Major Ethereum Vulnerability: Hackers Exploit Parity Nodes
- Around 20 percent of Ethereum nodes run on the Parity client.
Ethereum recently endured a coordinated attack on its network, which failed as attackers could not exploit a popular client of the Blockchain Blockchain Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned.) In this sense, blockchain is immune to the manipulation of data making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tamper with. The Evolution of BlockchainBlockchain was originally invented by an individual or group of people under the name of Satoshi Nakamoto in 2008. The purpose of blockchain was originally to serve as the public transaction ledger of Bitcoin, the world’s first cryptocurrency.In particular, bundles of transaction data, called “blocks”, are added to the ledger in a chronological fashion, forming a “chain.” These blocks include things like date, time, dollar amount, and (in some cases) the public addresses of the sender and the receiver.The computers responsible for upholding a blockchain network are called “nodes.” These nodes carry out the duties necessary to confirm the transactions and add them to the ledger. In exchange for their work, the nodes receive rewards in the form of crypto tokens.By storing data via a peer-to-peer network (P2P), blockchain controls for a wide range of risks that are traditionally inherent with data being held centrally.Of note, P2P blockchain networks lack centralized points of vulnerability. Consequently, hackers cannot exploit these networks via normalized means nor does the network possess a central failure point.In order to hack or alter a blockchain’s ledger, more than half of the nodes must be compromised. Looking ahead, blockchain technology is an area of extensive research across multiple industries, including financial services and payments, among others. Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned.) In this sense, blockchain is immune to the manipulation of data making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tamper with. The Evolution of BlockchainBlockchain was originally invented by an individual or group of people under the name of Satoshi Nakamoto in 2008. The purpose of blockchain was originally to serve as the public transaction ledger of Bitcoin, the world’s first cryptocurrency.In particular, bundles of transaction data, called “blocks”, are added to the ledger in a chronological fashion, forming a “chain.” These blocks include things like date, time, dollar amount, and (in some cases) the public addresses of the sender and the receiver.The computers responsible for upholding a blockchain network are called “nodes.” These nodes carry out the duties necessary to confirm the transactions and add them to the ledger. In exchange for their work, the nodes receive rewards in the form of crypto tokens.By storing data via a peer-to-peer network (P2P), blockchain controls for a wide range of risks that are traditionally inherent with data being held centrally.Of note, P2P blockchain networks lack centralized points of vulnerability. Consequently, hackers cannot exploit these networks via normalized means nor does the network possess a central failure point.In order to hack or alter a blockchain’s ledger, more than half of the nodes must be compromised. Looking ahead, blockchain technology is an area of extensive research across multiple industries, including financial services and payments, among others. Read this Term.
Revealed by several experts on Twitter, the perpetrators targeted the Parity nodes of the Ethereum blockchain by exploiting a vulnerability in the network.
2/ The attack exploited a bug in a popular Ethereum node implementation called Parity Ethereum.
Vulnerable nodes were sent data tricking them into thinking a valid block was invalid. — Liam Aharon (@liamaharon) December 31, 2019
As explained by Sergio Demian Lerner, the attack was very simple - the attackers sent a block with invalid transactions, but with a valid header (borrowed from another node) to the parity nodes. With this technique, the node will mark the block invalid and blacklist the block header, making the valid node invalid as well.
Because of an attack on such a scale, a large number of Parity nodes lost sync from the Ethereum network.
Despite the grave severity of the attack, the perpetrators could not exploit another popular client called Geth, which dominates Ethereum nodes.
Developers have to address serious issues like this
To fix the vulnerability, the developers released a patch 14 hours after the coordinated attack was conducted.
Many Twitter users pointed out that only around 20 percent of the Ethereum nodes run on Parity nodes. However, if any such attack targets the Geth nodes, it would have the potential to take down the entire Ethereum network, per software developer Liam Aharon.
“I'm worried because this month Parity announced they will be winding down support for Parity Ethereum, and delegating maintenance to a DAO,” Aharon stated. “If this scenario came true, attacks similar to today's would devastate the network, instead of just being inconvenient.”
Last month, hackers also attempted to target the Vertcoin network by pulling a 51 percent attack; however, due to the strong security measures, the perpetrators ended up paying for the privileges.
Ethereum recently endured a coordinated attack on its network, which failed as attackers could not exploit a popular client of the Blockchain Blockchain Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned.) In this sense, blockchain is immune to the manipulation of data making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tamper with. The Evolution of BlockchainBlockchain was originally invented by an individual or group of people under the name of Satoshi Nakamoto in 2008. The purpose of blockchain was originally to serve as the public transaction ledger of Bitcoin, the world’s first cryptocurrency.In particular, bundles of transaction data, called “blocks”, are added to the ledger in a chronological fashion, forming a “chain.” These blocks include things like date, time, dollar amount, and (in some cases) the public addresses of the sender and the receiver.The computers responsible for upholding a blockchain network are called “nodes.” These nodes carry out the duties necessary to confirm the transactions and add them to the ledger. In exchange for their work, the nodes receive rewards in the form of crypto tokens.By storing data via a peer-to-peer network (P2P), blockchain controls for a wide range of risks that are traditionally inherent with data being held centrally.Of note, P2P blockchain networks lack centralized points of vulnerability. Consequently, hackers cannot exploit these networks via normalized means nor does the network possess a central failure point.In order to hack or alter a blockchain’s ledger, more than half of the nodes must be compromised. Looking ahead, blockchain technology is an area of extensive research across multiple industries, including financial services and payments, among others. Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned.) In this sense, blockchain is immune to the manipulation of data making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tamper with. The Evolution of BlockchainBlockchain was originally invented by an individual or group of people under the name of Satoshi Nakamoto in 2008. The purpose of blockchain was originally to serve as the public transaction ledger of Bitcoin, the world’s first cryptocurrency.In particular, bundles of transaction data, called “blocks”, are added to the ledger in a chronological fashion, forming a “chain.” These blocks include things like date, time, dollar amount, and (in some cases) the public addresses of the sender and the receiver.The computers responsible for upholding a blockchain network are called “nodes.” These nodes carry out the duties necessary to confirm the transactions and add them to the ledger. In exchange for their work, the nodes receive rewards in the form of crypto tokens.By storing data via a peer-to-peer network (P2P), blockchain controls for a wide range of risks that are traditionally inherent with data being held centrally.Of note, P2P blockchain networks lack centralized points of vulnerability. Consequently, hackers cannot exploit these networks via normalized means nor does the network possess a central failure point.In order to hack or alter a blockchain’s ledger, more than half of the nodes must be compromised. Looking ahead, blockchain technology is an area of extensive research across multiple industries, including financial services and payments, among others. Read this Term.
Revealed by several experts on Twitter, the perpetrators targeted the Parity nodes of the Ethereum blockchain by exploiting a vulnerability in the network.
2/ The attack exploited a bug in a popular Ethereum node implementation called Parity Ethereum.
Vulnerable nodes were sent data tricking them into thinking a valid block was invalid. — Liam Aharon (@liamaharon) December 31, 2019
As explained by Sergio Demian Lerner, the attack was very simple - the attackers sent a block with invalid transactions, but with a valid header (borrowed from another node) to the parity nodes. With this technique, the node will mark the block invalid and blacklist the block header, making the valid node invalid as well.
Because of an attack on such a scale, a large number of Parity nodes lost sync from the Ethereum network.
Despite the grave severity of the attack, the perpetrators could not exploit another popular client called Geth, which dominates Ethereum nodes.
Developers have to address serious issues like this
To fix the vulnerability, the developers released a patch 14 hours after the coordinated attack was conducted.
Many Twitter users pointed out that only around 20 percent of the Ethereum nodes run on Parity nodes. However, if any such attack targets the Geth nodes, it would have the potential to take down the entire Ethereum network, per software developer Liam Aharon.
“I'm worried because this month Parity announced they will be winding down support for Parity Ethereum, and delegating maintenance to a DAO,” Aharon stated. “If this scenario came true, attacks similar to today's would devastate the network, instead of just being inconvenient.”
Last month, hackers also attempted to target the Vertcoin network by pulling a 51 percent attack; however, due to the strong security measures, the perpetrators ended up paying for the privileges.