A tale of attack and recovery

Æternity emerges stronger from a recent crisis. Community fights back against malicious attacks and advances hyperchains

Fast community response and coordination with mining pools and exchanges halt 51% attacks on the network. 29 million stolen Æ tokens locked and recuperated. Development team feverishly advances hyperchains to use Bitcoin as a parent chain in order to prevent such attacks in the future.

The rapidly growing blockchain space thrives because of the communities that work together tirelessly to improve and protect it. But despite this strong sense of community, there are occasionally dishonest “crypto pirates” who try to maliciously take over by achieving 51% attacks on popular blockchain networks. æternity blockchain recently experienced multiple sieges against its network, but because of the heroic response by the community, not one of these malicious attacks prevailed. æternity is now stronger than ever.

The real and frightening threat of 51% attacks is a feature, not a bug, of open permissionless blockchains based on Proof of Work such as æternity. If a 51% attack is successful, the attackers would have the power to prevent new transactions from being confirmed, which allows them to halt payments between users. They would also be able to undo transactions that took place while they were in control of the network, allowing them to double spend coins.

The first attack occurred the evening of December 5, 2020. A group of miners began mining blocks for an unknown beneficiary, controlling more than 51% of the hash power of the æternity network. The attack started with a sudden and steep drop in hashrate, which went undetected until a large amount of empty blocks were constantly being mined. After a thorough investigation by the Æternity Crypto Foundation development team, it was evident that the attack was deliberate and targeted specific exchanges (OKEx, Huobi, Gate.IO and Binance). After consideration and coordination with miners and exchanges, the beneficiary address was blacklisted and will be monitored going forward.

Less than a month later, on January 3, 2021, there was another attack on æternity. This time the target was the æternity Community Telegram group. The group became compromised, leaving almost all of the community members blocked, banned, and removed from the group. Over 6,900 members were deleted and there was only one action that could safely and securely unblock the users with confidence. The community leaders took the time to review each member, undertaking additional, time-consuming, security precautions. Less than two weeks later, 10% of the original 6,900 members have rejoined, voicing their utmost support, and giving suggestions on how to prevent similar attacks in the future.

Days later, on January 8, there was a third attempted attack on the aeternity community. An unknown miner began to mine a secret chain and started to use the 29 million Æ that were stolen from the December attack in an attempt of yet another double-spend attack against exchanges. The attack was not successful, thanks to a Chinese community member who was able to detect a small mining test made by the attacker on æ mainnet. Because this member of the community was able to bring the issue to light, coordination with the exchanges began immediately. As a result, withdrawal and exchange of those 29 million tokens was avoided.

This third attack was combated by the strong community that supports the æternity network. When the attacker started to disclose his secret chain to the rest of the network and tried to roll back the original transactions to crypto exchanges, community miners and exchanges were already taking measures to defend themselves. They were able to create, release, and rapidly distribute an emergency node software among exchanges, miners, and the community to move from the attacker’s fork to the legitimate community. This invalidated the malicious transaction history in the attacker’s fork, which attempted to roll back the exchange transactions.

Not only did the ecosystem respond quickly and effectively, but also that a substantial amount of community members started renting hashing power to be able to mine in the community fork, which allowed them to help neutralize the 51% attack. This act of community ultimately impelled the attacker to retrieve his hashing power and abandon the malicious fork, wrestling in the lock of the 29MM æ tokens from the first attack.

When the core development team learned of the attacks, they immediately investigated and confirmed that the 51% attacks happened, and subsequently the exchanges and mining pools were informed. This method of direct, honest, open communication, and active participation was imperative in finding a quick yet healthy solution. When mitigating the damage caused by 51% attacks, it is of the utmost importance for exchanges, blockchain platforms, and trusted miners to work hand-in-hand.

51% attacks can cause miners to shy away from supporting victimized blockchains, but it is essential to understand that dropping out only causes the hash rate to drop, ultimately making networks more susceptible to 51% attacks. This will be true, unless an approach leveraging the benefits of PoW and PoS (without its respective drawbacks) comes to fruition.

Apart from these recent 51% attacks, this is not the first time the æternity community has suffered due to people acting with ill intent. Back in 2017, the community was hit by the parity multisig hack in which 150k ETH were stolen, 80k of them coming from æternity contributors. 20% of those ETH were and still are offered as reward for returning the stolen funds.

Leveraging the highest security in the crypto ecosystem- What is next for AE?

The 51% attack is a threat that the æternity crypto foundation has been working to minimize for the last 8 months, based on the concept published by æternity Founder Yanislav Malahov back in 2016. Even before these attacks, the Æternity Crypto Foundation started an initiative to implement hyperchains. Hyperchains are PoS systems that rely on existing PoW networks for security. According to Malahov,”In this way, we can leverage the mainnet for PoW while also using PoS to improve privacy and scalability for the entire network.”

Hyperchains are a convenient recourse to prevent 51% attacks. They prevent such problems from happening again by anchoring PoS to a highly secure network. Hyperchains allow for a PoS child chain to be created using the block hash of a PoW parent chain as a source of randomness. They are designed to allow anyone to deploy a new or existing blockchain in a PoS fashion, anchoring the leaders election to a PoW parent chain, which has a prohibitive amount of hashing power to be 51% attacked. To have chances to validate blocks in the PoS child chain, a Bitcoin transaction containing a commitment on the state of the child chain should be published to be eligible to write the transaction history happening in the child PoS chain until the next block in the parent chain is solved and a new leader is elected. More detailed information on Hyperchains can be found in this white paper.

The first deployment of hyperchains will happen following a positive governance vote. They will be anchored to the most powerful and secure PoW network, Bitcoin. This comes as a contribution from the æternity ecosystem intended to enhance the value and utility of the original blockchain, and to leverage its hashing power to make aeternity stronger. This will allow æternity to reach its full potential as a smart contract platform. æternity’s entire Erlang-based protocol implementation, oracles, state channels, and naming service, will be secured by the most powerful distributed computing network on Earth.

The full operation of aeternity blockchain as a Bitcoin child chain is not ready to be deployed immediately and independently of the efforts to onboard more hashing power. The æternity blockchain is in a transition phase in which security under the current consensus mechanism must be enforced, and temporary countermeasures to prevent æternity network from 51% attacks will be taken and soon disclosed and opened for voting.

The æternity community is not in any way discouraged by these attacks, but instead more determined than ever to achieve mass adoption and overcome all the difficulties caused by malicious actors.


Get in touch: GitHub | Forum | Reddit | Twitter | YouTube| LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *