According to reports, hackers recently attacked the Ethereum network as they tried to exploit parity nodes.
There were reports that some Parity Ethereum nodes could not be synched with the ETH network yesterday. Now, Parity Technology, a blockchain infrastructure firm, announced that there was an imminent attack on the nodes, but the firm has taken the necessary measures against it.
Based on a twitter thread by crypto security expert Sergio Demian, the attackers used a simple method to implement the attack.
The attack is simple: you send to a Parity node a block with invalid transactions, but valid header (borrowed from another block)
The node will mark the block header as invalid and ban this block header forever but the header is still valid.
— Sergio Demian Lerner (@SDLerner) December 31, 2019
They sent a block with invalid transactions to the parity node using a legitimate header taken from another block. The block subsequently banned the block header, but in the actual sense, the header remained valid and operational.
Liam Aharon, a software developer, carried out an analysis of the attack.
1/ Ethereum overcame an intentional attack today on NYE which came close to taking down the entire network.
I'd like talk about the attack and why it wasn't successful, but also why I worry Ethereum may become much more vulnerable to similar attacks in 2020. https://t.co/cp5P9wLj5Z
— Liam Aharon (@liamaharon) December 31, 2019
He stated that the attack went very close to disrupt the ETH network completely, as he warns that the network could become more susceptible to future attacks. He recommended Ethereum to carry out a more advanced security check and framework to repel such attacks.
Attack was not successful
Aharon said the attackers did not succeed in infiltrating the network. He pointed out that the entire network is immune to attack since it has a client dubbed Geth.
But with the intention of Parity to move to a DAO ownership from its present Parity ETH, Geth may become the only properly-maintained client this year, Aharon said.
If the scenario becomes possible again, such attacks would not only become inconvenient but will likely cause serious damage to the network. Aharon warned that the ETH network should look into the vulnerability issue very seriously.
Ethereum making efforts to curb vulnerabilities
Last year, Parity made a lot of updates to correct the node issues. Parity CEO Jutta Steiner said in March last year that the firm intended to use the new Create2 function on Ethereum to prevent the multisig freeze.
In May last year, SRLabs, a hacking research team, reported that Ethereum has only been able to patch up only two-thirds of the ETH client software. The patches were made after the firm found out about a major security flaw within the network.
In the report, there were still 15% of all scanned nodes not patched yet, which means that about 15% of all ETH nodes were susceptible to imminent 51% attack.
The reported attack on ETH is not the first time it has happened within the space of a few days. On December 23, BitPay revealed that there was a temporary outage of service on its BTC payment portal as a result of a perceived cyber attack.
On December 29, IOTA investors could not confirm their transactions for a whole day because of a mainnet issue. The problem was linked to an attack, which led to unusual sets of transactions. After the attack, the IOTA foundation revealed that the problem was not because of any software update or component change within the network. According to him, the problem is a result of external interference.