Ethereum Classic Reports Security Alert To ETC Users, But It Seems To Be Just A Misunderstanding

A recent announcement from the developers for Ethereum Classic has Twitter abuzz with concerns.

The announcement, which was written by founder and CTO Igor Artamonov, starts by announcing a security alert.

The post says:

“Someone took admin control of Ethereum Classic community organization with Classic Geth and removed all other admins. This is an important security issue and we do not know the intentions of the person or persons who have taken admin control of the Ethereum Classic community organization. We recommend that you DO NOT download Classic Geth until this issue is resolved.”

The warning prompted responses from Twitter fairly quickly, which is to be expected when this type of security breach is announced.

Though there were a few concerns, a user named “darcy.reno” commented:

https://twitter.com/darcydangerreno/status/1068576559911432192

Darcy.reno’s comment seemed to be validated by the director of ETC Cooperative. Reposting the comment, he added:

We are in contact with GitHub and working to regain control. The user who took ownership has not made any changes to any repositories as of the time of this tweet.

However, as the note indicates, please proceed with caution. https://t.co/ZrJdoyol0S

— Anthony Lusardi 🍕🥯 (@pyskell) November 30, 2018

A post right after said that the control was assigned to a user on GitHub named “krykoder,” aiming to avoid alerting the user so that he didn’t take “nefarious action.”

To further clarify, the director specifically said that there was only a misunderstanding in ownership and that the user was alerted of the issue to resolve it. As of 11:00 am PST, it seems that everything is corrected.

The director posted,

All is fine now. Issue and an incredible amount of unnecessary drama is resolved. Hooray!https://t.co/xbNOnoMdgs

— Anthony Lusardi 🍕🥯 (@pyskell) November 30, 2018

In a time where social media seems like the best place to resolve these kinds of issues, perhaps the best way to notify users next time, at least to reduce the risks they had here, is through email. In fact, even with a resolution in under three hours, it might not be too bold to say the issue could’ve been resolved faster without the ensuing “drama” around it.