majority control over the blockchain. 

There are two drafts to change Ethereum Classic’s algorithm to make this more difficult, but they’ve not yet been implemented.

Since the hack, Ethereum Classic’s token price has fallen by 1.68%, per data metrics site CoinMarketCap. But the long-term damage may be greater. The coin’s listed as suffering from “degraded performance” on Coinbase, for instance.

And after the previous two attacks earlier this month, OKEx said that it would “consider delisting ETC, pending the results of the Ethereum Classic community’s work to improve the security of its chain.” This is because OKEx bore the brunt of the first attacks, and “suffered a loss of approximately $5.6 million in ETC,” according to a statement of August 15. 

“The loss was fully borne by OKEx, according to its user-protection policy, and did not cause any loss to the platform’s users. The ETC that users have deposited on OKEx remains safe,” it said after the previous attack. 

Ethereum Classic developers must plug the exploit before OKEx makes its move.