Cryptocurrency exchange Okex reveals it suffered the $5.6 million loss as a result of the double-spend carried out by the attacker(s) in Ethereum Classic 51% attack. Okex says it fully absorbed the loss as per its user-protection policy while insisting that the attack did not cause any loss to the platform’s users.
Also as part of its immediate responses to the attack, the OKEx team said the “exchange had suspended deposits and withdrawals of ETC to prevent further losses.”
A total of five accounts on the exchange had been used in the attack and now the Okex team says it has “suspended the five accounts to prevent further incidents.”
Immediately following the attack, ETC developers initially downplayed the event by characterising it as an “accident.” At the time, the developers doubted if any major double-spend attacks had occurred.
However, an investigation by a blockchain analysis firm later revealed the “accident” was, in fact, a 51% attack, and that $5.6 million had been stolen. At the same time, reports linking Okex wallets to the incident also surfaced.
Responding to these reports in a blog, the Okex team clarifies that the “exchange was only involved in that the attacker(s) used the exchange to purchase and trade ETC.”
The Okex team also believes the exchange was targeted probably because it “provides excellent ETC liquidity, seeing some of the largest ETC transaction volumes in the industry.”
The blog report suggests that “the attacker(s) likely calculated that they would be able to relatively easily and promptly trade large amounts of ETC on OKEx.”
Regarding more steps it will take, the Okex team said:
“Additionally — given OKEx’s responsibility to protect users from similar incidents that threaten the security of their funds — the exchange will consider delisting ETC, pending the results of the Ethereum Classic community’s work to improve the security of its chain.”
However, the blog post does not give a specific time frame when the ETC community is expected to improve this.
Meanwhile, in his comments on the attack, Tim Ismilyaev, CEO and Founder at Mana Security, says such incidents are “common for less popular blockchains, ETC can’t fix it without significant amendments into their architecture.”
Ismilyaev also offers his view on why Okex still suffered the loss even after the ETC team had advised exchanges to halt deposits and withdrawals soon after the attack. Ismilyaev explains:
ETC’s advice was released after the attack occurred, so Okex couldn’t stop the withdrawal of stolen funds. Noteworthy, the attacker most likely knew how Okex risk management systems work. It allowed him to withdraw stolen funds without being detected. That’s why he deliberately traded assets only on OKEX rather than splitting funds across multiple exchanges to hedge the risks.
With one exchange, Kucoin having delisted ETC margin trading from its platform, the ETC team faces increased pressure to address the security challenges or face more delistings.
Can the ETC team solve the security challenges in time before another delisting? Share your thoughts in the comments section below.