
We can confirm that there was a successful 51% attack on Ethereum Classic - doener
https://twitter.com/etherchain_org/status/1082329360948969472
======
johndunne
This is inevitable. Ethereum Classic (ETC) isn't the only currency such
attacks have been successful on. The site
[https://www.crypto51.app/](https://www.crypto51.app/) puts the cost of
running a 51% attack on ETC at ~$5k per hour. The incentive for running these
attacks for profit becomes higher as the market cap of these coins increases,
making long-term 'investment' in these coins nonsensical.

~~~
danra
Really surprised by the relatively low cost of attacking Bitcoin with 51% for
one hour - claimed to be about $300k.

Is this number for real? I can think of many actors for whom this is just
small change, and who might have incentive to break trust in the Bitcoin
network by successfully performing such an attack.

~~~
baddox
Seems like it would be very difficult to make back your $300k with a double-
spend in one hour, based both on my intuition and the fact that it doesn't
appear to be happening.

~~~
michaelmrose
If I'm reading it correctly you need 600k to have a 50/50 chance at double
spending. So say you acquire 500k in bitcoin and you spend $600k to have your
chance to double spend the 500k. Assuming your $600k in mining actually gets
you $600k in bitcoins mined the expected result is.

50% chance spend 1.1 million get 1.1 million back minus substantial overhead.
Say 10% overhead although I have no idea what the actual overhead would be. So
negative 100k.

50% chance spend 1.1 million + 100k overhead get 1.6 million back. Net gain of
400k

So average gain of 200k assuming you can find a market to move that much
bitcoin that quickly and always assuming your creativity isn't rewarded with
jail time.

People with substantial resources can find way to make money that are
repeatable and don't involve finding new and exciting ways to go to jail.

------
hacker_9
Amazing, this blockchain technology really just keeps on giving. I have to
say, it's quite entertaining to watch. It's pretty much a car crash happening
in slow motion at this point. At least it provides something else to nerd joke
about by the watercooler that isn't brexit for once.

~~~
nostrademons
That's what it was like in 2016. I remember seeing the headline for the DAO
hack on HN back then and thinking "Wow, good thing I didn't invest in this
Ethereum thing". Someone had told me about it in 2015, I took a quick glance
and passed thinking "Looks like a scam." Then 2017 happened and the joke was
on me. Then 2018 happened and the joke was on them again.

New technologies are _always_ shitshows when they get started. I remember
DoubleClick ads hanging every copy of Netscape they ran on, ActiveX controls
that could pwn your computer just by viewing a webpage, and unusable college
Internet because the SQL Slammer worm had infected 50% of computers on campus
and would reinfect anything as soon as it was plugged back in. The last was in
2003, _14 years_ after the Internet was introduced - put on the Bitcoin
timeline, that's 4 years in the future, assuming cryptocurrency is adopted as
fast as the Internet (and there're good reasons to believe it won't be).

The thing about disruptive technologies is that people continue to use them
_despite_ how shitty the technology is - they're so desperate for a solution
that they put up with a solution that basically doesn't work.

~~~
nickpsecurity
"New technologies are always shitshows when they get started. "

A key difference is most of the new techs like Internet, email, Paypal, and so
on improved on what people already had in a way that delivered obvious value.
They also came with problems. Whereas, nobody I know in real life wants the
drawbacks of these cryptocurrencies that come with giving up the benefits of
their current, centralized offerings. The only folks I know out here doing
crypto are speculators (esp day traders). That's the difference.

Now, if they wanted to solve those problems, they'd start with whatever
tech/law/orgs already worked, identify their problems, and then mitigate them
using proven methods. So, we're looking at credit unions, non-profits, or
public-benefit companies chartered to make sure they do specific good things
and don't do specific bad things. The most important stuff at least. These can
be in the licenses and contracts, too, for re-enforcement. Then, centralized
systems with decentralized checking of what's exchanged a la SWIFT all using
existing high-performance tech we know how to secure. Open protocols and
agreements for how disputes will be resolved in situations using decentralized
mode with experts from both centralized and decentralized models weighing in
on that. I've been talking about that in Gerard's threads on Lobsters:

[https://lobste.rs/s/wxqkyj/bitcoin_s_stupendous_power_waste_...](https://lobste.rs/s/wxqkyj/bitcoin_s_stupendous_power_waste_is_green#c_mygfqo)

[https://lobste.rs/s/opge2r/electricity_consumed_by_bitcoin#c...](https://lobste.rs/s/opge2r/electricity_consumed_by_bitcoin#c_cds5tt)

I can't find the other ones sense the search feature is limited.

"they're so desperate for a solution that they put up with a solution that
basically doesn't work. "

That's true when there's a need. This is part of a hype cycle pushing stuff
people don't need to replace stuff that would meet their needs fine.
Accelerated by massive amounts of money being thrown all over this area.
Totally different kind of thing. The stuff that bubbles, bankruptcies, and
broken dreams are made of.

~~~
lojack
> A key difference is most of the new techs like Internet, email, Paypal, and
> so on improved on what people already had in a way that delivered obvious
> value.

I'd argue that for most people the value was only obvious afterwards.

To put email in perspective, early adopters had to choose between what they
already knew and all the hurdles involved in connecting to the internet and
using the new technology. There was also a good chance the people they were
trying to communicate with didn't even have email. Outside of a few niche
areas, email provided no obvious value to the vast majority of people for
decades.

~~~
nickpsecurity
The thing I was getting at is, if you had a computer and Internet, then email
would be a free, fast alternative to traditional mail. That has obvious
benefit. Whereas, these currencies are volatile, slower, often dont allow
charge backs, use more energy, and accepted at fewer places. Worse in every
way to checking accounts and credit cards. Esp if we have multiple cards or
accounts to reduce risk of single institution.

~~~
stickfigure
_Worse in every way to checking accounts and credit cards._

Quite a few Venezuelans would beg to differ about that.

~~~
oblio
So for cryptocurrencies to be the "better solution" you just need your entire
country to have a total meltdown lasting multiple years?

~~~
ahje
> you just need your entire country to have a total meltdown

That happens more often than one might think. There are quite a few countries,
that are currenly on the brink of collapse, so it is not unlikely that one or
more of them will adopt a cryptocurrency some time in the not to far-off
future.

~~~
oblio
I agree, but it's a super narrow niche for most people. Definitely one much
smaller than the current hype for blockchains.

~~~
lojack
While I don't necessarily disagree with you on that, and I do think a lot of
the hype comes from speculation, its worth noting that many ubiquitous
technologies we take for granted started as a narrow niche.

------
viraptor
An update from eth classic amount linked in that thread: (not sure what they
mean by selfish mining...)

Regarding the recent mining events. We may have an idea of where the hashrate
came from. ASIC manufacturer Linzhi confirmed testing of new 1,400/Mh ethash
machines #projectLavaSnow

\- Most likely selfish mining (Not 51% attack)

\- Double spends not detected (Miner dumped bocks)

~~~
pietjepuk88
Coinbase mentions a few reorgs without double spends, and a quite a few more
with: [https://blog.coinbase.com/ethereum-classic-etc-is-
currently-...](https://blog.coinbase.com/ethereum-classic-etc-is-currently-
being-51-attacked-33be13ce32de?gi=cb294c058a6d)

------
aetherspawn
What does this mean?

(Not all of us know a whole lot about how crypto works or why this is good or
bad and what it means for our investments)

~~~
pietjepuk88
The most typical way to profit from this, is to have quite a bit of ETC, and
then sell it on an exchange or buy something expensive. This transaction would
then end up on the block chain, and eventually be considered secure / part of
history.

Privately, you are building a chain where said transaction did _not_ occur.
Because your hash rate is high enough, you are generating blocks at at least
the pace of the public chain. You keep mining your chain (without your
transaction) privately until the bank transfer from the exchange goes through,
or you are sure whatever you bought is on its way. Then you broadcast your
private chain as soon as it has at least one block more than the public chain
and voila, you have your ETC back and the USD/EUR/crypto you sold it for (or
the product you bought). You can have your cake and eat it too. This is
because the rule of most cryptocurrencies is that the longest chain is the
truth, and everyone mines on top of the longest chain. If a longer chain
appears out of nowhere, all miners will jump on top of this one. There is no
such thing as "finality" in most cryptocurrencies, where something becomes
actually (read: much more) irreversible.

Of course, doing this only makes sense if what you gain outweighs the costs of
performing such an attack.

Note that you typically _cannot_ steal coins from specific wallets, as you do
not have the keys to those coins. You can however censor transactions that you
may not want, but the above is a common way to benefit from a 51% attack.

~~~
naveen99
so to be safe, an exchange should require more confirmations depending on size
of deposit. Basically the number of confirmations you could finance an attack
for with the deposit.

~~~
alkonaut
Shouldn’t any sale/transaction be considered “not final” (goods can’t be
shipped, for example) until the official chain has progressed to a point where
you can be sure the cost of producing a censored fork is _higer_ than the
transaction in question? That is: you buy something expensive then it might
not ship for a month or two.

I guess you could buy a hundred gadgets at $100 each from a hundred places in
one day and then produce a fork censoring your whole $10k shopping spree?

~~~
hippich
you can't predict that - the alternative chain is mined privately and it is a
matter of amount at stake how long this mining will continue.

~~~
alkonaut
But in the publicly visible (longest, official) chain, can't I estimate the
effort that was used to mine from a certain transaction up to the head? Say
the transaction I want to hide is b, then the attacker would need to mine a
longer alternative chain (c', d'...). If transaction b was for $1000 and we
can estimate that the mining of the visible chain c...f is at least $2k with a
conservative estimate, can't we estimate that the attackers chain c'...g' must
cost something at least vaguely proportoinal to that as well? Is it not even
possible to make a conservative guesstimate of cost-vs-chain-length?

    
    
        a<-b<-c<-d<-e<-f
         \
          c'<-d'<-e'<-f'<-g'

------
hinkley
I think I would be satisfied with the distributed consensus model in these
blockchain systems if someone could solve the non-repudiation problem.

In many of these blockchain systems, the 51% attacks only applies to money in
motion. I can't move all of your funds out of 'your account' unless I have
stolen your wallet, and if I have stolen your wallet I don't need to change
anything else about the network. I can just spend on your behalf.

Lacking that, I can convince you you got paid for services and then claw them
back by making the network change their mind after the fact. I can repudiate
all payments to you with a 51% attack, by voting again on what transactions
just finished.

Congress has rules about votes. If you have a quorum, everybody sticks with
the outcome. If you don't show up, you don't get a vote. To make that work,
you have rules. A quorum is defined and static. Obstruction is not allowed -
no secret votes, no locking the doors.

It may be as simple as this: When my transaction is settled I need to know the
health of the system. If some definition of quorum is met I know my
transaction can't be hijacked. If the network was degraded a revote is
possible. I need to wait for more confirmation before rendering services.

~~~
sciyoshi
That idea of having quorums voting to establish consistency is essentially
what Stellar does in their consensus protocol:
[https://www.stellar.org/developers/guides/concepts/scp.html](https://www.stellar.org/developers/guides/concepts/scp.html)

------
soared
According to [1], running a 51% attack for an hour is incredibly cheap for
most currencies. Why doesn't this happen more often, or is running the attack
for an hour not a long enough time frame to double spend?

[1] [https://www.crypto51.app/](https://www.crypto51.app/)

~~~
leevlad
I think it's just not worth the time. What do you do when you've successfully
run a 51% attack? You go on an exchange and double spend the money, which
means you have to maintain the 51% attack for longer than min # of
confirmations for this currency on said exchange. And even after that, most
exchanges (in NA at least, can't say much about intl) require KYC.

~~~
johndunne
Exactly, it's not worth the time. And once the attack is underway, it'll be
detected and everyone can simply increase the number of confirmations needed
before finalising.

~~~
Cilvic
How is the 51% attack detected?

~~~
CydeWeys
It's really obvious once the new chain is broadcasted. "Honest" miners switch
over to mine on the deepest chain as soon as they become aware of it. It's
very rare to even see a 2-block conflict. When you see a large N-block
conflict then it's obvious there's a 51% attack going on.

~~~
Semaphor
But isn't the point of the whole thing that you do not broadcast it until
after you are done? So yes, it's obvious in hindsight, but the damage will be
done.

~~~
CydeWeys
The question was how do you detect it. You obviously can't detect it until
it's broadcasted because until then it's all happening in secret.

------
rcdmd
It's okay, just fork it. Ethereum Classic Classic.

~~~
knocte
Ethereum Classic is not a fork. It's precisely called classic because it's ETH
the one that forked out of it.

------
ajkjk
I'm not sure I think the word 'attack' is right here. Crypto by design says
that if anyone controls over half the network, they get to say what happens.
Sounds like democracy, specifically the 'tyranny of the majority': over half
the network votes that they get more of your money, so they do!

Of course if you're in the other 49% you might feel attacked, but ultimately
this is working as intended.

~~~
pslam
The intent is a currency which can be reliably used for exchange of goods and
services. This would seem to cause a failure of the basic reason for its
existence.

~~~
tim333
The intent of democracy was a sensible way of running countries but it seems
to show similar failures. This is leading presently to quite a lot of odd
debate in the UK on how having another democratic vote would be a betrayal of
democracy and similar.

------
jMyles
I think one's opinion on this depends on what you believe Ethereum Classic to
be. I think of it as a testnet variant. So $5,000 _per hour_ to mess with a
test framework... that actually seems pretty robust to me.

------
FrankDixon
Hm, doesn't even seem to be that expensive (ETC $4,996, ETH $107,536) to run a
51% attack: [https://www.crypto51.app/](https://www.crypto51.app/)

------
tim333
Some updates. Money stolen about $1.1m:

>exchange has since uncovered another 12 attacks that “included double spends,
[now] totaling 219,500 ETC ($1.1 million)
[https://thenextweb.com/hardfork/2019/01/08/ehtereum-
classic-...](https://thenextweb.com/hardfork/2019/01/08/ehtereum-
classic-51-percent-attack/)

Cost of attack according to
[https://www.crypto51.app/](https://www.crypto51.app/) about $5k

------
GrumpyNl
Doesnt this mean that the coin is worthless when people are able to manipulate
the value of coins like this? Why would you still invest in these coins when
you know this is possible.

~~~
tim333
They stole $1.1m out of a cap of $542m approx and will hopefully be more
careful next time?

------
_Codemonkeyism
"A vote occurred and in July 2016 it was decided to implement a hard fork in
the Ethereum code [...].

Ethereum Classic came into existence when some members of the Ethereum
community rejected the hard fork on the grounds of "immutability", the
principle that the blockchain cannot be changed, and decided to keep using the
unforked version of Ethereum."

\-- Wikipedia

------
davesque
I feel like this is getting so many upvotes because people are confusing
Ethereum Classic with Ethereum.

------
sneg55
Mining pools reported it at least 15hours ago
[https://twitter.com/pool2miners/status/1082157492875022337](https://twitter.com/pool2miners/status/1082157492875022337)

------
martindale
Given enough time, chains behind the lead position will always succumb to this
attack vector. Ethereum's design was flawed in other ways, but at least now
it's clearly best used as the sandbox that it is.

~~~
humbledrone
You are aware that Ethereum Classic is not the same as the much, much higher-
hashpower Ethereum chain, right?

~~~
martindale
The mining on that chain is largely pointless, as it's directly controlled by
Vitalik. If I held assets on either, it'd be on the chain that didn't hard-
fork to reverse a single user's transaction.

~~~
profalseidol
Mining without knowing that miners collectively have the control is largely
pointless.

> If I held assets on either, it'd be on the chain that didn't hard-fork to
> reverse a single user's transaction.

Enjoy using Ethereum Classic then.

------
paradoxparalax
An unbrokechain less on the world.

------
chr1xzy
This could have been prevented with Komodo’s delayed Proof of Work (dPoW)
Security for about $250.

dPoW explained here. [https://blog.komodoplatform.com/delayed-proof-of-work-
explai...](https://blog.komodoplatform.com/delayed-proof-of-work-
explained-9a74250dbb86)

