Hackers Exploited Parity Node Bug to Attack Ethereum Network December 30th

Parity nodes on the Ethereum cryptocurrency network stopped syncing December 30th after sustaining an apparent attack.

Parity Technologies acknowledged the attack in an announcement December 31st:

“We have investigated reports of some Parity Ethereum nodes not syncing and believe there may be an attack underway.”

Node maintainers are asked to update their software immediately.

“Nodes” in cryptocurrency networks maintain and ensure the integrity of copies of the network’s transaction ledger.

Parity says the Parity Ethereum node software, which allows people running it to maintain copies of Ethereum ledger, is “the most advanced Ethereum client.”

This particular attack was “simple,” cryptocurrency security consultant Sergio Damian Lerner claimed on Twitter:

Developer Liam Aharon said the attack was considerable and patching slow to occur:

“A good proportion of Parity Ethereum nodes literally lost sync with the network. A patch was released 14 hours after the attack was reported, but many nodes still need to upgrade.”

He also claimed the entire Ethereum network may be put at risk when Parity Ethereum delegates maintenance to a “DAO” (“Decentralized Autonomous Organization,” a voluntary affiliation of developers) in the near future.

According to Cointelgraph, last May, researchers disclosed “a critical security flaw” in the software run by Ethereum nodes:

“In May, global hacking research collective SRLabs claimed that only two-thirds of the Ethereum client software that ran on Ethereum nodes had been patched against a critical security flaw discovered earlier this year. The data reportedly indicated that unpatched Parity nodes comprised 15% of all scanned nodes — implying that 15% of all Ethereum nodes were vulnerable to a potential 51% attack.”

Aharon tweeted that the recent attack focussed particularly on Parity nodes. “The attack exploited a bug in a popular Ethereum node implementation called Parity Ethereum. Vulnerable nodes were sent data tricking them into thinking a valid block was invalid,” he wrote.


Sponsored Links by DQ Promote



Send this to a friend