Welcome to the decentralized future of money or an epic bubble. Or both.

A wave of fear washed through the cryptocurrency community as Ethereum Classic (ETC)—the original version of the Ethereum network—came under attack.

An unknown perpetrator essentially rolled back and altered transactions on the network. In response, some exchanges have halted transactions in the crypto asset, while others are requiring longer confirmation times to avoid being gamed while processing trades.

So, what happened?

Today, the official Twitter handle for the $550 million ETC network warned of “a possible chain reorganization or double spend attack,” though they noted that “from what we can tell the ETC network is operating normally.” Just seven hours later, though, the handle tweeted again, urging crypto exchanges to be careful processing trades.

To some, Ethereum Classic is the real Ethereum network. After a catastrophic hack threatened to wipe out Ethereum in summer 2016, the network’s developers “forked” the project. Ethereum was split into Ethereum Classic, the original version of the network which allowed the hack to take place, and the new Ethereum where the hack was undone. (The latter is now much bigger and more popular with developers, with a market cap of some $16 billion.)

Soon after the network’s announcement, mining pool operator Etherchain also issued a warning, saying that it identified “a successful 51% attack” on the Ethereum Classic network. Once one party—or parties acting in concert—control more than 50% of a cryptocurrency’s computing power, known in the jargon as the hashrate, bad things can happen.

One ETC miner temporarily had more than 60% of the network’s hash rate, said Donald McIntyre, founder of Etherplan. If one person or group controls more than half of a crypto network’s hash power, it essentially gives the person control over which transactions get processed on the blockchain, allowing them to mine a disproportionately large amount of the network’s blocks, double-spend coins by altering the blockchain, and generally reward themselves unjustly.

According to GasTracker, the suspected malicious miner still possesses 45% of ETC’s hashrate as measured over the past 24 hours. That means that they could score close to $30,000 in ETC block rewards, the payouts a person typically receives for securing the network.

Many of the blocks produced by the suspected miner are empty, meaning that they contain no transactions. Kevin Lord, ETC community manager for blockchain engineering company IOHK, reckons it was “more of a selfish miner rather than a 51% attack.”

But according to major crypto exchange Coinbase, the motives were more sinister. It turns out Coinbase knew about the ETC problem a few days ago, when it spotted some nefarious activity.

“On 1/5/2019, Coinbase detected a deep chain reorganization of the Ethereum Classic blockchain that included a double spend,” according to application security engineer Mark Nesbitt. “In order to protect customer funds, we immediately paused movements of these funds on the ETC blockchain. Subsequent to this event, we detected 8 additional reorganizations that included double spends, totaling 88,500 ETC (~$460,000).”

So, the attacker may have transferred close to $500,000 worth of Ethereum Classic tokens by changing the blockchain’s history, or at least their version of it. Coordination among exchanges to ensure that everyone is utilizing the same ETC history—that is, cutting out the attacker—could wind up being a massive headache.

Broadly, the Ethereum Classic fiasco demonstrates how difficult it is to build a reliable public network. (Bitcoin Gold, a fork of the original cryptocurrency, came under a 51% attack in May last year.) It also exposes the vulnerability of less popular crypto assets—Ethereum Classic is the 18th-largest cryptocurrency, according to CoinMarketCap. Turns out that not all blockchains are immutable.