Ongoing 51% attacks leave Ethereum Classic over a precipice
ETC is still immensely vulnerable. Increasing block confirmation times is not enough.
- The scattered developers at Ethereum Classic appear to be disorganised and unable to agree on a course of action following the attacks, or even that there was a 51% attack.
- Ethereum Classic is still highly vulnerable and will be for the foreseeable future.
- Ethereum Classic does not appear to have any realistic plan for mitigating the downsides inherent to proof of work.
The team at Ethereum Classic (ETC) appears to still be jogging along in the wake of a series of 51% attacks, which have resulted in over $1 million in losses to date.
There hasn't really been any formal acknowledgement from ETC that it has succumbed to a 51% attack. Rather, different ETC developers are going with their own opinions. Some maintain that it's still too early to tell what happened, while others such as Donald McIntyre point out that it's very obviously a classic 51% attack.
"As we are truly decentralized, we don't have formal processes or any top down management of our network, communications or decision making process," McIntyre admitted to CoinDesk. "However, we do coordinate as we share the same incentives to support the network, so we communicate regularly, albeit not with the method or [system] of a centralized team."
The slowness of response and lack of organisation may have ended up costing exchanges money in these attacks, and the only suggestion from Ethereum Classic to prevent them has been to increase confirmation requirements.
Unfortunately, this alone won't be enough. Ethereum Classic is currently still highly vulnerable and left over a precipice.
Taking the plunge
The ETC team has recommended that exchanges increase confirmation times to 400 blocks – or about an hour and a half at 14 second average block time. This basically means large transactions will take an hour and a half to go through because waiting that long is the only way one can be sure it won't disappear.
Unfortunately, it's still not enough. Given the low hashrates on the Ethereum Classic network, it's estimated that it's possible to rent enough hashrate for a 51% attack on ETC for just $5,000 an hour. That's still an absolute bargain given that the largest reorganisations in this slew of attacks have been pulling in over 50,000 ETC a pop – roughly $250,000.
This is why exchanges such as Coinbase and Kraken are cancelling all ETC trading rather than go along with the security theater of increased confirmations.
For increased confirmation times to effectively protect ETC from these kinds of attacks in the long run, one of two things needs to happen:
- Confirmation times need to be much higher than 400 blocks. Think days or weeks, not hours. This would make it less cost-effective to attack ETC, but render the network basically useless.
- ETC prices need to drop massively which would reduce the incentive to attack the network. This would also reduce mining rewards which might make it easier to attack the network, but it might still be a step in the right direction.
Neither is an especially attractive option, but as things stand Ethereum Classic is still highly vulnerable, while the supporters of the network are unable to agree on a set course of action (they have yet to agree that it was a 51% attack) and don't want to risk running into even bigger vulnerabilities.
"No one wants to make a hasty decision that would expose greater security threats," said ETC developer Cody Burns.
But what can you do? Making a successful proof of work network means embracing a terrifying range of limitations. And overcoming those takes a lot of dedication, a lot of thought and some hair raising sacrifices.
The ETC team might not be prepared to do what's needed to make PoW work. McIntyre's plans, for example, seem to boil down to just hoping that ETC grows big enough that it doesn't need to worry. So the plan is basically to achieve bitcoin-like scale while being vulnerable to 51% attacks and dropped by exchanges. Good luck.