Coinbase Suspends Ethereum Classic (ETC) Trading After Double-Spend Attacks

Cryptocurrency trading portal Coinbase delisted the Ethereum Classic (ETC) currency Monday after detecting a series of double-spend attacks over the last three days. From a report: In layman terms, double-spend attacks are when a malicious actor gains the majority computational power inside a blockchain, which they then use to enforce unauthorized transactions over legitimate ones. According to a security alert published today by Coinbase security engineer Mark Nesbitt, this is exactly what's been happening on the Ethereum Classic blockchain for the past three days, since January 5. Nesbitt says that a malicious actor has carried out 11 (at the time of writing) double-spend attacks during which he moved funds from legitimate accounts to their own. [...] According to Crypto51, it only costs $5,029 to rent enough computing powerto overwhelm the ETC blockchain with your own miners and gain 51 percent hashing power to carry out a double-spend attack.

Re:This is why we can't have nice things.

[klubar]

Tell me again why bitcoin is so much more secure than the traditional banking system.

Re:This is why we can't have nice things.

[Sarten-X]

Because it's distributed, so a bad guy would have to have huge computing resources to overwhelm the good guys! That'll be so expensive it won't be worth the cost.

Oh, wait...

Survival of the fittest.

[PKI+Champion]

This is just part of the process. The best algorithms and systems will win. Ethereum Classic is what's for dinner.

CryptoCurrencyFails

[sdinfoserv]

When a physical bank is robbed, everyone who has dollars in their pockets still has whole dollars. The theft had zero effect on the value of your pocket or what you can buy. When a crypto-currency exchange gets hacked (aka robbed), the value of what you own can tumble. Plus, add in the shear insecurity of crypto-currency, and you have the reasons why it's a complete failure and nonsense.

Re:CryptoCurrencyFails

[Drethon]

When a physical bank is robbed, everyone who has dollars in their pockets still has whole dollars. The theft had zero effect on the value of your pocket or what you can buy. When a crypto-currency exchange gets hacked (aka robbed), the value of what you own can tumble. Plus, add in the shear insecurity of crypto-currency, and you have the reasons why it's a complete failure and nonsense.

These days when a physical bank is robbed, they have insurance backing up their virtual dollars, as well as tracking that can get back stolen (digital) money in many cases (from what I've been told, not an expert). So while the government can track your transactions through banks, the bank also provides more security. All depends on what you value most.

Re:CryptoCurrencyFails

A physical bank is small fish. If one of the U.S. Mint printing factories gets hijacked by bad guys, then the value of money in your pocket can tumble. Maybe that would be the correct analogy?

Re:CryptoCurrencyFails

[Joe_Dragon]

also can't spend it with out tracking.

Re:CryptoCurrencyFails

When a physical bank is robbed, everyone who has dollars in their pockets still has whole dollars. The theft had zero effect on the value of your pocket or what you can buy.

When a crypto-currency exchange gets hacked (aka robbed), the value of what you own can tumble. Plus, add in the shear insecurity of crypto-currency, and you have the reasons why it's a complete failure and nonsense.

That is incorrect. When a physical bank is robbed you lose your money. The only reason you are protected in the US is because the accounts are insured by FDIC up to $250K. The government (your taxes) foots the robbery loss. And if your safe deposit box is robbed your grandmother's ring is gone for ever.
Crypto Exchanges also have insurance. So if coinbase is "robbed", insurance kicks in - just like your physical bank. Might not be as good as FDIC but then your taxes are not funding it.

As for you second point, while physical currency is not susceptible to exchange hacking, it is to foolish government policies. Remember GBP? Or the various European currencies that suffered worse losses than many cryptos.

Re:CryptoCurrencyFails

[MtHuurne]

This is not a case of the exchange getting robbed though, it is the currency itself that got attacked. The problem with proof-of-work is that if someone manages to control over half the mining power, they get to decide which transactions happen and which do not. The theory was that there would never be a single party in that position, but apparently that theory doesn't apply to the less popular coins.

Re:CryptoCurrencyFails

Actually, the dollar is very resistant to that. The North Korean government printed "superdollars", almost undetectable forgeries for a decade and had no significant impact on the value of the dollar. There was also another source, probably Iranian, that was printing them in the 80's and early 90's and again, didn't have a huge impact on the value of the dollar.

Re:CryptoCurrencyFails

[LynnwoodRooster]

It's a good thing, then, that we have just a few of those mints and can harden the crap out of them against a hijacking. MUCH better than passing around tens of millions of printing presses and letting people get together to decide what they want to print in their garage...

Re:CryptoCurrencyFails

[bws111]

The FDIC does not insure a bank for robberies, it insures depositors against a bank failure. Also, the FDIC does not get any tax money, the money comes from premiums paid by the member banks (and income from investments made by the FDIC).

Re:CryptoCurrencyFails

If I recall correctly, this was basically because they couldn't *physically* print very many super-dollars. IIRC, it was a situation where 1% of the money in circulation was fraudulent and 100+ Government agents were both tracking the money and the bad actors to remove it/them from the system. The basic problem was that ~1 of the 100+ money-printing systems was a bad actor.

ETH works differently. Someone with 51% of the network controls the *whole network*, and can very conceivably give themselves *all* of the money in the system. Obviously giving yourself all the money simply destroys the value of the money (no one will trade with you), but having 51% of the resources also allows you to do things like "freeze or drain any individual account" or "not allow any money to be spent to Amazon". Your ability to enforce your will on who can/can't spend money in the network is limited only by your resources and willingness to do so.

What the summary indicates is that anyone with enough technical expertise and $5K can topple the entire system...

Re:CryptoCurrencyFails

[Chris+Mattern]

When a physical bank is robbed...

This is less like a physical bank robbery and more like counterfeiting. When a counterfeiter successfully passes bogus cash in large amounts, he affects tha value of the real money, and it *does* have an effect on the value in your pocket.

Re:CryptoCurrencyFails

[angel'o'sphere]

That is incorrect. When a physical bank is robbed you lose your money.
No, you don't. The bank branch that is robbed loses a bit of its inventory in bills, that is all.
If yo have bad luck and they open the lockers in the bank and you have unregistered jewelry that will get stolen and probably not replaced. But your bank account as in balance is not touched at all.

Re:CryptoCurrencyFails

[angel'o'sphere]

Perhaps you did not pay attention to the decline of the dollar since 1970 ... AFAIK it is now worth a quarter of the value at that time.

Re:CryptoCurrencyFails

[iggymanz]

which is fine, the 4% average inflation from 1970 to now is expected for healthy economy.

Re:CryptoCurrencyFails

[Drethon]

You are just misinformed. Search /. for references to bank thefts and you will find numerous cases where millions were stolen and no one is able to recover anything, even with all the fancy insurance and tracking that you are waving around.

https://news.slashdot.org/story/18/05/15/2032203/hackers-steal-millions-from-mexican-banks-in-transfer-heist
https://news.slashdot.org/stor...

And now countries are ruling that losses can be passed to customers if they have any fault in the loss.
https://slashdot.org/story/06/...
https://yro.slashdot.org/story...

It's cool though, keep your head in the sand and tell yourself that you are safe. I've always found self delusion to be fantastic for your blood pressure.

Most of what you are talking about is an error by the banker, not by the bank itself. That becomes a very grey area but most failures I hear of with crypto currency are with the algorithm itself or with an exchange it seems like. If a bank screws up their security and loses money, they (or likely their insurance) should be held responsible (at least to insured levels), but I haven't heard much about crypto thefts being repaid, though maybe they just don't publish it much.

Regardless, from two of your examples:

"A Banorte spokeswoman declined to answer questions from Reuters on Monday, and pointed to a May 9 statement from the bank that said clients’ deposits were not affected by the “incident.”"

"The bank initially resisted the request to refund their money, but allowed it after a suit was threatened"

Re: CryptoCurrencyFails

[theycallmeB]

FDIC has nothing to do with bank robberies unless someone manages to steal enough money to break the bank (hint: would require stealing a lot). Deposit insurance is to protect against bank runs, which is what really brought on the Great Depression. Ordinary commercial insurance is what repays the bank in case of a cash robbery because it is the bank's money exclusively that gets stolen: the bank's liability to you for your deposits is not lessened by them getting robbed.

Re:CryptoCurrencyFails

[angel'o'sphere]

I was not talking about the inflation loss, but the loss versus other currencies like Euro, former DM e.g.

Re:CryptoCurrencyFails

[Chris+Mattern]

Nowadays, yeah. It's happened in the past, though. Currencies with much smaller float than the US dollar are still vulnerable, as well.

Re:CryptoCurrencyFails

[thegarbz]

The theft had zero effect on the value of your pocket or what you can buy. When a crypto-currency exchange gets hacked (aka robbed), the value of what you own can tumble.

This isn't to do with the nature of the crypto-currency as much as it is to do with the supply and demand curve in terms of total trading volume for crypto currencies. If they were used as much as the dollar is then any hack wouldn't have any effect on the price either, .... and the currency wouldn't be as volatile either.

Re:CryptoCurrencyFails

[Agripa]

When a physical bank is robbed, everyone who has dollars in their pockets still has whole dollars. The theft had zero effect on the value of your pocket or what you can buy. When a crypto-currency exchange gets hacked (aka robbed), the value of what you own can tumble. Plus, add in the shear insecurity of crypto-currency, and you have the reasons why it's a complete failure and nonsense.

This depends on how much is taken in the robbery. Governments can take so much as to devalue the currency taking from everybody in proportional to how much they had.

Re:CryptoCurrencyFails

[sacrilicious]

and you have the reasons why it's a complete failure and nonsense

Hasn't stopped religion, and -- I predict -- it won't stop cryptocurrencies.

Re:This is why we can't have nice things.

Tell me again why bitcoin is so much more secure than the traditional banking system.

Technically it's still secure due to the lack of popularity.

It'll be a long damn time before bitcoin or the like causes as much financial impact as the 2008 global meltdown, which created hundreds of millions (if not billions) of victims. And we've not done much to prevent 2008 from happening again. In that sense, I certainly don't exactly find traditional banking as more secure.

Re:This is why we can't have nice things.

[Drethon]

Because it's distributed, so a bad guy would have to have huge computing resources to overwhelm the good guys! That'll be so expensive it won't be worth the cost.

Oh, wait...

And one is also expected to trust at least half of those controlling the computing resources... not sure I trust a fraction of that number. Of course by trust it means you "trust" at least half of the controlling resources to not act to your detriment at the same time, but meh...

Re:This is why we can't have nice things.

[Joe_Dragon]

that was before pooled mineing

Re: This is why we can't have nice things.

[Vintermann]

What's extra sad is that if you had a handful of trusted nodes, instead of a ton of untrusted ones, would have resisted this attack excellently. It would also do away with the need for all that idiotic mining.

Trusted nodes would just say, "a double spend? Nah, that's bullshit. We won't timestamp that."

If one of the trusted nodes decided to try it, the other trusted nodes would say, "a double spend? Nah, that's bullshit. We won't timestamp that." and you'd be down one trusted node, but the world would keep on running.

What if a majority of trusted nodes decided to endorse a double spend? The remaining trusted nodes would say "What the hell is the world coming to??". But they would still not endorse the double spend. And pretty quickly, users could figure out who the honest nodes were (there would be a paper trail, or rather a signed hash trail documenting it after all), and the system could go on. The betrayers might have gotten away with some theft of real world goods if they were really quick in concluding the transaction, but they wouldn't be able to steal the unit of account.

Even if every single trusted node betrayed the users, they could still get together and pick some new trusted nodes, if they wanted to. They could just continue the ledger from before the cheating.

Distributed blockchains solve a problem almost no one has, except criminals: that your counterparties are completely untrustworthy and will betray you as soon as they can. Even that, it doesn't really solve, as anyone who got scammed buying stuff on the darknet knows.

Re:This is why we can't have nice things.

[Applehu+Akbar]

Because it's distributed, which not only enables an entertaining variety of new hacks, but which makes hackers who do get in a lot more difficult to find.

Blockchain generally?

[nagora]

Is this specific to currencies or is it a fundamental flaw in blockchains?

Re:Blockchain generally?

this is specific to shitcoins - no security because nobody is interested and nobody mines it - the blockchain is insecure with >50% hashpower controlled by attacker - no problem renting a little bit hashpower to attack insecure networks. you can't really attack this way Bitcoin - you can but that would be extremely costly - and you won't be able to find that much hashpower to rent anyway.
Btw, ETC is a minority fork of ETH, so nobody cares about ETC and it has near zero use

Re:Blockchain generally?

[nagora]

Your answer isn't completely clear - if 50% is what's needed then that's a fundamental flaw and Bitcoin is only safe while it's heavily used, not through any special design, so it's not "specific to shitcoins", then?

Re:Blockchain generally?

[nagora]

Except that he didn't get 51% of the vote.

Re:Blockchain generally?

Btw, ETC is a minority fork of ETH, so nobody cares about ETC and it has near zero use

Somebody cared enough to marshall enough computing power to overwhelm the network, which is why we are discussing this.

Re:Blockchain generally?

But if you have majority mining power then you can do what you want seems just natural. Similarly - If you convince enough voters to vote for Trump then is democracy flawed? It's a philosophical question I guess :)

Re:Blockchain generally?

[thestallion]

The definition of a shitcoin is one which isn't heavily used. So all you're saying is that Bitcoin is immune to problems specific to shitcoins so long as it doesn't become a shitcoin. But the potential for it to become one certainly exists.

Re:Blockchain generally?

[Anduril1986]

I think it is likely someone specifically targeted ETC, because of their argument of "The block chain should always be completely immutable". I'm not sure if you're aware of the histroy of ETH/ETC but the short version is someone hacked a smart contract on ETH and stole a lot of money. It was decided that the transactions that stole the money should be reversed, so the people's money can be returned. However, reverting those transactions require a hard fork of the block chain and a number of people argued that the blockchain should be immutable and that the fork was a violation of that. The people who objected and kept the "original" chain are now called ETC, while the other chain is the one now known as ETH. This leaves ETC in a very difficult position. To reverse the double spent transactions breaks the core tenet on which the ETC chain is founded "the block chain is immutable". If they roll back those transactions, they aren't any different than ETH, just a minority fork with few developers and no differentiation. However if they don't reverse the transactions then the chain is forever comprimised and its highly unlikely anyone will want to use ETC.

Re:Blockchain generally?

[ceoyoyo]

It's a feature of all "trustless" blockchains. "Feature" meaning a characteristic, which you may regard as negative or positive, depending on who you are.

A basic blockchain is just a special case of a hash tree, which is a pretty pedestrian linked list except that it's got a set of hashes that make it easy to verify integrity. Git uses a hash tree.

If you don't want to have some kind of central, trusted authentication then you have to figure out who's allowed to modify the list. Most use a system where interested parties basically vote to approve changes, and the weight of your vote is proportional to either a) how much computing power you're willing to spend or b) in the case of currencies, how much of it you own. Either way, if someone collects over 50% of the votes they can pretty much do whatever they want.

Re:Blockchain generally?

[ceoyoyo]

Sure he did. You're just mistaking the "popular vote" for the actual vote. The US electoral college system has some similarities to the way most cryptocurrencies work. You've got individuals with computers who group together into mining pools. The individuals with computers express a desire (that bitcoin transactions obey the rules) but it's the people who run the mining cooperatives who actually get to vote.

Re:This is why we can't have nice things.

[LynnwoodRooster]

Tell me again why bitcoin is so much more secure than the traditional banking system.

Technically it's still secure due to the lack of popularity.

See, I KNEW my approach of "security by obscurity" was rock-solid!

Re:This, ladies and gentlemen, is how crypto fails

China controls 80% of the hashpower for Bitcoin, between 4 major pools that it controls. China sets the price of Bitcoin and consequently most other cryptocurrencies.

it is no coincidence that the crash in crypto roughly coincided with the Cheeto-in-Chief declaring TradeWars on China.

It has to be expensive to be secure

[goombah99]

The achilles heel of bitcoin is that it has to be expensive to be secure. The cost of securing 51% needs to exceed the profitability of achieving it. Thus as the market cap of bitcoin rises, the greater the potential to engage in a profitable double spend. So the cost of the transactions has to rise. SInce the transaction reimbursement has to cover the cost of the hash confirmation and that's paid in bit coin then either the fees or the reward value has to increase. This may possibly, but not necessarily, indirectly pressure the value of a bit coin to rise, further increasing the market cap.

There are some newer currencies just created that appear, at my superficial glance, to escape from some of that pressure on the cost of the transaction securing the block chain.

But for bit coin and similar one is stuck with proof of work having to be exorbitant as the profitability of foul play rises. Eventually the only people who can mine are the people who steal electricity. It's not a bug, it is in fact the ONLY thing that makes it work at all other than pure good will and altruism

Re: This is why we can't have nice things.

I find it amusing how bitcoin and its associated spin offs have replicated financial history. PhD candidates will be writing papers on this idiocy for years to come.

Re: This is why we can't have nice things.

[ctilsie242]

We already have those. Those are called banks. This isn't to say that the trusted node concept isn't bad. However, whom do you hand over trusted nodes to?

For example, if you want to trust a node, you don't trust it over how much value it has for its good name. This can be relative since even a top bank could start trying to double-spend if people thought they would not get caught. It would take finding a number of parties whose interests do not coincide for this to work. For example, for every trusted node that went to a government or bank, I'd have to hand one to some organization like the EFF, GNU, FSF, TOOOL, Amnesty International, and other parties. The goal would be to equally divide nodes, so the risk of collusion is minimized.

You then add untrusted nodes as well, but divide them into different groups, for example, nodes that pass muster when it comes to security, and are independantly owned. This way, someone using AWS for a massive mining push would gain control of a segment... but not enough to definitely command what happens on the entire blockchain.

Re:This is why we can't have nice things.

[ArchieBunker]

Bitcoin was never about security or anonymity. It was a proof of concept that took off.

Re:This is why we can't have nice things.

[Oswald+McWeany]

And one is also expected to trust at least half of those controlling the computing resources... not sure I trust a fraction of that number.

And "trust" is your only option- it's all you can do, you can't rely on law enforcement to protect you eCoins. Because eCoins are not backed by government or insured by governments, governments are less inclined to help you get your money back if stolen by thieves and hackers.

sounds like democracy!

[kiviQr]

If you get enough people (>51%) to vote for you - you can do anything ($$$).

Cost is $4700 as of January 8th

[FeelGood314]

The trouble is that it used to be expensive to have 51% of the computing power because of all the hardware you would have to buy. That is no longer true. Now I can rent the computing power to have 51% computing power for the length of the confirmation period. Here is a link https://www.crypto51.app/ to the cost to rent so much computing power and the percentage of the required computing power you can rent. You will notice that as of January 8th you could rent 102% of the computing power to launch a 51% attack on Etherium classic and it would only cost you $4700

Re:Cost is $4700 as of January 8th

[sexconker]

Ethereum Classic, LOL!

The BTC network is about 6 or 7 million times as powerful. And if you try such an attack, people will notice the increased hash rate, anticipate rising prices, and will end up turning their dormant miners back on (or more likely, switching from some altcoin back to BTC). Your own success of such an attack would increase the cost of performing the attack. Further, how many BTC can you transfer in your single double spend attack, or in the amount of time your attack is viable? How much did that attack cost? Hint: You can't just transfer all of the BTC you want in a single transaction. And who are you going to attack, exactly? Who'd be taking your BTC and what are they giving you for it? Are they going to do the same transaction twice? Or do you have multiple targets lined up? Or are you going to live off of the mining rewards and transaction fees you collect during the attack? How profitable is that going to be?

Oh, and the blockchain is public, people can see that the total hashrate of the network doubled instantly one day, and they'll look over transactions from around that time with a fine toothed comb, find out who's submitting that shit, and just fork the whole blockchain, kicking your ass out and making your efforts worthless.

Maybe you can temporarily disrupt some shitcoin no one cares about (like ETC), but even ETH and fucking BCH (which is so much of a joke TPB won't accept it for donations) are unassailable merely due to the fact that there's not enough hardware readily available for you to rent to do it, let alone power. BTC is untouchable unless some government has broken SHA-256 or starts physically seizing existing mining operations to take their power or shut them down and reduce the total power of the network. Your own link shows NiceHash as having less than one thousandth the hashing power of the current BTC network.

Re:Cost is $4700 as of January 8th

[ceoyoyo]

$340 k for Bitcoin. That's couch cushion change for lots of organizations and individuals who might want to sow a little chaos.

Re:Cost is $4700 as of January 8th

[bloodhawk]

except of course because bitcoin mining is so centralised in China all you really need is the Chinese government deciding to take over the miners.

Re:Cost is $4700 as of January 8th

[BranMan]

"And who are you going to attack, exactly?"

My knowledge of BTC is pretty sketchy, but isn't the whole idea of the blockchain that it's a public ledger? So you can see exactly who has all the BTC. Or is that wrong?

Wouldn't anyone be able to see who is the most profitable person to attack? You may not be able to identify them - they may be anonymous - but the "big fish" should be readily spottable.

Or am I misunderstanding something?

Re: This is why we can't have nice things.

[AC-x]

a bad guy would have to have huge computing resources to overwhelm the good guys

Much as I don't buy into crypto hype either, Ethereum Classic is a failed Ethereum fork that few people use so it's not that surprising it was easily hacked.

Re:This is why we can't have nice things.

[Holi]

Well for one this isn't about Bitcoin.

Re:This is why we can't have nice things.

[CaptainDork]

This isn't bitcoin.

It's Ethereum Classic. The 51% blockchain attack won't work on bitcoin because that chain goes from here to Jupiter.

By comparison, ETC goes from here to the front porch.

Re:This is why we can't have nice things.

[CaptainDork]

I agree.

Might as well file a lawsuit because someone stole your cow from FarmVille.

Re:This is why we can't have nice things.

[CaptainDork]

... bitcoin has much much more security ...

That's because it's transmorgrified into a speculative gambling architecture. The blockchain is static in size and all that's left is to rearrange the Monopoly money.

Re:This is why we can't have nice things.

[CaptainDork]

TFS and TFA were never about bitcoin.

Re: This is why we can't have nice things.

[jythie]

So much of their creation was rooted in people lamenting about how much more wonderful things were in the past, without understanding what went wrong then. So yeah.. amatures recreating mistakes professionals dealt with 200 years ago.

Re:no zero day exploits

[sexconker]

Sure. Take all those phones, make them hash BTC, try to attack the network. It won't amount to squat. Thermodynamics alone mean its fundamentally impossible.

Re: This is why we can't have nice things.

[ceoyoyo]

You do as we do now: you trust organizations that have something to lose.

Banks have a lot of power over the financial system, but if the numbers don't add up properly, they're on the hook, and they can be held accountable because they have real physical assets, directors whose names and addresses are on file, etc.

Also, banks keep an eye on each other, just like bitcoin miners are supposed to do. As far as processing transactions is concerned, there's not really that much difference between a bank and a bitcoin miner, except that the latter is anonymous.

Re:This is why we can't have nice things.

[sysrammer]

Hear Hear! Actually, I believe I've seen lawsuits regarding loss of virtual goods. Against WOW or something like that.

Re: This is why we can't have nice things.

[F.Ultra]

The same can be said for millions of IT projects. It's the "how hard can it be" and the non understanding that existing systems and infrastructure are designed the way they are for a reason and not just because every one else in the world is so much more stupid than you.

Re: This is why we can't have nice things.

[CaptainDork]

You have no data to support that, so you're dismissed.

Re:This is why we can't have nice things.

[Agripa]

And "trust" is your only option- it's all you can do, you can't rely on law enforcement to protect you eCoins. Because eCoins are not backed by government or insured by governments, governments are less inclined to help you get your money back if stolen by thieves and hackers.

And when it is the government stealing the money? Who protects you then?

Re:This is why we can't have nice things.

[Oswald+McWeany]

And when it is the government stealing the money? Who protects you then?

In all the countries I've lived it was the ballot slip.

Re:This is why we can't have nice things.

[Agripa]

And when it is the government stealing the money? Who protects you then?

In all the countries I've lived it was the ballot slip.

So you never lived in the US? Here we only get two choices and they both steal money.

Re:This is why we can't have nice things.

[Oswald+McWeany]

So you never lived in the US? Here we only get two choices and they both steal money.

I voted for my kids as protest write-in candidates for most positions in the last election because I wasn't happy with my choices.

Re:This is why we can't have nice things.

[Oswald+McWeany]

In hindsight, I should have given my kids shorter names.