So, Ethereum's Blockchain is Still Under Attack…

What began over two weeks ago with spam attacks has escalated into a battle pitting ethereum developers against unknown antagonists.

AccessTimeIconOct 6, 2016 at 5:05 p.m. UTC
Updated Sep 11, 2021 at 12:32 p.m. UTC

You might not have noticed, but ethereum is under attack.

What began over two weeks ago with spam attacks that led to large-scale ethereum node outages has escalated into a battle that has pitted the platform's developers against unknown antagonists. This might sound like an exciting Hollywood movie, but it's mostly been carried out on message boards and with code.

Shots were first fired at ethereum's big developer conference, Devcon2, with a mysterious message written in German and delivered via transaction method payload. The message said "Go home", but to those who have been following the network's contentious changes this summer, the full meaning was clear.

Since then, block creation and transactions have continued to be impacted, with nodes syncing up to the network more slowly. But while various fixes have since been implemented, the attacker continues to find vulnerabilities to exploit and, in turn, create new ways to launch denial-of-service (DoS) attacks.

The result: the network is being flooded with transaction spam.

Blockstack co-founder Muneeb Ali called it a "cat-and-mouse game" that could potentially continue to slow down transactions on the network, the second most popular by market cap.

Most of the attacks have thus far affected nodes running the Go-version ethereum client (Geth), the most popular implementation of ethereum, though Parity, an alternative client released at the conference, has been impacted in some instances.

The latest release, called "Dear Diary", aims to stop the "root cause" of many of the attacks with a technique called "journalling."

Anatomy of an attack

One problem that has emerged for client developers is that those behind the attack are constantly switching their tactics.

The attacker or attackers are deploying smart contracts to the ethereum blockchain, and then committing transactions that impact how clients handle data, slowing them down to the point that blocks and transactions become delayed.

(For a peek into what's going on, see the barrage of small transactions sent by the attacker to overwhelm the network).

The first line of attack targeted an out-of-memory bug, which the Geth team moved to fix in a subsequent software update.

"In ethereum one of the challenges is that we have this huge database that grows much faster for example than bitcoin," said ethereum developer Péter Szilágyi, who works on Geth, adding that the attackers have taken advantage of this issue.

"We never thought about this attack vector," he added.

The focus on Geth has prompted some users to spin up nodes using Parity. In the wake of the first attacks, most miners made the switch.

However, Geth is still by far the most popular client, numbering nearly 7,000 nodes compared to Parity’s 900, although the numbers are constantly fluctuating.

Meanwhile, Ethereum Foundation IT consultant Hudson Jameson chose to emphasize that the Geth team has been able to fix every issue that's been thrown at it so far. This argument was also stressed by ethereum miner Jonathan Toomim, who called the fixes, deployed within days, "impressive".

"The network will go on, and these nuisance attacks will stop eventually," he reasoned.

Yet for how long remains unclear. Each time Geth or Parity releases an update, the attacker finds a new vulnerability.

Those behind the attacks don't seem to mind the cost of doing so, having spent thousands of dollars worth of ether – the cryptocurrency of the ethereum network – to fuel the attacks.

"To date, the attacker has spent over $3,000 worth of ether, solely in gas-costs," Jameson estimated.

Impact on users

Many argue that the attacks are an inevitable result of the way ethereum is designed, and that it has a  "large attack surface."

More on-platform capabilities means that there are more opportunities for trouble, at least compared to other blockchain networks, which are less ambitious..

"The larger problem is that the way ethereum is designed. There’s too much exposure so the attacker can trigger certain things or send certain types of transactions," Ali said. "Think of it this way: ethereum allows people too much freedom over what they can do to someone else’s computer."

Even if Geth nodes are no longer crashing completely, however, it has resulted in an overall slower network, making ethereum less available to anyone who want to spin up a smart contract or send a transaction.

Since the attacks, some users have reported having problems accessing their funds with Mist, the popular ethereum wallet.

One user even observed when switching pools that mining profitability has decreased for smaller pools, which is potentially a concern for an ecosystem that doesn't want bigger miners to have more control.

The network is also more vulnerable overall if all of its nodes are not functioning properly.

"Causing large portions of the nodes or miners to drop off the network, or fall behind, is naturally rather severe, since such attacks can be a prequel to a double spending-attack," Jameson said.

However, some users seem unfazed, with many developers continuing to work on other projects. Two ethereum projects, FirstBlood and SingularDTV, held crowdsales to raise project funds amid the attack.

Finding a fix

As far as reducing the impact, developers have come up with ideas for how to fix the problem with medium- to long-term changes, in what Jameson calls an "ecosystem-wide effort."

"One of the solutions is to make it more expensive to perform these kinds of attacks," Szilágyi said.

He explained that raising the prices for certain ethereum commands might mean protocol-level changes to Metropolis, ethereum's next big software release that is intended to be more developer-friendly.

Jameson also mentioned rebooting the bounty program, through which developers can earn bitcoin for detecting and reporting bugs. "That way people can submit their flaws legitimately instead of attacking the network," he said.

However, his hope is that the detection of these bugs will make ethereum stronger in the end.

"In the long-term, these attacks increase the resiliency of the Ethereum network," Jameson added said, arguing that the diversity of clients handicaps an attack from impacting all nodes.

Role of the foundation

Others seem to think that it's unclear how quickly that ethereum will recover.

"The Ethereum Foundation is trying to downplay them and spin the situation in a good way, saying that attacks will help to harden the network," ethereum classic lead developer, Arvicco, argued.

While the comments are not surprising given that he leads an alternative project, they point to the overall sentiment of those who have been critical of the organization that funds protocol development and its handling of the situation.

Others remain uncertain what to take away just yet.

Ali said he thinks ethereum team has done a good job thus far in addressing the vulnerabilities.

Still, he suggested there might be no end in sight should ideological motivations to disrupt the network continue unabridged, but that this ultimately might be the best outcome.

"[By then,] most of the practical issues with the software are fixed so that it becomes hard enough and it’s no longer a problem," he said, adding: 

"I think it's hard to predict."

Pete Rizzo contributed reporting.

Toy soldier image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.