21ST CENTURY CRIME: Almost $500,000 in Ethereum Classic coin stolen by forking its blockchain.
The heist was the result of carrying out what’s known as a rollback attack, which allowed the attackers to reorganize the Ethereum Classic blockchain, Coinbase security engineer Mark Nesbitt said in a blog post. From there, the attackers were able to “double spend” about 88,500 ETC, meaning they were able to recover previously spent coins and transfer them to a new entity. As a result, the coins were effectively transferred from the rightful recipients to new entities chosen by the attackers.
“We observed repeated deep reorganizations of the Ethereum Classic blockchain, most of which contained double spends,” Nesbitt wrote. “The total value of the double spends that we have observed thus far is 88,500 ETC (~$460,000).”
Rollback attacks are often referred to as 51-percent attacks, because, in theory, they require an attacker to control a majority of the CPU power generating a blockchain. Such an arrangement violates a core requirement of any blockchain-based currency: it allows a single entity to write the contents of its universal shared transaction history.
That sounds like a problem with Ethereum in particular, not crypto in general. But with crypto as in anything else, it remains caveat emptor.