Author | Qin Xiaofeng
Editor | Hao Fangzhou
Produced | Odaily
Author | Qin XiaofengAeternity(AE)Editor | Hao Fangzhou
Produced | Odaily
On December 8, the old public chain
The official Twitter confirmed that it was attacked by 51%.
However, according to core members of the Aeternity community, the attack was mainly focused on leading exchanges and mining pools (OKEx, Gate, Binance), and more than 39 million AE tokens (worth over $5 million) were lost.
As of press time, the price of AE was temporarily at $0.13; in the past 72 hours, the cumulative drop was close to 40%; in the past 24 hours, the drop was more than 10%.
From ETC, Grin to AE, 51% attacks have emerged in an endless stream this year. Is it a long-standing defect in consensus and computing power distribution, or is it a hacker's timing "missing"? Who will be the next victim? How can similar risks be avoided?
secondary title
(1) Event review: It is difficult for hackers to realize
Since December 7th, many Aeternity currency holders have discovered that some exchanges that listed AE tokens have suspended the deposit and withdrawal of AE, but did not explain the reason.
Due to the recent good trend of AE, some currency holders said with a smile: "Wallet maintenance is for pulling market."
But soon, the dream of pulling the plate was shattered. On December 8, in the Aeternity overseas telegram group and the Chinese community, many users reported that the AE assets on the exchange were cleared, and AE was suspected of suffering a 51% double-spending attack.
At noon on December 8, the AE official team confirmed the authenticity of the attack in a tweet, but did not mention the specific reasons and losses.hello@aeternity-foundation.organdsecurity@aeternity-foundation.organd
according tomedia, damaged users can communicate with the team.
according tomediaAccording to the report, core members of the Aeternity community disclosed that the attack was mainly focused on the top exchanges and mining pools OKEx, Gate, and Binance, and more than 39 million AE tokens (worth more than $5 million) were lost. Huobi responded today that it has not been attacked by Aeternity's 51% double-spending attack and has not suffered any loss of funds.
Aeternity Community KOI
"Liu Shao"
Introduced the attack process:
The attacker first collected 27.52 million AE through more than half a year;
Open an account with more than N small accounts on the exchange, prepare more than 27 million AE receiving funds, and recharge USDT and other assets into the small account by yourself;
Initiate double spending, charge "fake currency" into the OKEx exchange, smash the fake AE by yourself to pick up the order for your own trumpet, and the trumpet will withdraw the real OKEx AE to various exchanges to smash the trade.
The host of the AE Chaohua community, "February Honghong", said that the hackers in this 51% attack may find it difficult to cash in.
In the past, hackers usually took away BTC and sent them to foreign exchanges. It was difficult to be held accountable by law. However, AE has deep exchanges, all of which are domestic. Domestic exchanges realize USDT, and all have real-name authentication. responsibility is easier.
"If you really cashed out tens of millions of credits, basically you will be sentenced to life in ten years if you catch it. I don't know if the attacker will tremble when he thinks back. The case of the Plustoken wallet is still vivid in my mind. Blockchain crimes It’s not a place outside the law, especially for big miners in China, once caught, how to deal with it depends not on the attitude of the team, but on the attitude of the exchange, whether to admit it or call the police.”
Odaily found that the current three major exchanges and related exchanges that launched AE have suspended withdrawals. Affected by the attack, in the past 72 hours, the cumulative drop was close to 40%; in the past 24 hours, the drop was more than 10%. As of press time, the price of AE was temporarily reported at $0.13.
At present, neither the community nor the official team has proposed a fork. Moreover, the attack loss is not completely unbearable compared to the entire AE market value. Therefore, forks are unlikely.
The second is whether the official will pay for the losses caused by this attack?
Since the loss this time is mainly concentrated on the exchange, according to past experience, it is usually the exchange that thinks it is unlucky and bears it by itself. Ordinary currency holders do not need to worry too much for the time being. As for the plan adopted by the exchange, we can only wait for the follow-up progress.
secondary title(2) Why do 51% attacks occur frequently?AE is not the only victim. Since the beginning of this year, multiple blockchain projects have suffered 51% double-spending attacks.
From January to February this year,
BTG network
Suffered from double-spending attacks many times, and the loss reached more than 50,000 US dollars. From July to August, Ethereum Classic (ETC) suffered three 51% attacks, resulting in losses of tens of millions of dollars. OKEx once considered delisting ETC from the exchange. On November 8th, Grin Network was attacked by 51%, and due to the timely response, no losses were caused.
How did the frequent double-spend attacks occur?
For example, ETC, BTG, and AE are all old blockchain projects in the past few years, and the popularity of the projects has dropped severely. Of course, there are also some targeted new projects that have not yet gathered enough consensus and computing power, and have been "educated" by hackers.
according toFrom the perspective of specific implementation, as the computing power of the attacked network decreases, the attacker obtains enough computing power to attack by renting computing power, and the attack cost is low, and the income can cover the cost.Taking the Grin attack as an example, it is very likely that the computing power on the Nicehash platform was rented. “Grin’s network computing power has increased significantly in a short period of time. It is worth noting that this coincides with the doubling of the Nicehash rate, and currently more than 50% of the network’s computing power is outside the known pool.” Grin’s official announcement stated.
according to
, At present, there are many currencies on the Nicehash platform that can rent computing power that exceeds the existing network computing power, and the attack cost for an hour is only a few dollars. This means that there is a high probability of a 51% attack on these projects. As follows:
Of course, rentable computing power is only one consideration. Due to the poor liquidity and low prices of some projects, the income from hacking attacks will also be affected, so they will not be regarded as the first choice.
Back to this AE attack, the attack cost per hour on the Nicehash platform is $324, but the rentable computing power only accounts for 5% of the network. In other words, this attack was largely the work of the "inner ghost" who was running the network, rather than renting computing power from outside.
secondary title
(3) How to avoid double-spending attacks?
In the crypto51 website, several ways for projects to avoid double-spending attacks are given:OdaiyOne is to migrate small projects to large-scale blockchain development such as Ethereum. Due to the high attack cost of Ethereum, it is difficult to be attacked.
The second is to upgrade the mining algorithm or system. For example, the ETC team has established a system called MESS, which can prevent 51% attacks by treating large block reorganizations as suspicious objects and greatly increasing their cost and difficulty of large reorganizations.
The third is to upgrade from POW to POS. according to
According to previous statistics, POS can effectively increase the threshold for generating 51% attacks. Under the current situation of concentrated computing power, PoS is more secure than PoW.
However, just like some emerging digital currencies with smaller computing power in the entire network, digital currencies with PoS consensus algorithms are also vulnerable to 51% attacks in the initial stage, because the total amount of stake on the chain is small at the beginning, and 51% attacks occur The required funds are correspondingly relatively small, so it is necessary to strengthen security protection during the initial launch and prepare countermeasures in advance.
For exchanges and mining pools, it is possible to increase the number of recharge confirmations, establish a more robust monitoring and rapid response system, and provide early warning.
