Ethereum Classic suffered three 51% attacks last month. Can it solve its security problems and restore its reputation?
Ethereum Classic suffered three 51% attacks in August 2020, raising widespread doubts about its security and integrity. Now, the project is looking for new ways to solve its problems and provide protection against future attacks.
The problem is simple: Ethereum Classic relies on a fairly small mining network, meaning that attackers can “buy out” the network’s hash power. During that time, they can double-spend the ETC cryptocurrency, allowing them to steal funds during the attack. In the latest attack, the hacker earned about $5.6 million.
Several possible solutions have been proposed, and it’s not clear what course of action will be taken. However, there are several ideas in the pipeline.
Over the next several months Ethereum Classic might change several aspects of its mining protocol. Most notably, this could involve moving to a new algorithm such as Keccak-256, SHA-3, or Monero’s RandomX. The Ethereum Classic team first announced plans to change its mining algorithm in August via Medium, and it reaffirmed those plans on Twitter in early September.
ETC Network Security Plan via @ETCCooperative
— Ethereum Classic (@eth_classic) September 7, 2020
Other changes include other more technical features (such as Permapoint, Checkpointing, PirlGuard, and MINERVOTE), as discussed in this blog post. Ethereum Classic also plans to encourage “defensive mining” by working with miners and mining pools to make hash rates more consistent and raise hashrate when needed.
Some commentators argue that technical improvements are less important than practical decisions. Kristy-Leigh Minehan of Corewave suggests that Ethereum Classic should “actively invest in winning over more miners to their chain.” That is, a stronger network must be built through participation, not just technical decisions.
In order to carry out 51% attacks, hackers usually rent out hash power from cloud services. Ethereum Classic claims that during the latest attacks, the perpetrators made use of a service called NiceHash. In response, Ethereum Classic plans to lobby for regulations against these services, pushing for KYC measures and crypto address screening in order to identify customers who abuse these services.
NiceHash has dismissed these complaints. It says that it cannot monitor or exercise power over its users in the way that Ethereum Classic expects. NiceHash also says that it already complies with law enforcement when its services are abused, though it does not list any cases in which it actually did so.
It’s not clear whether Ethereum Classic’s regulation efforts will succeed. However, if those efforts do succeed, they could also prevent attacks on other blockchains that have been compromised in the past, such as Bitcoin Gold and Vertcoin.
Typically, after 51% attacks, exchanges step in to prevent attackers from making use of their funds. Coinbase, for example, raised confirmation times to two weeks in August in order to stop attackers from cashing out their stolen ETC funds. Many other exchanges presumably took the same course of action.
Given the recent network attacks on Ethereum Classic, we have increased the confirmation time for ETC sent to Coinbase & Coinbase Pro to ~2 weeks. We are actively monitoring the situation and will provide updates as they become available.
— Coinbase Support (@CoinbaseSupport) August 8, 2020
Though exchanges typically freeze withdrawals, it is unlikely that any exchanges will delist ETC entirely. OkEX and Poloniex have reportedly considered removing the coin, though it does not seem that will actually happen. Of course, they may be more likely to do so if there are future attacks.
Some critics, such as Ethereum leader Vitalik Buterin, have suggested that Ethereum Classic should do away with mining altogether and switch to proof-of-stake. On Aug. 5, Buterin wrote: “Even given [Ethereum Classic’s] risk-averse culture, at this point making the jump seems lower-risk than not making it.”
The Ethereum Classic team is unlikely to take the project in that direction. As recently as January 2020, ETC has insisted on proof-of-work mining, arguing that it is an “order of magnitude” more secure, and that it is a “base layer of the blockchain industry stack.”
Buterin was most likely aware of Ethereum Classic’s long-standing objection and was simply promoting Ethereum’s own upcoming proof-of-stake system in jest.
Ethereum Classic has turned out to be especially vulnerable to 51% attacks, even though it is seen as fairly reputable and reliable by the blockchain community at large.
ETC’s market value does not seem to have suffered greatly as a result of the attacks. In the 30 days leading up to Sept. 16, ETC lost 28% of its value, not considerably worse than Ethereum proper, which lost 15% of its value in the same period.
It is safe to say that Ethereum Classic has a dedicated base. Further attacks could do damage to its reputation, but the project clearly has time to introduce a solution.
Disclaimer: information contained herein is provided without considering your personal circumstances, therefore should not be construed as financial advice, investment recommendation or an offer of, or solicitation for, any transactions in cryptocurrencies.