• Coinbase was not focused by any of the assault transactions and misplaced no funds
  • At 10:57 PM PST 7/31/2020, Ethereum Basic (ETC) was 51% attacked leading to ~800,000 ETC (~$5.Eight million) of double spend transactions.
  • At 8:15PM PST 8/5/2020, Ethereum Basic was 51% attacked once more leading to ~460,000 ETC (~$3.2 million) of double spend transactions.
  • In the course of the first assault, Parity (OpenEthereum) nodes working in pruned mode ignored the attacking blocks, whereas the remainder of the community accepted the attacking blocks as legitimate, leading to a partitioned community of pruned Parity nodes vs the remainder of the community

At 11:10 PM PST 7/31/2020, Coinbase Blockchain Safety was alerted that Coinbase’s ETC nodes weren’t seeing new blocks on the anticipated interval. Our investigation discovered that our nodes had forked by way of their blockchain state. Coinbase’s inner pruned parity nodes had been seeing totally different blocks than our non-pruned Parity and Geth nodes. This was the primary indicator that one thing was fallacious. We concluded {that a} large reorg at 10:57 PM PST 7/31 prompted the community to fork on account of differing node implementations (for extra info on the fork, see the community partition part under).

Nonce-based Double Spends

On this ETC assault, we found an fascinating sample used to execute the double spends. We focus on one instance of the attacker’s double spend technique under:

Instance of attacker utilizing one assault transaction to double spend a number of orphaned transactions

Assault Sample:

  1. Attacker sends a considerable amount of ETC via a number of transactions to sufferer
  2. Utilizing the sufferer service, attacker converts ETC to another foreign money then strikes funds off platform
  3. Attacker reorgs the blockchain “erasing” the transactions from step 1
  4. Now the attacker has entry to their authentic ETC. They transfer the sum of their funds to a different tackle they management utilizing one giant transaction. That is crucial with a purpose to invalidate any replays of the orphaned transactions
Instance of attacker utilizing one assault transaction to double spend a number of orphaned transactions
Assault transaction on primary (i.e. attacker) chain that consolidates and strikes funds to an attacker managed tackle

Pruned Parity Node Community Partition

Past the traditional 51% assault double spend assault sample, a second fascinating case arose on account of this incident: The Parity OpenEthereum shopper, when configured in pruned mode, will select to disregard any blocks previous a sure top as “historical” and think about these blocks invalid.

An “historical” error inflicting pruned parity nodes to reject the reorg
How the ETC community partitioned


In response to Coinbase non-pruned node logs, there was an especially giant reorg that began at block top 10904147 till block top 10907434. On the time of the assault, the primary (i.e. assault) chain had top 10907434 whereas the orphaned chain had top of 10907836. The widespread ancestor block between the orphaned and primary chain is at top 10904146. This implies the reorg orphaned 3692, and added 3287 new blocks. Word that whereas the assault chain had a decrease top, as a result of it had a better problem it outmoded and overtook the orphaned chain because the canonical chain for ETC. Assuming a block time of 15 seconds, the attacker needed to mine with majority hashpower for round 13.7 hours to execute this assault.

Diagram of reorg 8/1
Diagram of reorg 8/5

Double spends

Within the first collection of double spend transactions, we discovered that round $5.Eight million was double spent. There have been 5 distinctive addresses sending giant quantity double spend transactions to 5 distinctive sufferer addresses. The attacker and sufferer addresses mapped one to 1.

Doublespend assault 8/1 overview
Double spend assault 8/5 overview

Subsequent Steps

Coinbase takes safety very critically. As a part of that dedication, we monitor blockchains for exercise that could possibly be dangerous to our prospects and take immediate motion to safeguard funds. We need to emphasize to prospects that Coinbase strives to be essentially the most trusted and most secure place to purchase, promote, or retailer cryptocurrency.

Source link


Please enter your comment!
Please enter your name here