Ethereum Traditional (ETC) is presently being 51% attacked


Deep Chain Reorganization Detected on Ethereum Traditional (ETC)

On 1/5/2019, Coinbase detected a deep chain reorganization of the Ethereum Traditional blockchain that included a double spend. As a way to shield buyer funds, we instantly paused interactions with the ETC blockchain.

Up to date Jan. 7, 10:27pm PT: At time of writing, we now have recognized a complete of 15 reorganizations, 12 of which contained double spends, totaling 219,500 ETC (~$1.1M).

We are going to proceed to observe the standing of the community and replace this text with the newest info we now have. Present ETC community standing could be discovered here.

Background Information

Web page three of Satoshi Nakamoto’s whitepaper, Bitcoin: A Peer-to-Peer Digital Money System, states the next:

“If a majority of CPU energy is managed by sincere nodes, the sincere chain will develop the quickest and outpace any competing chains.”

The “sincere[y]” of greater than half of miners is a core requirement for the safety of Bitcoin and any proof-of-work cryptocurrencies based mostly on Bitcoin. Sincere motion, on this context, means following the conduct described within the Bitcoin white paper. That is generally described as a “safety threat” or “assault vector,” however is extra precisely described as a identified limitation to the proof-of-work mannequin.

Failure to fulfill this requirement breaks a number of core ensures of the Bitcoin protocol, together with the irreversibility of transactions. Many different cryptocurrencies, comparable to Ethereum Traditional, have additionally adopted proof-of-work mining.

The operate of mining is so as to add transactions to the common, shared transaction historical past, generally known as the blockchain. That is completed by producing blocks, that are bundles of transactions, and defining the canonical historical past of transactions because the longest chain of blocks*. If a single miner has extra sources than everything of the remainder of the community, this miner may decide an arbitrary earlier block from which to increase an alternate block historical past, finally outpacing the block historical past produced by the remainder of the community and defining a brand new canonical transaction historical past.

That is referred to as a “chain reorganization,” or “reorg” for brief. All reorgs have a “depth,” which is the variety of blocks that have been changed, and a “size,” which is the variety of new blocks that did the changing.

This, by itself, may find yourself being nothing greater than a minor inconvenience. In spite of everything, the transactions all nonetheless exist, however they may have been put into a unique order, maybe delaying a few of them. Nevertheless, think about a miner who additionally owns numerous cash. The miner may ship these cash to a service provider in a transaction, T, whereas additionally secretly extending an alternate block historical past. The miner’s secret blocks don't embrace T, however quite embrace a transaction that sends the identical cash utilized in T to a unique deal with. Name that transaction T’. When the miner reveals this secret historical past, it's going to include T’, not T. As a result of T and T’ tried to ship the identical cash and T’ is now within the canonical historical past, which means that T is without end invalid, and the recipient of the cash despatched in transaction T by no means even acquired them within the new, now-canonical historical past. Extra information on this may be discovered here.

What we noticed

Up to date Jan. 7, 10:27pm PT.

We noticed repeated deep reorganizations of the Ethereum Traditional blockchain, most of which contained double spends. The overall worth of the double spends that we now have noticed to this point is 219,500 ETC (~$1.1M).

Timeline of occasions

  • Late on the night of Saturday 1/5, our programs alerted us to a deep reorg in ETC that contained a double spend. Our on-call engineers responded to the alert and labored to substantiate the report by the night time. We decided that we'd quickly halt ship/obtain interplay with the ETC blockchain so as to safeguard buyer funds.
  • This meant that clients who tried to ship or obtain ETC on Coinbase Client or Professional have been unable to finish their transactions.
Clients who tried to ship or obtain ETC on Coinbase Client or Professional have been unable to finish their transactions beginning early Sunday morning, Pacific Time.
  • On the morning of Sunday 1/6 we posted an replace on standing.coinbase.com stating (that) “Because of unstable community circumstances on the Ethereum Traditional community, we now have quickly disabled all sends and receives for ETC. Purchase and promote just isn't impacted. All different programs are working usually.”
Along with in-platform notifications, we shared an replace through standing.coinbase.com.
  • We carried out an evaluation on Sunday afternoon/night to substantiate the sample and decide the important thing particulars of the double-spend assaults. Starting Sunday afternoon, we noticed eight extra incidents, all containing double spends.
  • Out of an abundance of warning, we didn't put up a weblog submit previous to authorized and technical evaluate. A false alarm may have inadvertently triggered market instability.
  • On Monday 1/7 morning after authorized and technical evaluate, we finalized our public evaluation and posted to our weblog and social media accounts.

Word: A full blockchain evaluation is past the scope of this text. Additional analysis into the addresses sending the double spend transactions, the historical past of sends/receives from the addresses, the block fields comparable to timestamp, and the next motion of miner rewards from assault blocks might make clear the risk actor or actors behind these assaults.

We noticed the next deep chain reorgs:

  • Frequent ancestor: 7245623. Depth 4 / Length 7. No double spends have been noticed on this reorg. We famous that this was a reorg of surprising depth for ETC.
  • Frequent ancestor: 7248488. Depth 5 / Length 6. No double spends have been noticed on this reorg. We famous {that a} second reorg of surprising depth was extremely suspicious, however didn't obligatory point out an assault as there was no double spend and the depth was nonetheless under the ETC affirmation restrict for many companies.
  • Frequent ancestor: 7249343. Depth 57 / Length 74. A transaction of worth 600 ETC in orphaned block 7249357 was double spent by a transaction in attacker block 7249361**.

We ceased interacting with the ETC blockchain upon observing this reorg. Coinbase was not the goal of this double spend and no funds have been misplaced.

Updates as of 10:27pm PT, January 7

  • Frequent ancestor: 7261497. Depth 44 / Size 54. A transaction of worth 26,000 ETC in orphaned block 7261492 was double spent by a transaction in attacker block 7261497**.
  • Frequent ancestor: 7261603. Depth 35 / Size 44. A transaction of worth 52,800 ETC in orphaned block 7261610 was double spent by a transaction in attacker block 7261614**.
  • Frequent ancestor: 7261647. Depth 8 / Length 9. No double spends have been noticed on this reorg.
  • Frequent ancestor: 7261676. Depth 37 / Length 47. A transaction of worth 52,200 ETC in orphaned block 7261684 was double spent by a transaction in attacker block 7261690**.

Subsequent Steps

The Coinbase crew is presently evaluating the security of re-enabling sends and receives of Ethereum Traditional and can talk to our clients what to anticipate relating to assist for ETC. Coinbase takes safety very significantly. As a part of that dedication, we monitor blockchains for exercise that could possibly be dangerous to our clients and take immediate motion to safeguard funds. We wish to emphasize to clients that Coinbase strives to be probably the most trusted and most secure place to purchase, promote, or retailer cryptocurrency.

* It's really the chain with probably the most accrued work, quite than the chain with probably the most blocks, that defines the canonical historical past. Generally, these chains would be the similar

** The block explorer doesn't correctly deal with reorgs and labels the transaction as confirmed. Click on on the block to see that the block is orphaned.

This web site might include hyperlinks to third-party web sites or different content material for info functions solely (“Third-Get together Websites”). The Third-Get together Websites usually are not underneath the management of Coinbase, Inc., and its associates (“Coinbase”), and Coinbase just isn't answerable for the content material of any Third-Get together Website, together with with out limitation any hyperlink contained in a Third-Get together Website, or any modifications or updates to a Third-Get together Website. Coinbase just isn't answerable for webcasting or some other type of transmission acquired from any Third-Get together Website. Coinbase is offering these hyperlinks to you solely as a comfort, and the inclusion of any hyperlink doesn't suggest endorsement, approval or advice by Coinbase of the positioning or any affiliation with its operators.

Except in any other case famous, all pictures supplied herein are by Coinbase.


Ethereum Classic (ETC) is currently being 51% attacked was initially printed in The Coinbase Blog on Medium, the place persons are persevering with the dialog by highlighting and responding to this story.

Leave a Reply

Your email address will not be published. Required fields are marked *