[News] ACF Report on the stolen AE coins in the 51% attacks

Aeternity success story

The aeternity success story was written last year that despite the two subsequent 51% double spends attacks the following is true:
90% of all stolen coins from the exchanges ended up on Huobi , the only exchange on which the attacks were prevented during the two 51% attacks on aeternity in 2020/2021.

First at all, ACF wants to express its gratitude to Gate.io for their unconditional support during and after the attacks. They proved that an exchange similarly to any bank can take the responsibility of security hacks and support an blockchain unconditionally.

Without the strong support of our Chinese community, @Tina and @LiuYang.chain this success story could not be possible. Aeknown.org build by @LiuYang.chain as grant application proved to be an battle proven, very useful and stable aeternity explorer during the critical time of the attacks.

A detailed survey of the first 51% double spends attack on December 6-7, 2020 was written by @LiuYang.chain at his blog link.
A short report on the second attack can be found in the forum post.

Aeternity is a serious and honest blockchain project. As already mentioned by the core developer @uwiger there is no black door in the blockchain to create coins and replace the stolen ae funds. ACF is an non-profitable organization and cannot offer any financial support to any exchange and user for lost funds. However we offer a constant technical support as well as anti-attack solutions for detection and prevention system against cyber-attacks (security releases, aeCanary, etc.) . Aeternity blockchain is constantly improving and performs stable and secure since the last 51% attack in January 2021.

Stolen AE coins

According to the transaction history, on January 4th, 2022 there was an attempt of moving ca 11 million AE coins by the following addresses:

ak_Dph1PW1JrUPjeqe52p3Yw9JBNhthyV57bwkoUGkHwKEcqNTu6

ak_23DA9kC7uByjQU3dSoAmdvavo7RUafurRJUc3tRn5272xZtxya

ak_2w61QraQDZLrKogA9BoKQWG8SFptrJF88neDD7KbqVwJxrPoga

ak_2v7dz8BrMFfPzvBuMPbP3Q4J41Mokr3yDG9VHwo5jgjJMmivfC

ACF and core developer @dimitar.chain immediately contacted Huobi Exchange, and officially requested to lock accounts that are moving funds. A police record was opened. We are doing all in our power to communicate openly and clearly with all the victims of the 51% attack in order to find the malicious attackers, support the redistribution of the stolen funds and reopen AE deposits on exchanges.

As a reminder, back in January 2021, the fast reaction of the aeternity emergency team, and the community’s prompt action had saved Huobi from the malicious hacker’s attack aimed at them. After the first attack the attacker’s coins were gathered to the following address:

ak_2uj7cgE2q1hkpjVwMjxPSkchHToJLbrxDxqJ2gh74MABGvX4eZ

From this address the attackers moved the coins to various accounts and then sent them to different exchanges. This was their preparation for doing the second attack and their primary target was Huobi. ACF was fast to react and warned the Huobi contacts ASAP. Then the ae team produced the new release to fight off the attack before it unfolded. Thus the second attack was a successfully prevented and no coins were stolen. On the contrary the total of 15,320,261 AE landed in possession of Huobi from the following sender accounts:

ak_qsMbTzuck3JjL3n9RCNcbskGUCNszPNxvJgjpFzoVRaAQpwKU

ak_gaoe8c81YMWiRjA9o85ARhgqVYwnvwHps9cTnmjcZUx2vpEEG

ak_2w61QraQDZLrKogA9BoKQWG8SFptrJF88neDD7KbqVwJxrPoga

ak_2j6D6UwedeqqSy7VcLxaTTo8JaSGcCYj2vBiTJifoxEY4kUdkK

ak_Dph1PW1JrUPjeqe52p3Yw9JBNhthyV57bwkoUGkHwKEcqNTu6

ak_23DA9kC7uByjQU3dSoAmdvavo7RUafurRJUc3tRn5272xZtxya

ak_2XxLf1dXFGV41gmi3QGb6nomcozjWLZRi2q8VCSPYMmXARbdsx

ak_rvTcJ4kaURT8cP7T4vJuH4QiNymLKfiZoK3Y2fS75bGUJLpGG

ak_7PCjVnYSuS8GmkWjhpNxQ4uPPiwGNCwqXtCdBHDuHwMwBmyHZ

ak_2eLgFyDWXz4vtrXMy2aSaft5wmV4KYRhAYoSGmqqckgA5m3dQ8

ak_2v7dz8BrMFfPzvBuMPbP3Q4J41Mokr3yDG9VHwo5jgjJMmivfC

With the last transfer this year of ca.11 million AE to Huobi wallets, that means that more than 26 million AE (of the total 29 million AE stolen) are now kept on accounts/wallets on the Huobi Exchange.

One question remains open - since Huobi was the only exchange from which no coins were stolen due to prompt reaction by the æcommunity, how come today that 90% of all hacked coins are there for more than a year?

ACF could not force Huobi to act and redistribute the stolen AE funds among the involved exchanges last year. However we can and we will continue requesting to blacklist addresses/wallets trying to move stolen AE funds and return the coins to their owners.

We really hope that Huobi will support our efforts to return the stolen funds to the involved exchanges which can further lead to reopening AE deposits on several exchanges.

ACF wants to see æternity users safely and happily trading on all exchanges!

Thanks

We are extremely grateful to the developers @gorbak25, @dimitar.chain, @uwiger and @dincho.chain for their devoted and extraordinary work during and after the attacks and building the anti-attack protection and keeping the blockchain stable.
Special thanks also to @hanssv.chain, @gorbak25, @cytadela8 and @radrow for their excellent contributions to the security improvement of the blockchain towards the hyperchains. Thanks also to all other developers supporting the emergency team.

Did they request the official admission of the Huobi Exchange? I hope you become an issue through various media outlets. Don’t stop by announcing it here.

1 Like

Huobi has been closing ae recharge; 11 million ae transfer to Huobi wallet; it is an official act of the exchange.Now the total Huobi wallet is only 18 million.Does the foundation’s statement mean that Huobi has sold 26 million tokens to its users

The police investigation is ongoing. All involve exchanges can support the case and ask for the coins return from Huobi. Surprisingly some transfers were made to/from locked accounts/wallets on Huobi. An explanation from Huobi on January 4th, 2021 was that they moved funds to hot wallets due to operation reason.

9 Likes

It is undeniable that this double-spend attack was devastating to AE.