The cyberattacker believed to be responsible for a 51 percent on the Ethereum Classic (ETC) blockchain has returned $100,000 in stolen proceeds, while keeping roughly $1 million.
According to Gate.io, the funds were returned last week but it is not known why the cryptocurrency has been returned, or for what purpose -- and efforts to contact the hacker have proved fruitless so far.
"We still don't know the reason," the cryptocurrency exchange said. "If the attacker didn't run it for profit, he might be a white hacker who wanted to remind people the risks in blockchain consensus and hashing power security."
This is a possibility, but even so, the potential 'white hat' has still kept a fortune in cryptocurrency for themselves following the attack.
The ETC blockchain was the victim of what is known as a 51 percent attack starting on 5 January, leading to the theft of $1.1 million in the Ethereum Classic cryptocurrency.
51 percent attacks force a blockchain to reorganize and permit attackers to seize control over transactional power of a network. In this case, it is believed over 100 blocks were reorganized.
If they manage to wrestle control of over 50 percent of the network, they are given leave to modify and execute transactions, as well as reverse transactions after they have been confirmed. This is known as "double spending."
Theoretically, 51 percent attacks could take place on any kind of blockchain, but it does take access to a vast amount of computing power to execute these types of attacks.
Coinbase identified a total of 15 attacks, 12 of which included double spending in order to steal 219, 500 ETC. In an analysis of the attack, SlowMist researchers documented transactions involving thousands of coins at a time taking place.
"We believe that due to the recent decline in blockchain funding, the net mining power of the whole network has declined," the researchers said. "You have really felt the impact of the 51 percent on ETC, and it is foreseeable that the attack will increase rapidly with the cost of attack reduced."
Some of the funds have been returned but this does not mean that the blockchain is safe from potential attacks by the same hacker in the future, or copycats who also possess the means to conduct 51 percent attacks.
Gate.io says that the hashing power of the ETC network is still not strong enough to fend off these types of attack and that the possibility exists of enough hashing power being rented out to hit the blockchain again.
"Gate.io has raised the ETC confirmation number to 4000 and launched a strict 51 percent detect for enhanced protection," the platform added. "We also suggest other ETC exchanges take actions to protect the trader from blockchain rollback/reorg."
SlowMist recommends that exchanges and pool operators increase their block confirmation times as a matter of urgency to mitigate the risk of 51 percent attacks. Both Gate.io and Bitfly have done so; however, if enough computing power is in play to permit over 50 percent of the network to be in an attacker's control, block confirmation extensions may not be enough.