14 DAY TRIAL // The Ethereum network suffered a computational DDoS attack yesterday when an unknown actor leveraged a recently disclosed security issue to slow down Ether transactions.
The attacker carried out multiple Ether transactions that caused miners, servers that process transactions, to launch 50,000 additional queries on the Ethereum network before validating the initial transaction.
The Ethereum team noticed this problem over the weekend and issued a warning on Sunday, September 18.
Problem was fixed but attack continued
The problem affected only the Go implementation of the Ethereum protocol, which received a fix the following day, on Monday.
Described as a network DoS (Denial-of-Service) issue, the bug was with the EXTCODESIZE attribute, which is one of the details included in each transaction with the Ether crypto-currency. An attacker could use this attribute and ask for additional checks against the Ethereum network database.
Ethereum network admins noticed someone spamming the network with additional and useless queries via this flaw, which resulted in slower Ether transaction confirmations.
Since Ether transactions are anonymous, there are no details available about the attacker's identity.
Ethereum network slowed down for days
"The consequence of this is that the network is greatly slowing down, but there is NO consensus failure or memory overload," Jeffrey Wilcke of the Ethereum team said. "We have currently identified several routes for a more sustainable medium-term fix and have developers working on implementation."
The Ethereum team is now working on a fix at the network level. Some temporary workarounds are available for Ether miners using the Go lang implementation of the Ethereum protocol.
An important reason why the Ethereum network survived this attack is because it provides multiple mining client alternatives, besides the Go implementation.
At the time of writing, the transaction spam attacks have halted, the Ethereum team announced.
Despite the huge computational DDoS attack, a Reddit user pointed out that Ethereum is still two-three times faster than regular Bitcoin transactions.
Ether price manipulation?
Attacks on crypto-currency networks happen often, and most of the times they're used to manipulate the market by causing the exchange rate to drop in a particular manner.
The graph above shows slight price drops on September 18, when the security issue was announced, and on September 22, when the Ethereum team announced the attack. Nevertheless, in the big picture, Ether price is slowly climbing.
In August, the Bitcoin network also issued a warning against possible state-sponsored attacks on its network.
In June, the DAO, a joint investment fund built on top of the Ethereum network was hacked and an attacker siphoned away most of the funds. The Ethereum team had to issue a hard-fork to reverse the transactions that stole users' money.
In October 2015, an unknown man had disrupted the Bitcoin network by duplicating transactions for almost a week as a prank.
The #ethereum network has had another DDOS attempt but everyone is on it. Have patience. https://t.co/BwR1GLfjf8 pic.twitter.com/NnurklPLGB — Lefteris Karapetsas (@LefterisJP) September 22, 2016