A transaction spamming attack has disrupted operations on the Nano network. Node operators throttled their bandwidth to deal with the issue but the network is out of sync and some transactions are obstructed, according to social media and Discord reports.
NANO is a cryptocurrency that uses so-called direct acyclic graphs (DAG), not blockchain, to settle transactions across the network. Unlike a blockchain, which includes one unified and continuous transaction history, Nano’s DAG ledger consists of multiple branches of asynchronous transaction histories.
The coin’s design guarantees very low transaction fees. But as evidenced by this attack, this comes at a cost of decentralization and Sybil resistance.
In Nano’s Discord on Thursday morning, users complained about unconfirmed transactions and out-of-sync block explorers.
“I've [sent] some nano this morning. Nault [wallet] reports it as sent. Destination hasn't confirmed it yet. ‘While the account address is valid, no blocks have been published to its chain yet. If NANO has been sent to this account, it still needs to publish a corresponding block to pocket the funds.’ What does this mean? Normally it shows up within minutes,” one user asked Nano’s Discord support channel.
The team for PlayNano, a Nano online casino, noted a discrepancy in block data between the two nodes they run.
Per an unverified Reddit post, the trouble began when Nano’s network was flooded with near-zero value transactions. In response to this, Nano’s creator, Colin LeMahieu, told node operators to lower their bandwidths to accept fewer incoming transactions.
This has resulted in effectively stymying the network, one Nano user, hanzyfranzy, suggests in the post:
“So yes, the network is globally down right now. Probably unlikely to change until node operators change their configs. Some transactions are getting through, but it's a small trickle.”
Nano creator Colin LeMahieu told CoinDesk that nodes were first knocked out of sync by the attack which stressed "cpu and disk limits."
"Lowering the bandwidth limit," he said, "preserves disk and cpu resources so they can stay in sync."
"The network was at a sustained 70+tps over a week and nodes were falling out of sync. When representatives lower the bandwidth cap it effectively reduces the network tps which allows them to catch up. Unfortunately the attacker was also exploiting a poor performance case in the node so resyncing is slow," LeMahieu continued.
LeMahieu believes the attackers targeted Nano, which has a full-time team of 5 working on it, during its v.22 release. The attackers have stopped for now and LeMahieu told CoinDesk that the network is "slowly recovering" but did not stipulate when it might be fully healthy again.
Updated Thursday, March 11, 2021, 16:12 UTC: Additional comments from Nano creator Colin LeMahieu describing the attack were included.
CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk offers all employees above a certain salary threshold, including journalists, stock options in the Bullish group as part of their compensation.