Major Ethereum Vulnerability: Hackers Exploit Parity Nodes
- Around 20 percent of Ethereum nodes run on the Parity client.
Ethereum Ethereum Ethereum is an open source, blockchain-based distributed computing platform and operating system featuring smart contract functionality. Created in 2014, Ethereum now stands as the second largest cryptocurrency by market cap at the time of writing.As a decentralized cryptocurrency network and software platform, Ethereum represents the most prominent altcoin. Ethereum also enables the creation Distributed Applications, or dapps. Understanding EthereumEthereum boasts its own programming language, Ethereum is an open source, blockchain-based distributed computing platform and operating system featuring smart contract functionality. Created in 2014, Ethereum now stands as the second largest cryptocurrency by market cap at the time of writing.As a decentralized cryptocurrency network and software platform, Ethereum represents the most prominent altcoin. Ethereum also enables the creation Distributed Applications, or dapps. Understanding EthereumEthereum boasts its own programming language, Read this Term recently endured a coordinated attack on its network, which failed as attackers could not exploit a popular client of the Blockchain Blockchain Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned.) In this sense, blockchain is immune to the manipulation of data making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tampe Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned.) In this sense, blockchain is immune to the manipulation of data making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tampe Read this Term.
Revealed by several experts on Twitter, the perpetrators targeted the Parity nodes of the Ethereum blockchain by exploiting a vulnerability in the network.
2/ The attack exploited a bug in a popular Ethereum node implementation called Parity Ethereum.
Vulnerable nodes were sent data tricking them into thinking a valid block was invalid. — Liam Aharon (@liamaharon) December 31, 2019
As explained by Sergio Demian Lerner, the attack was very simple - the attackers sent a block with invalid transactions, but with a valid header (borrowed from another node) to the parity nodes. With this technique, the node will mark the block invalid and blacklist the block header, making the valid node invalid as well.
Because of an attack on such a scale, a large number of Parity nodes lost sync from the Ethereum network.
Despite the grave severity of the attack, the perpetrators could not exploit another popular client called Geth, which dominates Ethereum nodes.
Developers have to address serious issues like this
To fix the vulnerability, the developers released a patch 14 hours after the coordinated attack was conducted.
Many Twitter users pointed out that only around 20 percent of the Ethereum nodes run on Parity nodes. However, if any such attack targets the Geth nodes, it would have the potential to take down the entire Ethereum network, per software developer Liam Aharon.
“I'm worried because this month Parity announced they will be winding down support for Parity Ethereum, and delegating maintenance to a DAO,” Aharon stated. “If this scenario came true, attacks similar to today's would devastate the network, instead of just being inconvenient.”
Last month, hackers also attempted to target the Vertcoin network by pulling a 51 percent attack; however, due to the strong security measures, the perpetrators ended up paying for the privileges.
Ethereum Ethereum Ethereum is an open source, blockchain-based distributed computing platform and operating system featuring smart contract functionality. Created in 2014, Ethereum now stands as the second largest cryptocurrency by market cap at the time of writing.As a decentralized cryptocurrency network and software platform, Ethereum represents the most prominent altcoin. Ethereum also enables the creation Distributed Applications, or dapps. Understanding EthereumEthereum boasts its own programming language, Ethereum is an open source, blockchain-based distributed computing platform and operating system featuring smart contract functionality. Created in 2014, Ethereum now stands as the second largest cryptocurrency by market cap at the time of writing.As a decentralized cryptocurrency network and software platform, Ethereum represents the most prominent altcoin. Ethereum also enables the creation Distributed Applications, or dapps. Understanding EthereumEthereum boasts its own programming language, Read this Term recently endured a coordinated attack on its network, which failed as attackers could not exploit a popular client of the Blockchain Blockchain Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned.) In this sense, blockchain is immune to the manipulation of data making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tampe Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned.) In this sense, blockchain is immune to the manipulation of data making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tampe Read this Term.
Revealed by several experts on Twitter, the perpetrators targeted the Parity nodes of the Ethereum blockchain by exploiting a vulnerability in the network.
2/ The attack exploited a bug in a popular Ethereum node implementation called Parity Ethereum.
Vulnerable nodes were sent data tricking them into thinking a valid block was invalid. — Liam Aharon (@liamaharon) December 31, 2019
As explained by Sergio Demian Lerner, the attack was very simple - the attackers sent a block with invalid transactions, but with a valid header (borrowed from another node) to the parity nodes. With this technique, the node will mark the block invalid and blacklist the block header, making the valid node invalid as well.
Because of an attack on such a scale, a large number of Parity nodes lost sync from the Ethereum network.
Despite the grave severity of the attack, the perpetrators could not exploit another popular client called Geth, which dominates Ethereum nodes.
Developers have to address serious issues like this
To fix the vulnerability, the developers released a patch 14 hours after the coordinated attack was conducted.
Many Twitter users pointed out that only around 20 percent of the Ethereum nodes run on Parity nodes. However, if any such attack targets the Geth nodes, it would have the potential to take down the entire Ethereum network, per software developer Liam Aharon.
“I'm worried because this month Parity announced they will be winding down support for Parity Ethereum, and delegating maintenance to a DAO,” Aharon stated. “If this scenario came true, attacks similar to today's would devastate the network, instead of just being inconvenient.”
Last month, hackers also attempted to target the Vertcoin network by pulling a 51 percent attack; however, due to the strong security measures, the perpetrators ended up paying for the privileges.