Crypto exchange Coinbase has halted all ethereum classic transactions, withdrawals and deposits due to a series of blockchain history reorganizations on the network.
Ethereum classic saw more than 100 blocks "reorganized" during a potential 51 percent attack late Sunday, according to at least two different block explorers - Bitfly (Etherchain) and Blockscout. Coinbase said in its blog post that it detected some 88,500 ETC being double-spent (totaling some $460,000).
Media publication Coinness reported Monday that an in-house analyst had detected an abnormal hash rate (or computation energy) going into a single mining pool, potentially causing mass reorganizations (reorgs) of mined blocks. Though initially refuted by the core proponents behind ethereum classic on Twitter, the official account has now affirmed potential cause for concern, tweeting out:
SlowMist, a China-based security firm, first alerted users of the strange activity occurring on the network Monday morning, stating that its team was trying to trace the cause of the attack. SlowMist did not immediately respond to a request for comment.
Recent reports from Coinness stated that “certain abnormality” had been detected in the mining hash rate of a private ethereum classic mining pool.
Disputed accounts
The duration of the attack seems to be in dispute. Blockscout reported block reorganizations occurring at 02:00 UTC and 05:00 UTC Monday, while Bitfly said in a Tweet at 17:00 UTC that the attack was potentially "ongoing." In its note, Coinbase wrote that "the attacks are ongoing."
Blockscout project lead Andrew Cravenho affirmed to CoinDesk that although the last recorded reorg attack was seen 14 hours ago, the network is constantly "fluctuating and people are always switching their hashing power," suggesting the potential for continued disruption under "the perfect circumstances."
He also noted that the reorg may have begun before being noted on Blockscout. In a blog post, Coinbase said it first noticed the reorg on Jan. 5, two days before other reports began.
And though reiterating to CoinDesk that indeed “a huge reorg took place” on the ethereum classic blockchain, Cravenho’s explanation of the event as a 51 percent attack is not widely agreed upon.
In an email to CoinDesk, ethereum classic dev advisor Cody Burns said that the activity could not be labeled a 51 percent attack but rather “a selfish mining attack” caused by a client-local phenomenon.
He added in a post on Twitter that "...the entire Ethereum network doesn’t ‘reorganize’ simultaneously. It would be more likely that someone discovered all of Coinbase ETC nodes and ‘surrounded’ them."
Still, Burns suggested in an email to CoinDesk that regardless of the situation's origin, companies providing services for ethereum classic should take steps to protect their users.
"The best course of action is for businesses and exchanges using ANY ethereum based chain is to increase the number of confirmation blocks to >400 blocks," he wrote.
In response to the deep reorg, Kraken announced in an incident report that it was increasing the number of confirmations required to make an ethereum classic deposit. Bitfly told CoinDesk that it was likewise taking this action.
Poloniex announced it was disabling ETC wallets, and it does not currently have a firm timeline on when they will be re-enabled.
Responsibility
The ethereum classic Twitter account claimed that the excessive hashrate may have come from crypto miner manufacturer Linzhi, which reportedly confirmed it was testing new machines with a 1,400Mh/s hashrate.
However, in an email to CoinDesk, Linzhi Shenzhen director of operations Wolfgang Spraul pushed back, saying "We are categorically denying such claims, they are entirely baseless and may be part of the attack itself."
The company has not yet launched its first product, he said, adding:
Editor's note: This article has been updated with comments from Poloniex, @eth_classic and Linzhi Shenzhen.
Ethereum classic logo image via Shutterstock