More

    VeriBlock Foundation Discloses MESS Vulnerability in Ethereum Classic Blockchain | News

    GEORGE TOWN, Cayman Islands, July 8, 2021 /PRNewswire/ — Today, the team behind the VeriBlock® Blockchain project, which extends Bitcoin’s Proof-of-Work (“PoW”) security to the world’s blockchains in an entirely Decentralized, Trustless, Transparent, and Permissionless (“DTTP®”) manner, published details on a critical security vulnerability in Ethereum Classic’s MESS protocol they disclosed to ETC developers last October, prior to the activation of the consensus technology on the mainnet.

    The VeriBlock team intentionally omitted one detail from the disclosure to give ETC devs and their community additional time to deactivate the vulnerable technology before it is exploited in the real world. The viability of the attack can be demonstrated without this detail, and the team will provide a version of the disclosure including the omitted detail to any Ethereum Classic developers who want to investigate the vulnerability further.

    Following a successful 51% attack against Ethereum Classic in January of 2019 and three consecutive attacks in August of 2020, which resulted in the theft of over $5M worth of cryptocurrency, the Ethereum Classic community adopted the MESS (“Modified Exponential Subjective Scoring”) consensus technology on Oct. 11, 2020, in an attempt to prevent future 51% attacks on the network.

    MESS builds on a subjective scoring solution originally proposed in 2014 and expanded upon in 2016 by Ethereum Founder Vitalik Buterin.

    However, the subjective nature of MESS introduced a much more damaging vulnerability, VeriBlock Co-Founder and CTO Maxwell Sanchez explains. “Subjective scoring means two different nodes can permanently disagree on the correct state of the blockchain. Our disclosure explains how an attacker could exploit this subjectivity to permanently fracture the network into disjoint partitions, rendering the blockchain unable to achieve global consensus and perpetually preventing the confirmation of transactions.”

    As the VeriBlock team’s security disclosure demonstrates, an attacker can not only fracture the network but also stabilize the attack over a period of several hours to fabricate a state where Ethereum Classic can no longer converge on a single global blockchain state.

    The team also notes that the vulnerability is not due to an implementation mistake or incorrect parameterization of the protocol, but rather the fundamental nature of technologies like MESS.

    “At the time of discovery last October, the exploit would have cost somewhere around $10K to execute using hashing power readily available on hashrate marketplaces like NiceHash. Today, we estimate the attack could still be executed for less than $50K, and sufficient hashrate is currently available for rental to successfully pull off the attack,” notes Sanchez. 

    In addition to publishing the vulnerability disclosure, the VeriBlock team has also open-sourced their simulation environment, allowing anyone to run a demonstration of the attack themselves to understand how the exploit works.

    “While the economic motivation of a bifurcation attack is much more nuanced than a 51% attack, the existence of derivative markets where attackers could short ETC certainly provide sufficient financial incentive for this type of attack,” explains Sanchez.

    The VeriBlock team also proposed VeriBlock PoP as a 51% attack protection mechanism for ETC approximately six weeks prior to the activation of MESS on ETC Mainnet, and are internally testing a testnet of Ethereum Classic using their own Bitcoin-based Proof-of-Proof security technology (in lieu of MESS) for the ETC community to test, and invites any Ethereum Classic developers interested in further understanding the exploit or anyone interested in helping test VeriBlock-Secured Ethereum Classic to reach out to hello@veriblock.com.

    About the VeriBlock Foundation

    The VeriBlock Foundation is a Cayman Islands nonprofit committed to increasing awareness and adoption of the VeriBlock Blockchain and its Proof-of-Proof security protocol. VeriBlock inherits security from Bitcoin in a completely Decentralized, Trustless, Transparent, and Permissionless (“DTTP®”) manner, following the same attributes that made Bitcoin great, and allows any other blockchain to reinforce their existing security with the full Proof-of-Work power of Bitcoin in the same manner.

    Media Contact

    Alexis Quintal

    alexis@newswire.com

    Related Images

    image1.png

    View original content to download multimedia:https://www.prnewswire.com/news-releases/veriblock-foundation-discloses-mess-vulnerability-in-ethereum-classic-blockchain-301327998.html

    SOURCE VeriBlock, Inc.

    Related articles

    Comments

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here

    Share article

    Latest articles

    ‘It’s going to be very obvious that every bank needs to become a crypto bank,’ says CEO of bank to nab 1st federal charter...

    Happy Thursday! Welcome to Distributed Ledger, our weekly crypto newsletter. I’m Frances Yue, crypto reporter at MarketWatch, and I’ll walk you through the latest...

    Academic research claims ETH is a ‘superior’ store of value to Bitcoin

    Australian university researchers have questioned Bitcoin’s reputation as the best store of value network in cryptocurrency, with Ethereum on track “to becoming the world’s...

    SHIBA INU: What the Charts Say Is Next for Shiba Inu

    It’s been a wild ride for Shiba Inu (CCC:SHIB-USD). The cryptocurrency got hot in early October, then exploded higher at the end of the...

    NEKTR Set to Become the World’s First Pro-Medical Cannabis NFT Gaming Platform

    RICHLAND, Wash., Dec. 2, 2021 /CNW/ -- At a time when most countries still maintain a tough legal regime prohibiting the use and supply...

    WazirX, Presearch and Komodo rally after data shows a surge in user activity

    The characteristically volatile nature of the cryptocurrency market is back in full force on Dec. 2 after the optimism of the past couple of...

    Newsletter

    Subscribe to stay updated.