‘Experimental’ Early-Morning Attack Temporarily Diverts 0.8% of Ethereum Nodes

An attacker fraudulently added hundreds of blocks to the Ethereum chain with invalid proof-of-work, but only a small percentage of nodes were affected.

AccessTimeIconSep 14, 2021 at 3:27 p.m. UTC
Updated Sep 14, 2021 at 4:29 p.m. UTC

Andrew Thurman was a tech reporter at CoinDesk with a focus on DeFi.

An attack on the Ethereum blockchain early Tuesday morning temporarily diverted a small percentage of the network’s nodes to a non-canonical chain.

Ethereum’s mainnet is now operating normally, and the attack is unlikely to be replicated at a larger scale, according to Ethereum researcher and Go Ethereum software client developer Marius Van Der Wijden.

The attack was first flagged by Alex S. of Flexpool on the Ethereum R&D Discord shortly after 3 a.m. Eastern time. “Anything wrong with the mainnet again?” he wrote, referring to a chain split that occurred on the network in late August.

He noted that some of his nodes were recording the “highest block” of the chain at a block number that technically did not exist, as it was set at a sum greater than the “current block.”

Researchers speculated in Discord that the cause was a peer publishing a version of the chain with invalid proof-of-work.

Van Der Wijden told CoinDesk the attack was “experimental” in nature.

“Someone published an invalid chain that was rejected by most clients. ~25% of Nethermind clients accepted the invalid chain,” Van Der Wijden wrote. “Judging from ethernodes, ~20 nodes were affected or 0.8% of the network. I don’t think it was a directed attack against nethermind, but rather someone experimenting and validating their experiment on the live network.”

Tomasz Stańczak, founder of Ethereum infrastructure company Nethermind, posted on Twitter that a public statement would be forthcoming.

Van Der Wijden noted that due to the nature of the attack, it is unlikely that a similar exploit could scale to a degree to have a major impact on the network. Ethereum is validating blocks normally.

Van Der Wijden also noted that a diversity of clients is key for the health of the network, particularly as it prepares for a transition to a new proof-of-stake consensus model.

“Especially with the switch to proof-of-stake, client diversity is extremely important as a well-balanced distribution of clients greatly decreases the probability of creating an invalid chain,” he said.

Read more about


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Andrew Thurman was a tech reporter at CoinDesk with a focus on DeFi.

CoinDesk - Unknown

Andrew Thurman was a tech reporter at CoinDesk with a focus on DeFi.