51% Attack Bleeds More Than $5m From Ethereum Classic
Forensic analysis suggests the recent Ethereum Classic blockchain reorganization was a carefully orchestrated malicious attack.
A recent 51% attack that impacted Ethereum Classic (ETC) is believed to have resulted in approximately $5.6 million worth of the cryptocurrency being double-spent.
A report published by Aleksey Studnev of blockchain forensics firm Bitquery on August 5 has revealed the extent of the incident, with Bitquery estimating that the attacker made off with 807,260 ETC.
The report estimates the hacker reaped more than a 2,800% return for his efforts, having spent roughly 17.5 Bitcoins (BTC) worth $192,000 on renting hash power from Nicehash to execute the attack.
The report contradicts initial theories suggesting that the blockchain reorganization may not have been intentional.
Sophisticated double-spend
The attack took place between July 31 and August 1, however, was not detected for several days as a result of intricate planning and knowledge of the Ethereum Classic protocol. The hacker began the attack by transferring ETC from an exchange wallet under its control, and then back again.
After renting hash power from Nicehash provider ‘daggerhashimoto’ to gain command over the majority of Ethereum Classic’s hash power, the attacker was able to mine 4,280 blocks over four days. The attacker then created private transactions that sent ETC to wallets under its control, before broadcasting the blocks containing transfers to their wallets to reorganize the blockchain.
More than 12 hours was spent executing transactions between exchanges and wallets controlled by the hacker over a non-reorganized chain, creating opportunities to convert the stolen funds from the exchanges over a series of small operations designed to avoid detection.
Hacker believed to use OKEx address
The incident saw 11 malicious transactions originating from a single address inserted into the Ethereum blockchain over the attack, allowing more than 807,000 ETC to be double-spent.
Bitquery believes that the wallet may be hosted on either OKEx or one of the exchange’s affiliated companies — a suspicion also held by blockchain intelligence firm Anchain.