51% Attack succeeds and over $1million Ethereum Classic is double spent
The cornerstone design assumption in blockchain systems such as Bitcoin and Ethereum is that there is a large community pool of honest participants who mutually concur and authenticate blockchain events. Page 3 of Satoshi Nakamoto’s original whitepaper titled: “Bitcoin: A Peer-to-Peer Electronic Cash System” states: “If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains.” In other words, the blockchain remains secure as long as no-one is able to compromise more than 51% of the network. This seemed like a reasonable assumption for large, distributed systems. Until, that is, someone managed to do just that with the Ethereum Classic blockchain in early January 2019.
Coinbase’s Security Engineer, Mark Nesbitt, describes the timeline and explains the attack in the Coinbase blog:
“The function of mining is to add transactions to the universal, shared transaction history, known as the blockchain. This is done by producing blocks, which are bundles of transactions, and defining the canonical history of transactions as the longest chain of blocks*. If a single miner has more resources than the entirety of the rest of the network, this miner could pick an arbitrary previous block from which to extend an alternative block history, eventually outpacing the block history produced by the rest of the network and defining a new canonical transaction history.”
Coinbase first spotted unusual transactions in the Ethereum Classic blockchain on Saturday 5thJanuary. These ‘chain reorganisation’ transactions can occur if a malicious operator is able to control the majority of processing power associated with the blockchain and produce new transactions more quickly than all the honest participants. This is because, simply put, the longest blockchain is assumed to be the canonical truth.
As a result of this attack, Coinbase estimate over a $1million of Ethereum Classic was double spent by the attackers.
Until now, many proponents of blockchain had taken it as an article of faith that no-one would be able to harness enough processing power or subvert enough nodes to successfully force a blockchain reorg and ‘rewrite history’ in this way.
Another proof of Schneiers Law – attacks only get better over time.