Hackers have stolen nearly $500,000 of the Ethereum Classic digital currency by carrying out an intensive hack that reprogrammed its blockchain, officials with Coinbase, one of the leading cryptocurrency exchanges, said Monday.
The heist was the result of carrying out what is known as a rollback attack, which allows attackers to reset the Ethereum Classic blockchain, Coinbase security engineer Mark Nesbitt said in blog post. From there, the attackers were able to “double spend” about 88,500 ETC, meaning they were able to recover the coins that had already been spent and transfer them to something new. As a result, the coins are effectively transferred from the rightful recipients to new companies chosen by the attackers.
“We observed repeated deep resets of the Ethereum Classic blockchain, most of which involved double spends,” Nesbitt wrote. “The total amount of double spends we have observed so far is 88,500 ETC (~$460,000) .”
Rollback attacks are often referred to as 51-percent attacks, because, theoretically, they require one attacker to control most of the CPU power creating a blockchain. Such a project violates the main requirement of any blockchain-based currency: it allows an entity to write the contents of a universally distributed transaction history.
Nesbitt wrote:
The function of mining is to add transactions to a universal, shared transaction history, known as the blockchain. This is done by producing blocks, which are bundles of transactions, and defining the history of transactions as the longest chain of blocks. If a single miner has more resources than the rest of the network, this miner can arbitrarily choose a previous block from which to expand another block history, eventually surpassing the block history created by the rest of the network and defined a new Canonical transaction history.
This is called “chain restructuring,” or “restructuring” for short. All reorgs have a “depth,” which is the number of blocks replaced, and a “length,” which is the number of new blocks replaced.
Said differently, a reverse attack generates a new fork of the blockchain. This causes nodes to replace the original blockchain with a new one and makes it possible for attackers to change transactions already made. Reverse attacks require control of a substantial fraction of the total hashpower devoted to generating the financial blockchain for a longer period of time to pull off the attack. Bitcoin creator Satoshi Nakamoto warned of a key limitation in his white paper in the taste of the money.
Coinbase halts the movements of the affected ETC coins to prevent any double spending from affecting its users. Meanwhile, Kraken Exchange ETC deposits and withdrawals are temporary and plans to bring ETC funding back online once exchange officials believe it is safe to do so. ETC staff, for their part, have confirm that two expenses apply to the moneybut they have yet to say more.