Early last month, the security team at Coinbase noticed something strange going on in Ethereum Classic, one of the cryptocurrencies people can buy and sell using Coinbase's popular exchange platform. Its blockchain, the history of all its transactions, was under attack.
An attacker had somehow gained control of more than half of the network's computing power and was using it to rewrite the transaction history. That made it possible to spend the same cryptocurrency more than once—known as "double spends." The attacker was spotted pulling this off to the tune of $1.1 million. Coinbase claims that no currency was actually stolen from any of its accounts. But a second popular exchange, Gate.io, has admitted it wasn't so lucky, losing around $200,000 to the attacker (who, strangely, returned half of it days later).
Just a year ago, this nightmare scenario was mostly theoretical. But the so-called 51% attack against Ethereum Classic was just the latest in a series of recent attacks on blockchains that have heightened the stakes for the nascent industry.
In total, hackers have stolen nearly $2 billion worth of cryptocurrency since the beginning of 2017, mostly from exchanges, and that's just what has been revealed publicly. These are not just opportunistic lone attackers, either. Sophisticated cybercrime organizations are now doing it too: analytics firm Chainalysis recently said that just two groups, both of which are apparently still active, may have stolen a combined $1 billion from exchanges.
(Score: 2) by All Your Lawn Are Belong To Us on Wednesday February 20 2019, @10:16PM (3 children)
Is it even 50% of the mining powers? It takes that to push through a block revision, I thought. But can't I get lucky a one corrupted block addition and then win a few times in a row to seal it and then go quiescent and let my corrupted proof get buried by layers of new confirmation from other innocent actors? (And yes, I may not understand that part of it as well as I should, so correction happily invited).
This sig for rent.
(Score: 4, Informative) by Snow on Wednesday February 20 2019, @10:27PM (1 child)
Nope, well yes... maybe.
If the corrupted block follows all the rules as to what a block is, then yes, you are good. This happened in 2010 with the value overflow incident [bitcoin.it]
Usually a 'corrupted' block violates one or more rules and will not propagate through the network. So, yes, you can build on it with your patched software, but no one else will receive it or build on top.
(Score: 2) by All Your Lawn Are Belong To Us on Thursday February 21 2019, @02:55PM
I thought there must have been something flawed with my thought, otherwise enterprises would already be doing it. I'm still a little hazy on how the new block acceptance pattern works - I've got a clue from all I've read but not enough to know what's possible and isn't.
This sig for rent.
(Score: 0) by Anonymous Coward on Wednesday February 20 2019, @11:27PM
https://www.crypto51.app/ [crypto51.app] has an explanation of the double-spend attack.
p.s. ty janrinok for cleaning up my submission and adding what must be a blockquote.