OKEx confirms $5.6M missing following Ethereum Classic attack

OKEx has released a report explaining how the Ethereum Classic 51% attacker stole $5.6 million from the digital currency exchange on August 1. According to the report, the attacker had been planning the attack since late June.

How it happened

From June 26 to July 9 the attacker reportedly created five accounts on OKEx, laying the groundwork for their upcoming attack. Then, from July 30 to July 31, the attacker deposited 68,230.02 ZEC across their five newly registered accounts; later in the day on July 31st, the attacker exchanged their ZEC for 807,260 ETC (worth $5.6 million at the time of action) and subsequently deposited their ETC to an external wallet address. After taking those steps, the attacker was ready to begin the 51% attack.

The attacker allegedly purchased enough hash power from Nicehash provider daggerhashimoto so that they could control 51% of the Ethereum Classic network. When they controlled more than 51% of the hash on the network, the attacker began to “shadow mine” the ETC blockchain, in other words, the hacker was mining the ETC blockchain, but not broadcasting the blocks that they mined to other miners.

With the shadow chain being mined but not broadcasted, the attacker sent their 807,260 ETC back to OKEx, traded all of the ETC for 78,941.356 ZEC, and immediately withdrew their ZEC to an external wallet.

However, while the attacker made this move on the main chain, on the shadow chain, the attacker sent their 807,260 from one external wallet to another external ETC wallet that they controlled.

Once their ZEC withdrawal was confirmed on OKEx, the attacker broadcasted the shadow chain—which was the longest chain with the most hash power supporting it—to the other ETC miners, who quickly accepted that chain as the most valid version of the ETC blockchain. As a result, the ETC that the hacker originally used to buy their 78,941.356 ZEC was back in their possession, and since their ZEC withdrawal had already been confirmed, they had their ZEC as well as their illicit 807,260 ETC secured in their external wallet.

With the funds in hand and OKEx out $5.6 million, the ETC attacker considered their attack a success.

Next steps

After learning of how the attack was executed, OKEx blacklisted all of the addresses associated with the attacker and suspended the attacker’s five OKEx accounts. The exchange has suspended all ETC deposits and withdrawals until the ETC network is considered stable, and plans to increase the confirmation time for ETC transactions in the near future to reduce the size of the attack vector that allowed the ETC 51% attacker to get away successfully.

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.