A blockchain security research firm called Slowmist has released a full report on the attack that recently took place against Ethereum Classic. The report indicates that several exchanges are the victims of a concerted 51% attack.
Notably, the researchers report that the attack begins January 5th at 19:58:15 UTC. Days pass before anyone notices. The attacker dupes several exchanges in the process including Coinbase, Bitrue, and Gate.io. The analysis focuses heavily on Bitrue. Central to the attack was the owner of address 0x24fdd25367e4a7ae25eef779652d5f1b336e31da. The earliest movement is a little over 5,000 ETC from Binance to this address.