Attack On Krypton a 'Dry Run' For Ethereum? -

Attack On Krypton a ‘Dry Run’ For Ethereum?


Smart contracts platform Krypton is recovering from a 51 percent attack this week that saw 21,465 of its tokens exchanged for bitcoin and double-spent.

Also read: Industry Report: Banks Trying to Beat Bitcoin

According to the fledgling project’s founder and project manager Stephanie Kent, the attack was a “two-pronged” effort involving rented hashing power and a DDoS attack on existing nodes to multiply the hashing advantage even further.

The attacker sent more than 21 thousand Krypton (KR) tokens to the Bittrex crypto exchange, sold them for bitcoin, then used the majority hashing power to roll back the transactions.

Financial Return of Krypton Attack Relatively Low

KryptonThe KR token, despite low liquidity, saw a sharp rise in price on exchanges Bittrex and Yobit in the first week of August, reaching a high of around 0.000368 BTC. The value at the time of the attack dropped from that figure, making the double-spend haul in the ballpark of 5 BTC ($2,900 USD).

The Krypton project has reimbursed Bittrex with the missing funds. KR’s price on Bittrex at press time sits just above 0.00020 BTC.

Kent said the attacker(s) bought additional hashing power from online rental service Nicehash, and joined the 4miners mining pool. They simultaneously launched a distributed denial-of-service attack on the Supernova mining pool and Krypton’s statistics servers.

4miners reportedly had 70 percent of network hashing power at the time of the attack.

Warning to Higher-Cap Ethereum Tokens?

Given the relatively low value of the attack, Kent believes the motive was not financial gain but more of a “dry-run,” intended as a proof-of-concept to attack other blockchains based on Ethereum with higher market caps — such as Ethereum Classic.

Questions remain, however, over whether such an attack could scale to the level required to target a much larger network.

Krypton launched in February 2016 as an Ethereum fork with similar goals as a platform for smart contract-based “DAOs” and “Dapps.” Although its KR token trades on the exchanges mentioned above, the project’s team is in the process of re-writing the Krypton Virtual Machine (KVM) from scratch to improve security.

Working on Solutions

KR trading  is frozen on exchanges at press time, along with deposits and withdrawals, while the Krypton team works on both temporary and more permanent solutions.

This could include exchanges increasing withdrawal times to up to 1,000 confirmations, while the Krypton community has bought up additional hashing power to help secure the network.

Longer-term solutions could include a hybrid proof-of-stake mining algorithm to run alongside the current proof-of-work system. This would ensure any attacker would need to own a substantial amount of tokens to harm the network, and overcome what the Krypton team says is inherent weaknesses in the POW-based Ethash algorithm that makes Ethereum-based networks easier to fork or manipulate offline.

Are Ethereum and its derivative networks at any special risk? Or will smaller networks always be in greater danger of attack due to the lower hashing power required?

Source: Crypto Hustle

Images courtesy of Krypton.

Jon Southurst

Jon Southurst

Jon Southurst has been interested in bitcoin since reading Neal Stephenson's 'Cryptonomicon' in 2012. A long-time tech writer, he has been a regular contributor at CoinDesk and has written for, DeepDotWeb and ancient print publications. He lives on an artificial island in Tokyo.

  • Shanny Fournier

    Good job KR & JON SOUTHURST

  • I’d like to thank Team Krypton for the professional manner in which this attack was handled. Everyone from devs to miners worked in concert to quickly identify and mitigate this novel attack vector. You have my deepest admiration. It is my pleasure to work with you. – Stephanie Kent


    So there is no way to track the attacker? Not even through Nicehash?