Coinbase noticed something odd happening with Ethereum Classic last month. Ethereum Classic blockchain, the history of all its transactions, was under attack. In other words Ethereum Classic was being hacked.
An attacker had somehow gained control of more than half of the network’s computing power and was using it to rewrite the transaction history. That made it possible to spend the same cryptocurrency more than once—known as “double spends”. An attack on the Ethereum Classic blockchain may have helped hackers steal around $1.1 million worth of the currency from other users, according to Coinbase
we have identified a total of 15 reorganizations, 12 of which contained double spends, totaling 219,500 ETC approx ~$1.1 Million .
Hackers have stolen nearly $2 billion worth of cryptocurrency since the beginning of 2017, mostly from exchanges, and that’s just what has been revealed publicly. Sophisticated cyber-crime organizations are now part of these hacks along with lone attackers stumbling upon a jack pot: analytics firm Chainalysis showed that just two groups, both of which might be still active, may have stolen a combined $1 billion worth of cryptocurrency and mostly from exchanges.
Why Hack Blockchain
Why Not ?
Blockchains are particularly attractive to hackers because fraudulent transactions can’t be reversed as they can be in traditional banking systems. Besides that, we’ve long known that just as blockchains have unique security features, they have unique vulnerabilities. All those who labelled blockchain as “unhackable” were dead wrong. Name of blockchain and cryptocurrency has been greatly exploited aswell , if you head over to my CryptoCurrency Articles , you will see from hidden miners to hacked exchanges , fake coins to fake websites. Everything is available in this new world of blockchain along with credible sources to get some crypto with good guides.
How Blockchain is Hacked
Lets first run a basic class of Blockchain and Cryptocurrency before we go into in-depth examples
Blockchain : A cryptographic database maintained by a network of computers, each of which stores a copy of the most latest version.
Blockchain Protocol : A set of rules that dictate how the computers in the network, also known as nodes, should verify new transactions and add them to the database (or the blockchain) . The protocol employs cryptography, game theory to create incentives for the nodes to work toward securing the network instead of attacking. The incentive is what miners get in return amounts of the coin they mining. If employed properly this system can make it extremely difficult and expensive to add false transactions but relatively easy to verify valid ones.
As a blockchain gets complex , the programming or the blockchain protocol needs to be properly implemented because chances of mistakes greatly increase. Zcash—a cryptocurrency that uses extremely complicated math to allow private transactions revealed that they had secretly fixed a “cryptographic flaw” accidentally coded right into the protocol. An attacker could have exploited it to make unlimited counterfeit Zcash, luckily no one stumbled upon the flaw.
Majority of Crypto related hacks we read about are on Exchanges, And many of those hacks could be blamed on poor security practices. In January with the 51% attack against Ethereum Classic, things changed.
The 51% rule
Blockchains based on proof of work as their protocol for verifying transactions are prone to 51% attack. The process, also known as mining, nodes spend vast amounts of computing power to prove themselves trustworthy enough to add information about new transactions to the database. If a miner somehow gains control of a majority of the network’s mining power can defraud other users by sending them payments and then creating an alternative version of the blockchain where the payments never happened. This new version is called a fork. The attacker, who controls most of the mining power, can make the fork the authoritative version of the chain and proceed to spend the same cryptocurrency again on the newly created blockchain. This “decentralized” form of ledger where no one controls anything turns out to be controlled by 1 entity and that is “who ever controls the maximum amount of mining power“
51% Attack on Bitcoin : renting enough mining power to attack Bitcoin would currently cost more than $260,000 per hour. But it gets much cheaper quickly as you move down the list of the more than 1,500 cryptocurrencies out there. Slumping coin prices make it even less expensive, since they cause miners to turn off their machines, leaving networks with less protection.
In mid of 2018, 51% attacks on a series of relatively small and lightly traded coins including Verge, Monacoin and Bitcoin Gold started to appear while stealing an estimated $20 million in total from these attacks. Same attacks happened on Vertcoin and hackers stole around $100,000. Ethereum Classic attack which resulted in more than $1 million, was the first cryptocurrency in the top-20 slot to fall victim to this attack. David Vorick founder of Sia says
51% attacks will continue to grow in frequency and severity, and that exchanges will take the brunt of the damage caused by double-spends. Exchanges will ultimately need to be much more restrictive when selecting which cryptocurrencies to support.
The not-so-Smart Contracts
Decentralized Autonomous Organization (DAO) a venture capital fund, was set up in 2016 using Ethereum. Shortly thereafter, an attacker stole more than $60 million worth of cryptocurrency by exploiting a smart contract flaw that governed the DAO. The flaw allowed the hacker to keep requesting money from accounts without the blockchain registering that the money had already been withdrawn.
Difference with traditional software and blockchain is that blockchain fixes are not simple to fix, although Windows 10 being a simple software cant get around their “faulty updates”, imagine a decentralized ledger , where once transaction is done can not be undone.
The only way to retrieve lost crypto is to rewrite history— in other words, to go back to the point on the blockchain before the attack happened, create a fork to a new blockchain while applying a fix so the attack can not happen, and have everyone on the network agree to use that one instead. That’s what Ethereum’s developers chose to do. A smaller group stuck with the original chain, which became Ethereum Classic.
In August 2018, AnChain, a security firm – identified five Ethereum addresses behind an extremely advanced attack that exploited a smart contract flaw in a popular gambling game to steal $4 million.
Not So Unhackable Blockchain
Blockchain, after all, is a complex economic system that depends on the unpredictable behavior of humans, and people will always be angling for new ways to exploit it. Recently independent auditing parties have entered the market to help and identify such flaws and attackers, while some companies are even using AI to combat.
Blockchain can be vulnerable under certain conditions and we have seen above, that people were really quick to create those certain conditions to take away the pride with which blockchain claimed “Unhackable”, There is alot to happen in the industry; good and bad, the risk factor involved with bad is really high as a single hacked exchange results in $64 Million stolen. Protocol bugs can be unintentional but still fatal, at times the interaction between code,economics of the blockchain and human lust for quick money creates another dangerous recipe. Now that so many blockchains are out in the world, we are learning what it actually means.
Where do you see Blockchain heading ? Lambo , Moon perhaps ?