Last week we reported a new type of novel 51% attack that combined overpowering a blockchain with hashing power and DDoS attacking other nodes on the network. The group managed to gain money by selling and double spending coins sent to Bittrex.

Now that same group is at it again, except this time they are extorting and hijacking smaller blockchains for a ransom. Both Shift and Krypton received threats to pay a ransom or have their blockchains hijacked.

The attackers call themselves the “51 Crew” and sent Stephanie Kent, Krypton founder, the following message;

“We have a chain going on Krypton that we can fork at anytime. It is 7000-8000 blocks because Bittrex wallet was down 2 days ago. While we do want to make bitcoin our intention is not to wreck a project.

We have sold our remaining 20,000 kr today and will give be you the opportunity to end us messing with you if you want. We aren’t asking for anything more than would cover our cost.

7 BTC and we will close our fork. That is the price of the 20,000 kr plus the 8000 blocks and mining cost.

If you agree let us know and we will never mess with you again. If not we will fork the 8000 blocks.”

Hijacked Blockchains

Both Shift and Krypton refused to pay the ransom and had their blockchains hijacked by the attackers. Withdrawals and deposits have been disabled on Bittrex until the issue is resolved. Some people who had sent transactions yesterday reported to have lost money.

Both teams are working hard at implementing a solution. Krypton is thinking of switching to proof-of-stake mining as a temporary emergency measure until a longer term solution is found.

It appears the group is specifically targeting smaller Ethereum based blockchains. Some people suspect these attacks are dry runs for Ethereum Classic but it appears that the crew may have a simple profit motive. The likelihood of Ethereum Classic facing a similar attack is very small, due to its higher hashing power, as well as the fact that most attackers tend to seek easy targets.

The entire blockchain industry should take note and study the effects of these attacks to learn from them and strengthen their networks.