Inherent to the design of the blockchain is the principle of democracy, that all honest nodes agree upon the longest chain to be the source of truth. As such, any blockchain is susceptible to a majority attack, where an attacker gains 51% of the hashing power of the blockchain and is able to perform double-spend attacks on the blockchain.

There was an instance of such an attack on Ethereum Classic between 29 Jul 2020 and 1 Aug 2020, however, not much details were known, beyond the fact that the attacker purchased hashing power from a user on cryptocurrency mining platform, Nicehash.

The attacker, known by his address,  0x75d1e5477f1fdaad6e0e3d433ab69b08c482f14e, generated over 3500 blocks, forking from blocks 10904146 till 10907740  and then broadcasting them afterwards.

During the attack, the attacker double-spent over 800,000 ETC.  Based on my research and understanding, it appears that since what the attacker performed was considered technically legitimate but morally wrong, no changes were made to the Ethereum Classic blockchain software to resolve this attack.