Security Firm Asks Exchanges to Help It Find Ethereum Classic 'Attacker'

Security firm SlowMist has come out with a public analysis of the latest chain attacks seen on ethereum classic.

AccessTimeIconJan 9, 2019 at 4:51 p.m. UTC
Updated Sep 13, 2021 at 8:44 a.m. UTC

China-based security firm SlowMist has claimed that it has enough evidence to locate the culprit behind recent chain attacks on ethereum classic.

In a Medium article published Wednesday, SlowMist summarized the bulk of their analysis on ethereum classic, specifying the three wallet addresses and four transaction hashes that launched the two-day block reorganization (reorg) attacks on the network. The company also corroborated information released by cryptocurrency exchange Coinbase.

Both SlowMist and Coinbase said double spends have occurred as a result of block reorgs, with SlowMist contending that a total of seven transactions were rolled back from the network and 54,200 ETC (almost $270,000) spent a second time.

Affirming that these attacks to have started as early as Saturday 19:58 UTC, the company highlights that similar attacks on the network have now stopped, with the last documented one occurring Tuesday at 4:30 UTC.

SlowMist further said that it is still seeking to find out where exactly the identified addresses are located, which the firm said can be deduced "if the relevant exchanges are willing to assist."

Speaking to CoinDesk, SlowMist identified, Bitrue and Binance as the exchanges they’re looking to work with in order to locate the attacker.

When asked to elaborate on the exact information beyond geography SlowMist is looking to identify about those behind the attack, the team responded in an email they could not disclose such information, calling it "a secret."

Both and Bitrue have issued public statements on their official Twitter accounts claiming 40,000 ETC and 13,000 ETC in double spends on their respective exchange platforms.

Ethereum classic developers are working closely with the SlowMist team to identify the origin of these attacks and will be meeting today during a private Discord call at 5 p.m. UTC to discuss actionable items moving forward.

In advance of this meeting, ethereum classic developers tweeted a summary of current priorities for the community, emphasizing that "we will not reorg the chain or revert the events on chain under any circumstance."

Map image via Shutterstock

Wolfie Zhao contributed reporting.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.