‘Experimental’ Early-Morning Attack Temporarily Diverts 0.8% of Ethereum Nodes

An attacker fraudulently added hundreds of blocks to the Ethereum chain with invalid proof-of-work, but only a small percentage of nodes were affected.

AccessTimeIconSep 14, 2021 at 3:27 p.m. UTC
Updated May 11, 2023 at 5:10 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

An attack on the Ethereum blockchain early Tuesday morning temporarily diverted a small percentage of the network’s nodes to a non-canonical chain.

Ethereum’s mainnet is now operating normally, and the attack is unlikely to be replicated at a larger scale, according to Ethereum researcher and Go Ethereum software client developer Marius Van Der Wijden.

The attack was first flagged by Alex S. of Flexpool on the Ethereum R&D Discord shortly after 3 a.m. Eastern time. “Anything wrong with the mainnet again?” he wrote, referring to a chain split that occurred on the network in late August.

He noted that some of his nodes were recording the “highest block” of the chain at a block number that technically did not exist, as it was set at a sum greater than the “current block.”

Researchers speculated in Discord that the cause was a peer publishing a version of the chain with invalid proof-of-work.

Van Der Wijden told CoinDesk the attack was “experimental” in nature.

“Someone published an invalid chain that was rejected by most clients. ~25% of Nethermind clients accepted the invalid chain,” Van Der Wijden wrote. “Judging from ethernodes, ~20 nodes were affected or 0.8% of the network. I don’t think it was a directed attack against nethermind, but rather someone experimenting and validating their experiment on the live network.”

Tomasz Stańczak, founder of Ethereum infrastructure company Nethermind, posted on Twitter that a public statement would be forthcoming.

Van Der Wijden noted that due to the nature of the attack, it is unlikely that a similar exploit could scale to a degree to have a major impact on the network. Ethereum is validating blocks normally.

Van Der Wijden also noted that a diversity of clients is key for the health of the network, particularly as it prepares for a transition to a new proof-of-stake consensus model.

“Especially with the switch to proof-of-stake, client diversity is extremely important as a well-balanced distribution of clients greatly decreases the probability of creating an invalid chain,” he said.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Andrew Thurman

Andrew Thurman was a tech reporter at CoinDesk with a focus on DeFi.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.

Read more about