Skip to content

Instantly share code, notes, and snippets.

@metalicjames metalicjames/
Last active Jul 30, 2019

What would you like to do?

Expanse (EXP) was 51% attacked


Expanse is a go-ethereum clone that uses Ethash (DaggerHashimoto), the proof-of-work mining algorithm used by upstream Ethereum. It is thus highly succeptible to rental mining attacks with over 70x Expanse's network hashrate available for purchase on Nicehash.

The Attack

On Monday, 29 Jul 2019 08:05:12 GMT, 63 blocks were removed from the EXP main chain and replaced by 64 attacker blocks. There was one double-spent account/nonce pair in which 200 EXP (~$12) was redirected.

The attacker used various payout accounts for the blocks they mined, but used a single user agent in the extra data field of their blocks: 010817/geth/go1.11.2/linux.

We note the original destination account of the coins 0xa9ac4dc20cfc42e7c833d328971587e76b718135 has been used prior to this attack with coins subsequently passing via account 0xc41ef552ce503a75bbb3b3c82917df55edcfe54d and then to account 0xc9710872d3e65edbf7f8776829dd7b21f2085e40 that holds ~9.3mil EXP which is around 90% of the total EXP supply. This strongly suggests the victim account was an exchange with significant cold storage of coins. At present Bittrex and Upbit represent ~70% and ~30% respectively of Expanse's trading volume.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.