Earlier this week, CI reported on a 51% attack / double spend attempt that was halted by Coinbase. The crypto exchange was not the only target in the attempted hack. The attack utilized Ethereum Classic (ETC) as the vehicle to steal funds.
Security firm SlowMist has now posted an interesting blog post that outlines exactly what took place and how the nefarious characters attempted to pilfer funds.
SlowMist, a China-based blockchain security firm, first raised the alarm on January 6th. Their warning was followed by responses from the Ethereum Classic team and Coinbase – which confirmed the attack.
— SlowMist (@SlowMist_Team) January 9, 2019
Coinbase said on January 7th, they had identified a total of 15 reorganizations, 12 of which contained double spends, totaling 219,500 ETC (about $1.1 million).
The blog post by SlowMist is very detailed and available here.
In brief, SlowMist stated:
“Based on continuous tracking, we found that, in view of the increase in block confirmations and the ban on malicious wallet addresses by exchanges, the attacker’s 51% attack on ETC is in UTC 2019–01–08 04:30:17 (Beijing time 2019–01- 08 12:30:17 ) has stopped after that. We think that every large attack from the attacker must be backed up by adequate cost and under consideration of the risk, involving the money spent and time cost before the attack and during the attack, the countervailing traceability costs of money laundering after the attack. Through our intelligence analysis, the identity of the attacker can be finally located if the relevant exchanges are willing to assist.”
So will the thieves be identified? Let’s hope so.
SlowMist also notes that ETCs decline puts it at greater risk of a 51% attack going forward.
The good news is that the attack was recognized early and the illicit transfers were stopped and rolled back.
Attackers address has been flagged & shared with partners to prevent further attack on other exchanges. The identity of the attacker can finally be located if the relevant exchanges are willing to assist.
— Ethereum Classic (@eth_classic) January 10, 2019