Skip to main content

So, Ethereum's Blockchain is Still Under Attack…

You might not have noticed, but ethereum is under attack.

What began over two weeks ago with spam attacks that led to large-scale ethereum node outages has escalated into a battle that has pitted the platform's developers against unknown antagonists. This might sound like an exciting Hollywood movie, but it's mostly been carried out on message boards and with code.

Shots were first fired at ethereum's big developer conference, Devcon2, with a mysterious message written in German and delivered via transaction method payload. The message said "Go home", but to those who have been following the network's contentious changes this summer, the full meaning was clear.

Since then, block creation and transactions have continued to be impacted, with nodes syncing up to the network more slowly. But while various fixes have since been implemented, the attacker continues to find vulnerabilities to exploit and, in turn, create new ways to launch denial-of-service (DoS) attacks.

The result: the network is being flooded with transaction spam.

Blockstack co-founder Muneeb Ali called it a "cat-and-mouse game" that could potentially continue to slow down transactions on the network, the second most popular by market cap.

Most of the attacks have thus far affected nodes running the Go-version ethereum client (Geth), the most popular implementation of ethereum, though Parity, an alternative client released at the conference, has been impacted in some instances.

The latest release, called "Dear Diary", aims to stop the "root cause" of many of the attacks with a technique called "journalling."

Anatomy of an attack

One problem that has emerged for client developers is that those behind the attack are constantly switching their tactics.

The attacker or attackers are deploying smart contracts to the ethereum blockchain, and then committing transactions that impact how clients handle data, slowing them down to the point that blocks and transactions become delayed.

(For a peek into what's going on, see the barrage of small transactions sent by the attacker to overwhelm the network).

The first line of attack targeted an out-of-memory bug, which the Geth team moved to fix in a subsequent software update.

"In ethereum one of the challenges is that we have this huge database that grows much faster for example than bitcoin," said ethereum developer PƩter SzilƔgyi, who works on Geth, adding that the attackers have taken advantage of this issue.

"We never thought about this attack vector," he added.

The focus on Geth has prompted some users to spin up nodes using Parity. In the wake of the first attacks, most miners made the switch.

However, Geth is still by far the most popular client, numbering nearly 7,000 nodes compared to Parity's 900, although the numbers are constantly fluctuating.

Meanwhile, Ethereum Foundation IT consultant Hudson Jameson chose to emphasize that the Geth team has been able to fix every issue that's been thrown at it so far. This argument was also stressed by ethereum miner Jonathan Toomim, who called the fixes, deployed within days, "impressive".

"The network will go on, and these nuisance attacks will stop eventually," he reasoned.

Yet for how long remains unclear. Each time Geth or Parity releases an update, the attacker finds a new vulnerability.

Those behind the attacks don't seem to mind the cost of doing so, having spent thousands of dollars worth of ether – the cryptocurrency of the ethereum network – to fuel the attacks.

"To date, the attacker has spent over $3,000 worth of ether, solely in gas-costs," Jameson estimated.

Impact on users

Many argue that the attacks are an inevitable result of the way ethereum is designed, and that it has a  "large attack surface."

More on-platform capabilities means that there are more opportunities for trouble, at least compared to other blockchain networks, which are less ambitious..

"The larger problem is that the way ethereum is designed. There's too much exposure so the attacker can trigger certain things or send certain types of transactions," Ali said. "Think of it this way: ethereum allows people too much freedom over what they can do to someone else's computer."

Even if Geth nodes are no longer crashing completely, however, it has resulted in an overall slower network, making ethereum less available to anyone who want to spin up a smart contract or send a transaction.

Since the attacks, some users have reported having problems accessing their funds with Mist, the popular ethereum wallet.

One user even observed when switching pools that mining profitability has decreased for smaller pools, which is potentially a concern for an ecosystem that doesn't want bigger miners to have more control.

The network is also more vulnerable overall if all of its nodes are not functioning properly.

"Causing large portions of the nodes or miners to drop off the network, or fall behind, is naturally rather severe, since such attacks can be a prequel to a double spending-attack," Jameson said.

However, some users seem unfazed, with many developers continuing to work on other projects. Two ethereum projects, FirstBlood and SingularDTV, held crowdsales to raise project funds amid the attack.

Finding a fix

As far as reducing the impact, developers have come up with ideas for how to fix the problem with medium- to long-term changes, in what Jameson calls an "ecosystem-wide effort."

"One of the solutions is to make it more expensive to perform these kinds of attacks," SzilƔgyi said.

He explained that raising the prices for certain ethereum commands might mean protocol-level changes to Metropolis, ethereum's next big software release that is intended to be more developer-friendly.

Jameson also mentioned rebooting the bounty program, through which developers can earn bitcoin for detecting and reporting bugs. "That way people can submit their flaws legitimately instead of attacking the network," he said.

However, his hope is that the detection of these bugs will make ethereum stronger in the end.

"In the long-term, these attacks increase the resiliency of the Ethereum network," Jameson added said, arguing that the diversity of clients handicaps an attack from impacting all nodes.

Role of the foundation

Others seem to think that it's unclear how quickly that ethereum will recover.

"The Ethereum Foundation is trying to downplay them and spin the situation in a good way, saying that attacks will help to harden the network," ethereum classic lead developer, Arvicco, argued.

While the comments are not surprising given that he leads an alternative project, they point to the overall sentiment of those who have been critical of the organization that funds protocol development and its handling of the situation.

Others remain uncertain what to take away just yet.

Ali said he thinks ethereum team has done a good job thus far in addressing the vulnerabilities.

Still, he suggested there might be no end in sight should ideological motivations to disrupt the network continue unabridged, but that this ultimately might be the best outcome.

"[By then,] most of the practical issues with the software are fixed so that it becomes hard enough and it's no longer a problem," he said, adding: 

"I think it's hard to predict."

Comments

Post a Comment

Popular posts from this blog

What is TogaCoin?

TogaCoin is here to stay for a long time because this token sale is not only about cryptocurrencies but also about other important areas of the world economy. Yes, you heard it right and we will be telling you more interesting things about this token sale right away. Unique Selling Points You will be paid during the token sale. Yes, it is true and you should think about it right away. In fact, you could end up earning up to 20% of the invested money per month. Really? Yes, it is true and you should be happy with it. Explainer video Features These guys have a lot of experience in the world of IT and they will shine with this token sale. TogaCoin's staff will work on the important field of cryptocurrency mining and even in data management. These are amazing fields that could generate a lot of money down the road. Technical Analysis Well, TogaCoin will work hard to make money via these activities: -0Electricity is a very important part of the world econom...
Post a Comment
Read more

The Bitquence Liquidity Network

CryptoCurrency is gaining popularity, however with Bitcoin very user-unfriendly mass adoption is not coming. The Bitquence Platform is aiming to replace Bitcoin with it's many disadvantages with something better. A currency for the people. More and better usability, A wallet which is universal and support several coins, like Bitcoin but also Dash and Ethereum. Please read along to get the latest information about this project which can grow very large. Collection of abnormal pockets programs, With automated sources that oversee a large number of wallets for each and every of your financial paperwork making it exhausting to do. International Cryptocurrencies lately stay on experiencing an especially noteworthy increment, impulsively reaching colossal valuations. The have an effect on at the present economic system modified the psyches of people to take after enhancements within the time of Cryptocurrency. Virtual kinds of cash and blockchain innovation are lat...
Post a Comment
Read more

GrantShares DAO launching to support ecosystem growth and grassroots initiatives

The GrantShares DAO is launching on Neo N3 to distribute funding to grassroots developers and ecosystem beneficial projects. The DAO will manage an initial treasury funded by the Neo Foundation. As the first DAO to launch on Neo N3, GrantShares is designed to provide financial support to smaller initiatives that do not currently fit the scope of Neo's existing grant programs. Voting members of the organization include COZ, AxLabs, Red4Sec, NGD Enterprise, NeoResearch, NEXT, Neo SPCC, Neo Foundation, Neo Global Development, and Neo News Today. Anyone is encouraged to submit a proposal for the members of the DAO to discuss and vote. The initial funding limit for GrantShares is $50,000 per proposal, and can be used to fund local events, dApps, developer tools, education initiatives, and more. Projects seeking larger amounts should apply for grants through one of Neo's Eco Support tracks. The DAO's smart contracts are developed and maintained by AxLabs and have already been dep...
Post a Comment
Read more