Attack on Ethereum Classic Highlights a Vulnerability
On January 7th Coinbase paused trading on Ethereum Classic (ETC) after it fell victim to a 51% attack. The attack resulted in over $500,000 of ETC being spent twice (Olga Kharif, Bloomberg Law). To appreciate what this means for the ETC mining community, two things must be understood: Hash rates and a 51% attack.
“Hash rates” or “hash power” refers to the total computing power of a decentralized network. Proof of Work (PoW) blockchains, like Bitcoin and Ethereum, are driven by miners “hashing,” which is essentially solving complicated math problems. (Bisade Asolo, MyCryptopedia). Whichever miner solves the math problem first gets to add a transaction to the blockchain’s ledger. The first miner to solve the problem is rewarded with a token, incentivizing mining. Because the system is decentralized, this block is verified by other miners who are also rewarded with tokens for the verification ensuring that the transaction is honest, and each token is only spent once.
In a 51% attack, either a bad actor or group of actors take control of 51% of the hash rate of the network. The 51% control allows them to create their own separate ledger and spend tokens on one ledger without recording the transaction, then spend each token again (Bisade Asolo, MyCryptopedia). Controlling 51% of the hash rate, however, does not let the attackers alter an older part of the ledger or initiate a transaction.
While all blockchains are theoretically susceptible to a 51% attack, ETC is particularly vulnerable for two reasons. First, the ETC mining community is relatively small, which makes it easier for a bad actor to gain the necessary 51% control of the network. Larger networks are more protected because the cost of taking over a large decentralized network is far greater. For example, one estimate suggests that it would cost $1.4 billion and consume as much electricity as needed to power the city of Morocco to take control of the Bitcoin network (Mitchell Moos, CryptoSlate).
Second, ETC is especially vulnerable to a 51% attack because the network uses the same mining algorithm as the Ethereum (ETH) network (David Morris, Breaker Mag). The mining algorithm is the set of hashing instructions miners use to solve the math problems and thereby add a transaction to the ledger. Coins become less secure when they share algorithms because of the unique type of computers that miners use. Bitcoin miners use computers built around application specific integrated circuits (“ASICs”). These computers are designed with a singular purpose, in this case of miners, to solve one particular algorithm. Because these devices are so specifically tailored, they must be built from scratch to mine one specific network (e.g. Bitcoin, Ethrium, or LiteCoin). In the example above, a large portion of the cost of taking over Bitcoin’s blockchain comes from bad actors having to buy, house, and maintain top of the line ASIC computers that are tailored to the network’s SHA-265 algorithm.
ETC on the other hand uses Ethereum’s Ethash algorithm. This means that there are machines that can mine both blockchains. Bad actors can temporarily rent Ethereum mining equipment and use their existing equipment instead of buying equipment specifically set up to mine the ETC network. If someone wanted to attack a large network like Bitcoin or the Ether network, renting equipment isn’t helpful because it is not adding additional miners to help that bad actor control the network.
For non-cryptographers, the intricacies are mind-bending, but there are larger takeaways. The vulnerability to a 51% attack is baked into the structure of all PoW blockchain ledgers, but is not easily exploited unless the community of miners is sufficiently small. In Bitcoin’s original white paper, Satoshi Nakamoto stated that the system relied on a majority (51%) of the miners being “honest” (Gareth Jenkinson, Cointelegraph). In the large Bitcoin and Ether networks, a 51% attack is a practical impossibility. But the smaller networks, especially those which share mining algorithms, will be vulnerable to these attacks. Because they are vulnerable to these attacks, smaller networks will be more volatile, which can have negative consequences for investors and developers.