Ethereum and Ethereum Classic pass the buck on replay attacks, exacerbating Ethereum split

The unintended consequences of Ethereum’s hard fork continued to unfold this week as new issues became apparent as the two competing networks created by the split gained more attention.

Until a few weeks ago, there was only one Ethereum, a decentralized computing platform that has attracted attention for its use of cryptocurrency to develop new Internet applications. But due to a split over how the platform should work, there are now two Ethereum networks (Ethereum and Ethereum Classic), both of which use almost the same historical ledger.

The idea was that one blockchain would quickly emerge as the ‘winner’, while the other would fail. However, surprisingly, both chains have survived, at least for now.

The problem is that with these two separate networks with two separate blockchains, anyone who had funds in the first iteration (Ethereum) is now the owner of funds in the second iteration (Ethereum Classic). A bit complicated is that for users, their ETH funds in Ethereum and their ETC funds in Ethereum Classic have the same address and private key.

The current situation creates conditions for a 'replay attack'.

In computer science terms, a replay attack is a network behavior that is repeated when it shouldn't be. In cryptocurrency terms, when someone uses one of the networks to broadcast a transaction, there is a risk that the transaction will be included in both blockchains at the same time.

This means that people who buy ETH today will not be affected, but those who already held funds in certain contracts before the fork will essentially have their funds copied to another fork.

Zsolt Felföldi, a developer of Ethereum’s GO implementation, explained that this should not have happened if the two networks had taken proper precautions.

"In fact, there were no plans to separate the two networks," he said.

Given the attention big banks and financial professionals are paying to Ethereum, the event has even sparked interest from those outside the open-source blockchain community. To these observers, the situation seems to have left them at a crossroads.

Martin Hagelstrom, blockchain lead for IBM Latin America, said:

“The problem is that changing these rules means that a new hard fork may be necessary. So Ethereum says Classic should do it, and the Classic people say Ethereum founder Vitalik Buterin should have considered this issue when hard forking, so they should do a new fork.”

Neither Ethereum nor Classic appear ready to handle replay attacks, but communication barriers mean neither side really wants to take action.

Hagelstrom added: "To me, their behavior is very childish."

Users of both the ETC and ETH networks are vulnerable to ‘attacks’, though there is disagreement as to whether this is an accurate description.

First, it’s unclear whether users are likely to flock to one network over another, unless they choose to sell their ETH or ETC because they choose one network over another for ideological reasons.

Felföldi described it as a necessary inconvenience: "I wouldn't call this replay issue an 'attack' because it's just something that happens all the time and I don't think anyone would do it maliciously. It's just an inconvenience. The network is not designed for this kind of situation."

The biggest risk is probably the risk of 'losing' funds caused by users using ETH to execute contracts, and the ultimate failure to send ETC due to the similarity of addresses and private keys.

In case the user loses access to the account, this could mean that the added value is lost in an unexpected way.

Impact on exchanges

At present, exchanges are the most affected by this attack.

For example, at one point, traders appeared to be using Coinbase's exchange as a tool to get 'free' ETC. This would require the exchange to be public, and people appear to be using it. It's unclear whether this particular attack vector has been addressed, but social media posts indicate that users have been able to withdraw both currencies.

Coinbase did not respond to requests for comment at press time.

In a blog post, Coinbase CEO Brian Armstrong claimed that the exchange had anticipated replay attacks before, but did not anticipate the popularity of ETC. He claimed that they have already started working on ways to counteract replay attacks.

Earlier this week, Coinbase announced that they had no plans to support ETC anytime soon, either on its wallet service or its new exchange GDAX.

It is unclear whether they have changed their decision.

It’s hard to tell, but Coinbase doesn’t appear to be prepared. Charlie Lee of Coinbase said via Slack that the Ethereum Foundation advises payment processors not to protect against replay attacks.

However, Coinbase was not the only exchange affected.

BTC-e exchange posted information on its website this week saying that exchange employees said that when users transferred funds to Poloniex, their ETC holdings had been depleted, and even declared that 'ETC currently appears to be a scam.'

Chinese exchange Yunbi said in a blog post earlier this week that it lost nearly 40,000 ETC due to a replay attack. The exchange said it would absorb the losses itself and pay out an equivalent amount of ETC based on the user's ETH balance.

Uncertainty about the future

So, how can Ethereum users and exchanges avoid this attack?

One way to get around the risk is to run a transaction through an open-source “split contract” that effectively moves the ETC to a new account. But this is quite onerous because it relies on every exchange or every person doing this for every account pair.

Poloniex is able to automatically generate new addresses so they can prevent users from accidentally sending their ETC or ETH in the mirroring process. Kraken does the same, claiming that if users do not ‘separate’ their ETC and ETH, they can still deposit ETH on the exchange and receive ETH and ETC in their accounts.

This could potentially prevent this attack on a large scale on the network, rather than trusting exchanges to recover. This could be fixed if the two Ethereum networks jointly hard forked to update the transaction format, but neither party has plans to do so at this time.

On the other hand, Felföldi mentioned that Ethereum does eventually hope to address this issue by updating the network with the necessary changes to the transaction format in Metropolis, the next Ethereum version scheduled for release in the fall of 2016.

The concern is that if changes are made too early, it will require another hard fork, or moving to a new blockchain, and people are afraid of forking too much.

“We’ve only done one fork, and we don’t want to do more sloppy updates because it’s too dangerous,” he said. “We may stay like this for a long time.”

Arvicco, the Classic project manager, said that in his opinion, the responsibility for solving the replay attack problem falls on the people who performed the separation in the first place.

“It is very clear that ETC still maintains the consensus of the original blockchain network, while those who followed the forked Ethereum left this consensus,” he said.

He added: “For those who fork away (leave the original consensus), it is clear that they have the responsibility to make a clean separation and not expect to pass the buck to those who are still in the original consensus.”

Some people think this situation will continue because these people are so determined.

“It’s clear that the intention of some people is to create chaos,” said Peter Vessenes, a security expert and founder of the Bitcoin Foundation.