Bitcoin

Coinbase AMA: ‘ETC Was Replay Attacked on Coinbase’

Justin OConnell · @http://twitter.com/justinofconnell | Aug 11, 2016 | 14:09

---

In the wake of the DAO hack, which had dire implications for the Ethereum blockchain, multiple exchanges acknowledged the existence of new alternative tokens, Ether Classic, based on the original Ethereum code. Exchanges accepted the new “ETC.” Ultimately, Coinbase worked towards the same. That decision turned out to be costly, as the exchange found itself in the middle of the war between Ethereum and its “Classic” rival.

Also read: Silk Road Auction Could Help Bitcoin Price Bounce Back

Coinbase Got Replayed

The company did suffer from a costly attack itself as fallout of the Ethereum attack. Coinbase CEO tweeted:

.@petertoddbtc well written! To clear up confusion, 17.5k ETC was replay attacked on Coinbase (~$40k USD) https://t.co/F18LOT9JYh

— Brian Armstrong (@brian_armstrong) August 6, 2016

The biggest news over the past two months in Ethereum, until the $120 million Bitfinex hack, has been the $56 hack of Ethereum incubator, the DAO, and the subsequent mobilization for a hard fork. As the Coinbase example details, the DAO hack had implications for the Bitcoin industry. The hard fork resulted in a split of the original Ethereum chain, and some blockchain participants relaunched the original chain, including the DAO hack.

The chain caught on. It’s been adopted by major crypto currency exchanges such as Poloniex and Shapeshift.io. It’s trading on Poloniex at between twice and four times the number of Ethereum which are trading hands. As the sixth largest crypto-currency suddenly, it’s not for certain whether the Ethereum Classic blockchain – which has a native token trading under ETC – is here to stay. But, so far, it’s made waves.

That includes a replay attack made possible by the hard fork and subsequent ETC chain. The two versions of Ethereum are based on the original code, they simply adopt different histories of transactions. That means that transactions can be broadcast on both chains. Coinbase users tried to withdraw ETH from Coinbase and cash out in ETC on another exchange. They would thus have double the tokens associated with essentially the same code but different transaction histories. Cryptography experts refer to the situation as “totally new” in cryptography.

Coinbase suffered from exactly this attack. In a Reddit AMA held this week, the Coinbase security divulged more information in the wake of a tweet made by Coinbase CEO Brian Armstrong to clear up confusion in the Bitcoin industry.

“[A]pprox $40k USD of ETC was replay attacked against us that we’ve since fully recovered for our customers,” Rob-coinbase wrote. “We assumed the smaller fork would quickly fade and we were wrong. After seeing ETC gain traction we worked through the weekend to split all future ETH moving through our systems. Withdraw based limits and our hot/cold separation protected us from a bigger attack.”

Rob acknowledged new challenges associated with securing new crypto systems. “We invest in redundant systems with overlap like ^ to protect your assets outside of ice cold storage. This was one of the most interesting public replay attacks that I’ve seen and a good example of the creative side of security that can be so exciting.”

What else from this AMA did you find interesting? Let us know in the comments below!

Cover image courtesy of Bloomberg News.