Ethereum Classic suffered three 51% attacks last month. Can it solve its security problems and restore its reputation?
Ethereum Classic suffered three 51% attacks in August 2020, raising widespread doubts about its security and integrity. Now, the project is looking for new ways to solve its problems and provide protection against future attacks.
The problem is simple: Ethereum Classic relies on a fairly small mining network, meaning that attackers can “buy out” the network’s hash power. During that time, they can double-spend the ETC cryptocurrency, allowing them to steal funds during the attack. In the latest attack, the hacker earned about $5.6 million.
Several possible solutions have been proposed, and it’s not clear what course of action will be taken. However, there are several ideas in the pipeline.
Over the next several months Ethereum Classic might change several aspects of its mining protocol. Most notably, this could involve moving to a new algorithm such as Keccak-256, SHA-3, or Monero’s RandomX. The Ethereum Classic team first announced plans to change its mining algorithm in August via Medium, and it reaffirmed those plans on Twitter in early September.
ETC Network Security Plan via @ETCCooperative
— Ethereum Classic (@eth_classic) September 7, 2020
Other changes include other more technical features (such as Permapoint, Checkpointing, PirlGuard, and MINERVOTE), as discussed in this blog post. Ethereum Classic also plans to encourage “defensive mining” by working with miners and mining pools to make hash rates more consistent and raise hashrate when needed.
Some commentators argue that technical improvements are less important than practical decisions. Kristy-Leigh Minehan of Corewave suggests that Ethereum Classic should “actively invest in winning over more miners to their chain.” That is, a stronger network must be built through participation, not just technical decisions.
In order to carry out 51% attacks, hackers usually rent out hash power from cloud services. Ethereum Classic claims that during the latest attacks, the perpetrators made use of a service called NiceHash. In response, Ethereum Classic plans to lobby for regulations against these services, pushing for KYC measures and crypto address screening in order to identify customers who abuse these services.
NiceHash has dismissed these complaints. It says that it cannot monitor or exercise power over its users in the way that Ethereum Classic expects. NiceHash also says that it already complies with law enforcement when its services are abused, though it does not list any cases in which it actually did so.
It’s not clear whether Ethereum Classic’s regulation efforts will succeed. However, if those efforts do succeed, they could also prevent attacks on other blockchains that have been compromised in the past, such as Bitcoin Gold and Vertcoin.
Typically, after 51% attacks, exchanges step in to prevent attackers from making use of their funds. Coinbase, for example, raised confirmation times to two weeks in August in order to stop attackers from cashing out their stolen ETC funds. Many other exchanges presumably took the same course of action.
Given the recent network attacks on Ethereum Classic, we have increased the confirmation time for ETC sent to Coinbase & Coinbase Pro to ~2 weeks. We are actively monitoring the situation and will provide updates as they become available.
— Coinbase Support (@CoinbaseSupport) August 8, 2020
Though exchanges typically freeze withdrawals, it is unlikely that any exchanges will delist ETC entirely. OkEX and Poloniex have reportedly considered removing the coin, though it does not seem that will actually…