If there’s one thing cryptocurrency is supposed to guarantee, it’s that no one can spend the same coin twice. Every transaction ever made with Bitcoin, for example, is recorded in a database that anyone can access. The database is, and it’s supposed to keep everyone honest.
But there’s a way to get around that rule. On Monday, cryptocurrency trading hub Coinbase said it would no longer facilitate trades in Ethereum Classic because the exchange had determined the cryptocurrency had fallen victim to an attack that let someone spend the same coins twice.
The attack highlights a problem that blockchain experts have known about since the beginning of cryptocurrencies. Virtual coins are only secure as long as people remain honest while maintaining the blockchains that record cryptocurrencies. It’s also a big blow for Ethereum Classic, which can no longer be traded on Coinbase, a major exchange for all kinds of cryptocurrencies.
According to Coinbase security engineer Mark Nesbitt’s blog post, the attackers could spend coins twice because of what’s called a 51 percent attack. To do this, attackers took control of more than half of the processing power that computes and stores the Ethereum Classic blockchain. That let the attackers create alternative transactions for some coins, essentially spending them twice.
A Twitter account for Ethereum Classic said it had detected a problem but didn’t think it was a 51 percent attack and hadn’t seen signs of “double spending” coins. “[Coinbase] allegedly detected double spends but unfortunately did not connect with ETC personnel regarding the attack,” a tweet from the account said Monday. The owners of the account didn’t immediately respond to a request for comment.
The coins that attackers allegedly spent twice were worth about $460,000, Nesbitt wrote. He added that potential for an attack like this one is a problem faced by all cryptocurrencies, and doesn’t mean Ethereum Classic was especially vulnerable.