Connect with us

Blockchain

Coinbase’s perspective on the recent Ethereum Classic (ETC) double spend incidents

Avatar

Published

on


By Don Yu

Takeaways

  • Coinbase was not targeted by any of the attack transactions and lost no funds
  • At 10:57 PM PST 7/31/2020, Ethereum Classic (ETC) was 51% attacked resulting in ~800,000 ETC (~$5.8 million) of double spend transactions.
  • At 8:15PM PST 8/5/2020, Ethereum Classic was 51% attacked again resulting in ~460,000 ETC (~$3.2 million) of double spend transactions.
  • During the first attack, Parity (OpenEthereum) nodes running in pruned mode ignored the attacking blocks, while the rest of the network accepted the attacking blocks as valid, resulting in a partitioned network of pruned Parity nodes vs the rest of the network

*If an attacker controls majority mining power, they are able to 51% attack the blockchain network. The attacker reorganizes (“reorg”) the blockchain history to steal funds through double spend transactions. See this Coinbase blog post to learn more about double spends

Coinbase’s View

At 11:10 PM PST 7/31/2020, Coinbase Blockchain Security was alerted that Coinbase’s ETC nodes were not seeing new blocks at the expected interval. Our investigation found that our nodes had forked in terms of their blockchain state. Coinbase’s internal pruned parity nodes were seeing different blocks than our non-pruned Parity and Geth nodes. This was the first indicator that something was wrong. We concluded that a massive reorg at 10:57 PM PST 7/31 caused the network to fork due to differing node implementations (for more information on the fork, see the network partition section below).

An extremely large reorg is a significant indicator of potential double spends. At this point, Coinbase chose to significantly raise our confirmation count requirement. This ensured that no double spend transactions were credited on the Coinbase platform.

Two open questions followed: First, did the reorg actually contain any double spends? Second, given the network partition, how does Coinbase ensure we’re on the right chain?

In order to answer the first question, we compared the orphaned chain and the new chain that caused the reorg. We found ~$5.8 million double spent across 53 orphaned transactions. Coinbase was not targeted by these attacks.

Our next focus was understanding the ETC network partition. We discovered pruned Parity nodes would ignore blocks past a certain height. Because the massive reorg tried to orphan blocks beyond this threshold, pruned Parity nodes considered the reorg invalid. Note that the rest of the network chose to follow the reorg, which caused the network to partition. After observing each side of the network partition, Coinbase began following the canonical main chain (I.e. the non-pruned Parity chain which includes the double spend attack).

On the night of August 5th, Blockchain Security got another alert that a massive reorg occurred. Because pruned parity nodes were no longer being operated, there was no network partition akin to the first reorg. Therefore, the singular question was whether Coinbase was the victim of this attack. Doing a similar analysis as above, we confirmed ETC was attacked again, this time for around $3.2 million across nine orphaned transactions. Once again, we found that Coinbase was not the victim for any of the orphaned transactions.

As an additional precaution, we raised the confirmation count further to ensure the security of our customer funds. Note that this is not the first time ETC was successfully double spent. Refer to our previous blog post for details about the previous attack.

While ETC looks to have stabilized in recent days, we continue to monitor for any further ETC turbulence.

Technical Analysis

Nonce-based Double Spends

In this ETC attack, we discovered an interesting pattern used to execute the double spends. We discuss one example of the attacker’s double spend strategy below:

Example of attacker using one attack transaction to double spend multiple orphaned transactions

Attack Pattern:

  1. Attacker sends a large amount of ETC through multiple transactions to victim
  2. Using the victim service, attacker converts ETC to some other currency then moves funds off platform
  3. Attacker reorgs the blockchain “erasing” the transactions from step 1
  4. Now the attacker has access to their original ETC. They move the sum of their funds to another address they control using one large transaction. This is necessary in order to invalidate any replays of the orphaned transactions

End state: The attacker now controls some amount of a non-ETC asset that they exfiltrated from the victim, while also maintaining control of the original ETC.

Interestingly, by using this incremental nonce based technique, each orphaned transaction moved less than 30,000 ETC (~$200,000). We believe that the attacker used these incremental orphaned transactions due to some value-based rate limitation of the victim. For example, a victim exchange may have had a feature preventing a user from receiving greater than x amount of ETC in a single deposit.

The following is the actual ETC data for this double spend:

Here, we find three transactions that occurred on the orphaned chain. The sender (i.e. attacker) and receiver (i.e. victim) address are consistent across all three transactions. As mentioned above, the amount transferred in each transaction hovers around ~$200,000. Additionally, the latter two transactions have incremented nonces when compared to the previous transaction. This is expected based on how account nonces work.

The key point is that on the main chain, neither of the latter two transactions are valid so long as the attacker account doesn’t hold enough funds to cover the transfers. In the main chain, we find one large double spend transaction from the attacker address, as opposed to three separate double spend transactions, one for each of the above orphaned transactions.

Note that the transfer value for this large transaction is equal to the sum of the values of the three orphaned transactions. This ensures all three orphaned transactions are invalid on the main chain.

Pruned Parity Node Network Partition

Beyond the normal 51% attack double spend attack pattern, a second interesting case arose due to this incident: The Parity OpenEthereum client, when configured in pruned mode, will choose to ignore any blocks past a certain height as “ancient” and consider these blocks invalid.

An “ancient” error causing pruned parity nodes to reject the reorg

Therefore, pruned Parity OpenEthereum clients ignored the reorg and continued mining their own separate chain. As mentioned above, we call this the orphaned chain. The invalidity of the reorg chain caused the network to partition by node and node configurations.

How the ETC network partitioned

After this partition occurred, miners continued to mine on both the pruned Parity chain as well as the main chain that the rest of the network followed.

For clarity, note that the pruned Parity nodes’ current state is equivalent to the unpruned Parity, and Geth node’s state before they were reorged. Requesting a block at a certain height within the reorg returns the orphaned block from the pruned Parity node while the unpruned Parity node returns the attacker block. The orphaned block received from the unpruned node used to be part of the unpruned Parity node’s state, however the orphaned block was reorged out of the unpruned node’s view.

Node operators that continued to run pruned parity nodes maintained and extended the orphaned chain. Until these operators resynced their pruned parity nodes or switched to a different node type, the networked remained partitioned. Coinbase strongly recommends switching to a supported node (eg. Geth).

Reorgs

According to Coinbase non-pruned node logs, there was an extremely large reorg that started at block height 10904147 until block height 10907434. At the time of the attack, the main (i.e. attack) chain had height 10907434 while the orphaned chain had height of 10907836. The common ancestor block between the orphaned and main chain is at height 10904146. This means the reorg orphaned 3692, and added 3287 new blocks. Note that while the attack chain had a lower height, because it had a higher difficulty it superseded and overtook the orphaned chain as the canonical chain for ETC. Assuming a block time of 15 seconds, the attacker had to mine with majority hashpower for around 13.7 hours to execute this attack.

Diagram of reorg 8/1

The pruned nodes ignored this reorg while the un-pruned nodes accepted this reorg as valid. See the Network Partition section above for more information.

Our analysis shows 15 double spending transaction pairs and 38 nonce-based orphaned transactions in the chain reorg. None of the double spends affected Coinbase.

On 8/5/2020, ETC saw a second massive reorg on the main chain.

At the time of the reorg, the orphaned chain head block was 0x9555 at height 10939866. After the reorg, the main (i.e. attack) chain head block was 0x7521 at height 10939975. The common ancestor block between the orphaned and main chain is at height 10935622. The reorg orphaned 4244 blocks, while the attack chain contained 4353 blocks. Assuming a block time of 15 seconds, the attacker had to mine with majority hashpower for around 18.1 hours to execute this attack.

Diagram of reorg 8/5

Blockchain Security performed the same analysis as above on this reorg and found 7 double spend transaction pairs and an additional 2 orphaned transactions sent to the victims address. Once again none of these double spends affected Coinbase.

Double spends

In the first series of double spend transactions, we found that around $5.8 million was double spent. There were five unique addresses sending large volume double spend transactions to five unique victim addresses. The attacker and victim addresses mapped one to one.

After examining the to and from addresses, Blockchain Security came to the conclusion that none of these double spends affected Coinbase:

In the second series of double spends, we found that around $3.2 million was double spent. This time around, there was exactly one target victim address: 0x38cd54fc7b1fe7994355fce1d75c9c4bd7335a46. Additionally, the amount double spent per transaction had a much higher variance, between ~$97,000 and up to ~$1.08 million. We found that in the second attack, the attacker tended to not split up the orphaned transactions, meaning the orphaned and attack transactions generally mapped one to one. The one exception was the particular attacker address 0xa56cfaef495a45f17f44fd0b2d85e0fe63b9ba7d which sent three orphaned transactions.

It should be noted that in the first reorg, our analysis also found a number of other small double spends, on the order of ~10 dollars. We believe these to be non-malicious users interacting with the blockchain during the reorg resulting in non-malicious double spends.

Next Steps

Coinbase takes security very seriously. As part of that commitment, we monitor blockchains for activity that could be harmful to our customers and take prompt action to safeguard funds. We want to emphasize to customers that Coinbase strives to be the most trusted and safest place to buy, sell, or store cryptocurrency.

If you are interested in blockchain security, Coinbase is hiring.

The following is Coinbase’s complete set of data regarding the two double spend attacks:

This website contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of Coinbase, Inc., and its affiliates (“Coinbase”), and Coinbase is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. Coinbase is not responsible for webcasting or any other form of transmission received from any Third-Party Site. Coinbase is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by Coinbase of the site or any association with its operators.

While care and consideration has been taken in the creation of the material on this website, we do not warrant, represent or guarantee that the material published on this website is in all respects accurate, complete and current. To the extent permitted by law, we exclude any liability, including any liability for negligence, for any loss or damage arising from reliance on material on this website

All images provided herein are by Coinbase.


Coinbase’s perspective on the recent Ethereum Classic (ETC) double spend incidents was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Source: https://blog.coinbase.com/coinbases-perspective-on-the-recent-ethereum-classic-etc-double-spend-incidents-1fd19ef215f3?source=rss—-c114225aeaf7—4

Blockchain

Bitcoin: Temporary Correction or No ATH This Year? The Crypto Weekly Market Update

Avatar

Published

on

Bitcoin has a way of surprising people. This week was no exception. A few days ago, almost everyone believed that the cryptocurrency is inevitably headed to a new all-time high. And how could they not? BTC was trading at a few hundred USD below the record from back in 2017. Unfortunately, things took a turn for the worst.

Yesterday was undoubtedly a bad day for bitcoin as it plunged a total of around $3,000 in less than 24 hours. From a high of about $19,500 down to $16,200, the bears poked and showed their faces. The entire market lost around $80 billion of its capitalization as altcoins actually had it worst.

During the market dive, Bitcoin’s dominance actually increased, showing that not only altcoins failed to hold their ground, but they dropped harder than BTC. Since then, there has been a slight recovery and at the time of this writing, the primary cryptocurrency is trading at around $17,000.

The move was seemingly propelled by the news that US regulators might seek to require identity verification from crypto wallet providers. Coinbase’s CEO, Brian Armstrong, commented on the matter, expressing his worries that if the new rules are implemented, they would be rather harmful to the users and the industry, in general.

At the same time, the popular cryptocurrency exchange OKEx opened withdrawals for the first time since they were shut down around a month ago, which might have prompted users to cash out the profits that they have been sitting on. In fact, CryptoPotato reported that around $500 million were withdrawn from the exchange as the crash started to take place.

In any case, the results are here, and it remains particularly interesting to see where will bitcoin go from here.

Market Data

Market Cap: $512B | 24H Vol: 181B | BTC Dominance: 62%

BTC: $17,132 (-7.98%) | ETH: $516.86 (+1.71%) | XRP: $0.56 (+74.08%)

Bitcoin Worth $500 Million Withdrawn From OKEx as Users Look for Other Alternative. Data shows that users withdrew a total of 29,300 BTC from the popular cryptocurrency exchange OKEx right after it resumed full functionality. This happened just as bitcoin plunged $3,000 in a matter of 24 hours. The exchange also resumed the withdrawals a day earlier than announced and during the Chinese trading hours.

Bitcoin Black Friday 2020: The Sales You Better Not Miss. It’s the end of November, and with this comes the long-anticipated shopping season. For many, this is a time to enjoy massive sales. We’ve taken the liberty of listing a few sales within the cryptocurrency field that aficionados might find interesting.

Facebook’s Libra Could Reportedly Arrive in January 2021 in a Scaled-Down Version. Libra, Facebook’s long-awaited cryptocurrency project, might be set to launch in early 2021. However, the version that’s potentially hitting the market is scaled-down and specifically intended to abide by the regulations of Switzerland’s FINMA.

Research Suggests Satoshi Nakamoto Launched Bitcoin From London. New research shows that activities associated with Satoshi Nakamoto from 2008 and 2010 might have taken place in London when Bitcoin’s network went live. This brings the experts a step closer to identifying who’s behind the legendary pseudonym.

6 Possible Reasons For Bitcoin’s $3,000 Daily Price Crash. Bitcoin went through a massive crash two days ago when it lost around $3,000 of its value in a sudden red candle. These are six reasons for which this may have happened and a brief outline of what might be next to come.

Coinbase CEO Fears Rumored Regulations Proposed By The Trump Administration. Brian Armstrong, the CEO of the leading US-based cryptocurrency exchange Coinabse, has said that he’s worried about the rumored regulations concerning third-party wallet providers having to identify their users. He said that this might harm users and the entire ecosystem.

Charts

This week we have a chart analysis of Bitcoin, Ethereum, Ripple, Chainlink, and Stellar Lumens – click here for the full price analysis.

SPECIAL OFFER (Sponsored)
Binance Futures 50 USDT FREE Voucher: Use this link to register & get 10% off fees and 50 USDT when trading 500 USDT (limited offer).

PrimeXBT Special Offer: Use this link to register & enter CRYPTOPOTATO35 code to get 35% free bonus on any deposit up to 1 BTC.

Disclaimer: Information found on CryptoPotato is those of writers quoted. It does not represent the opinions of CryptoPotato on whether to buy, sell, or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk. See Disclaimer for more information.

Cryptocurrency charts by TradingView.

You Might Also Like:


Source: https://cryptopotato.com/bitcoin-temporary-correction-or-no-ath-this-year-the-crypto-weekly-market-update/

Continue Reading

Blockchain

Ripple Plans To Cash Out 33% Of Its MoneyGram Stake With A Significant Profit

Avatar

Published

on

  • The San Francisco-based payment protocol has filed a document on Friday with the US Securities and Exchange Commission (SEC). It reads that Ripple Labs has entered into an agreement with MoneyGram, which entitles Ripple to sell up to 4,000,000 shares of common stock.
  • Ripple’s option to sell these shares will expire “upon the earliest of March 31st, 2021, the time at which the maximum amount shall have been sold, or the occurrence of certain other customary events affecting the issuer.” 
  • CryptoPotato reported last year that Ripple and MoneyGram announced a strategic partnership. The initial term of the agreement was for two years. Ripple had agreed to provide a capital commitment amounting to $50 million in exchange for equity through the two-year period.
  • As per the SEC filing, Ripple owns 6.22 million shares of the giant money transfer company (or 8.6% of shares outstanding). However, the blockchain company has a warrant to buy up to another 5.95 million shares, amounting to a total equity position of 12.2 million shares or 17% of MoneyGram’s shares outstanding).
  • With the initial investment in 2019, Ripple purchased the MoneyGram shares at 4.10 per stock, which was a significant premium to the market price. 
  • Nevertheless, MoneyGram’s stocks (MGI) have surged in 2020, closing Friday’s session at $7.42. As such, Ripple can cash out with an 80% profit, despite the initial premium.
SPECIAL OFFER (Sponsored)
Binance Futures 50 USDT FREE Voucher: Use this link to register & get 10% off fees and 50 USDT when trading 500 USDT (limited offer).

PrimeXBT Special Offer: Use this link to register & enter CRYPTOPOTATO35 code to get 35% free bonus on any deposit up to 1 BTC.

You Might Also Like:


Source: https://cryptopotato.com/ripple-plans-to-cash-out-33-of-its-moneygram-stake-with-a-significant-profit/

Continue Reading

Blockchain

South Korea To Postpone Previously Planned Crypto Income Tax

Avatar

Published

on

Lawmakers in Korea are planning to postpone a recently considered tax on crypto assets profits. Reports say the tax rule delay will be about three months – instead of October 2021, January 2022.

The New Crypto Income Tax Rule To Wait Until January 2022

According to a recent media report, the South Korean congress plans to put off the recently considered cryptocurrency income tax rule. A planning and finance committee of the National Assembly has issued a report, which proposes the necessity of implementing the crypto income tax rule from at least 2022.

A few months ago, in July, a report stated that South Korea’s Minister of Finance and Economy believes that the country should come up with a tax on cryptocurrency trading and investing. Back then, he added that South Korea has been in discussion with other countries about introducing a new digital law.

In July 2020, the country’s Ministry of Economy and Finance amended its tax code, where it included the plan for charging residents a 20% tax on gains from cryptocurrency trading, which are worth more than 2.5 million Korean won (about $2,000).

Lawmakers in the National Assembly are to approve the Government’s plan, which was to carry into effect the cryptocurrency income tax rule from October 2021.

Reason For The Delay – Time Is Tight

As per the media report, the reason for the postponement of the crypto tax law is based on some concerns, raised by local crypto exchanges. They have claimed the lack of time to build their proper tax reporting system and infrastructure, needful for the process to begin.

The so-called “Specific Financial Information Act” would be enforced from March next year, so crypto exchanges have to complete the necessary reporting system by September 2021 for verifying their real names of deposit withdrawal accounts.

As CryptoPotato reported, South Korea announced the planning of the crypto income tax in June this year. The Asian country went through some different views on how and whether it should tax profits from cryptocurrency. Firstly, at the beginning of 2020, the Ministry of Economy and Finance did not consider that digital asset trading gains as taxable income. A month later, another local report said the Ministry believes that the nation could start label cryptocurrency trading profits as “other income.”

SPECIAL OFFER (Sponsored)
Binance Futures 50 USDT FREE Voucher: Use this link to register & get 10% off fees and 50 USDT when trading 500 USDT (limited offer).

PrimeXBT Special Offer: Use this link to register & enter CRYPTOPOTATO35 code to get 35% free bonus on any deposit up to 1 BTC.

You Might Also Like:


Source: https://cryptopotato.com/south-korea-to-postpone-previously-planned-crypto-income-tax/

Continue Reading
Blockchain4 days ago

PayPal Reportedly Restricted a User’s Account for Trading Cryptocurrency

Blockchain2 days ago

South Korean crypto market records more trades in Altcoins

Blockchain3 days ago

Wrapped- DGLD brings Swiss vault held Gold to Ethereum

Blockchain5 days ago

Yearning for Pickle? Two DeFi Protocols Merge

Blockchain15 hours ago

South Korea To Postpone Previously Planned Crypto Income Tax

Blockchain2 days ago

Digital Euro: German finance minister urges ECB to accelerate its CBDC development

Blockchain5 days ago

The Elites Are Preparing a New Currency to Replace the U.S. Dollar

Blockchain3 days ago

Libra Hired New Payments Subsidiary General Counsel: Report

Blockchain14 hours ago

South Korea To Postpone Previously Planned Crypto Income Tax

Blockchain4 days ago

Lattice and DEX Alternatives that Counter CEX Practices

Blockchain4 days ago

This upcoming 45 billion token airdrop is one of the reasons why retail is pumping XRP

Blockchain4 days ago

How To Buy Ethereum With PayPal

Blockchain4 days ago

The FBC Fund Has Invested in Vectracoin

Blockchain4 days ago

Verge Price Prediction – How High Will XVG Price Reach in 2021?

Blockchain14 hours ago

Bitcoin: Temporary Correction or No ATH This Year? The Crypto Weekly Market Update

Blockchain12 hours ago

South Korea To Postpone Previously Planned Crypto Income Tax

Blockchain4 days ago

American Investors Given 14 Days to Get Off Binance

Blockchain14 hours ago

Bitcoin and Crypto Worth $4 Billion Seized From PlusToken Ponzi Group

Blockchain14 hours ago

Guggenheim Fund Files to Be Able to Invest Up to Almost $500M in Bitcoin Through GBTC

Blockchain4 days ago

Tron Price Prediction – Could 2020 Be the Year of the TRX?

Blockchain14 hours ago

Ripple price prediction: XRP to hit $0.67 next, analyst

Blockchain12 hours ago

Bitcoin and Crypto Worth $4 Billion Seized From PlusToken Ponzi Group

Blockchain5 days ago

BitMEX Founder’s Charges Highlight Risks for DeFi

Blockchain4 days ago

Market Analysis Report (25 Nov 2020)

Blockchain3 days ago

Yes, You Can Spend Your Bitcoin This Black Friday

Blockchain2 days ago

Yearn. Finance Price Analysis: Spike in Buying Pressure Could See YFI Prices Soar To $25k

Blockchain2 days ago

Bitcoin Worth $3B from PlusToken Ponzi Scam Seized by Chinese Authorities

Blockchain12 hours ago

Bitcoin: Temporary Correction or No ATH This Year? The Crypto Weekly Market Update

Blockchain5 days ago

In Her Own Words: Here’s What Janet Yellen Has Said About Bitcoin

Blockchain4 days ago

Ripple price prediction: XRP to move short towards $0.45

Blockchain3 days ago

$100M Liquidated From Compound Following Flash Loan Exploit

Blockchain4 days ago

Coinbase Pro Ends Margin Trading Services

Blockchain13 hours ago

Bitcoin: Temporary Correction or No ATH This Year? The Crypto Weekly Market Update

Blockchain12 hours ago

Bitcoin Price Prediction: BTC/USD Resumes Upside Momentum, Struggles to Break Above $18,000 Price Level

Blockchain5 days ago

Coinbase, Citing Regulations, Ends Margin Trading Services

Blockchain4 days ago

Kraken Daily Market Report for November 24 2020

Blockchain15 hours ago

Bitcoin and Crypto Worth $4 Billion Seized From PlusToken Ponzi Group

Blockchain13 hours ago

South Korea To Postpone Previously Planned Crypto Income Tax

Blockchain2 days ago

Market Analysis Report (27 Nov 2020)

Trending