Coinbase suspends Ethereum Classic (ETC) trading after double-spend attacks

Attackers carried out 11 double-spend attacks and stole nearly 88,500 ETC (~$460,000).
Written by Catalin Cimpanu, Contributor

Cryptocurrency trading portal Coinbase delisted today the Ethereum Classic (ETC) currency after detecting a series of double-spend attacks over the last three days.

In layman terms, double-spend attacks are when a malicious actor gains the majority computational power inside a blockchain, which they then use to enforce unauthorized transactions over legitimate ones.

According to a security alert published today by Coinbase security engineer Mark Nesbitt, this is exactly what's been happening on the Ethereum Classic blockchain for the past three days, since January 5.

Nesbitt says that a malicious actor has carried out 11 (at the time of writing) double-spend attacks during which he moved funds from legitimate accounts to their own.

Coinbase says they immediately put the ETC blockchain under a close watch after the first attack, even if no funds were stolen.

The platform said it delisted ETC trading on its platform after the third attack, during which a first double-spend transaction that moved funds illegally was observed.

Another eight followed suit after that, and, in total, attackers managed to carry out double-spend transactions of nearly 88,500 ETC (~$460,000) over the last three days.

Coinbase said the attacks are still ongoing. The company also said its platform was not the target of these attacks but did not reveal if attackers tried to move funds from another cryptocurrency trading site.

The ETC cryptocurrency was created in August 2016, shortly after the infamous DAO hack, and was one of the first forks of the more established Ether (ETH).

ETC trading price was down nearly eight percent today, at $5.02, according to CoinMarketCap.

According to Crypto51, it only costs $5,029 to rent enough computing powerto overwhelm the ETC blockchain with your own miners and gain 51 percent hashing power to carry out a double-spend attack.

Update, January 8, 06:00 AM ET: Bitfly, a fellow cryptocurrency trading platform, has also confirmed Coinbase's report. So did the Ethereum Classic team, which was immediately criticized for not spotting the attack on its own network in the first place. Coinbase, too, was criticized, but for failing to reveal the double-spend attacks on Saturday when they first happened, leaving ETC users at risk for three days, for no good reason. Coinbase also updated its original report with details on another 12 double-spend attacks, bringing the total of stolen funds to 219,500 ETC (~$1.1 million).

2018's worst cryptocurrency scams, cyberattacks (in pictures)

More cybersecurity news:

Editorial standards