Late on Saturday evening, major cryptocurrency exchange Coinbase detected an attack on the Etheruem Classic blockchain.
Coinbase’s subsequent investigation showed that the network had fallen victim to a so-called 51% attack, in which the attackers stole 219,500 ETC – roughly the equivalent of $1.1m.
In response, Coinbase froze transactions on the ETC blockchain. But the Ethereum Classic attack raises serious questions about the security of blockchain and its supposedly permanent ledger of transactions.
How damaging is the attack for blockchain’s reputation, and should other cryptocurrencies running on other blockchains be worried?
How did the Ethereum Classic attack happen?
First, it is worth exploring how the attack could have been carried out. As the name suggests, a 51% attack – or rollback attack – requires at least 51% control of the miners on the network.
In short, a hacker will need more computer power, or hashrate, than the rest of the network combined.
This means, in theory, any blockchain network that uses the proof-of-work system to create new blocks, which includes Bitcoin and Ethereum, could be susceptible to a 51% attack. But larger cryptocurrencies, such as Bitcoin, require a lot more computing power to take control of the network.
According to one estimate, it would require 2.4 million of the most advanced Bitcoin mining computers to compromise the network and roughly the same amount of electricity that is consumed by the whole of Morocco.
But with smaller and less established blockchain networks, the amount of computing power required to carry out a successful 51% attack is far lower. And the way to carry out such attacks can be surprisingly affordable – thanks to mining pools.
Mining pools can cripple a network
Because it has become increasingly difficult for miners to generate a block and earn the cryptocurrency reward, miners have pooled their resources in so-called mining pools. These mining pools can be rented out, giving the buyer control of the sum power of this pool.
"Based on current estimated prices on nicehash.com, an attack on ETC would require roughly $65,000 dollars a day to implement at current difficulty levels," says Ben Schmidt, CSO at PolySwarm a cybersecurity marketplace that runs on the Ethereum blockchain and rewards white hat hackers with cryptocurrency.
“With this power, attacks can fool exchanges into approving transactions of a much larger dollar amount, making it potentially quite profitable."
And according to Schmidt, “at least 8 known Ethereum mining pools have a hashrate sufficient to execute a 51% attack on ETC”.
How damaging is the attack for blockchain’s reputation?
The Ethereum Classic hack will no doubt cause some to question how immutable smaller blockchains really are. However, it is unlikely to damage the reputation of larger blockchains, such as Bitcoin and Ethereum.
“While certainly serious, executing this attack on the largest networks is still prohibitively expensive, and attacking these much smaller chains is unlikely to negatively impact the overall trust of the system," Schmidt told Verdict.
"It does, however, reinforce the caution that exchanges need to take when listing cryptocurrencies with smaller networks.”
Miners are becoming the "big fish in smaller ponds"
During 2017-18's peak crypto mania, droves of new cryptocurrencies were created. A quick browse of crypto51.app, a site that lists the cost of carrying out a 51% attack on a host of cryptocurrencies, shows how some coins can be compromised for an hour at the cost of just a few dollars.
Nor is Ethereum Classic is the first cryptocurrency to suffer a 51% attack. In April 2018, for example, the privacy blockchain Verge fell victim to a 51% attack.
And with the Ethereum Classic attack highlighting how lucrative a 51% attack can be, threat actors could be enticed to carry out similar attacks on other smaller blockchains.
However, because most of these don't have the same high value in fiat currency equivalent, not all will offer the same levels of return as the Ethereum Classic attack.
“This case highlights the necessity of switching proof-of-work algorithms when forking larger blockchains, as miners from the larger chain can very easily become the big fish in the new, smaller pond," says Schmidt.
"By not doing so, developers of these projects risk malicious miners ruining their network before it can grow to a safe size.”