Skip to main content

So, Ethereum's Blockchain is Still Under Attack…

You might not have noticed, but ethereum is under attack.

What began over two weeks ago with spam attacks that led to large-scale ethereum node outages has escalated into a battle that has pitted the platform's developers against unknown antagonists. This might sound like an exciting Hollywood movie, but it's mostly been carried out on message boards and with code.

Shots were first fired at ethereum's big developer conference, Devcon2, with a mysterious message written in German and delivered via transaction method payload. The message said "Go home", but to those who have been following the network's contentious changes this summer, the full meaning was clear.

Since then, block creation and transactions have continued to be impacted, with nodes syncing up to the network more slowly. But while various fixes have since been implemented, the attacker continues to find vulnerabilities to exploit and, in turn, create new ways to launch denial-of-service (DoS) attacks.

The result: the network is being flooded with transaction spam.

Blockstack co-founder Muneeb Ali called it a "cat-and-mouse game" that could potentially continue to slow down transactions on the network, the second most popular by market cap.

Most of the attacks have thus far affected nodes running the Go-version ethereum client (Geth), the most popular implementation of ethereum, though Parity, an alternative client released at the conference, has been impacted in some instances.

The latest release, called "Dear Diary", aims to stop the "root cause" of many of the attacks with a technique called "journalling."

Anatomy of an attack

One problem that has emerged for client developers is that those behind the attack are constantly switching their tactics.

The attacker or attackers are deploying smart contracts to the ethereum blockchain, and then committing transactions that impact how clients handle data, slowing them down to the point that blocks and transactions become delayed.

(For a peek into what's going on, see the barrage of small transactions sent by the attacker to overwhelm the network).

The first line of attack targeted an out-of-memory bug, which the Geth team moved to fix in a subsequent software update.

"In ethereum one of the challenges is that we have this huge database that grows much faster for example than bitcoin," said ethereum developer PƩter SzilƔgyi, who works on Geth, adding that the attackers have taken advantage of this issue.

"We never thought about this attack vector," he added.

The focus on Geth has prompted some users to spin up nodes using Parity. In the wake of the first attacks, most miners made the switch.

However, Geth is still by far the most popular client, numbering nearly 7,000 nodes compared to Parity's 900, although the numbers are constantly fluctuating.

Meanwhile, Ethereum Foundation IT consultant Hudson Jameson chose to emphasize that the Geth team has been able to fix every issue that's been thrown at it so far. This argument was also stressed by ethereum miner Jonathan Toomim, who called the fixes, deployed within days, "impressive".

"The network will go on, and these nuisance attacks will stop eventually," he reasoned.

Yet for how long remains unclear. Each time Geth or Parity releases an update, the attacker finds a new vulnerability.

Those behind the attacks don't seem to mind the cost of doing so, having spent thousands of dollars worth of ether – the cryptocurrency of the ethereum network – to fuel the attacks.

"To date, the attacker has spent over $3,000 worth of ether, solely in gas-costs," Jameson estimated.

Impact on users

Many argue that the attacks are an inevitable result of the way ethereum is designed, and that it has a  "large attack surface."

More on-platform capabilities means that there are more opportunities for trouble, at least compared to other blockchain networks, which are less ambitious..

"The larger problem is that the way ethereum is designed. There's too much exposure so the attacker can trigger certain things or send certain types of transactions," Ali said. "Think of it this way: ethereum allows people too much freedom over what they can do to someone else's computer."

Even if Geth nodes are no longer crashing completely, however, it has resulted in an overall slower network, making ethereum less available to anyone who want to spin up a smart contract or send a transaction.

Since the attacks, some users have reported having problems accessing their funds with Mist, the popular ethereum wallet.

One user even observed when switching pools that mining profitability has decreased for smaller pools, which is potentially a concern for an ecosystem that doesn't want bigger miners to have more control.

The network is also more vulnerable overall if all of its nodes are not functioning properly.

"Causing large portions of the nodes or miners to drop off the network, or fall behind, is naturally rather severe, since such attacks can be a prequel to a double spending-attack," Jameson said.

However, some users seem unfazed, with many developers continuing to work on other projects. Two ethereum projects, FirstBlood and SingularDTV, held crowdsales to raise project funds amid the attack.

Finding a fix

As far as reducing the impact, developers have come up with ideas for how to fix the problem with medium- to long-term changes, in what Jameson calls an "ecosystem-wide effort."

"One of the solutions is to make it more expensive to perform these kinds of attacks," SzilƔgyi said.

He explained that raising the prices for certain ethereum commands might mean protocol-level changes to Metropolis, ethereum's next big software release that is intended to be more developer-friendly.

Jameson also mentioned rebooting the bounty program, through which developers can earn bitcoin for detecting and reporting bugs. "That way people can submit their flaws legitimately instead of attacking the network," he said.

However, his hope is that the detection of these bugs will make ethereum stronger in the end.

"In the long-term, these attacks increase the resiliency of the Ethereum network," Jameson added said, arguing that the diversity of clients handicaps an attack from impacting all nodes.

Role of the foundation

Others seem to think that it's unclear how quickly that ethereum will recover.

"The Ethereum Foundation is trying to downplay them and spin the situation in a good way, saying that attacks will help to harden the network," ethereum classic lead developer, Arvicco, argued.

While the comments are not surprising given that he leads an alternative project, they point to the overall sentiment of those who have been critical of the organization that funds protocol development and its handling of the situation.

Others remain uncertain what to take away just yet.

Ali said he thinks ethereum team has done a good job thus far in addressing the vulnerabilities.

Still, he suggested there might be no end in sight should ideological motivations to disrupt the network continue unabridged, but that this ultimately might be the best outcome.

"[By then,] most of the practical issues with the software are fixed so that it becomes hard enough and it's no longer a problem," he said, adding: 

"I think it's hard to predict."

Comments

Post a Comment

Popular posts from this blog

What is iDice?

iDice is a dice betting Dapp fueled by the use of the Ethereum organize. eg. iDice lets in players do several things and having such an innovative new token on the ETHEREUM Platform, we had to write an article about this new project. Guess on the space by the use of keeping up iDice tokens and best of all 100% of all benefit iDice acquires is dispersed among token holders, related to the amount of tokens they dangle. iDice amusement code is decentralized and changeless. Such gigantic building fees highlight a rising requirement for experienced, fair and cast Dapps. iDice iDice is an control which gives a provably affordable and simple, virtual Ethereum dice betting Dapp. The house edge will be set intensely and token holders have an atypical esteem that is dependably equiva- loaned to the house edge. iDice has a fully simple provide code accessible at etherscan.io. The payout of recreations is many times speedy. Provably Fair iDice uses open provide blockchain...
Post a Comment
Read more

DENT: THE World First Tokenizing Portable Information Trade

You may be confused on all the exciting Ethereum projects, but therefore i make sure to follow allof them and choose the best for you. If you want to read about a more interesting project, then DENT is the way to go. I will be able to advice on a few tokens that can be bought out there which clearly we likewise might occu : Estimated token incentive on ETH presented within the token deal: 152,000 ETH (Relying on sorts via crowdsale) 100 Billion (100,000,000,000) the amount of DENT Tokens made, of which 70% is bought on token deal, a minimum of 35% can be stored for customers with littler spending plans. For the ones of you who're eager about ico smartcontract prolong that we regularly listen in non-obligatory cryptographic cash or altcoin without a doubt no longer outdoor to the workings of undertakings like this. Evaluated swapping scale: 1 ETH = 400,000 DENT 30% will keep on DENT Wi-fi for DENT shopper motivating forces and compensations Bills may well be made via ETH...
Post a Comment
Read more

Fake Libra scams pose new challenge for Facebook

Almost a year after Facebook's Libra was first announced, the outlook for the stablecoin looks starkly different. Once hailed as a game-changer for digital currency, the project has been beset by delays and regulatory difficulties. Now, fake Libra scams are presenting an increasingly pressing new challenge for Libra and Facebook, with a proliferation of websites claiming to offer investment schemes denominated in fake Libra tokens. Dante Disparte, Deputy Chairman and Head of Policy and Communications for The Libra Association, said the organization was now constantly working to suppress fake Libra scams: "As we become aware of these sites, we work diligently to address them. We respond to inquiries concerning the validity of these pages, indicating that the only official website is Libra.org." "We are still in the early stages of this project and work to address issues like these as they arise," Disparte told Finance Magnates, urging people to report the scams. ...
Post a Comment
Read more