Cryptocurrency trading portal Coinbase delisted today the Ethereum Classic (ETC) currency after detecting a series of double-spend attacks over the last three days.
In layman terms, double-spend attacks are when a malicious actor gains the majority computational power inside a blockchain, which they then use to enforce unauthorized transactions over legitimate ones.
According to a security alert published today by Coinbase security engineer Mark Nesbitt, this is exactly what's been happening on the Ethereum Classic blockchain for the past three days, since January 5.
Nesbitt says that a malicious actor has carried out 11 (at the time of writing) double-spend attacks during which he moved funds from legitimate accounts to their own.
Coinbase says they immediately put the ETC blockchain under a close watch after the first attack, even if no funds were stolen.
The platform said it delisted ETC trading on its platform after the third attack, during which a first double-spend transaction that moved funds illegally was observed.
Another eight followed suit after that, and, in total, attackers managed to carry out double-spend transactions of nearly 88,500 ETC (~$460,000) over the last three days.
Coinbase said the attacks are still ongoing. The company also said its platform was not the target of these attacks but did not reveal if attackers tried to move funds from another cryptocurrency trading site.
The ETC cryptocurrency was created in August 2016, shortly after the infamous DAO hack, and was one of the first forks of the more established Ether (ETH).
ETC trading price was down nearly eight percent today, at $5.02, according to CoinMarketCap.
According to Crypto51, it only costs $5,029 to rent enough computing powerto overwhelm the ETC blockchain with your own miners and gain 51 percent hashing power to carry out a double-spend attack.
Update, January 8, 06:00 AM ET: Bitfly, a fellow cryptocurrency trading platform, has also confirmed Coinbase's report. So did the Ethereum Classic team, which was immediately criticized for not spotting the attack on its own network in the first place. Coinbase, too, was criticized, but for failing to reveal the double-spend attacks on Saturday when they first happened, leaving ETC users at risk for three days, for no good reason. Coinbase also updated its original report with details on another 12 double-spend attacks, bringing the total of stolen funds to 219,500 ETC (~$1.1 million).
More cybersecurity news:
- NSA to release a free reverse engineering tool
- Security researcher cracks Google's Widevine DRM (L3 only)
- New ReiKey app can detect macOS keyloggers
- Facial recognition doesn't work as intended on 42 of 110 tested smartphones
- New hardware-agnostic side-channel attack works against Windows and Linux
- Most home routers don't take advantage of Linux's improved security features
- Why router-based attacks could be the next big trend in cybersecurity TechRepublic
- Security researchers find flaws in chips used in hospitals, factories and stores CNET