The Ethereum (ETH) network was apparently the target of a coordinated attack, according to several analysts.
Following reports that some Parity Ethereum nodes lost sync with the network, on Dec. 31, core blockchain infrastructure company Parity Technology said it believed there was an attack underway and subsequently released network upgrades to protect against it.
According to cryptocurrency security consultant Sergio Demian Lerner, the attack was implemented in a simple way, wherein “you send to a Parity node a block with invalid transactions, but valid header (borrowed from another block). The node will mark the block header as invalid and ban this block header forever but the header is still valid.”
Software developer Liam Aharon analyzed the attack, concluding that it was close to taking down the entire network and that Ethereum could become much more vulnerable to similar attacks in the upcoming year.
Per Aharon, the attack did not manage to bring down the entire network because it has a client dubbed Geth, which is immune to the attack. However, taking into account Parity’s intention to transition Parity Ethereum to a DAO ownership and maintainer model, Geth could become the only well-maintained client in 2020, he said.
“If this scenario came true, attacks similar to today's would devastate the network, instead of just being inconvenient,’ Aharon further wrote.
Efforts to fix vulnerabilities in the Ethereum network
During the past year, Parity has released multiple updates geared to fixing node vulnerability. In March, Parity CEO Jutta Steiner said that the new controversial Create2 Ethereum function would have prevented the Parity multisig freeze, following an incident when a user “accidentally killed” the Parity multisig library by activating a vulnerability to become the owner of the library, and then self-destructing it.
In May, global hacking research collective SRLabs claimed that only two-thirds of the Ethereum client software that ran on Ethereum nodes had been patched against a critical security flaw discovered earlier this year. The data reportedly indicated that unpatched Parity nodes comprised 15% of all scanned nodes — implying that 15% of all Ethereum nodes were vulnerable to a potential 51% attack.
Other recent attacks
On Dec. 29, holders of IOTA were unable to confirm transactions for 24 hours due to a mainnet incident caused by an unusual set of transactions that may have been constructed as an attack. The Iota Foundation emphasized that the incident had not been caused by software changes or any other components of the network, but rather occurred due to the “absence of transaction processing logic for an unusual set of transactions.”