Krypton, an Ethereum based blockchain, recovered from a novel version of a 51% attack which appears to be the first of its kind.

The exploit includes a two pronged attack: first prong was, overpowering the network with at least 51% of the hashing power to roll back transactions and spend the same coins twice, and the second prong was DDoS-ing nodes to multiply network power. This exploit should be understood by all smaller coins to prevent copycat attacks.

The attackers managed to steal around 21,465 KR from Bittrex by double spending on the network. The attackers did this by sending KR to Bittrex, sold them for bitcoin and then rolled back the blockchain to reverse the transaction. Supernova mining pool and Krypton stats servers were also DDoS attacked to give the malicious miners an edge over the network.

The miners rented extra hashing power from Nicehash and used 4miners pool to conduct the attack. KR deposits and withdrawals are frozen on Bittrex and Yobit, pending confirmation that all work arounds have been successfully implemented.


This attack may be a “dry run” intended as proof of concept before targeting other Ethereum based blockchains. Shift, another Ethereum type coin, was also targeted by a similar 51% attack last week.

Ethereum based blockchains are being targeted predominantly because they’re easy to fork and manipulate offline, while being used in conjunction with DDoS attacks.

It is suspected that the attackers may be using these lower cap coins as a testnet before targeting Ethereum Classic. This attack may be more difficult to scale up because of ETC’s larger aggregated hashing power.


The Krypton and Shift core development teams have been working to resolve the problem.  Krypton has resolved the issue of lost funds due to the attack and suggested to Bittrex to increase KR withdrawal times to 1000 confirmations, to mitigate the risk of rolling back the network for another double spend. Deposits and withdrawals are expected to be re-enabled upon implementation of the above noted workarounds.

The Krypton community also stepped in to purchase additional hashing power and spread it across multiple pools. Bittrex also upgraded their Krypton client code to fix a caching bug with the new KR block explorer.

Potentially affected blockchains may consider merging POS with POW, because doing so may require the attackers to own coins prior to mounting their attack, thus increasing the barriers to a 51% attack. Node operators should be mindful of behaviour suggesting a DDoS as a signal that a 51% attack may be attempted.

This article was originally written by Rocky and appeared in his blog, Crypto Hustle. permalink It was reprinted with the kind permission of the Rocky. Thanks, Rocky! :)

Leave a Reply