Ethereum Spam Attacks Are Back – This Time on the Test Network

Following DoS attacks on the ethereum network last year, an attacker has picked an easier target to spam: Ropsten, the ethereum testing network.

AccessTimeIconMar 2, 2017 at 10:30 a.m. UTC
Updated Sep 11, 2021 at 1:07 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Ethereum is under attack again.

Following denial of service attacks on the ethereum network last year, which were stopped with a pair of forks in which all miners upgraded to a network with new rules, an attacker has picked an easier target to spam: Ropsten, the ethereum testing network.

Similar to the main network, save a few details, the testnet is a network where developers can test their decentralized apps, or “dapps,” to simulate what would happen on the main network and determine if their dapps are working properly.

, an anonymous miner has been clogging the network with spam to such a degree that it’s hard for developers to send transactions and smart contracts on the main testing arena.

If they try, it often takes much longer than normal.

The address of the attacker is the same as the one associated with an earlier fork of the test network, according to software developer Ricardo Guilherme Schmidt, who's been following actions associated with the address.

At least a few developers and executives at the Enterprise Ethereum Alliance launch event in Brooklyn argued that one reason they chose to work with ethereum was because it’s a more heavily tested platform. Ironically, one of ethereum’s key testing tools has been effectively out of service for more than a month.

As the miner’s identity is unknown, users have merely speculated as to why he or she (or they) are clogging the network with spam. They may be trying to prove a security-related point or may be simply trolling.

Easy solution

Many ethereum apps are only available for use on the testnet right now. As a result, developers behind apps like uPort and Status have mentioned testing app delays. Etheroll temporarily closed down the testnet option.

Gnosis CTO Stefan George told CoinDesk:

”For us developers this is a big issue, as integrations between different dapps can only easily be tested in a shared test network. We are currently building a Twitterbot for Gnosis using uPort, but cannot test it properly because of this attack.”

George added that this means that developers are restricted to local testnets or the test-rpc client to test applications. With these limited testing environments, it’s harder to test how dapps interact with each other. For that, developers need a global test network, like Ropsten.

However, George argues that there is an easy solution to this: whitelisting which miners can participate on the test network.

There would be no disadvantages to this approach, according to George. The whitelisted mining group could be composed of big ethereum organizations, say, Ethereum Foundation and ConsenSys, maintaining the network.

Anatomy of the attacks

So, what is the attacker doing, exactly?

Like the main network, the ethereum test network is maintained by miners. The difference is that, the miners maintaining it don’t have an incentive to use more powerful hardware, because the tokens are worthless – they're just used for testing transactions.

This particular miner is using a GPU (a computing processor that is much more powerful than those used by other miners on the network) to mine, which is odd, because the miner doesn’t have an incentive to do so.

“There was hardly anyone mining on Ropsten, as it is just for testing. The attacker could easily get the mining majority,” George said.

On the testnet, it’s easy to either mine the tokens yourself, using the Ethereum Wallet, for example. Or, testers can obtain free tokens from so-called 'faucets'.

The attacker is doing several things: on the one hand, they’re mining most of the blocks and obtaining the rewards, so other miners can’t, and they have used one or more contracts to drain at least one faucet of its free ether. Therefore, it’s making it more difficult for app developers to obtain test ether with which they can conduct test transactions.

Secondly, because it's mining with relatively high computing power, the miner has been able to raise the maximum amount of computational processing power allowed in each block (the 'gas limit') to 2GB, and is filling them with spammy transactions.

"He also deployed a contract [like] block.gaslimit or msg.gas to loop a spam in the network with max gas possible," Schmidt said.

Put another way, the miner is hogging the transaction bandwidth so that other users struggle to use it.

Cost factor

The ongoing spamming is reminiscent of last year’s attacks, which slowed down transactions and smart contracts on the ethereum network for months.

The difference, of course, is this attack doesn’t affect the main ethereum network.

Decentralized applications deployed on the main network are working fine. Ethlance director of operations Joseph Urgo noted that his platform is unaffected by the attack, for example.

If the attacker were to carry out the same attack on the main network, he or she wouldn’t have much success.

The attacker spent an estimated $120 to spam the network up until last Sunday. Based on rough calculations by ethereum inventor Vitalik Buterin, it would take $4.5m to have the same effect on the main network.

Buterin concluded:

“So all in all, not much cheaper than a 51% attack.”

Helicopter image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.