Ethereum Classic developers were still licking fresh wounds late last week when yet another 51% attack was launched against their blockchain early Thursday morning.
And as the bits settle, the proof-of-work blockchain’s future remains in question more than ever.
The first attack occurred on Aug. 1, the network’s second ever. Five days later, a second 51% attack followed the news that the first had indeed seen a successful double-spend of $5.6 million worth of ETC.
The second attack was perhaps more important, although smaller in monetary terms ($1.68 million). By striking twice, the attacker proved the blockchain has seemingly no ability to protect itself from meaningful exploits.
A 51% attack on a blockchain refers to a miner or a group of miners trying to control more than 50% of a network’s mining power, computing power or hash rate.
Proof of work and immutability
Ethereum is a hard fork of Ethereum Classic. The two chains split in 2016 in a disagreement over the value of immutability following a compromised smart contract, The DAO, causing a blockchain “rollback.”
At that time, Ethereum Classic developers decided to eat the attack’s losses. The majority of Ethereum’s leadership and hashing power did not and hard forked under the ETH ticker.
Four years later, Ethereum Classic has continued to operate in the shadow of Vitalik Buterin’s Ethereum. The smaller chain’s last few hard forks have all but copy and pasted Ethereum’s work.
Yet, the project has differentiated itself on one point: a commitment to the Proof-of-Work (PoW) consensus algorithm used by Bitcoin. Ethereum, on the other hand, has slowly moved toward the novel Proof-of-Stake (PoS) under the Ethereum 2.0 project.
That technical decision is under heightened pressure. PoW coins with low hashing power are liable to being 51% attacked. And Ethereum Classic seems unable to do anything about it for the time being.
Exchanges and Grayscale
When the network will be secure remains unknown. So, Ethereum Classic developers have encouraged exchanges to increase transaction confirmation times. This protects against spreading the “double-spent” ETC.
“We have taken down ETC since the attacks. We don’t plan to open it back up until the ETC network is deemed safe,” an undisclosed Binance security team member told CoinDesk in an email through spokesperson Jessica Jung.
Coinbase also increased the confirmation times for Ethereum Classic deposits to two weeks, the exchange said in Tweet.
Interestingly, ETC’s price was down only 5% on the week by Friday, according to Messari. One possible reason is crypto financial giant Grayscale’s stance on the matter. The firm holds 10% of all ETC supply via its regulated trust product.
“We’re continuing to monitor recent events and any steps the ETC network may take in response. But it’s important to note that events like this do not impact the security of the assets underlying our products,” Grayscale Investments Managing Director Michael Sonnenshein told CoinDesk in an email. Grayscale, like CoinDesk, is a unit of Digital Currency Group.
On the other hand, Messari research analyst Wilson Withiam told CoinDesk that ETC’s price – like many cryptossets – is broken from the asset’s fundamentals.
“ETC tends to follow the general market. Crypto enthusiasm is hot right now, so ETC’s price remaining afloat could be more related to current market sentiment,” Withiam said.
Next steps for Ethereum Classic
51% attacks are the reality low-cap cryptocurrencies live in, ETC Coop Executive Director Bob Summerwill told CoinDesk in an interview Aug. 3.
“If you are in a minority hash position, then you are in this position,” Summerwill said, referring to the first 51% attack.
Following the second attack, Summerwill told CoinDesk in a private message that “all hands are on deck” and that “both immediate, mid-term and long-term emergency actions are being considered.”
One option is an emergency hard fork to a different hashing algorithm. The network currently uses the Ethash algorithm also used by Ethereum. Developers hope a technical tweak could throw off future attacks.
“Ethereum Classic is exploring alternative mining algorithms, specifically replacing Ethash with SHA-3, which could help mitigate any further attacks. But until that transition happens, Ethereum Classic will remain vulnerable,” Wilson said.
ETC Labs, the firm behind the Core-Geth client, is pursuing criminal charges against the attacker. To that end, ETC Labs has hired blockchain law firm Kobre & Kim and analytics business CipherTrace.
“We want to ensure that there are severe consequences for manipulating a public blockchain to steal. We are determined to protect the integrity of the ecosystem,” ETC Labs CEO Terry Culver said in a press release.
Some have pointed out the oddity of a blockchain ecosystem turning to businesses with real-world addresses for security. Others, such as Geth team leader Peter Szilágyi, say it’s unlikely to lead to any security changes as the network simply needs more hashing power.
“Essentially, ETC’s security was broken down completely to zero,” Szilágyi said in the Ethereum core developers call Friday morning. “The actual damage is that you have an entity who can always mine whatever block and can always force itself on the network.”
Yet, Ethereum Classic developers remain determined.
“We are still steadfast in our resolve to do everything we can right now to ensure the ETC network and community are as secure as possible. Nothing has changed about that,” Culver said in an email to CoinDesk.