According to a recent document published by Bleutrade, there was a double-spend on the Htmlcoin chain against the exchange earlier this year. According to the exchange, they contacted the development team about implementing changes which could have prevented this from happening. What the attacker essentially…
According to a recent document published by Bleutrade, there was a double-spend on the Htmlcoin chain against the exchange earlier this year. According to the exchange, they contacted the development team about implementing changes which could have prevented this from happening.
What the attacker essentially did was deposit with a transaction he intended to double-spend, and then withdraw good coins from the exchange, thereby basically doubling his supply of coins. As soon as he made the withdrawal, he republished the blockchain with a more-than 51% attack, making the coins now all go to his wallet, instead of any coins having ever been sent to the exchange, but only the exchange having sent coins to the wallet.
Bleutrade says this would not have happened if the Htmlcoin wallet were designed differently, and notes that other coins of a similar age have experienced similar problems. The document also addresses a lethargic development response. Even after the team submitted changes, the exchange informed them that these changes were not sufficient. The whole thing is problematic in that the exchange should simply implement insanely high deposit confirmation requirements. This is the only way for exchanges to respond to coins that have blockchain issuses, big coins included. Bad things can happen if you play it fast and loose, and in this case, they did.
Html5coin blockchain experienced a double spend attack between April 25 and 26, 2017. This attack caused two large transactions with dozens of confirmations to be unduly erased from the current blockchain, causing an insolvency in the exchange. […] The double-spend attack is only successful if the attacker has more than 51% of the network’s mining power to be able to replace the current blockchain with another of his choice. Similar attacks have already occurred with Virtacoin, Ambercoin, Vertcoin, CannabisCoin and e-Gulden, this type of attack is becoming common with outdated coins and few miners and several exchanges are suffering because of this.
For their part, Htmlcoin’s team have warned people to only use Bleutrade, writing in an e-mail blast:
Our team is working hard on the following update: (a) Implement 10 minutes block (b) Implement 115 confirmations.
However, Bleutrade still came out with this document, although later after negotiations they re-enabled Htmlcoin deposits. It seems the Htmlcoin team did genuinely want to support Bleutrade in figuring out the best way forward. According to the trading page on Bleutrade, the developers have now created a new version of the wallet which will comply with their demands, and deposits have been re-enabled. Nevertheless, these problems could have been foreseen by either party, and something could have been done.
This author himself is working on an instant exchange, and one of the coins that is being implemented has been known to have serious blockchain issues. As such, the exchange will simply require 60 confirmations from that chain. With any luck, it will only encourage the chain to act more appropriately in the future. Htmlcoin will have to be treated in the same way by exchanges moving forward, and other coins should be forced to implement the same changes, such that these types of attacks not only become more rare, but ultimately, it would be best if they became impossible.
Htmlcoin wrote in a recent post on the subject:
HTMLCOIN is swapping this 2017 with a new feature that includes the many applications of “Smart Contracts” and the security provided by “Real-Time Checkpointing.”
All coins in the three (3) exchange sites are safe and will be swap to a stronger version, with all the latest features of the leading cryptocurrency in the market. This huge step that we are undertaking will make our coin relevant and responsive to the demand of the “Internet of Things.”
Current owners of HTMLCOIN will now be able to swap to at ratios between 1:1. Late swapper will be at the ratio of 1:2 or less, depending on the time. The further you swap from the scheduled date, the lower the swap ratio will be.
Cryptocurrency exchanges Bleutrade, YoBit, and CoinGather are currently preparing to facilitate the swaps.
So it seems that things have wrapped up neatly with this particular coin, but all coins will also have to undergo changes if they are going to remain in circulation.
Featured image from Shutterstock.
Last modified: January 25, 2020 12:06 AM UTC