Following the two consecutive attacks that hit Ethereum Classic blockchain on August 1 and 6, 2020, popular cryptocurrency exchange OKEx has revealed in detail how the attackers used its platform to steal the funds.
According to a paper published on Saturday, the attack which saw more than 800,000 ETC withdrawn from OKEx was as a result of intricate planning and knowledge of the Ethereum Classic blockchain.
OKEx disclosed that preparations for the hack started on June 26, when the hackers registered five phony accounts on its platform. All five accounts were completely registered on July 9, 2020, OKEx said.
Interestingly, the accounts involved passed through the usual Know-Your-Customer (KYC) verification phase to increase their deposit and withdrawal limits.
After the registration and verification procedures were completed, the hackers deposited a total of 68,230.02 ZEC into the accounts between July 30 and July 31.
On July 31, the attackers traded all deposited ZEC tokens for ETC, which amounted to 807,260 ETC, and were subsequently transferred to an external wallet address.
How OKEx lost the funds
After successfully withdrawing the ETC, the hackers fully launched the 51% attack, which was carried out in three stages including, creating a shadow chain to keep the transactions secret from other miners, double-spending, and the ETC deep chain reorganization.
A 51% attack of a blockchain occurs when miners have more than 50% of a network’s computing power. This gives the miners the power to confirm transactions faster than usual, reverse transactions that were earlier completed, and halt new transactions from being confirmed.
With the shadow chain technique, the attackers added the 807,260 ETC to the transaction history, thus replicating it on both the ETC mainnet and the shadow chain.
OKEx added that the hackers later deposited the stolen funds back to its platform and traded them for 78,900 ZEC, which was immediately withdrawn.
However, this time, the attacker manipulated the transaction to look like the funds were sent to an external wallet address instead of the exchange.
Notably, through this method, the funds were recorded as deposited to OKEx on the ETC mainnet, while it remained on the external wallet address on the ETC shadow chain.
Unfortunately, the confusion led to OKEx incurring a loss of $5.6 million worth of ETC based on its user-protection policy, thus shielding users from the loss.
The exchange further halted deposit and withdrawal service for ETC, as well as blacklisting all five accounts involved in the hack.
Coinfomania reported the incident on August 1 that the Ethereum Classic network had suffered a 3693-block reorg following another 51% attack.
See Also: Anonymous Hacker Returned $100,000 Worth of ETC Following 51% Attack
