Share this article

‘Experimental’ Early-Morning Attack Temporarily Diverts 0.8% of Ethereum Nodes

An attacker fraudulently added hundreds of blocks to the Ethereum chain with invalid proof-of-work, but only a small percentage of nodes were affected.

Updated May 11, 2023, 5:10 p.m. Published Sep 14, 2021, 3:27 p.m.

Graphics processing units (GPUs) used to mine the Ethereum and Zilliqa cryptocurrencies at the Evobits crypto farm in Cluj-Napoca, Romania, on Wednesday, Jan. 22, 2020. The world’s second-most-valuable cryptocurrency, Ethereum, rallied 75% this year, outpacing its larger rival Bitcoin. Photographer: Akos Stiller/Bloomberg

An attack on the Ethereum blockchain early Tuesday morning temporarily diverted a small percentage of the network’s nodes to a non-canonical chain.

Ethereum’s mainnet is now operating normally, and the attack is unlikely to be replicated at a larger scale, according to Ethereum researcher and Go Ethereum software client developer Marius Van Der Wijden.

STORY CONTINUES BELOW

Don't miss another story.Subscribe to the The Protocol Newsletter today. See all newsletters

By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

The attack was first flagged by Alex S. of Flexpool on the Ethereum R&D Discord shortly after 3 a.m. Eastern time. “Anything wrong with the mainnet again?” he wrote, referring to a chain split that occurred on the network in late August.

He noted that some of his nodes were recording the “highest block” of the chain at a block number that technically did not exist, as it was set at a sum greater than the “current block.”

Researchers speculated in Discord that the cause was a peer publishing a version of the chain with invalid proof-of-work.

Van Der Wijden told CoinDesk the attack was “experimental” in nature.

“Someone published an invalid chain that was rejected by most clients. ~25% of Nethermind clients accepted the invalid chain,” Van Der Wijden wrote. “Judging from ethernodes, ~20 nodes were affected or 0.8% of the network. I don’t think it was a directed attack against nethermind, but rather someone experimenting and validating their experiment on the live network.”

Tomasz Stańczak, founder of Ethereum infrastructure company Nethermind, posted on Twitter that a public statement would be forthcoming.

Anybody working on security, please DM, otherwise we will provide more details publicly later.
— Tomasz K. Stańczak (@tkstanczak) September 14, 2021

Van Der Wijden noted that due to the nature of the attack, it is unlikely that a similar exploit could scale to a degree to have a major impact on the network. Ethereum is validating blocks normally.

Van Der Wijden also noted that a diversity of clients is key for the health of the network, particularly as it prepares for a transition to a new proof-of-stake consensus model.

“Especially with the switch to proof-of-stake, client diversity is extremely important as a well-balanced distribution of clients greatly decreases the probability of creating an invalid chain,” he said.

Ethereum Proof-of-Work

Andrew Thurman

Andrew Thurman was a tech reporter at CoinDesk. He formerly worked as a weekend editor at Cointelegraph, a partnership manager at Chainlink and a co-founder of a smart-contract data marketplace startup.