In a significant security breach, Coinbase has halted all transactions involving Ethereum Classic (ETC), the original unaltered version of the Ethereum blockchain, after confirming a double-spending attack on the cryptocurrency network. This incident has raised concerns not only for digital coin investors but also for business owners considering the safety of their assets in the cryptocurrency marketplace.
The alleged attack resulted in the unauthorized spending of approximately 219,500 ETC, leading to losses estimated at $1.1 million. In light of this vulnerability, the price of Ethereum Classic plummeted shortly after the incident was made public. The disruption was identified as a “deep chain reorganization,” which suggests a 51 percent attack where an individual or group controlling the majority of mining power altered transaction histories to facilitate double spending.
Mark Nesbitt, a security engineer at Coinbase, explained in a blog post that the firm detected multiple deep reorganizations of the ETC blockchain. These disturbances primarily involved transactions that allowed for previously spent coins to be redirected to wallets controlled by the attackers, thus enabling a fraudulent transfer of funds. Such tactics underscore the vulnerabilities that can be exploited in lesser-mined cryptocurrencies, accentuating the risks involved compared to more secure networks like Bitcoin and Ethereum.
Following the detection of this blockchain compromise on January 5, Coinbase took immediate action to safeguard both customer funds and the integrity of its exchange by suspending on-chain ETC payments. An official update on Coinbase’s status page confirmed that the network’s instability prompted the cessation of all ETC transactions, while buy and sell functionality remained unaffected.
Initially, Ethereum Classic officials disputed Coinbase’s claims, asserting that their network was functioning normally. However, further investigation revealed confirmation of a successful 51 percent attack characterized by multiple block reorganizations. Nevertheless, the Ethereum Classic network stated that they were not contacted by Coinbase during this crisis and that an ongoing investigation is in progress.
This incident exemplifies a broader trend where attackers are increasingly targeting smaller cryptocurrencies, which are often more susceptible to manipulation compared to their larger counterparts. In this case, Ethereum Classic, created in 2016 and currently holding a market cap exceeding $500 million, became a lucrative target for such cyber assaults.
The tactics likely utilized in this breach could align with various MITRE ATT&CK techniques, particularly those associated with privileged escalation and persistence. Given the adversary’s ability to manipulate major portions of the mining process, tactics such as initial access through compromised nodes or wallets may have also been involved.
As businesses venture into cryptocurrency transactions, the risks highlighted by this incident should serve as a cautionary tale regarding security measures necessary for protecting digital assets in an evolving threat landscape.
