Share this article
Security Firm Asks Exchanges to Help It Find Ethereum Classic 'Attacker'
Security firm SlowMist has come out with a public analysis of the latest chain attacks seen on ethereum classic.
Updated Sep 13, 2021, 8:44 a.m. Published Jan 9, 2019, 4:51 p.m.
China-based security firm SlowMist has claimed that it has enough evidence to locate the culprit behind recent chain attacks on ethereum classic.
In a Medium article published Wednesday, SlowMist summarized the bulk of their analysis on ethereum classic, specifying the three wallet addresses and four transaction hashes that launched the two-day block reorganization (reorg) attacks on the network. The company also corroborated information released by cryptocurrency exchange Coinbase.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
Both SlowMist and Coinbase said double spends have occurred as a result of block reorgs, with SlowMist contending that a total of seven transactions were rolled back from the network and 54,200 ETC (almost $270,000) spent a second time.
Affirming that these attacks to have started as early as Saturday 19:58 UTC, the company highlights that similar attacks on the network have now stopped, with the last documented one occurring Tuesday at 4:30 UTC.
SlowMist further said that it is still seeking to find out where exactly the identified addresses are located, which the firm said can be deduced "if the relevant exchanges are willing to assist."
Speaking to CoinDesk, SlowMist identified Gate.io, Bitrue and Binance as the exchanges they’re looking to work with in order to locate the attacker.
When asked to elaborate on the exact information beyond geography SlowMist is looking to identify about those behind the attack, the team responded in an email they could not disclose such information, calling it "a secret."
Both Gate.io and Bitrue have issued public statements on their official Twitter accounts claiming 40,000 ETC and 13,000 ETC in double spends on their respective exchange platforms.
Ethereum classic developers are working closely with the SlowMist team to identify the origin of these attacks and will be meeting today during a private Discord call at 5 p.m. UTC to discuss actionable items moving forward.
In advance of this meeting, ethereum classic developers tweeted a summary of current priorities for the community, emphasizing that "we will not reorg the chain or revert the events on chain under any circumstance."
Map image via Shutterstock
Wolfie Zhao contributed reporting.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Bitcoin’s Long-Term Holders Hit Cyclical Low as Sell Pressure Finally Eases
Long-term holder supply bottomed when bitcoin sank to $80K, signaling that the wave of spot-driven selling may be nearing exhaustion as prices rebound to $90K.
What to know:
- Long-term holder supply fell to 14.33M BTC in November, its lowest level since March, coinciding with bitcoin’s $80K correction low.
- The rebound to $90K suggests the bulk of spot-driven selling from seasoned holders has passed after a 36% peak-to-trough decline.
- Unlike prior cycles, LTH behavior in 2025 shows more measured distribution rather than blow-off-top capitulation, signaling a shift in market structure.
Top Stories
