Coinbase Suspends Ethereum Classic After Blockchain History Rewrites

Ethereum classic's blockchain has been hit by a suspected 51 percent attack, leading to reorganizations of its transaction history.

AccessTimeIconJan 7, 2019 at 8:19 p.m. UTC
Updated Sep 13, 2021 at 8:44 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Crypto exchange Coinbase has halted all ethereum classic transactions, withdrawals and deposits due to a series of blockchain history reorganizations on the network.

Ethereum classic saw more than 100 blocks "reorganized" during a potential 51 percent attack late Sunday, according to at least two different block explorers - Bitfly (Etherchain) and Blockscout. Coinbase said in its blog post that it detected some 88,500 ETC being double-spent (totaling some $460,000).

Media publication Coinness reported Monday that an in-house analyst had detected an abnormal hash rate (or computation energy) going into a single mining pool, potentially causing mass reorganizations (reorgs) of mined blocks. Though initially refuted by the core proponents behind ethereum classic on Twitter, the official account has now affirmed potential cause for concern, tweeting out:

"We are now working with Slow Mist and many others in the crypto community. We recommend exchanges and pool significantly increase confirmation times."

SlowMist, a China-based security firm, first alerted users of the strange activity occurring on the network Monday morning, stating that its team was trying to trace the cause of the attack. SlowMist did not immediately respond to a request for comment.

Recent reports from Coinness stated that “certain abnormality” had been detected in the mining hash rate of a private ethereum classic mining pool.

Disputed accounts

The duration of the attack seems to be in dispute. Blockscout reported block reorganizations occurring at 02:00 UTC and 05:00 UTC Monday, while Bitfly said in a Tweet at 17:00 UTC that the attack was potentially "ongoing." In its note, Coinbase wrote that "the attacks are ongoing."

Blockscout project lead Andrew Cravenho affirmed to CoinDesk that although the last recorded reorg attack was seen 14 hours ago, the network is constantly "fluctuating and people are always switching their hashing power," suggesting the potential for continued disruption under "the perfect circumstances."

He also noted that the reorg may have begun before being noted on Blockscout. In a blog post, Coinbase said it first noticed the reorg on Jan. 5, two days before other reports began.

And though reiterating to CoinDesk that indeed “a huge reorg took place” on the ethereum classic blockchain, Cravenho’s explanation of the event as a 51 percent attack is not widely agreed upon.

In an email to CoinDesk, ethereum classic dev advisor Cody Burns said that the activity could not be labeled a 51 percent attack but rather “a selfish mining attack” caused by a client-local phenomenon.

He added in a post on Twitter that "...the entire Ethereum network doesn’t ‘reorganize’ simultaneously. It would be more likely that someone discovered all of Coinbase ETC nodes and ‘surrounded’ them."

Still, Burns suggested in an email to CoinDesk that regardless of the situation's origin, companies providing services for ethereum classic should take steps to protect their users.

"The best course of action is for businesses and exchanges using ANY ethereum based chain is to increase the number of confirmation blocks to >400 blocks," he wrote.

In response to the deep reorg, Kraken announced in an incident report that it was increasing the number of confirmations required to make an ethereum classic deposit. Bitfly told CoinDesk that it was likewise taking this action.

Poloniex announced it was disabling ETC wallets, and it does not currently have a firm timeline on when they will be re-enabled.

Responsibility

The ethereum classic Twitter account claimed that the excessive hashrate may have come from crypto miner manufacturer Linzhi, which reportedly confirmed it was testing new machines with a 1,400Mh/s hashrate.

However, in an email to CoinDesk, Linzhi Shenzhen director of operations Wolfgang Spraul pushed back, saying "We are categorically denying such claims, they are entirely baseless and may be part of the attack itself."

The company has not yet launched its first product, he said, adding:

"If we would test our ASICs, we would never do that on any mainnet, we would do that on a testnet or a private net. We would most likely invite independent industry figures like David Vorick or Anthony Lusardi to observe what we are doing."

Editor's note: This article has been updated with comments from Poloniex, @eth_classic and Linzhi Shenzhen.

Ethereum classic logo image via Shutterstock

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.