Ethereum Classic blockchain successfully attacked, over $500,000 stolen


#1

Originally published at: https://boingboing.net/2019/01/08/ethereum-classic-blockchain-su.html


#2

Another day another blockchain heist. This one uses the classic 51% attack that was identified immediately when Bitcoin was first introduced.

What this should tell anybody is that any altcoin with a smaller compute requirement than Etherium Classic is vulnerable, and probably some of the bigger ones too. In fact there was a concern in the Bitcoin world that one of the mining outfits was sometimes in a position to make a 51% attack, but they made a pinky swear that they wouldn’t do it.

For any of the coins where you can do GPU based mining I’ve wondered how much it would cost to spin up Google/Amazon/etc… cloud services temporarily to do a 51% attack and steal a few million bucks worth of coins. Probably cheaper to hire a few botnets and have people’s computers all over the world do the work instead. For as mathematically sound as the chain of signed records is, everything else with these coins is built out of chewing gum and bailing wire.


#3

Fry_is_shocked.gif


#4


#5

I wish they didn’t call it a 51% attack.

if you have 1000 total mining hp 51% = 510.

50% + 1 = 501.

You only need 501 hp in this instance for the attack.

I wish they’d called it 50% + 1 attack, or maybe an alligator attack. x > y


#6

But remember, everybody, if you use official government issued currency, then the government can steal your money from you at any time by just waving their hands and saying it’s not worth what you thought it was. Which is totally different and far far worse than having your money declared valueless because a hacker stole it from your account by retroactively declaring that it was never yours in the first place.

Also, buy lots and lots of gold!11!!eleventy!!!


#7

Gee, it’s almost as if fiat money needs government firepower to back it up. Who knew smug nerds weren’t enough?


#8

Smug Nerds are the one truly inexhaustible resource in today’s economy.


#9

It gets the point across I think, and in practice 50% + 1 would be dicey I’d think. 51% is probably closer to the truth.


#10

The original tokens are […] worthless because they belong to […] Major cryptocurrency


#11

Gold? Bah. I print out my bitcoins and stuff them in my mattress.


#12

I’m not sure $500,000 was stolen.

I mean, the hacker spent $500,000 worth of a thing.

Then they took it back.

But what is the value of what they took back? It looks like it might be $0. (With a side effect of rendering a whole lot of stuff that belonged to other people valueless as well)


#13

t3dLl0TGHCxTG|nullxnull


#14

Can you short cryptocurrency? Because in that case executing an attack that causes the value of the currency to plummet doesn’t sound like such a bad idea.


#15

You can short it as long as there is someone who is willing to “buy” the short (i don’t know what it’s really called). I doubt there is a law against it.


#16

Who has lots of compute power and an interest in preventing untraceable currency from becoming viable?


#17

You can see exactly how much it would cost to carry out 51% attacks for various crypto here:
https://www.crypto51.app/


#18

Ooh that is going to cut into sex trafficking and child pornography purchases for a whole lot of people.


#19

No they use monero


#20

You don’t just spin up some nodes and steal money. You have to have the tokens in question, send those tokens to an exchange, buy a different currency, withdraw it, then use your attack to make everybody believe you didn’t send the original money.

Then you have to take that original money, send it to an exchange, use it to buy another currency, and withdraw it.

Then you have to hope nobody can figure out who you are. Because OBVIOUSLY people with rediculous amounts of difficult or impossible to trace money, and easy access to organized crime, are going to only call the police on you, and nothing else.

And you have to hope nobody blacklists your wallets.

There are ways around this, obviously. But it is a lot more involved than just having the computer power.

Seriously though, have you noticed that people who attack the exchanges never get caught, but always seem to disappear?