Ethereum blockchain was attacked by a malicious actor on Tuesday, September 14, but the chain was able to repel the attack after some nodes were affected.
According to a Twitter thread by Marius Van Der Wijden, an Ethereum developer and Go Ethereum client developer, on Tuesday, September 14, an attacker attacked the main Ethereum blockchain by publishing about 550 fake blocks in a side chain with invalid Proof-of-Work (PoW). The majority of the nodes rejected this long chain, seeing that the proofs of work were invalid.
However, some nodes using Nethermind, an Ethereum client, were tricked as they switched to this fake chain.
Someone unsuccessfully tried to attack #ethereum today by publishing a long (~550) blocks which contained invalid pow's. Only a small percentage of @nethermindeth nodes switched to this invalid chain. All other clients rejected the long sidechain as invalid
— MariusVanDerWijden (@vdWijden) September 14, 2021
Marius’ Tweet reads:
“Someone unsuccessfully tried to attack #ethereum today by publishing a long (~550) block which contained invalid pow’s. Only a small percentage of @nethermindeth nodes switched to this invalid chain. All other clients rejected the long sidechain as invalid.”
The attack was repelled thanks to this diverse ecosystem of Ethereum clients because if all nodes were using the same Nethermind POW client, the consequences would have been more damaging. After this, the main blockchain overtook the length of the alternative blockchain version with the fake blocks. The developer wrote:
“The chain has been overtaken in length by the good chain now and should be overtaken in difficulty soon. Also looks like the attacker is not mining further on his published invalid chain. Another great demonstration of how client diversity makes #ethereum stronger.”
A little later, the fake chain was also overtaken by the original chain in difficulty and all the affected nodes moved back onto the main blockchain.
Some hours later, Nethermind announced that all nodes had been recovered except one. The announcement reads:
The affected archive nodes has been recovered. Most of our fast sync nodes were not affected but one did not managed to reorg due to pruning. Our team has already applied a fix for future attacks:https://t.co/Q2ZykFsEX9 https://t.co/DZED6inEbc
— Nethermind (@nethermindeth) September 14, 2021
“The affected archive nodes have been recovered. Most of our fast sync nodes were not affected but one did not manage to reorg due to pruning. Our team has already applied a fix for future attacks.”
Furthermore, the Nethermind team also released the latest version of its Ethereum client with fixes to prevent future attacks. According to Ethernodes, 57 or 1.60% out of total 3564 nodes use Nethermind client and about 20 nodes or 0.8% of the total network were affected by the attack.
In responding to a question demanding an explanation about Nethermind clients accepting these invalid PoW blocks, Tomasz Stańczak, founder of Nethermind, said that a public statement about the incident would be forthcoming.
Anybody working on security, please DM, otherwise we will provide more details publicly later.
— Tomasz K. Stańczak (@tkstanczak) September 14, 2021