While there is still no clear idea of who is responsible for the manipulation of ETC’s blockchain by controlling the majority of CPU power in the mining pool, the circumstances raise some big questions concerning the security and power of proof-of-work (PoW) algorithms.
It is worth taking a look at the chain of events leading up to the confirmation that ETC had indeed been the target of a blockchain reorganization.
A tweet from the ETC Twitter handle, which has since been deleted, speculated that testing of new 1,400/Mh ethash machines by application-specific integrated circuit (ASIC) manufacturer Linzhi may have been a potential cause.
ETC developers said that the attack was “most likely selfish mining,” noting that they had not detected any double spends at the time.
Coinbase had identified a “deep chain reorganization” of the ETC blockchain which included a double spend on Saturday, Jan. 5. By the evening of Jan. 7, the company had taken stock of multiple double spends on the network:
“At time of writing, we have identified a total of 15 reorganizations, 12 of which contained double spends, totaling 219,500 ETC (~$1.1M).”
The Coinbase team seems to have conducted a thorough blockchain analysis and provided specific instances of blockchain reorganization.
On Jan. 9, SlowMist released a detailed report on the 51 percent attack, corroborating the same chain reorganizations released by Coinbase, as well as other transactions targeting Binance and Bitrue wallets. Bitrue also confirmed the attack on Twitter.
SlowMist also believes that a concerted effort by all the exchanges involved could help identify the perpetrator:
“Through our intelligence analysis, the identity of the attacker can be finally located if the relevant exchanges are willing to assist.”
Cryptocurrency exchange Gate.io also confirmed that it had picked up at least seven double spend transactions after conducting its own investigation into the attack. Users of the exchange were guaranteed to be paid back for any losses experienced.
Unpacking blockchain reorganization
An attack on a blockchain that uses a PoW algorithm for consensus is possible if the attackers have over 50 percent control of the network hash rate.
If this is the case, the controlling CPU power will allow an attacker to create a seperate chain from any previous block in the blockchain. Given that it has the majority of computing power, its new chain will eventually overtake the accepted chain by the network, thereby defining a new transaction history.
In this new chain, the attackers are able to double spend virtual currency, meaning that the funds that have already been spent on the network’s chain could be spent again on the attackers chain.
“Miners at 51 percent or more have a lot of powers, but they do not have the ability to change the actual rules of the system, nor can they usurp funds. They can rewrite the existing blockchain in a limited fashion: they cannot introduce transactions that don’t already exist, they can omit any transaction that they want, and they certainly cannot change any of the existing rules.”
The reality of consensus
Proof-of-work consensus requires a network of miners to process transactions. This is clearly set out in Satoshi Nakamoto’s Bitcoin white paper, which also makes it clear that more than half of the network must be so-called “honest” workers:
“If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains.”
Thus, vulnerability is inherently built into PoW consensus algorithms, as the network assumes that mining nodes are honestly validating transactions. The evolution of mining has seen the rise and domination of ASIC chips — as well as the amassing of hash power by massive groups of mining pools, which then share the rewards of their combined work.
These large pools potentially pose a threat to any cryptocurrency using PoW algorithms, as a concerted effort to pool resources that would combine hash rate over 50 percent of the total network gives them control. In this instance, the network becomes centralized like a bank.
“By definition, a decentralized cryptocurrency must be susceptible to 51% attacks whether by hashrate, stake, and/or other permissionlessly-acquirable resources. If a crypto can't be 51% attacked, it is permissioned and centralized.”
Gun Sirer was far less positive in a thread of posts on Twitter, noting that the immutability of the blockchain was completely compromised:
“A deep reorg is a rewrite of the blockchain, a rewriting of history. As such, it marks complete failure of immutability. Since immutability is ETC's main claim to fame, this is technically a catastrophic failure. Let's see what the exchanges will do in response.”
Changes to Ethereum proof-of-work
The move aims to address the apparent divide in efficiency between ASIC and GPU mining on the Ethereum network.
ASIC mining has been developed to efficiently mine cryptocurrencies using specific algorithms. Ethereum was originally designed to be ASIC-resistant, although ASIC chips were eventually developed that were able to run the ethash algorithm.
Nevertheless, changes have been on the horizon for Ethereum for some time now. Core developers are expected to make a more detailed call on the implementation of “ProgPoW” on Jan. 18.
This is all in line with an end goal of transitioning entirely to a proof-of-stake (PoS) consensus system. The first major move to this eventuality is the Constantinople hard fork, which is expected to take place this month as well.
The hard fork will also include other Ethereum Improvement Proposals (EIPs) to streamline the transition from PoW to PoS.
While Ethereum forges ahead, the ETC developers will be pondering their next move. Smaller cryptocurrencies using PoW algorithms are at more risk of these types of attacks, but that is not to say they are going to be targeted by attackers.
“My personal opinion is that what happened is a significant setback, but I think ETC still has a unique positioning as a PoW + Turing-complete network with an active community with sound principles. The question is whether a recovery in the medium or long term is plausible or if the network, unless it grows significantly, is perpetually vulnerable, therefore unusable.”
Once the ETC development team and community have taken stock of the damage, the way forward can start to be considered. Whether this encompasses a change in the method of consensus remains to be seen.