From July through August, Ethereum Classic suffered three 51% attacks that might have cost the attackers just $3,800 in rented hash power.
So what did Ethereum Classic developers do? They made hash power more expensive.
Ethereum Classic Labs CEO Terry Culver appeared on the Decrypt Daily podcast Monday to explain what ETC Labs and the ETC Core Development Team are calling MESS, or Modified Exponential Subjective Scoring.
“Nodes aren’t designed to distinguish between an attacker chain and an honest mining chain,” he said. “What we’ve done is we’ve created a system by which large reorgs need to have greater difficulty.”
That’s not a problem for legitimate miners, but it’s impractical for malicious actors who would need to show “hash rates sustained over a longer period of time.” If MESS, which was activated on October 10 after successful testing, had been active over the summer, the attacks would have cost $20 million instead of the resale value of a Toyota Corolla, according to an ETC Labs press release.
Hash rate is a measurement of a proof-of-work network’s processing power. Hash rate depends on factors like the mining algorithm, the collective strength of the mining equipment, and user numbers.
In a 51% attack, a bad actor takes control of a majority of the network’s hashing power and thus can make decisions about the network, such as denying, reversing, or modifying transactions. It becomes possible, then, to double-spend funds, which is exactly what happened with ETC.
Culver acknowledged that low hash rate is currently a problem for the ETC blockchain. But the cryptocurrency’s relatively high liquidity creates a perfect storm: “So if you’re an attacker, and you see a combination of access to liquidity, a lot of exchange listings, and low hash rate, it’s a good target.”
Even as ETC developers have taken steps to avert further attacks, ETC Labs has hired lawyers to pursue the perpetrators—but it definitely won’t be rolling back the Ethereum Classic blockchain.
“We’re not pursuing criminal criminal charges as a way to change how blockchain works,” he said. “We’re pursuing criminal charges to deal with people who’ve done something quite simple and that’s been around since as long as civilization has been around, which is steal.”
Culver said legal action needed to be taken to bolster the confidence of investors and users. And he warned other projects not to get complacent about security.
“To look at Ethereum Classic, and to say that you can’t have confidence in it because it was attacked, in a way it’s blaming the victim, I think it shows a complete misunderstanding of how these systems work,” he said. “If you’re in Classic itself, it’s resilient, it’s got a lot of potential, and it’s got a bright future.”