Recently news has filtered out regarding a 51% attack on Ethereum Classic (ETC). Scammers managed to manipulate a security flaw inherent in all Proof of Work (PoW) coins, and stole funds from a Malaysian exchange.
Let’s discuss how this happened, and what it means for you and your investment decisions.
- PoW coins on low hash networks are vulnerable
- The Malaysian exchange OKEx was the target of attacks
- The hackers likely further benefited by shorting ETC
- Other consensus models also have their flaws
ETC is currently the 18th largest cryptocurrency by market cap. It is one of the largest PoW currencies out there, with notable backers in Digital Currency Group (DCG) and IOHK. Even so, regardless of these credentials, ETC still fell foul to a 51% attack, due to inherent flaws in the PoW mining concept.
Mining is the act of adding transactions to the blockchain. Every time cryptocurrency transactions occur, a miner is responsible for authenticating the information and updating the blockchain accordingly. This involves competing with other miners to solve mathematical problems using cryptographic hash functions.
All PoW systems rely on the majority of CPU power coming from trustworthy nodes. However, a significant security risk arises when more than half of the mining power comes from dishonest miners. In this case, the dishonest miner could select a random authenticated block and produce an alternative block history from that point – doing this is called chain re-organization.
By itself, chain re-organization is not a significant issue because all of the transactions still exist. They are merely jumbled, and some transactions are delayed.
However, re-organizing a PoW blockchain can be exploited by double spending coins. This involves purchasing from a merchant, while at the same time extending an alternative block history. At this point, those same coins spent with the merchant are sent to a different wallet address, controlled by the hacker, on the original chain.
After the confirmations have gone through, the merchant never receives the coins as the transactions occurred on the alternative block history, which gets superseded by the original longer chain. Instead, the merchant’s coins appear on orphaned blocks that do not form part of the original chain.
Coinbase first noticed a problem with the ETC network on 5th January 2019. Their systems were alerted to a chain re-organization late that evening. Initially, no double spending had occurred, but the hackers didn’t strike until the 3rd occurrence of chain re-organization.
At this point, Coinbase suspended all ETC transactions on their platform as a precautionary measure. But it should be noted that hackers targeted the Malaysian exchange OKEx and not Coinbase.
So far, the total value of double spends has come to 219,500 ETC (around $1.1million).
At the time, ETC stated that the patterns noted by Coinbase were due to network testing. They went on to say that the Chinese manufacturer Linzhi were running new, more efficient, ASIC mining equipment.
However, during the days that followed, ETC did eventually acknowledge an attack. The fallout that ensued has brought to light serious concerns over ETC’s security, as well as the PoW consensus in general.
Some observers have speculated this was merely the tail end of a more sophisticated scam. Three days before the 51% attack, OKEx added ETC shorting to their platform. It’s entirely possible that the party responsible for the 51% attack also shorted ETC, to further profit as the market reacted to the news.
All or Nothing
Charlie Lee has since waded into the discussion by saying, “Any truly decentralized network must be susceptible to 51% attacks”, which has done nothing but add fuel to the fire, as well as bringing to the surface longstanding spats within the community on whether Bitcoin, or indeed any mined coin, is truly decentralized.
However, regardless of consensus model, these events have forced many investors to reconsider their holdings of PoW currencies as a whole.
In reality, this is a reactionary response, and doesn’t take into account the totality of different models. David Schwartz was quick to point out that XRP, under its pre-mined consensus model, could never be 51% attacked. While true, what many people fail to realize is that XRP, under a centralized model, is still subject to other routes of attack — for example, being highly vulnerable to regulatory influence.
So, before dismissing PoW coins as high risk and un-investable, it would be sensible also to consider the disadvantages found within other consensus models.
PoW cryptocurrencies, especially those with less hash power securing the network, are vulnerable to 51% attacks. And if there are financial incentives in place to short a cryptocurrency or profit from controlling the network, there will always be unscrupulous parties who will try to take advantage. However, this alone should not shape investment decisions, as each consensus model has its pros and cons.