Coinbase will delay all Ethereum Classic (ETC) transactions after the network suffered two 51% attacks last week, with hackers stealing millions in ETC.
The San Francisco-based exchange said on a tweet the confirmation time for ETC sent to Coinbase and Coinbase Pro is now set at 2 weeks after the recent network attacks. It added they were monitoring the situation.
Given the recent network attacks on Ethereum Classic, we have increased the confirmation time for ETC sent to Coinbase & Coinbase Pro to ~2 weeks. We are actively monitoring the situation and will provide updates as they become available.
— Coinbase Support (@CoinbaseSupport) August 8, 2020
The decision came after hacker/s stole over $5 million worth of Ethereum Classic — spread over two attacks — by gaining control over the majority of the network and performing a block reorg.
In light of recent network attacks, it’s recommended that all exchanges, mining pools, and other ETC service providers significantly raise confirmation times on all deposits and incoming transactions. @okex @binance @HuobiGlobal @hitbtc @coinbase @digifinex @etherchain_org
— Ethereum Classic (@eth_classic) August 6, 2020
Ethereum Classic attacked over four days
According to an investigation by on-chain firm Bitquery this week, Ethereum Classic’s second 51% attack on Thursday saw hackers reorganize over 4,236 blocks (worth $3.3 million) and successfully double-spend $1.68 million worth of ETC.
How attacker stole 807,260 ETC ($5.6 million) during the 31st July Ethereum Classic ($ETC) 51% attack
— Bitquery.io ( Bloxy ) (@Bitquery_io) August 5, 2020
The attacker pocketed an additional 14,200 ETC via block rewards during the event. The hashpower required for the attack was obtained from Nicehash DaggerHashimoto — the same as the first attack — said Bitquery.
Thursday’s event followed an earlier attack on August 1, which was thought to be a software error at the time. The report estimates the hacker reaped more than a 2,800% return for his efforts, having spent roughly 17.5 Bitcoin (BTC) worth $192,000 on renting hash power from Nicehash to execute the attack.
Meanwhile, Bitquery stated the attack took between July 31 and August 1, but remained detected for “several days as a result of intricate planning and knowledge of the Ethereum Classic protocol.”
The report stated:
“The hacker began the attack by transferring ETC from an exchange wallet under its control, and then back again.”
Criminal action and an OKEx connection
Ethereum Classic Labs, the core development organization behind Ethereum Classic, said Friday it engaged law firm Kobre & Kim to investigate and pursue strict criminal charges against the attackers behind the 51% attacks, according to a press release.
It said over eleven malicious transactions originated from a single address inserted into the Ethereum Classic blockchain over the attack, allowing more than 807,000 ETC to be double-spent.
Bitquery added the attackers’ addresses may be hosted on either OKEx or one of the exchange’s affiliated companies. This has not been confirmed by the exchange.
Meanwhile, Ethereum Class Labs said organizations can utilize several measures to prevent further disruption to the network:
While core developers, stakeholders, and contributors continue to monitor the network and investigate recent attacks we ask:
• Exchanges significantly increase confirmation times
• Use only Core #Geth by @etc_core or @Hyperledger Besu node clients
• Miners keep on mining! ⛏️
— Ethereum Classic (@eth_classic) August 7, 2020
Investigations are ongoing.