Double whammy 51% attack

In the first of two recent Double whammy 51% attacks, OKEx confirmed a loss of around $5.6 million in Ethereum Classic (ETC) and is now considering removing ETC from trading.

OKEx is one of the largest exchanges in terms of ETC turnover, and removing Classic Ethereum from trading will not be an easy decision, emphasizes Jay Hao, CEO of the company.

Double whammy ETC attack

«Given the popularity and reputation of ETC, we are in no rush to delist,” Hao explained to the CoinDesk portal in a Telegram message dated August 17. “However, they need to implement significant network updates to reduce the chance of another 51% attack.”».

Timeline of the attack – preparation

According to OKEx’s investigation and findings, the attacker (or group of people) registered five accounts between June 26 and July 9, 2020, in preparation for double-spending ETC.

All five entries successfully passed the OKEx Know Your Customer protocols and moved to the second and third level of the KYC platform, which increased the withdrawal limits. Attention is drawn to the presence of a certain “Russian trace” in the attack (see Table).

Then, from July 30 to 31, 2020, five newly registered accounts deposited a total of ZEC 68,230.02 on OKEx in multiple transactions. And on July 31, the attacker (or group) exchanged the full amount of deposited ZEC for ETC on the OKEx spot market. The initiator of the attack then withdrew the newly acquired ETC from OKEx to various external ETC addresses, withdrawing a total of 807,260 ETC, which was approximately $5.6 million at the time.

three-stage attack

The diagram below, submitted by independent researchers and confirmed by the OKEx exchange, clearly shows how the attack was carried out, dated July 31 to August 1.

On July 31, after exchanging ZEC for ETC on the OKEx exchange and then withdrawing ETC to external addresses, the attacker launched a large-scale 51% attack on the Ethereum Classic blockchain. The entire operation can be divided into three stages: 1) the creation of a “shadow chain” – as an alternative to the ETC mainnet chain; 2) double actual spending; 3) a deep reorganization of the chain, which brought losses to OKEx.

Create a chain of shadows

On July 31, the attacker bought enough has rated to take control of the ETC network. This was possible after a significant exit of miners from the ETC network to ETH due to the increase in commission payments and the profitability of ether mining. They started mining on the Ethereum Classic network starting with block 10904146 mined at 16:36:07 UTC.

The attacker set out to build an alternative network, parallel and identical to the main network, but without transmitting to other nodes, creating a so-called shadow chain, which only the attackers knew about.

The initiated shadow chain included a transaction with 807,260 ETC, previously purchased by the attacker on OKEx and withdrawn to external addresses. So, at this point, the transaction history, both on the ETC manner and on the ETC secret blockchain, looked the same.

double-spending

The attacker then sent 807,260 ETC back to the OKEx exchange, and the transaction was confirmed in the ETC manner. However, the attacker altered this transaction on the hidden chain by replacing the 807 260 ETC sending address with his second address (instead of the address on the OKEx exchange).

As a result of the implemented scheme, the attacker (or a group of people) successfully spent twice: 807,260 ETC moved to OKEx on the ETC manner and, in parallel, remained on the second wallet address on the shadow chain. .

The secret becomes clear

The organizer of the attack re-exchanges ETC for OKEx for 78,941,356 ZEC, via spot trading. And immediately displays the acquired ZEC to various external addresses.

After withdrawing the ZEC from the OKEx exchange and confirming the transactions, the attacker transmits 3,615 blocks from the ETC shadow chain to the ETC manner. These blocks contained the transaction 807 260 ETC sent to the attacker’s personal address) and not to the OKEx address.

Since the attackers at the time owned most of ETC’s hash power, they were able to quickly mine new blocks and create a longer chain, which was accepted by the rest of the participants who kept the ETC network as the main one. This chain, as you already understood, is identical to the real one in everything, except for 807,260 ETC, which “evaporated” from the changelog, or rather, from the pockets of all the bidders who bought the classic from the attackers for ZEC.

Who is lost?

The main losses were suffered by OKEx clients, who discovered that the ETC they purchased simply disappeared from their accounts. According to the exchange, at the expense of the insurance fund, it fully compensated (compensates) these losses to users by accepting losses from the 51% attack on their balance.

The ETC project has suffered serious damage to its reputation, and ETC deposit/withdrawal operations are now limited on most trading platforms (especially since the network soon survived the second “5%”1 attack). And now the ETC developers are faced with an important task: how to protect the project from similar incidents in the future.

The attackers spent around 17.5 BTC ($204,000) to pay for hash power to carry out the attack. However, given the $23.44 per block reward on Ethereum Classic, the organizers most likely made $93,760 from the mining rewards alone, offsetting nearly half the cost of the 51% attack.

If we consider that these people deposited 68,230.02 ZEC on the exchange and withdrew 78,941,356 ZEC, they proved to be successful traders. And 807,260 ETC went to them in the form of a net reward.

The elimination of the attack was technically complex and required a deep understanding of the technology of ETC’s network algorithms, which was demonstrated by the organizers.

Consequences

Most of the accounts registered on OKEx are of Russian origin and have passed KYC3 (probably for nominees or shills). That is why the organizers are not afraid of the consequences, thanks to the details of the Russian legislation. The Russian Federation does not recognize digital assets as anyone’s property, and as a result, the actions of the attackers, from the point of view of the law, did not cause losses to third parties.