Popular cryptocurrency exchange OKEx has revealed it is considering delisting Ethereum Classic (ETC) after losing $5.6 million worth of the cryptocurrency in a recent 51% attack.
According to an announcement the exchange published, it was hit in the first of two attacks the ETC network suffered this month, with the attackers rendering the ETC they traded on OKEx invalid after double-spending funds on the network, leaving the exchange with the losses.
As part of its user-protection policy, OKEx reimbursed users for the lost ETC and absorbed the losses, but halted deposits and withdrawals of the cryptocurrency after the attack – a move that ended up protecting it against the second 51% attack Ethereum Classic endured.
In the future, it plans on increasing confirmation times for Ethereum Classic deposits and withdrawals to protect users from similar events.
How the 51% Attack Unfolded
Proof-of-Work (PoW) blockchains can be vulnerable to malicious miners if these control over 50% of the network’s hashrate, as this gives them the ability to reorganize the blockchain and alter transactions, to effectively double-spend funds. An attack in which a miner controls most of the hashrate is called a 51% attack.
What happened on the ETC network was exactly that: someone rented enough hashrate on marketplaces to control most of Ethereum Classic’s hashrate, and created what’s known as a Shadow Chain.
In preparation for the attack, five accounts were created on OKEx and passed know-your-customer (KYC) checks to increase their withdrawal limits. They then deposited ZEC on the platform and traded it for 807,260 ETC which was then withdrawn.
According to OKEx, the attackers then deposited the ETC back to OKEx, in a transaction confirmed by the ETC mainnet. On their shadow chain, however, they manipulated the transaction to move it to an address they own. OKEx noted:
The conclusion of this process was that the attacker(s) successfully completed a double-spend: the 807,260 ETC was both moved to OKEx on the ETC mainnet and remained on the second wallet address on the ETC shadow chain.
The mainnet ETC tokens were traded for 78,941 ZEC and withdrawn to multiple external addresses. Once the shadow chain was broadcast on the network, with 3,615 ETC blocks, miners followed the Proof-of-Work chain with the most blocks, and followed the chain that invalidated the deposit on OKEx. As a result, the exchange lost $5.6 million.
OKEx’s Reaction to the $5.6 Million Loss
In response to the loss, OKEx suspended the five verified accounts and is now independently investigating them. The firm also plans to increase confirmation times on deposits and withdrawals.
Notably, OKEx is one of the most liquid markets for Ethereum Classic, and is now considering delisting the cryptocurrency, which was created after the Etheruem blockchain split with a community disagreement over the 2016 DAO hack.
Additionally — given OKEx’s responsibility to protect users from similar incidents that threaten the security of their funds — the exchange will consider delisting ETC, pending the results of the Ethereum Classic community’s work to improve the security of its chain.
On its announcement, OKEx clarified these attacks can occur on any blockchain with a relatively low hashrate. It referenced the 51% attack the Bitcoin Gold (BTG) blockchain suffered earlier this year.
Featured image via Unsplash.