⚔️ Attacks — Issue No. 33
/📰 News
This week saw a successful 51% attack against the Ethereum Classic network. This is the most prominent network to be attacked to date, having both a high profile and a top-20 market cap. Ethereum Classic is the surviving chain from the contentious Ethereum hardfork in 2016. That fork returned the funds stolen from "The DAO" smart contract, a decision some in the community disagreed with because it violated Ethereum's principle of immutability. Because ETC shares the same origin as Ethereum, it also shares the same hashing algorithm, but attracts far fewer miners. This made it vulnerable. Link.Regular readers will remember the attack against Vertcoin, a much smaller project, that I covered in Issue 28. In that edition, we discussed how 51% attacks allow the assailant to double spend coins over a short period of time, which is usually exploited by stealing from exchanges. In this instance, it seems the attacker double spent $1.1 Million in funds, likely resulting in a large 6-figure profit. The team at Coinbase, which detected the attack and froze accounts before they were impacted, published an excellent write up that covers this specific attack and also reviews how 51% attacks work in general. Link.
While Classic was under siege, the Ethereum Core Developers reached tentative consensus to change the hashing algorithm used on the main Ethereum network. The current hashing algorithm, Ethhash, was originally designed to be resistant to specialized mining hardware known as ASICs. Despite this, it became clear in 2018 that ASICs had been developed and were being utilized. The would-be new algorithm, called ProgPoW, is another attempt at keeping specialized hardware out of the mining pool. Ostensibly, the reason to do this is to make the transition to Proof-of-Stake easier in the future. Link.
It's an interesting happenstance that the attack against Ethereum Classic coincided closely with the Ethereum dev's decision to move to a different algorithm. If the Ethereum network goes forward with the change, what will Ethhash ASIC miners do? Will they migrate to ETC, which might actually be a boon to the network's security? Or will they attack the network in a last ditch effort to recover the capital spent on their equipment? It's even possible this week's attack was a preemptive attempt by a large Ethhash miner to do just that. This is a great reminder that cryptonetworks are effected by exogenous circumstances, not just their own internal incentive structures.
It's also interesting to note that ETC's value did not drop much due to the attack. I think this is a symptom of how little adoption most of these assets have. To the extent people own ETC, they do so as a speculative investment, so they aren't impacted. If people were using crypto to actually pay for (or be paid for) goods and services on a day-to-day basis, these kinds of transaction reversals would be a huge problem. As it stands, only exchanges are actually impacted by these attacks. In the long run, I think we'll see exchanges de-listing riskier long tail coins or demanding centralizing compromises like checkpoints.
Finally, let's talk more about the tentative decision to move the Ethereum network to a new hashing algorithm. To be honest, I see this as a technically risky decision with unclear upside. Every hardfork executed is an opportunity for a chainsplit or other issue. ProgPoW is brand new and relatively untested. Given enough time, there will almost certainly be ASICs developed for it anyway. And it's completely unclear that ASICs are actually bad in the first place-- there's a very strong argument to be made that their existence increases the network's security from a practical perspective. Given all this, I don't see the change as worthwhile.