Hackers may have just stolen $1 million from the Ethereum Classic blockchain in a “51%” attack

An attack on the Ethereum Classic blockchain may have helped hackers steal around $1.1 million worth of the currency from other users, according to popular cryptocurrency exchange Coinbase.

Ethereum what? Ethereum Classic is the original Ethereum blockchain. In 2016, to counter another, different kind of attack, Ethereum’s developers created a new version of the transaction history that returned $50 million worth of cryptocurrency that had been stolen by a hacker. Not everyone switched, though, and those who kept using the old blockchain make up the Ethereum Classic community. Its market cap is around $500 million, compared with Ethereum’s $15.5 billion. Coinbase began listing Ethereum Classic’s token in August.

Aren’t blockchains unhackable? Not exactly. Bitcoin, Ethereum, Ethereum Classic, and similar blockchain networks are vulnerable to an attack in which one “miner” controls more than 50% of the network’s computing capacity. This theoretically provides an opening to defraud other users by paying them in cryptocurrency before creating an alternate version of the blockchain in which the payment never happens, eventually making the alternative version the authoritative blockchain. That’s what Coinbase says happened in this case (see “How secure is blockchain, really?”).

What now? Coinbase says it “paused interactions” with the compromised blockchain immediately when it noticed the problem on Saturday. The crypto exchange Kraken has also suspended trading. Meanwhile, those running Ethereum Classic’s Twitter feed have asked exchanges to “substantially increase” the amount of time they take to confirm new sets of transactions. There is probably a lot more to come in this story.