EDCON 2020 Ethereum Classic Resilience
A Statement From Our CEO, Terry Culver
As many of you may know, the Ethereum Classic network was attacked twice recently. So let’s talk about what happened and why; what steps we are taking to address these attacks; how we will prevent future ones; and what this means for Ethereum Classic.
Between July 31 and August 1, ETC suffered the first 51% attack. This resulted in approximately $5.8M being stolen. The attacker had been mining offline for 12 hours or so. When they came back online during the early morning of August 1, they introduced approximately 3,000 blocks to the chain, a very large reorg.
For a number of reasons, it wasn’t entirely clear at first that this was a 51% attack. The initial diagnosis was disguised by an unexpected and pronounced side effect. The attack caused a chain split because many of the OpenEthereum nodes were unable to process that large a block reorg. And as demonstrated in many of the reports that have been published since, it takes several days to gather all the information and get to a full understanding of what happened.
During the attack, we were in regular contact with miners and exchanges to advise on what was happening, to ask them to suspend deposits and withdrawals, and to make sure they were using the Core Geth or Besu clients.
The second 51% attack occurred on August 6. This resulted in a theft of approximately $1.7M. Even though this attack was longer and inserted 4,000 blocks, the theft was less because of our coordination with exchanges.
The method for both attacks was identical. The attacker purchased enough hash power from a mining pool to take over the network.
There has been a lot of debate about the cause of the attacks.
As expected, some are using the attacks to promote their own chains or products, or even themselves. There are countless people who think they’ve built a better mousetrap, so let’s cut out that noise pollution to get to the heart of the matter.
Some have blamed the mining pool that sold the hash power. I don’t accept this. While some mining pools can improve their systems to encourage honest mining for sure, they are not responsible for the security of the network and we don’t want them to be. They actually can play a valuable role in the ecosystem by aggregating hash power and redistributing it efficiently.
Some fault the Ethereum Classic Blockchain itself. I don’t accept this either. In fact, the Ethereum Classic protocol operated exactly as it was designed to. The blocks that the malicious miner presented were valid according to the consensus rules because they had greater total difficulty than the blocks they replaced. For that reason, we are not going to rollback any transactions. You know, code is law and all. The cause, the weakness that the attacker was able to exploit, is simply that ETC’s hash rate was too low. This made ETC vulnerable, and it was relatively affordable for an attacker to achieve single miner dominance.
In response, we are taking a number of steps, which I will share in a moment. But first, I would like to highlight an important point
A Shared Risk
All PoW blockchains are vulnerable to attack. In fact, we believe that various attacks occur frequently and most go unreported. Exchanges, investors, miners, token issuers, even some developers have incentives to keep attacks hidden, especially in emerging markets. The ETC attacks are so visible, in part, because transparency is a core value of ours and we believe it is a strength.
So instead of focusing only on Ethereum Classic, please recognize that this is a universal weakness. We rely on the idea that economic incentives for miners will help secure a PoW chain. However, economic incentives are calculated subjectively. Or to put it another way, attacks usually have a political or social motive in addition to a financial one, and these attacks fit that profile based on our initial analysis. I don’t think PoW chains are well equipped to mitigate the risks of interference from actors for whom economic incentives are secondary.
State actors or many non-state actors could easily attack even the highest cap PoW blockchains. The cost to them is trivial. No one likes to admit it, but the blockchain sector is still tiny.
These attacks make it difficult for any blockchain and they are a wake-up call to anyone concerned about the security of their networks, regardless of which community they’re part of. And we should all work together to mitigate the security risk.
We are determined to secure the network and to protect the integrity of the ecosystem. ETC is a small but vibrant and growing community. What we lack in size, we make up for in resolve. We are implementing a number of solutions to address these attacks and to prevent futures ones.
First, we are establishing more robust monitoring and rapid response systems. That way, we can alert network participants to prevent single miner dominance and to prevent possible double spends.
Second, we are actively developing several technical implementations that will reduce the likelihood of an attack and limit the damage should one occur. We are researching a new mining algorithm, as well as other changes. We will share more details about our plans in the coming days and weeks.
Third, we are establishing partnerships with miners and mining pools to bring higher levels of hash rate to ETC and to encourage honest mining.
Fourth, we are collaborating with the law firm, Kobre & Kim, and CipherTrace to assist in the criminal investigation. We will take strong action against criminality in this emerging sector. Some have said that the attacker is entitled to the funds because they abided by the rules of the system. In my view, stealing is stealing. And to put a twist on an old saying, “the means don’t justify the ends.” If we shrug at this kind of behavior, blockchain will never achieve wider adoption. About the investigation, Already there is a lot of information. While the attacks were technically proficient, they were otherwise very sloppy. There are clear digital fingerprints at exchanges and third parties.
Lastly, and most importantly, we will continue our good work to grow ETC as an Ethereum-based proof of work blockchain, which is really the best way to solve the problem of low hash rate over the long term. We will continue to:
- Pursue our mission to build high-quality, relevant, and accessible technology;
- Create a diverse and inclusive community characterized by financial and data self-determination. Our technical networks are designed to be censorship-resistant, meaning no one should be excluded from participating. However, blockchain social networks have a pronounced lack of racial and gender diversity. ETC Labs is committed to making sure that our community fully reflects the values of social and financial inclusion that the technology is trying to create.
In practice, this means we will continue technical development and expand the ETC Core developer team, as planned. We will grow our partnerships and collaborations in the Ethereum community, with UNICEF, and the World Wildlife Fund, and more than 35 promising blockchain projects in the developing world and emerging markets. We will continue to make the majority of our investments in female-led blockchain start-ups. We will continue to collaborate with other chains and communities as much as possible.
Lastly, we have a deep and long-term commitment to the transformational potential of truly public blockchains.
ETC isn’t going anywhere but up.
Terry Culver, CEO, ETC Labs