Expanse (EXP) was 51% attacked
Expanse is a go-ethereum clone that uses Ethash (DaggerHashimoto), the proof-of-work mining algorithm used by upstream Ethereum. It is thus highly succeptible to rental mining attacks with over 70x Expanse's network hashrate available for purchase on Nicehash.
On Monday, 29 Jul 2019 08:05:12 GMT, 63 blocks were removed from the EXP main chain and replaced by 64 attacker blocks. There was one double-spent account/nonce pair in which 200 EXP (~$12) was redirected.
- 200 EXP originally sent to account
- Coins redirected in the fork to
The attacker used various payout accounts for the blocks they mined, but used a single user agent in the extra data field of their blocks:
We note the original destination account of the coins
0xa9ac4dc20cfc42e7c833d328971587e76b718135 has been used prior to this attack with coins subsequently passing via account
0xc41ef552ce503a75bbb3b3c82917df55edcfe54d and then to account
0xc9710872d3e65edbf7f8776829dd7b21f2085e40 that holds ~9.3mil EXP which is around 90% of the total EXP supply. This strongly suggests the victim account was an exchange with significant cold storage of coins. At present Bittrex and Upbit represent ~70% and ~30% respectively of Expanse's trading volume.