Blockchain's public, immutable ledger keeps things secure. Until it can't anymore. That's the story of a recent "51% attack" on the Ethereum Classic blockchain that has incurred losses of more than $1 million while undermining the currency's legitimacy.
Indeed, crypto exchanges are frequently victimized by theft, and for a while, digital currencies struggled to shed their dark-web origins. Although today's perilous digital environment could make anyone wary of trusting online assets, the tokens themselves have proven to be incredibly resilient to theft and misuse. The latest attack raises further questions about cryptocurrency market security amidst high volatility and regulatory uncertainty after a 2018 in which prices plunged.
Understanding a 51% Attack
Because so many different users maintain the blockchain, it is immune from tampering as long as no single entity controls more than half of the network's computing power. However, it's possible for a single user to achieve this power, and a hypothetical 51% attack on major cryptocurrencies like Bitcoin and Ethereum is often discussed in crypto circles.
Indeed, as Avivah Litan, a Gartner cybersecurity expert, notes, "the 51 percent attack is a real threat, which is why users should only trade in crypto that has substantial hashpower."
In other words, the more people maintaining a blockchain, the less likely it is that someone could gain control of the network.
Unfortunately, when a miner gains more than half of the network's computing power, they can alter the blockchain records, allowing them to spend a single token multiple times. According to CCN, this ability is "generally directed against cryptocurrency exchanges." This process, colloquially known as a "reorganization" of the blockchain, is what's currently being experienced by ETC.
The Attack on ETC
Although it's considerably less popular than Ethereum, Ethereum Classic is still one of the most prominent digital currencies available, with a recent market cap of about $480 million. The most recent breach was detected by SlowMist, a Chinese security firm, which relayed the information via Twitter. In addition, the popular crypto exchange Coinbase, which also posted its initial findings to Twitter on Jan. 7, is investigating the attack.
In a subsequent blog post, Coinbase flagged fifteen cryptocurrency transactions and twelve of those included "double spends" -- where the digital currency was spent twice -- that exceeded $1 million in total. It said that no Coinbase accounts were impacted by the attack, however.
Once crypto exchange, Gate.io, admitted that it lost funds, identifying seven rollback transactions on their network. In their official statement, "Gate.io will take all the loss for the users." Other services, including those by Binance and Bitrue, were also targeted in the attack.
ETC's official Twitter account has posted the attacker's address as they work to recover the funds.
Of course, this latest attack has renewed attention on the Proof of Work (PoW) consensus model that enables things like a 51% attack to occur. Donald McIntyre, a member of the ETC development team warned that "the question is whether a recovery in the medium or long term is plausible or if the network, unless it grows significantly, is perpetually vulnerable, therefore unusable."
Many in the blockchain community believe that a different consensus algorithm, Proof of Stake, will be more efficient and secure.
Miguel Palencia, CIO at Qtum, a blockchain that markets its "Proof of Stake" model, explained that "solutions such as Proof of Stake are not only less resource-intensive and more environmentally friendly, but they're also more secure and much more difficult to fall victim to a 51% attack."
He added that "for something like this to occur in a Proof of Stake network, the attacker would need to buy more than all the coins currently being staked, which would raise the market price exponentially, rendering the attack useless and extremely costly."
For users to feel secure, cryptocurrencies will need to be able to demonstrate that they are implementing the best practices and the most protected methodologies for guarding their tokens. This event wasn't as costly as it could have been, but it is a warning about what could be. It might turn out that $1.1 million might be a small price to pay for that reminder.