X

Ethereum Classic cryptocurrency pulled from Coinbase after attack

A hack on the cryptocurrency let attackers spend coins twice.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
See full bio
Laura Hautala
2 min read
James Martin/CNET

If there's one thing cryptocurrency is supposed to guarantee, it's that no one can spend the same coin twice. Every transaction ever made with Bitcoin, for example, is recorded in a database that anyone can access. The database is called a blockchain, and it's supposed to keep everyone honest.

But there's a way to get around that rule. On Monday, cryptocurrency trading hub Coinbase said it would no longer facilitate trades in Ethereum Classic because the exchange had determined the cryptocurrency had fallen victim to an attack that let someone spend the same coins twice.

The attack highlights a problem that blockchain experts have known about since the beginning of cryptocurrencies. Virtual coins are only secure as long as people remain honest while maintaining the blockchains that record cryptocurrencies. It's also a big blow for Ethereum Classic, which can no longer be traded on Coinbase, a major exchange for all kinds of cryptocurrencies.

According to Coinbase security engineer Mark Nesbitt's blog post, the attackers could spend coins twice because of what's called a 51 percent attack. To do this, attackers took control of more than half of the processing power that computes and stores the Ethereum Classic blockchain. That let the attackers create alternative transactions for some coins, essentially spending them twice.

Watch this: What the heck is blockchain?

A Twitter account for Ethereum Classic said it had detected a problem but didn't think it was a 51 percent attack and hadn't seen signs of "double spending" coins. "[Coinbase] allegedly detected double spends but unfortunately did not connect with ETC personnel regarding the attack," a tweet from the account said Monday. The owners of the account didn't immediately respond to a request for comment.

The coins that attackers allegedly spent twice were worth about $460,000, Nesbitt wrote. He added that potential for an attack like this one is a problem faced by all cryptocurrencies, and doesn't mean Ethereum Classic was especially vulnerable.