← Back to Hack Archive

Ethereum Classic 51% Attacks

August 1, 2020$9 million51% Attack / Double SpendEthereum Classic

The Story

In July and August 2020, Ethereum Classic (ETC), a proof-of-work blockchain that emerged from the original Ethereum hard fork in 2016, suffered a series of devastating 51% attacks. The most significant attacks occurred between July 31 and August 6, 2020, with three separate network reorganizations over just one week.

During these attacks, malicious miners gained control of more than 51% of the network's hash rate, allowing them to reorganize the blockchain and execute double-spend attacks. The attackers targeted cryptocurrency exchanges, depositing ETC, trading it for other cryptocurrencies, withdrawing those assets, and then reorganizing the blockchain to erase their original ETC deposits.

The estimated total loss across exchanges was approximately $9 million, with one attack involving a blockchain reorganization of over 4,000 blocks, or about 3 days of mining. Major exchanges including Coinbase and OKEx extended their ETC confirmation times to over 2 weeks or temporarily suspended ETC transactions altogether in response.

These attacks highlighted the security vulnerabilities of smaller proof-of-work blockchains that don't maintain sufficient hash rate, especially those using algorithms where mining power can be easily rented through hash rate marketplaces.

Technical Analysis

The 51% attacks against Ethereum Classic were classic examples of blockchain reorganization attacks, facilitated by the relatively low cost of obtaining majority hash power. Here's how they worked:

  1. The attackers accumulated or rented sufficient mining power to control over 51% of the network's hash rate
  2. They privately mined an alternative blockchain fork while simultaneously sending ETC to exchanges
  3. After trading this ETC for other cryptocurrencies and withdrawing them, they released their longer private chain
  4. The network accepted the longer chain according to consensus rules, effectively erasing the attackers' original deposits

The technical mechanism behind the attack relies on the fundamental principles of proof-of-work consensus:

// Simplified pseudocode representation of network nodes accepting the longest chain
function processNewBlock(incomingBlock) {
    // Check if incoming chain is valid and longer than current chain
    if (isValidChain(incomingBlock) && 
        calculateChainWork(incomingBlock) > calculateChainWork(currentChain)) {
        
        // If incoming chain has more accumulated work, accept it as the new canonical chain
        // This is where a 51% attacker can force reorganization
        reorganizeChain(incomingBlock);
        
        // Transactions in the old chain but not in the new chain
        // will be invalidated and returned to the mempool or dropped
        invalidateTransactions(currentChain, incomingBlock);
        
        currentChain = incomingBlock;
    }
}

The attack was particularly effective against Ethereum Classic because:

  1. ETC used the Ethash algorithm, for which hash power was readily available for rent
  2. The cost of attacking the network was relatively low (estimated at $10,000/hour)
  3. The value that could be extracted through double-spending was much higher than the attack cost

Lessons Learned

  1. Smaller proof-of-work blockchains are vulnerable to 51% attacks when hash power can be easily rented
  2. Exchanges must implement longer confirmation periods for potentially vulnerable chains
  3. Additional security mechanisms beyond pure proof-of-work may be necessary for smaller chains
  4. Hash rate monitoring and alert systems can help detect potential attacks early
  5. Blockchain projects should consider alternative consensus mechanisms like proof-of-stake to mitigate these risks