Gate.io Exchange To Cover Almost $200k Worth of Stolen ETC, After 51% Attack

Cryptoasset exchange Gate.io will cover $184,000 worth of stolen Ethereum Classic (40,000 ETC tokens), after a reported 51% attack on the ETC blockchain occurred days ago, the company said in a press release.

The US-based exchange, which has a daily trading volume of $94 million at the time of writing, said that it had detected seven “rollback” attacks on the chain. Gate have also identified three of the attackers’ addresses, and suggest other platforms should block transactions to and from the addresses.

The minimum number of confirmations to process ETC transactions on the exchange have been raised to 500 as a precaution. Gate also “[suggested to] the ETC dev team and the community build a new consensus mechanism ([Proof-of-Stake] for example).

The ETC community, however, is known to be definitively against adopting a PoS consensus algorithm, and consider a Proof-of-Work (PoW) algorithm one of their main selling points in contrast to Ethereum’s (ETH) planned switch to PoS.

The former business developer of now-defunct ETCDEV, Donald McIntyre, said as much only a couple of days ago in the wake of the attack, commenting that “I think ETC still has a unique positioning as a PoW + Turing-complete network with an active community with sound principles.”

Still a prominent player in the ETC community, he did however express interest in a change in ETC’s PoW algorithm:

With the above in mind I think the best path is to explore a mining algorithm change to put ETC in a unique, incompatible PoW niche. Even if that implies a tradeoff as miners will have less optionality to point their infrastructure to different chains depending on the profitability of the day.

ETC’s 51% Attack(?)

CryptoGlobe wrote this week that the widely reported attack may not, in fact, have been an attack - but rather, an operational test of new application-specific integrated-circuit (ASIC) miners built for ETC’s consensus algorithm. (ETC currently uses the Ethash algorithm, which is still used by Ethereum.)

Interestingly, however, a tweet by the @eth_classic Twitter account, which speculated on the nature of the “attack,” has since been deleted.

It seems now that the ETC community agrees that it was, in fact, an attack. The substance of a community conference call, a diagnosis of the attack and the community’s response, was posted only hours ago, again on McIntyre’s Medium blog - ominously entitled “Post Mortem Meeting.”

McIntyre claimed a total of 15 double spend attacks and “at least ETC 219,500 stolen.” His explanation of the attack was straightforward, saying there is no “root cause internally in the [ETC] system,” and by way of explanationa said that “ETC is still a relatively small PoW blockchain with a mining algorithm that is compatible with larger chains such as Ethereum so attackers can rent hash power on NiceHash to reorg the blockchain.”

He detailed a number of suggestions to strengthen ETC in the future against such attacks, including a change in the PoW algorithm, reorg protection, and higher confirmation times in general (between 2,500 and 5,000). He added finally that “we will not reorg the chain or revert the events on chain under any circumstance.”

Ravencoin Vulnerability Allowed Attackers to Increase Total Supply by 1.5%

Attackers have exploited a vulnerability found in Ravencoin, an open-source fork of Bitcoin that launched in 2018, to generate extra RVN tokens “beyond the coinbase of 5000 RVN per block.”

According to a Medium post published by Ravencoin lead developer Tron Black, community members from the CryptoScope team reached out to the Ravencoin team with the findings. Both teams then worked together to stop the exploit from being leaked, and started “code review to detect, isolate, and fix the issue.” The post reads:

A community code submission caused a bug that has been exploited. Law enforcement has been notified and is working with us. The vulnerability does not allow the stealing of RVN or assets that you own and control, but the minting did create RVN that should not exist.

In total, the extra coins that were minted beyond Ravencoin’s total 21 billion supply are the equivalent of 44 days worth of mining, or about 1.5% of the RVN tokens that will ever exist. Black’s suggestion on the post was for the community to absorb the economic cost of the extra tokens, or to move the halving 44 days earlier.

He added the minted RVN tokens were moved to an exchange and traded, and as a result were mixed with other circulating RVN tokens. This means that trying to burn the tokens, even if with community backing, will “cause irreparable harm to innocent victims.”

The burden, Black added, is currently being shared across all RVN holders in proportion to their holdings in the form of inflation. The developer urged users to keep trading to a minimum until a fix is issued. Details on the vulnerability will not be revealed until the fix is implemented.

Featured image by Tyler Quiring on Unsplash.