The hackers behind August's 51% attacks on Ethereum Classic exploited a “huge vulnerability” in blockchain protocols powered by proof of work (PoW)—rented mining hash power—and it is a growing industry, according to experts.
“It's actually a huge vulnerability in the system,” said Terry Culver, CEO of ETC Labs, an incubator of projects on Ethereum Classic, in an interview with Decrypt media partner Forkast.News.
Millions of dollars were lost last month following three 51% hacks on the Ethereum Classic network.
Despite the introduction of numerous know your customer (KYC) and anti-money laundering (AML) procedures, as well asregulations to rein in criminal activity in the cryptocurrency industry, hackers have shifted their targets to exploiting a core feature of PoW: decentralization.
“The [cryptocurrency] system is maturing, but the hash rental market is actually growing,” Culver said. “Think of it like, you turn the light on, and where do the mice go? [Malicious actors have] left the exchanges for the most part, and they've moved into the hash rental market.”
Ethereum Classic’s $3,800 attack vector
While it may take over$513,000 to rent the hashing power needed to perform a 51% attack (at the time of publication) for one hour on Bitcoin, only about $3,800 is needed for a similar attack on Ethereum Classic.
”The hash rental market is like under a rock somewhere, it's totally anonymous.”
—Terry Culver
“The hash rental market is like under a rock somewhere, it's totally anonymous,” Culver said. “They're basically money laundering operations. So you could take your BTC from ill-gotten gains, rent hash power, and get out freshly-minted tokens with no provenance—it's actually an incredible vulnerability in the system, if it wants to mature.”
The cost of launching a 51% attack on various top cryptocurrencies. (Image: Crypto51)
How rented hash power can be used for 51% attacks
Two of the three 51% attacks on Ethereum Classic last month were made possible by attackers leveraging Slovenia-based NiceHash, according to ananalysis by data intelligence firm Bitquery. NiceHash is an online platform where users can rent and sell CPU power to mine cryptocurrencies for profit.
By using rented hash power, attackers behind the first and second attacks “double spent” over $7 million by manipulating transaction entries on the blockchain ledger.
NiceHash itself was the target of ahack in 2017, leading to $78 million in Bitcoin being swiped.
Strategies to protect the Ethereum Classic blockchain from 51% attacks might be too little, too late. For the third time in August, hackers gained control of the Ethereum Classic blockchain in a 51% attack that reorganized over 7,000 blocks.
Though Ethereum Classic developers are rushing to protect the blockchain from future attacks, these three attacks raise concerns over the network’s security. OKEx, for instance, has considered delisting the coin to protect itself from future losses.
What is...
“Computers are getting better, it's going to keep getting easier and easier to get control of the computer power necessary to do these things,” said Benjamin J. A. Sauter, partner at New York-based international law firm Kobre & Kim. ETC Labs is pursuing litigation against the attackers through the law firm.
Ethereum Classic Labs to Pursue Enforcement and Regulation of Hash Rental Platforms. View the full statement: https://t.co/X2qqRaLmhZ
In astatement, NiceHash says that it “does not support or enable 51% attacks” but also notes that its services “might be abused by the attacker's pool.”
While NiceHash states that, "Technically, it is impossible for NiceHash or any other miner behind a pool to detect if its hash power is/will be abused for a 51% attack," the company notes that it takes steps to prevent the manipulation of the platform, which is against their terms of service, and also cooperates with authorities investigating criminal activity.
The fightback against 51% attacks
Following the series of hacks in August, ETC Labs announced a strategic plan to protect Ethereum Classic from further attacks, including monitoring hashrates for suspicious activity, deploying a finality arbitration system, and potentially changing the protocol’s PoW mining algorithm.
“If there's a market for renting, I don't think that itself is a problem,” Sauter said. “But if you're doing it without keeping track of who your customers are and doing the same kind of due diligence that the exchanges are doing now, so that you're able to trace back these kinds of frauds and hold people accountable when they abuse it, then you're part of the problem, not the solution.”
This story was produced in collaboration with our friends at Forkast, a content platform focused on emerging technology at the intersection of business, economy, and politics, from Asia to the world.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
Developers working on Ethereum are about to finalize two complementary standards that could solve one of the network's persistent user experience problems: how to clearly point to addresses across different chains.
"Users and apps need ways to unambiguously refer to an address on a specific chain," Wonderland, a multi-protocol team contributing to Ethereum and other decentralized networks, explained.
Right now, "there's no standard way for wallets, apps, or protocols to interpret or display thi...
The promise of free crypto in exchange for your biometric data is now live in the U.S., courtesy of World, the eyeball-scanning project co-founded by OpenAI CEO Sam Altman.
It announced Wednesday that it is officially rolling out its orbs in six major American cities: Atlanta, Austin, Los Angeles, Miami, Nashville, and San Francisco. While it toured its orbs around the U.S. in earlier promotional efforts, it stopped short of offering full services stateside.
The U.S. debut for World, formerly kn...
Cryptocurrencies have failed to deliver on their promises, cryptography pioneer Adi Shamir suggested at the RSA Conference in San Francisco, California, on Tuesday.
"My personal opinion is that the world would have been better without cryptocurrencies," he told attendees of an expert panel at the conference, per an initial report by The Register.
Shamir, co-inventor of the RSA encryption algorithm, was unequivocal about his position. While praising Satoshi Nakamoto's seminal whitepaper on Bitco...