ETC Mining Pool Found Accumulating Hashpower in 51% Attack Aftermath

Omar Faridi
  • Cybersecurity firm, SlowMist has warned that a private Ethereum Classic (ETC) mining pool is hoarding large amounts of hashpower.
  • This is potentially serious after recent 51% attack on ETC's network.

Chinese cybersecurity firm SlowMist has recently issued a warning regarding a private Ethereum Classic (ETC) mining pool that appears to be hoarding large amounts of hashpower over the past few days.

Cybersecurity Researchers Find Private Mining Pool Hoarding Hashpower

After being one of the first research-focused organizations to have discovered a 51% attack against the proof-of-work (PoW)-based Ethereum Classic blockchain network, SlowMist has again sent out an alert regarding the following crypto address: 0x58b3cabd0c5c777da2c1c4d4f7ecc8afe5674f20

Researchers at SlowMist have pointed out that the address has been accumulating hashpower since the last 51% attack against ETC was launched. The Chinese research firm identified an address as being responsible for the last network attack on Ethereum Classic:

According to ETC’s hashrate distribution for the past 24 hours, the hashrate of the private mining pool (0x58b3cabd) mentioned above has accumulated 10% of the total hashpower. The private pool is currently ranked 4th - right after EtherMine, NanoPool and MiningPoolHub.

Unusually High Hashrate Detected

Notably, SlowMist found the private pool’s hashrate increased considerably from around 300 GH/s to 3,263 GH/s at one point. The unusually high hashrate temporarily made the unknown pool the largest (out of all ETC mining pools) for a brief period of time.

Chinese news outlet 8BTC reported that the private pool’s hashrate had reached 1,654 GH/s at 01:00 on January 11. However, the pool appeared to have not been able to maintain the abnormally high hashrate as it has decreased to around 556 GH/s at press time.

According to the news outlet, the malicious entity that attacked the Ethereum Classic network has been able to steal millions of dollars in cryptocurrency - after engaging in double spending. Due to the security issues related to these types of attacks, SlowMist’s research analysts have recommended that users wait for at least 400 confirmations when conducting ETC transactions.

ETC's 51% Attack

As CryptoGlobe reported on January 8, Ethereum Classic’s (ETC) development team claimed the mining pool that had over 50% of the cryptocurrency network’s hashrate was “most likely selfish mining.” Linzhi, an ASIC manufacturer, reportedly confirmed it was testing several 1,400/Mh mining machines. Analysis indicated that an attack wasn't occuring at the time.

However, US-based crypto exchange Coinbase issued a warning:

[We have] detected a deep chain reorganization of the Ethereum Classic blockchain that included a double spend. In order to protect customer funds, we immediately paused movements of these funds on the ETC blockchain. Subsequent to this event, we detected 8 additional reorganizations that included double spends, totaling 88,500 ETC (~$460,000).

As covered, Gate.io was one of the platforms the attacker took advantage of, as the exchnage suffered a loss of over $200,000 after over 40,000 ETC were double-spent.