Ethereum Classic, a 2016 hard fork from Ethereum’s main blockchain, has suffered multiple concerning network attacks over the last two years. Two such attacks occurred within a seven-day span, totaling millions of dollars in losses. With the dust settling from the two 51% attacks, further details are now coming forward, as provided by a number of industry experts.

“There is no debate about the attacks,” ETC Labs CEO Terry Culver told Cointelegraph on Aug. 7, answering a question on whether or not the network difficulties were in fact 51% attacks. “Community members shared the most accurate information available as quickly as possible — while the attack was occurring,” he added. 

Culver mentioned the industry’s emphasis on transparency, although he also noted early evaluations around incidents may not be as accurate as subsequent conclusions, pointing toward the July 31 attack on Ethereum Classic’s network as an example, adding: “You may know your house is on fire, but you don’t always know the cause until the smoke clears.” 

ETC Labs founder James Wo initially said the network manipulation was not a 51% attack in an Aug. 1 tweet. Culver’s comments, however, show updated conclusions after Wo’s early statement, as well as the rationale behind Wo’s initial attack evaluation. 

Two ETC attacks within a week

On Aug. 1, 2020, an initial analysis revealed an Ethereum Classic network reorganization, which was thought to be accidental — the result of a miner’s outdated software coupled with a 12-hour mining hiatus. 

Updated details showed a nefarious party purposely took majority control of Ethereum Classic’s network mining power between July 31 and Aug. 1 in an effort to allow ETC double-spending — essentially printing money. With their efforts proving successful, the perpetrator reportedly pilfered $5.6 million via double-spending from the attack.

Five days later, news came in revealing another 51% attack on the ETC network. A perpetrator conducted a 4,000-block network reorganization. It’s worth noting that the network also faced a separate 51% attack over a year ago in January 2019. 

As a result, crypto exchange OKEx halted ETC transactions on its platform on Aug. 1 after noticing strange activity involving the asset. OKEx CEO Jay Hao told Cointelegraph that proof-of-work assets, at their core, hold the risk of suffering 51% attacks, pointing toward their decentralization as reasoning:

“If it were physically impossible to carry out a 51% attack on a decentralized cryptocurrency either by hash rate or stake, then that cryptocurrency would actually be centralized/permissioned.” 

Hao, however, mentioned that “the cost of doing this to major coins like Bitcoin outweighs the advantages of carrying out an attack,” adding that smaller market cap assets lie in greater danger of such an attack, especially when those assets post lower hash rates. 

The attack between July 31 and Aug. 1 saw a nefarious party gain majority control of the ETC network by renting hash power from a NiceHash broker, a report from Bitquery detailed. The attacker spent $192,000 on hash power, which resulted in a 2,800% profit of approximately $5.6 million from the attack.

Do all public blockchains face risks?

While Hao pointed toward PoW as a vulnerable structural makeup, Culver said public blockchains, in general, all carry attack risks. “We believe that various attacks occur frequently, and most go unreported,” he said. “The ETC attacks are so visible because we believe transparency is a strength and a core value.”

Blockchain technology is also an up-and-coming innovation; it’s still young, making it more vulnerable, Culver added, noting regulation and further industry growth as solutions. Regarding the ETC attacks, Culver said:

“In ETC’s case, it is a growing community and a truly public and decentralized blockchain. Unfortunately, the attackers exploited this at a precise moment when ETC’s hash rate was low.”

The type of attack does not matter

Contrary to the headlines and chatter about 51% attacks, Philip Salter, the head of mining operations at Genesis Mining, asserted that the labels put on the exact type of attacks Ethereum Classic’s network suffered are not that important. “Sure, we can check if anyone got double-spent as a result of the reorgs and if yes, conclude that it must have been an attack,” Salter told Cointelegraph, adding:

“But maybe a double-spend wasn’t the motivation of an attack but instead censorship or reordering of transactions? We will probably never know. The fact is that, malicious or not, there exist, at least for some periods of time, miners with more than 50% of the total ETC hash rate. This is a reason for concern because it reduces trust in the integrity and finality of the blockchain.” 

Ethereum Classic and Ethereum both hold the same mining algorithm, increasing ETC’s 51% attack vulnerability, Salter explained, also noting Bitcoin Cash and Bitcoin SV both harness Bitcoin’s algorithm, leaving them in the spotlight for similar attacks. 

Bitcoin Cash’s network reportedly suffered a 51% attack in May 2019, although the effort served as a protective action rather than a nefarious move in that instance. In April 2020, someone could have 51% attacked Bitcoin Cash’s network for just $10,000 worth of borrowed mining power due to the falling hash power following the asset’s reward halving event. Explaining the risks of coins running on shared algorithms, Salter explained:

“Attacking ‘little brother’ coins like this is much easier than attacking a coin with its own mining algorithm because large amounts of ‘big brother’ hash rate can be rented from miners through hash rate marketplaces like NiceHash and used to fork the smaller coin.” 

Legal action in play from ETC Labs

Many developments have occurred since the pair of Ethereum Classic network attacks. ETC Labs recently publicized its legal action aimed toward the parties behind the attacks, working in tandem with blockchain analytics firm CipherTrace to uncover those at fault, according to an Aug. 6 statement shared with Cointelegraph. ETC Labs will also work with law firm Kobre & Kim on the case. 

The Ethereum Classic network also received contact from Charles Hoskinson in the days following the attacks, as the Cardano founder looked to lend a hand with the project in light of the attacks. As part of his aid, however, Hoskinson wanted to put a decentralized treasury in play as a method of compensation for any future work done. ETC’s brass denied the offer. 

Positive news, however, came on Aug. 10, as the New York State Department of Financial Services gave its nod of approval for licensed outfits to custody of a number of assets, including ETC. Over the last several years, New York has made a name for itself as a strict regulatory region for the crypto industry.

Five days later, further negativity followed the asset. OKEx published an in-depth dive into the ETC network attacks, bringing additional clarity to the scene. The attackers, from the first incident between July 31 and Aug. 1, used OKEx accounts in conjunction with the 51% attack. The report included detailed information around the affair, complete with added intel from members of the crypto community.

OKEx said it has incurred the $5.6 million dollar loss from the attack, keeping true to its user-protection terms. As a result, the report stated no user funds as lost since the outfit reimbursed affected accounts. Due to the exchange’s initial actions, no OKEx customers, or the exchange itself, saw any ill impact of the subsequent 51% attack on Aug. 6, according to the report said.

“The exchange will consider delisting ETC, pending the results of the Ethereum Classic community’s work to improve the security of its chain,” the report said after noting a number of other precautionary and corrective actions OKEx carried out, as well as planned future measures.

ETC price since July 30, 2020. Source: Coin360.com

Amid the drama, ETC’s price has not suffered a terrible fate. The coin rose about 4%, reaching $8.31 during the 24 hours after the Aug. 1 attack, followed by a drop of roughly 21%, down to $6.50 in the same time period. Since Aug. 2, the asset has returned to the same valuation as prior to the first attack on the network.