Several sources reported yesterday that the “original Ethereum”, more commonly known as Ethereum Classic, is being subjected to chain reorganization. This reorganization can be done by a malicious player who owns more than half of targeted network’s mining hash rate and is thus called a “51% attack”. By controlling more than half of the network’s mining power, the attacker is capable of “double spending” aka rolling back on-chain transactions. A 51% attack is one of the most feared concepts in modern cryptography as it removes an essential piece of a crypto network: its immutability. Reddit user turtleflax explains how the attack works:
“What a 51% attack does is remove 2 important properties from a blockchain, immutability and censorship resistance. This happens because consensus is achieved based on trusting the majority of hash rate. This works great in a decentralized system, but when 1 entity (attacker, hacked/malicious pool, nation state, etc.) acquires majority hash power then problems happen:
Miners package up transactions from the mempool into blocks so a majority hash rate miner can exclude specific transactions or all transactions (mining empty blocks). This is effectively censoring transactions on the network for the duration of the attack
When a miner includes a transaction in a block, it is said to be confirmed. If they have more hash rate than the rest of the network, they can spend coins and then spend them again elsewhere, a “double spend”.”
The problem was initially brought to light on January 7th by an entity called Ethereum Classic Consortium, which communicated that a security team Slow Mist detected transaction rollbacks on several ETC blocks. The ETC community dug deeper and discovered that a private mining pool (address: 0x3ccC8F7415e09BEAd930dc2B23617bD39ceD2C06) has been achieving more than 50% of the total network hash rate at certain times.
In order to prevent potential attacks, Ethereum Classic developers called on the exchanges and mine pools to increase the number of required confirmations on transactions to more than 400 until the issue is resolved. Several exchanges responded; Bitfly confirmed they’ll be increasing the confirmation threshold to the recommended numbers:
“We can confirm that there was a successful 51% attack on the Ethereum Classic (#ETC) network with multiple 100+ block reorganization. We recommend all services to closely monitored the chain and significantly increase required confirmations,” said the exchange.
Coinbase revealed that several instances of 100+ block reorganization and double spending did in fact appear on the ETC network. The total value of the double spends that Coinbase has observed thus far is currently sitting at 219,500 ETC (~$1.1M). At the same time, several mining pools are showing invalid block heights and experiencing orphaned blocks, which are clear signs that the Ethereum Classic blockchain has been tampered with. As of now, Ethereum Classic developers are reportedly working with Slow Mist and many others in the crypto community to find a way to resolve the issue.
- Brave browser shows impressive growth in 2018, hits 5.5 million monthly active users
Popular cryptocurrency project Brave, centered on integrating cryptocurrency with ad-free, safe internet browsing, released their 2018 stats recently. The stats and milestones showcased did imply that the project had a productive year behind it, with strong strides forward made on several fields.
Biggest highlight of the year was certainly the recorded user base growth. According to the numbers presented by Brave the project managed to grow their adoption more than 5 times, as active monthly user numbers grew from 1 million in January of 2018 to 5.5 million that the project currently has. Apparently 80% of this user base is located on Android/iOS platforms, with the remaining 20% coming from desktop users. Further growth is expected in the future, with an even stronger influx of users to come once the browser leaves beta and sees its 1.0 version released.
In other milestones for 2018, Brave saw a steady growth of their verified publisher pool, which clocked at 28 thousand members at the turn of the year. This represented a seven-fold increase from Brave’s January 2018 verified publisher numbers of 4000. Work was done on improving user privacy on the Brave platform, as highlighted by the integration of Tor in Brave browser’s Private Windows, as well as the opening of a Research office in London for future implementations of privacy innovations such as SpeedReader and AdGraph. Some strong partnerships, policy/industry conversations and community relations were a part of the year gone by for Brave; you can check all of that on the project’s official end-of-the-year blog post.
- New XLM-based scam exposed
Reddit user b1tcc brought light to a new scam that is making the rounds on the crypto market. The scam is apparently called StellarPay and is made by the same people who were responsible for similar shady Stellar-based projects like StellarActivity and Stellar Dolphin.
Apparently the scammers are contacting individuals via Reddit, Twitter and other social media platforms, asking them to visit the StellarPay website and join a giveaway of project’s XLB tokens. The scam involves the project offering XLB bounties for anyone who takes some load off their back and promotes the scam online.
“Huge giveaways, empty promises, low effort product with some images, and lots of bounties for people start using their crap token so they could gather a big user base, in the end they exit scammed by shutting everything down after selling some of their supply.”
The scam seems to be a bit more advanced and high-effort this time, differing from the low-effort “enter your private key on our phishing website” scams that were previously ran by the people behind StellarPay. The “team” apparently hired some graphic designers and created a better looking website, and also went to the trouble of stealing their team member pictures from this link. With some bad English sprinkled aside and no intrinsic value behind the XLB token, it’s recommended that the community stays away from this project.