In a noteworthy analysis by the SlowMist team, the ETC 51% attackers address has finally been flagged and shared with partners. The sharing was done to prevent further attacks on other exchanges. The identity of the attacker can finally be established if the involved exchanges are willing to cooperate and assist.
The attack was first reported on January 06, 2019, and SlowMist warned of the likelihood of the ETC 51% attack in SlowMist Zone. The alarm was raised based on the information analysis of the SlowMist Zone Intelligence together with the BTI (Blockchain Threat Intelligence) system. On the next day, ETC official responded on Twitter.
Also, Coinbase responded in their official blog stating that they had identified up to 15 attacks with 12 of those being double spend that totals 219,500 Ethereum Classic (about $1.1 million). The news was received on January 8, 2019. The official confirmed the presence of the ETC’s 51% attack. Seven of the involved transactions were detected rollback.
There are four identified txHash addresses that the attackers used to trade a total of 54200 ETC. The ETC wallet addresses that were owned and manipulated by the assailant are:
Since January 6, 2019, SlowMist started focusing and tracking on the BTI system, related blockchain explorer, and related disclosed intelligence. The tracking process discovered that the address that interacted for the first time with the malicious 0x3ccc8f7415e09bead930dc2b23617bd39ced2c06 wallet address was 0x24FdD25367E4A7Ae25EEf779652D5F1b336E31da.
The research and tracking also discovered that the attacker extracted a huge number of ETC from a Binance wallet to another account on transit to malicious wallet address. According to AnChain.ai, the Bitrue wallet address is 0x2c9a81a120d11a4c2db041d4ec377a4c6c401e69. Based on that information, the attack was traced uncovering various transactions that never existed.
The first attack featured a loss of 4000 ETC from Bitrue with another 9000 ETC attack following shortly later. Multiple attacks were made and the information about Bitrue was found consistent with all the information posted on the Coinbase blog. Continuous tracking showed that after the ban of the suspected malicious wallet addresses by exchanges, the attacks subsided on 2019–01–08 at 04:30:17 UTC.
?‼️Ethereum Classic (ETC) 51% Attack Detected On @BitrueOfficial
We’ve experienced an ETC 51% attack yesterday morning. The attacker tried to withdraw 13,000 ETC from our platform but got halted by our system. As demonstrated below: pic.twitter.com/V7YWzkldIv
— Bitrue (@BitrueOfficial) January 8, 2019
The SlowMist team believes that all large attacks must have been backed up by enough funds. The backup was set up under consideration of the risks involving the money and time spent before, during, and after the attack. Also, plans of countervailing traceability costs of any money laundering money after the attack were put in place to shield the identity of the attackers.
Will Exchanges Cooperate?
However, the SlowMist team believes that the identity of the attacker can be determined if the involved exchanges readily cooperate. However, the net mining power for the entire network has reduced as a result of the recent plunge in blockchain funding.
All users who were affected by the 51% on ETC are advised to add a risk control mechanism to the tokens with a profitable space since these types of attacks may arise in the near future.