51 percent Ethereum Classic hacker returns $100,000 in stolen cryptocurrency

An exchange has mulled over the possibility of the hacker being white-hat, but $1 million is still unaccounted for.


The cyberattacker believed to be responsible for a 51 percent on the Ethereum Classic (ETC) blockchain has returned $100,000 in stolen proceeds, while keeping roughly $1 million.

According to Gate.io, the funds were returned last week but it is not known why the cryptocurrency has been returned, or for what purpose — and efforts to contact the hacker have proved fruitless so far.  

“We still don’t know the reason,” the cryptocurrency exchange said. “If the attacker didn’t run it for profit, he might be a white hacker who wanted to remind people the risks in blockchain consensus and hashing power security.”

This is a possibility, but even so, the potential ‘white hat’ has still kept a fortune in cryptocurrency for themselves following the attack.

The ETC blockchain was the victim of what is known as a 51 percent attack starting on 5 January, leading to the theft of $1.1 million in the Ethereum Classic cryptocurrency. 

51 percent attacks force a blockchain to reorganize and permit attackers to seize control over transactional power of a network. In this case, it is believed over 100 blocks were reorganized.

If they manage to wrestle control of over 50 percent of the network, they are given leave to modify and execute transactions, as well as reverse transactions after they have been confirmed. This is known as “double spending.”

Theoretically, 51 percent attacks could take place on any kind of blockchain, but it does take access to a vast amount of computing power to execute these types of attacks.

Coinbase identified a total of 15 attacks, 12 of which included double spending in order to steal 219, 500 ETC. In an analysis of the attack, SlowMist researchers documented transactions involving thousands of coins at a time taking place.

“We believe that due to the recent decline in blockchain funding, the net mining power of the whole network has declined,” the researchers said. “You have really felt the impact of the 51 percent on ETC, and it is foreseeable that the attack will increase rapidly with the cost of attack reduced.”

Some of the funds have been returned but this does not mean that the blockchain is safe from potential attacks by the same hacker in the future, or copycats who also possess the means to conduct 51 percent attacks.

Gate.io says that the hashing power of the ETC network is still not strong enough to fend off these types of attack and that the possibility exists of enough hashing power being rented out to hit the blockchain again.

“Gate.io has raised the ETC confirmation number to 4000 and launched a strict 51 percent detect for enhanced protection,” the platform added. “We also suggest other ETC exchanges take actions to protect the trader from blockchain rollback/reorg.”

SlowMist recommends that exchanges and pool operators increase their block confirmation times as a matter of urgency to mitigate the risk of 51 percent attacks. Both Gate.io and Bitfly have done so; however, if enough computing power is in play to permit over 50 percent of the network to be in an attacker’s control, block confirmation extensions may not be enough.

Author: Charlie Osborne
Image Credit

Dash Cryptocurrency: Single Wallet Owner Possesses 51% of Hashrate

The NicheHash crypto mining marketplace contains the majority of the hashpower on the Dash network. A concerned Reddit user raised the alarm today.

Single Miner Mining More Than 50% of All Dash Blocks

Dash has a total of almost 1,900 Terrhashes per second at time of writing. Meanwhile, NiceHash is responsible for more than 1,000 TH/s across over 25,000 miners.

Over $2.2 Million Earned by Single Miner

Analysis by the concerned Reddit user found that three of the top addresses over the last few thousand Dash blocks are controlled by the same entity. They write:

This particular transaction has three of the four top addresses as inputs meaning one entity controls all three. These three alone gather 53% and more. You can also see this started 6 months ago/around September last year, and I think the fourth unknown pool also belongs to this entity yet it is seperated on the blockchain. It started to gather a lot of hash at the same time.

The addresses in question are:

Combined, these addresses have mined 26,665 Dash to date, at time of writing. That is a total of 573 BTC or $2.2 million at current prices. Yet, the financial aspect is the least of anyone’s worries.

51% attacks create significant security liabilities in decentralized blockchain networks. Charlie Lee recently said that networks must be vulnerable to 51% attacks for decentralization. Miner centralization threatens networks as well, however.

51% Attack Possible Before Chainlocks

nicehash crypto mining marketplace

The Reddit user Flenst concludes his post:

So it is possible someone could try to perform a 51% before DASH implements their chainlocks. The actor could start right away. Anyone offering a service with DASH must keep an eye on the chain as long as this doesn’t change and be very careful.

He is referring to a recent announcement by the Dash development team that they are working on something called “Chainlocks.” In November, Dash said they are introducing the new feature in order to combat 51% attacks. Such attacks are in the news again with recent issues surrounding Ethereum Classic. Chainlocks also deals with block reorganizations and modifies the “longest-chain” rules that Dash inherits from Bitcoin. From Dash Improvement Proposal 8:

When a node encounters multiple valid chains, it sets the local “active” chain by selecting the one that has the most accumulated work. This is generally known as the “longest-chain” rule as in most cases it is equivalent to choosing the chain with the most blocks.

If both chains have the same amount of accumulated work (and in most cases the same block count), a decision can’t be made solely based on the longest-chain rule. […] If another block is then received which extends the non-active chain so that it has the most accumulated work, it becomes the active one. For example, even if a chain is currently 6 blocks longer than any other chain, it’s still possible that a shorter chain becomes longer and thus the active one. This is generally known as a chain reorganization.

What’s clear is that someone has invested a massive amount of money into mining Dash with ASICs. Dash’s X11 algorithm once thwarted ASIC development. ASIC developers found that by adding memory to the miners, they were able to handle the X11 algorithm. When this happened with Monero, developers decided to fork away to a modified algorithm.

Author: P. H. Madore
Image Credit
Image Credit
Image Credit

Crypto Exchange Lost $500,000 Due to AurumCoin 51% Attack

A little-known cryptocurrency called AurumCoin (AU) has claimed that it was hit by 51 percent attack, and crypto exchange Cryptopia, where the cryptocurrency is listed, lost 15,752.26 AU (approx. $550,000 at the time of writing this article). However, the cryptocurrency has shifted the blame on Cryptopia. On AurumCoin’s website, it has claimed that it is not responsible to anyone since it is an open-source distributed currency. Cryptopia, on the other hand, has not yet acknowledged any loss.

AurumCoin Claims to Have Suffered 51 Percent Attack

AurumCoin (AU) is purportedly a gold-backed cryptocurrency, where each token is pegged to the value of pure 24K gold. AurumCoin claims to back each AU with 0.75 grams of gold stored in secure vaults worldwide. It has been running its own blockchain since 2014, where AU is mineable (despite its supposed gold peg) with a hard cap of 300,000 coins.

Also, the price of AU has not seen any stability that would expected out of a truly gold-backed cryptocurrency. AurumCoin (AU) is currently priced at $35.01, up by 72 percent in the last 24 hours. In the past week alone, AU shot up by nearly 400 percent from $9.50 to its current price.

What is a 51 Percent attack?

crypto exchange double spend attack

A 51 percent attack is when a hacker is able to take control over a crypto network with more than 51 percent of its hash rate. It would give them the authority to control transactions, including stopping new transactions, reversing transactions and double spending coins. It has been demonstrated in the past how easy it is to perform a 51 percent attack on small cryptocurrencies.

With a market cap of just $10 million, AurumCoin was an easy target. The hacker sent 15,752.26 AU to Cryptopia and sold it for a different cryptocurrency. Once the transaction was done, the hacker allegedly used their superior hash power to reverse the transaction, as though it never happened. Based out of New Zealand, Cryptopia is a popular cryptocurrency exchange known for listing a variety of small-cap coins like these.

AurumCoin Shifts Blame On Cryptopia

Although Cryptopia has not acknowledged the attack, AurumCoin published the following statement on top of their website:

“Aurum coin (AU) network was hacked (51 percent attack), a total of 15,752.26 AU is missing from Cryptopia’s wallet (cryptopia.co.nz exchange). Aurum coin network is not the responsibility of anyone, same as bitcoin network, it is an open source distributed crypto currency. What’s worse is that cryptopia exchange do not admit it. This is not the way to solve this problem.”

It is not clear what AurumCoin expects Cryptopia to do. It has constantly insisted that Cryptopia was hacked. However, the fact is, AurumCoin lacked the hash rate to prevent a 51 percent attack which resulted in Cryptopia losing over half a million dollars. Recently, Bittrex delisted Bitcoin Gold after losing some funds due to a similar 51 percent attack.

Editor’s Note: CCN has reached out to Cryptopia for confirmation on whether it lost funds as the result of a double spend attack. According to the exchange’s website, no AU trades have been processed since early October, when the token’s markets were halted for an “infrastructure upgrade.”

Author: Vignesh Salvasundar
Image Credit
Image Credit