A 51% attack on Ethereum Classic brought to our attention by a reader.
Friends, New Athenians, Blockchainers,
This is a v. apt case study for blockchain citizenship – taking responsibility for your financial life. Risk and reward are two sides of the same bitcoin, and it is our responsibility to manage that balance ourselves democratically, not relying on intermediaries like banks to coerce decisions out of our hands
A message from our CTO, Emre Korkmaz:
On the blockchain, you should always take your risk factors into account while trying to maximise your reward factors. Your risk and reward is ultimately your responsibility in crypto as in the real world. The hashing power of a coin’s mining base represents the security of transactions on the network against a 51% attack. The value of your transaction can be compared to the value of an attack. For security, you should try to keep the value of the transaction below the value of a potential attack. For coins like Ethereum Classic with less hashing power and higher risk you require more block confirmations to secure a transaction. Larger the transactions done on these chains come at a price, and you invest that risk by deciding beforehand which network to post your transaction on. With bitcoin’s stronger more distributed network there is more cost involved in performing a 51% attack – it has a duration and a cost over time. The cost of an attack is the price to the bad faith actor of maintaining the hashing power long enough to write fraudulent blocks and dupe good faith actors into confirming their fraudulent transactions. Estimates suggest that bitcoin would cost $280k/hour to attack and Proof of Work Ethereum would have cost $82k/hour (https://steemit.com/bitcoin/@the4thmusketeer/bitcoin-is-still-very-expensive-to-attack-51-attack).
You can do a 51% attack with much less than 51% mining power. As an example, you can do a 51% attack in one block with 10% of the mining power at 20% success probability (https://people.xiph.org/~greg/attack_success.html). The more hash power you have, the more chances you have of finding two or more blocks in a row and reversing your transactions to take double the money. So with 30% power you get 63% success at one confirmation, 45% at two confirmations, and so on.
The lesson here is to wait for enough confirmed blocks to lower your risk of attack. This number will be based on the value of your transaction. There are no risks for users holding their coins in their wallets as long as users maintain copies of the blockchain to decide which forks to keep, apart from what potential attacks do to the underlying price volatility of the coin.
As this attack came to our attention, and in response, at The New Athens we are launching an Ethereum Classic Explorer which will allow you to see a more detailed view of the blockchain including the distribution of the mined blocks based on unknown vs. known mining pools or individual miners as with blockchain.info or etherscan showing bitcoin and ethereum mining power distribution respectively.
Known mining power means mining pools where the owners of the mining pools have to pay the miners and have a public reputation to uphold so you can see whether the blocks they have mined have been reversed – if the block disappears other copies of the blockchain will show the address the block reward was distributed to and from that you can find the malicious actor. Most mining power as the difficulty of mining increases lies with mining pools, and we can use that reputation to increase blockchain accountability in public.
Unknown mining power is not bad. The bitcoin blockchain has 23% unknown mining power (https://www.blockchain.com/pools), but for example if the network has a large percentage of unknown hash power you might choose to wait for, say, 100 confirmations or lower transaction values with lower strength blockchains.
We will post a more detailed followup to this post alongside our announcement of progress with the Ethereum Classic Explorer.
Emre Korkmaz — CTO, The New Athens & Associates.
see also: https://steemit.com/bitcoin/@thenewathens/ethereum-classic-explorer-announced-in-response-to-51-attack