In brief

  • Coinbase has released a detailed analysis of the 51% attack against the Ethereum Classic blockchain.
  • Coinbase was running multiple ETC node clients during the attack and saw the impact of the fork on those systems.
  • Legal action is being pursued against the attacker by Ethereum Classic Labs.

Coinbase has released a report explaining just what went on during the recent Ethereum Classic 51% attacks.

The industry-leading digital asset custody and exchange platform yesterday released a post-mortem on the Ethereum Classic double-spend attacks that took place in early August, in which they calculated that approximately $9 million in assets were stolen from crypto exchanges. Coinbase confirmed it was not the target of any of the malicious transactions, and no customer funds were affected.

As previously reported by Decrypt, two separate 51% attacks were organized against Ethereum Classic (ETC), a Proof-of-Work blockchain with a market cap of more than $770 million. The attacker sent millions worth of ETC to OKEx and Bitfinex crypto exchanges, then swapped the ETC for other currencies and removed them from the exchange. Using rented hash power greater than 51% of all other miners combined, the attacker then erased the transactions sending ETC to the exchanges, allowing them to retain both the swapped assets and the original ETC.

Coinbase noted in its analysis that the Ethereum Classic blockchain forked into two different chains based on how different ETC node software clients parse blockchain data. Some of these clients' nodes run in a ‘pruned’ state, where blocks beyond a given age are considered ‘ancient’ and thus not stored within the node, as a means of reducing memory requirements. In this case, however, the 51% attack attempted to replace blocks that had already become considered ancient. This caused pruned-Parity nodes to stick with the original blockchain data, while operators of nodes running different clients, like Geth, accepted the 51% attack blocks.


As an administrator of dozens of different crypto assets for tens of millions of customers, Coinbase runs a variety of different nodes and clients for many different blockchains. That practice helped the company realize something was off early on and allowed them to investigate the source of the partition.

This let them dodge the bullets: "Coinbase chose to significantly raise our confirmation count requirement. This ensured that no double-spend transactions were credited on the Coinbase platform," it wrote. And to avoid a long-term fork of the ETC blockchain, Coinbase and other pruned-Parity node operators have resynchronized their nodes with the predominant chain that contains the double-spend transactions.

As a result of the attacks, Ethereum Classic Labs has enlisted the help of crypto intelligence company CipherTrace and law firm Kobre and Kim to pursue criminal charges against the ETC 51% attacker. Ethereum Classic Labs has also released a Network Security Plan to increase coordination between stakeholders to defend against future attacks.

While malicious attacks against supported currencies are always troublesome, Coinbase users can rest easy this time knowing that their funds are safe.


Stay on top of crypto news, get daily updates in your inbox.