You can lose it ALL! A must read for Ethereum Whales (either ETC or ETH)
If you own a significant amount of Ethereum you must understand that moving your coins on one chain (ETC or ETH) can have unintended consequences on the other.
This topic has been covered over the last few days by more technical folks, dubbed the "replay attack". Here follows a layman's version for your average non-techie whale.
Calling this a "replay" brings up memories of putting songs on replay on a CD or mp3 player (or cassette for some of us ;). I assure you that it is much more disturbing and worse than having to listen to Celine Dion "My Heart will go one" on constant replay.
Here's the deal. I will try to make this as simple as possible.
DO NOT SEND ANY ETC OR ETH UNTIL YOU ARE 100% SURE YOU HAVE SPLIT THEM TO SEPERATE PRIVATE KEYS.
A simple scenario:
You have created a transaction to either send some ETH or ETC. You broadcast this to the relevant network. Your transaction goes through.
Everything is great right?
Well not necessarily.
Someone can grab the raw signed transaction from the blockchain it was committed to and broadcast it on the other.
If you were just sending ETC to your own address it isn't a threat, you need to do this anyway to separate the funds to different keys.
However, let say that you borrowed 100,000 ETC from someone to short (say they were careful and only sent you ETC). You had them send the 100,000 ETC to an address that contained 100,000 ETH as well. A few days later you return their ETC.
That same transaction can be copied from the ETC blockchain by ANYONE to have your 100,000 ETH sent to the same address you returned the ETC to.
BEFORE ANYONE ELSE CAN DO THAT YOU MUST MAKE A TRANSACTION ON THE OTHER CHAIN TO MOVE THOSE COINS TO AN ADDRESS THAT HAS ANOTHER PRIVATE KEY!
Perhaps if you miss this it might not be an issue if it is someone you know.
But now consider this scenario...
You find yourself owning a ton of ETC that you don't care about. You get a tempting offer from someone in IRC to buy your ETC stash, and you have not segregated (moved) your ETH to another address yet.
You sell your ETC, but at the same time the buyer can take the raw signed tx and broadcast it on the other network and take all of your ETH.
Since you are the one that only has access to your private keys there is no way to prove that you did not intend to also send this person your ETH. Even if you could identify the individual, this is akin to handing out signed blank checks.
YOU MUST ENSURE THAT YOUR ETH AND ETC BALANCES ARE ATTACHED TO DIFFERENT PRIVATE KEYS. THE ONLY WAY TO DO THIS IS TO MOVE BOTH YOURSELF AND VERIFY BEFORE SENDING TO AN ADDRESS YOU DO NOT CONTROL.
-----
If you have concerns talk to a professional.
Some more technical reading on the subject:
https://gist.github.com/taoeffect/c910ebb16d9f6d248e9f1f3c6e10b1b8
https://github.com/ethereumclassic/README/issues/3
https://medium.com/@timonrapp/how-to-deal-with-the-ethereum-replay-attack-3fd44074a6d8#.ttsgvkrtc
http://vessenes.com/do-not-mess-with-eth-classic-it-will-f-you-up/
Thanks to @roelandp for making steemtools.com and @blueorgy for steemimg.com which was used to host the whale and pirate graphic.
Well done, important info put together well. Thanks. This should have more upvotes.
See this is why Steemit is really growing on me. While some are ball aching about the whales pumping shallow posts, I am here catching informative and concise articles.
I might consider diving back into ETH once I received the New Ledger Nano S. BTC has been awfully quiet recently.
Still unsure about the hardware wallets. Keys are still generated by their servers and the recent treznor hackathon got me worried. Feels like subconsciously we're programmed to feel that tangible items "in the hand" are more secure but in this case I disagree.
Cant see anything beating Mycelium or Electrum through TOR.
If only the ethereum community had adopted ideas that BitShares has had regarding transactions as proof of stake then this wouldn't be a problem.
Each and every Steem transaction references a head-block hash and is not valid on any other blockchain or fork.
Ethereum allows for a lot of blockchain reorganizations and migration of transactions from one fork to another.
This could be solved by changing the way transfer scripts are executed in the wallet to certify a recent block or even a checkpoint.
The question is, how much ETH has been lost due to replay attack?
An absolute shit load and we've only just seen the tip of the iceberg. I personally got out of ETH way before the HF and although I got temped to jump back in to ETC to take advantage, it's way too risky.
Happy to sit out, hedge in other assets and invest in some upcoming Dapps on the horizon in the near future.
Bitshares is awesome but their marketing sucks and unfortunately this is 50% of your business.
Thanks for sharing this. I knew to separate ETC and ETH wallets but didn't know you could use the signed transaction and replicate it. My upvote is only worth 3 cents but you deserve it.
Yes I was not aware of this either as the "replay attack" nomenclature didn't sink in until I had read a couple articles and also spoke with a blockchain engineer.
I'd also suggest that if a non-tech whale would like to split their tokens, that they should get in-touch with one of the authors that show how to do this. It might be worth paying a small fee for some professional help.
Nice @decrypt
Shot you an Upvote :)
You only have to worry about this if your messing around with ETC. ETH is perfectly fine and none of this applies to it. Once the next fork comes around it is planned to fix this replay attack.
I do not think that is accurate, it works both ways because it is tied to the private key signing the tx. If I send you some ETH that has not been moved since the fork, you could take that raw signed tx and broadcast it on the ETC network to get some free ETC.
Upvoted
If you send your ETH to Poloniex won't the problem be solved since they will split the ETH into ETH and ETC? Then you can move them where ever you want to. My latest Steemit post is here: https://steemit.com/bitcoin/@bitcoinmeister/bitcoin-price-stability-means-increased-market-cap-how-the-market-values-steemit-will-there-be-another-ethereum-hard-fork
this is also a safe option for those who have a polo account, but it also de-anonymizes your coins :D
Newbie here just trying to learn something. I read it twice and my head hurts. LOL I'm just going to add this to bookmarks and do more research on my own to give me some time to chew on the information overload. And I suppose I'll worry about it when I have something to convert. :)
haha sorry i tried to make it as simple as possible, don't click the links or your head may explode ;)