In line with Wallebi, Ethereum Classic blockchain experienced two consecutive 51% attacks. The attacks happened on August 1 and August 6. A perpetrator could manage a 51% attack on Ethereum Classic (ETC) and stole $5.6 million from OKEx exchange. Recently, the OKEx published a report and explained the incident. Here we are going to explain that how a hacker stole $5.6 million from OKEx exchange.
The hacker prepared the attack
OKEx explained in its report that the hacker began preparing from Jun 26 by creating five fake accounts on the platform. Interestingly, the hacker verified all five accounts and passes the know-your-customer (KYC) procedure. In fact, he does it purposely in order to increase the withdrawal limits.
It was on July 30, that the hacker deposited around 68,230 ZEC to his account. Meanwhile, he was building a “shadow chain” of the ETC blockchain. It means, he made an alternative record of transactions, which is hidden from other miners.
After that, on July 31, the attacker traded all of his ZEC privacy currency for Ethereum Classic. In return, he received total 807,260 coins, which worth $5.6 million at the time. After that, the hacker transferred all the funds to his external addresses.
How a hacker stole $5.6 million from OKEx; the hacker’s attack started
At the same day, the hacker implemented a 51% attack on ETC network by launching his shadow chain. At this point, both the fake and legit transaction histories include the records of 807,260 ETC being transferred from OKEx to the hacker’s external wallet.
Then, the attacker sent all of his ETC coins back to OKEx platform and traded them for around 78,900 Zcash privacy coins. But, he withdrew them all immediately.
How a hacker stole $5.6 million from OKEx; over 51% of the hash power was under his control
The hacker could get the control of over 51% of the blockchain’s hash power. So, he could mine new blocks faster than other nodes. It made the shadow chain longer than the original ETC history. The lack of clear communication between exchanges, wallets and miners confused the Ethereum community. As a result, the nodes started to mine the malicious shadow chain.
Finally, OKEx blacklisted the addresses, which were used by the hacker and suspended all of his five accounts. In addition, the OKEx planned to increase the confirmation time for ETC transactions in order to make its platform more secure.