ETC suffered three 51% attacks in August and will explore changing the mining algorithm

This is the third time this month that Bitfly has discovered a problem.

On August 30, the official Twitter account of Bitfly (parent company of Ethermine mining pool) stated that ETC (Ethereum Classic) suffered another large-scale 51% attack that day, resulting in the reorganization of more than 7,000 blocks, equivalent to about 2 days of mining volume.

On the same day, ETC officials confirmed the attack and promised to work hard to resolve the problem. "While ETC has made progress in evaluating proposed solutions, we are aware of the risks the network currently faces at these low hash rate levels. For miners, exchanges, and other service providers, we recommend temporarily keeping the confirmation requirement level above 7K."

Tokenview data shows that the current ETC network computing power is 2.4 (TH/s), which has been declining. The latest block explosion time was around 8 am today. The event did not have a significant impact on the price of ETC. As of press time, the price of ETC is around US$6.6, with a daily increase of more than 1.5%.

Is computing power a flaw?

The first attack this month occurred from 0:30 on August 1 to 11:30 on August 2.

According to the analysis report given by the blockchain data analysis company Bitquery, the attack was initiated by an independent miner "0x75d1e5477f1fdaad6e0e3d433ab69b08c482f14e". The miner quietly produced 3594 blocks and then broadcast them to other miners. Due to the large number of blocks, the block sequence has a greater weight than the chain established by other miners, causing other miners to have to accept this series of blocks. In the end, the attacker's block successfully replaced the original block, and a reorganization occurred from block height 10904146 to 10907740.

On-chain data shows that the miner spent 17.5 BTC to purchase hash power from outside to launch the attack, making a total profit of 807,260 ETC (worth more than US$5.6 million).

The second attack took place on August 6, which caused the reorganization of more than 4,000 blocks. After the attack, ETC Core and ETC officials posted on Twitter, issued alerts for the latest attack and called on miners to unite, use whitelist identifiers, cooperate to mine the same chain, abandon the chain mined by the unknown miner, and jointly resist this malicious attacker. At the same time, it reminded exchanges, mining pools and other ETC service providers to significantly increase the transaction confirmation time for depositing and withdrawing ETC or directly suspend depositing and withdrawing transactions and mining rewards. Bitquery said that the attacker made at least $1.7 million in the second attack.

“Even though this attack was longer and introduced 4,000 blocks, the double spend expenditures were reduced due to our coordination with the exchanges. The method of both attacks was the same. The attacker purchased enough computing power from the mining pool to take over the network.” ETC Labs CEO Terry Culver said at the 5th Ethereum Community Developer Conference, pointing out that the reason ETC was attacked was simply because ETC’s computing power was too low, making it vulnerable to attack.

According to crypto51.app, the theoretical hourly cost of a 51% attack on ETC is currently $4,349. In comparison, the cost of such an attack on Bitcoin is $607,907 and the cost of such an attack on Ethereum is $436,617.

Remedies

Terry also revealed that they are implementing multiple solutions to counter these attacks and prevent future attacks.

The solution is threefold: first, establish a more robust monitoring and rapid response system to alert network participants to prevent a single miner from monopolizing and prevent possible double spending; second, actively develop several technical implementation plans to reduce the likelihood of attacks and limit the damage once they occur; third, establish partnerships with miners and mining pools to bring higher levels of computing power to ETC and encourage honest mining. In addition, the community also announced that it will cooperate with the investigation company to seek legal remedies.

On August 20, ETC released a security plan, which consists of two parts: one is the immediate actions to prevent attacks, and the other is some long-term changes under development.

It is worth noting that one of the long-term plans mentions changing the proof-of-work mining algorithm. The article points out that the Ethereum Classic community has discussed several algorithms so far, two of which are promising: Keccak-256 or RandomX.

Previously, Vitalik Buterin commented on the two attacks on ETC: "This is more proof that PoS is important in the long run. ETC should switch to the PoS mechanism."

On August 29th, Beijing time, ETC core developers held a meeting to discuss the proposal to change the mining algorithm. On the second day of the core developer meeting, the third attack of the month occurred, and the number of reorganized blocks caused by this attack was equivalent to the sum of the previous two attacks.

On August 30, ETC officials tweeted that ETC accounts for 3% of the entire ETH network hash rate. When testing and evaluating solutions such as the reorganization cap, and the subsequent ECIP, officials are very aware of the potential for repeated attacks. If the confirmation requirement has not been increased yet, please increase it to more than 10,000.

After the first two attacks, the OKEx exchange said it would consider delisting the asset due to a severe lack of security on the network, CoinDesk reported. Exchange Coinbase took drastic measures, extending ETC deposit and withdrawal confirmation times to about two weeks.

The details of the attack have not yet been released, but the implementation of ETC’s security plan does need to be accelerated.