Ethereum Classic Under Attack

Source: iStock/FooTToo

One of the top 20 coins by market capitalization Ethereum Classic (ETC) has suffered a serious attack and a possible double spend. ETC is down by more than 8% in the last 24 hours (UTC 06:50 AM.)

Monday evening, popular US-based exchange Coinbase announced that they have temporarily disabled all sends and receives for ETC, while “buy and sell is not impacted.”

“The Coinbase team is currently evaluating the safety of re-enabling sends and receives of Ethereum Classic and will communicate to our customers what to expect regarding support for ETC,” the company said in a blog post.

Tuesday morning, Kraken exchange also followed up with an update to their customers where they said that a “51% attack appears to be ongoing,” and that ETC deposits and withdrawals have been halted as a result.

Meanwhile, OKEx announced that their team have assessed the situation "and our advanced risk management system is able to maintain market order. Our ETC trading, depositing, and withdrawal will remain open and continue normal operations." The exchange has temporarily increased the number of confirmations required for depositing to 100 and for withdrawal to 400.

Also, exchange has confirmed that it will be covering the ETC 40,000 loss for its users:

[ Research] confirms the ETC 51% attack.

4 of the 7 rollback transactions detected were created by the attacker; transferring 54,200 ETC in total.

Gate will be covering the 40k ETC loss for all of the users.

See details:

— Exchange (@gate_io) January 8, 2019

So far, few other exchanges have come out with public statements regarding the situation.

Coinbase claims it has detected a “deep chain reorganization”* on the Ethereum Classic blockchain on January 5.

The exchange said that the observed deep chain reorganization included a double spend of ETC 219,500 (USD 1.1 million). This would only have been possible if a miner (or miners) with more than 51% of the computing power on a network decided to do it.

As Coinbase writes in its blog update, “the “honest[y]” of more than half of miners is a core requirement for the security of Bitcoin and any proof-of-work cryptocurrencies […]” Just like Bitcoin, Ethereum Classic is also a proof-of-work cryptocurrency.

ETC price chart:

Ethereum Classic Under Attack

The Ethereum Classic team, however, has its own take on the events. On Monday, the official Ethereum Classic Twitter account published this tweet, saying no double spends had been detected. The team further suggested that the unusual activity on the network may have been caused by a mining machine manufacturer testing new hardware. However, a couple of hours later, the team changed their tone, saying the report by Coinbase on double spending on the ETC network “may be true”:

To be clear we are making no attempt to hide or downplay recent events.

Facts are facts and as the situation develops we'll soon get a full picture of what actually took place.
Linzhi is testing ASICS. Coinbase reported double spends; both may be true.

In time we will see.

— Ethereum Classic (@eth_classic) January 7, 2019

It is well-known that conducting a 51% attack, that is having one miner or a pool of miners controlling more than 51% of the network, and then attack the rest of the network, would be close to impossible to carry out on heavily mined cryptocurrencies like Bitcoin, Litecoin, or Ethereum. For some small-cap coins like Verge and Bitcoin Gold, however, it has happened in the past. As reported by, the cost of attacking a cryptocurrency network is decreasing along with the market crash, and the possibility of a malicious actor or group seizing the majority of computing power in theory becomes more realistic.

In theory, you’d need USD 7,939 to launch an hour-long attack on Ethereum Classic by renting out enough hashing power from cloud mining marketplaces, according to, a website that tracks costs of a 51% attack.

Community reactions:

could ask the same of BTG, Monacoin, Verge, BTCP. All 51% attacked or suffering from a serious vulnerability. the truth is that a lot of these assets have dogmatic diehard communities that refuse to submit, and most tokens are held by them anyway.

— nic carter (@nic__carter) January 8, 2019


If there have been 100+ block reorgs, then increasing required confirmations isn't going to help.

— Daira Hopwood (abolish ICE) (@feministPLT) January 7, 2019


This is a thought-provoking observation. 🤔

By definition, a decentralized cryptocurrency must be susceptible to 51% attacks whether by hashrate, stake, and/or other permissionlessly-acquirable resources.

If a crypto can't be 51% attacked, it is permissioned and centralized.

— Charlie Lee [LTC⚡] (@SatoshiLite) January 8, 2019


For those un-aware, "NiceHash-able" means the % of the 51% required that is readily available to be rented via cloud mining provider NiceHash – meaning the attacker would just need some money and not all the physical hardware, they could just briefly rent it.

— Jackson Palmer (@ummjackson) January 7, 2019


Overall, ETC is now a science experiment on social dynamics and group management. How far will a group go to deny immediately observable, incontrovertible reality when they have investments on the line?

— Emin Gün Sirer (@el33th4xor) January 8, 2019


*- Chain reorganization:

A malicious miner with enough computing power can mine enough coins in private, without telling anyone else, that their chain becomes the legitimate one. This is called selfish mining. When other miners find this longer, “selfish” chain, they will discard the “honest” one that they’ve been working on, thus also discarding any transactions in those blocks, and start working on the new one. This is called a chain reorganization, or “reorg.” All reorgs have a “depth,” which is the number of blocks that were replaced, and a “length,” which is the number of new blocks that did the replacing.

The discarded chain now contains transactions that are no longer valid, even though the funds potentially already went through – and including the same transaction in the new, longer chain means that the same funds are being spend again. This is called a double spending attack.

Be the first to comment

Leave a Reply

Your email address will not be published.