Parity nodes on the Ethereum cryptocurrency network stopped syncing December 30th after sustaining an apparent attack.
“We have investigated reports of some Parity Ethereum nodes not syncing and believe there may be an attack underway.”
Node maintainers are asked to update their software immediately.
“Nodes” in cryptocurrency networks maintain and ensure the integrity of copies of the network’s transaction ledger.
Parity says the Parity Ethereum node software, which allows people running it to maintain copies of Ethereum ledger, is “the most advanced Ethereum client.”
This particular attack was “simple,” cryptocurrency security consultant Sergio Damian Lerner claimed on Twitter:
The attack is simple: you send to a Parity node a block with invalid transactions, but valid header (borrowed from another block)
The node will mark the block header as invalid and ban this block header forever but the header is still valid.
— Sergio Demian Lerner (@SDLerner) December 31, 2019
Developer Liam Aharon said the attack was considerable and patching slow to occur:
“A good proportion of Parity Ethereum nodes literally lost sync with the network. A patch was released 14 hours after the attack was reported, but many nodes still need to upgrade.”
He also claimed the entire Ethereum network may be put at risk when Parity Ethereum delegates maintenance to a “DAO” (“Decentralized Autonomous Organization,” a voluntary affiliation of developers) in the near future.
“In May, global hacking research collective SRLabs claimed that only two-thirds of the Ethereum client software that ran on Ethereum nodes had been patched against a critical security flaw discovered earlier this year. The data reportedly indicated that unpatched Parity nodes comprised 15% of all scanned nodes — implying that 15% of all Ethereum nodes were vulnerable to a potential 51% attack.”
Aharon tweeted that the recent attack focussed particularly on Parity nodes. “The attack exploited a bug in a popular Ethereum node implementation called Parity Ethereum. Vulnerable nodes were sent data tricking them into thinking a valid block was invalid,” he wrote.