Coroner’s Report on the Ethereum Classic [ETC] 51% attack; tracking the attacker’s transactions on the blockchain

The biggest hit that any cryptocurrency has taken ever since the start of 2019 has to be Ethereum Classic [ETC] as it underwent a brutal 51% attack causing a loss of $1.1 million worth of ETCs. In light of new evidence, there have been some ‘skeletons’ crawling out of the closet.

According to independent research conducted by the “SlowMist” team, the attack was noticed by them on January 6, 2019. However, Donald McIntyre, BDM at the Ethereum Classic says that the attack happened in two stages. The first attack took place on January 5 and 6 and the second attack took place on January 6 and 7.

As per SlowMist research, the attacker withdrew his ETC from Binance exchange to multiple addresses which began on January 5, 2019, 19:58 UTC. [Binance Address: 0x3f5CE5FBFe3E9af3971dD833D26bA9b5C936f0bE].

The attacker then transferred it to two addresses, the first one was “0x24fdd25367e4a7ae25eef779652d5f1b336e31da”  and the second one was 0x3ccc8f7415e09bead930dc2b23617bd39ced2c06.

The next address that the attacker used was a wallet on Bitrue’s exchange. [Bitrue Address: 0x2c9a81a120d11a4c2db041d4ec377a4c6c401e69].

SlowMist in their research mentions how the attacker successfully double spent 9000 + 4000 ETCs and then tried to withdraw it which was noticed by Bitrue.

The attack was confirmed by Bitrue exchange on a Twitter thread which details how they noticed 13,000 double spent ETC on their platform. Bitrue confirmed that they stopped the attacker from withdrawing his funds.

Bitrue also detected the attacker aka the ‘bad actor’ miner using gastracker.io and found out his address. As seen from the chart below it shows how the miner gathered an absurd amount of hash rate to himself/themselves.

As per the data obtained from gastracker.io, the attacker had a hash rate equivalent to 6524 GH/s [Gigahash per second], which is about 78.15% of the total hash rate available for the entire Ethereum Classic network which runs on the same hashing algorithm as that of Ethereum.

Furthermore, the attacker tried to double spend 600 ETC in the transaction which was recorded in block height – 7249357 as well as in block height – 7249361. Coinbase blog dated January 8, 2019, by Mark Nesbit, confirmed the attacks and the double spending by the attacker.

The SlowMist blog stated:

“Based on continuous tracking, we found that, in view of the increase in block confirmations and the ban on malicious wallet addresses by exchanges, the attacker’s 51% attack on ETC is in UTC 2019–01–08 04:30:17 (Beijing time 2019–01- 08 12:30:17 ) has stopped after that”

The number i.e., 219,500 ETC remains the same, which is the total amount of ETC double spent by the attacker during the attack that lasted from January 5, 2019, to January 7, 2019.

There was, however, a meeting led by Zach Belford, an ETC lead developer which included members from the IOHK and ETC Labs Core teams, other volunteers ETC developers, the ETC Cooperative, other members of the community at large. The meeting discussed a wide range of topics, which focussed on how the attack happened and solutions that could be introduced into the ETC blockchain or the mining to mitigate or stop such attacks.

One solution included increasing the confirmation time for transactions, while the others included an introduction of new PoW mining algorithm niche which is exclusive to the ETC blockchain.