Slowmist, the Chinese blockchain security company published a full analysis report on the 51% attack against ETC. According to the report, many major exchanges have fallen prey to the attack. The researchers reveal that the alleged attack began on Jan.5 at 19:58:15 UTC. Exchanges started noticing the attack days after it started.
The report further reveals that the attacker duped many exchanges during the process including Bitrue, Gate.io, and Coinbase. The analysis mainly focuses on Bitrue. The firm also mentioned the address which was mainly involved in the attack. The address was 0x24fdd25367e4a7ae25eef779652d5f1b336e31da. Initially, the owner of that address moved over 5,000 ETC from Binance to that particular address.
It All Started from Binance
The coins raised from Binance were moved to a mining node, which mined block 7254355. Later, in block 7254430, a deposit was made to Bitrue with an amount of 4,000 Ethereum Classic (ETC).
However, this transaction no longer exists in the longest ETC chain. Later it was sent to verified Bitrue address 0x2c981a120d11a4c2db041d4ec377a4c6c401e69. The official history of that address does not display any such deposits.
Bitrue records the transactions and tweets them saying they detected ETC 51% attack on the platform. They further said that the attacker attempted to withdraw 13,000 ETC from the platform but was eventually suspended by the system.
Later another 9000 ETC attack occurred in the same way. The attacker then moved the coins to other addresses, made deposits and later withdrew them to a safer account. The attacker’s agenda was very simple, to make a deposit and then make a withdrawal.
The attacker had the hashpower to ensure that the transactions he wished to exist will and the others will be erased. In simple words, attacker doubles his funds simply by shifting the coins to another account. Then he moves the original coins to maintain safety.
Coinbase is the not the only victim
Coinbase also recently confirmed the attack at the platform and reported about the damage. However, the Slowmist reports that once Coinbase and other exchanges started blacklisting the account addresses. The attack basically stopped being useful to the attacker on Jan.8.
The report further mentioned the two addresses that were involved in the attack. Currently, both the addresses possess 53,000 ETC. The attacker will struggle to find any liquidity to those tokens because most exchanges banned them from depositing.
Marshall Long on January 8th took to Twitter and said he thinks he knows the attacker personally. Another Twitter user responded to Marshall Long tweet saying he knows who reorged and that Marshall has no clue.
Exchanges must surely adapt their security policies to chains with small hash rates. Falling markets lead to reduced hashpower. It basically occurs in all the PoW systems.
This incident acts as a lesson for all the players in the blockchain ecosystem. The reality of the decentralization is that every player on the network is on their own. The exchanges can raise the number of confirmations needed. They can also compel the customers to register intended withdrawal addresses before making a withdrawal. However billions of dollars over the markets are actually on the line.