Ethereum Spam Attacks Are Back – This Time on the Test Network
Ethereum Spam Attacks Are Back – This Time on the Test Network
Ethereum is under attack again.
Following denial of service attacks on the ethereum network last year, which were stopped with a pair of forks in which all miners upgraded to a network with new rules, an attacker has picked an easier target to spam: Ropsten, the ethereum testing network.
Similar to the main network, save a few details, the testnet is a network where developers can test their decentralized apps, or “dapps,” to simulate what would happen on the main network and determine if their dapps are working properly.
Since January, an anonymous miner has been clogging the network with spam to such a degree that it’s hard for developers to send transactions and smart contracts on the main testing arena.
If they try, it often takes much longer than normal.
The address of the attacker is the same as the one associated with an earlier fork of the test network, according to software developer Ricardo Guilherme Schmidt, who’s been following actions associated with the address.
At least a few developers and executives at the Enterprise Ethereum Alliance launch event in Brooklyn argued that one reason they chose to work with ethereum was because it’s a more heavily tested platform. Ironically, one of ethereum’s key testing tools has been effectively out of service for more than a month.
As the miner’s identity is unknown, users have merely speculated as to why he or she (or they) are clogging the network with spam. They may be trying to prove a security-related point or may be simply trolling.
Many ethereum apps are only available for use on the testnet right now. As a result, developers behind apps like uPort and Status have mentioned testing app delays. Etheroll temporarily closed down the testnet option.
Gnosis CTO Stefan George told CoinDesk:
”For us developers this is a big issue, as integrations between different dapps can only easily be tested in a shared test network. We are currently building a Twitterbot for Gnosis using uPort, but cannot test it properly because of this attack.”
George added that this means that developers are restricted to local testnets or the test-rpc client to test applications. With these limited testing environments, it’s harder to test how dapps interact with each other. For that, developers need a global test network, like Ropsten.
However, George argues that there is an easy solution to this: whitelisting which miners can participate on the test network.
There would be no disadvantages to this approach, according to George. The whitelisted mining group could be composed of big ethereum organizations, say, Ethereum Foundation and ConsenSys, maintaining the network.
Anatomy of the attacks
So, what is the attacker doing, exactly?
Like the main network, the ethereum test network is maintained by miners. The difference is that, the miners maintaining it don’t have an incentive to use more powerful hardware, because the tokens are worthless – they’re just used for testing transactions.
This particular miner is using a GPU, a computer that is much more powerful than other miners on the network, to mine, which is odd, because the miner doesn’t incentive to do so.
“There was hardly anyone mining on Ropsten, as it is just for testing. The attacker could easily get the mining majority,” George said.
On the testnet, it’s easy to either mine the tokens yourself, using the Ethereum Wallet, for example. Or, testers can obtain free tokens from so-called ‘faucets’.
The attacker is doing several things: on the one hand, they’re mining most of the blocks and obtaining the rewards, so other miners can’t, and they have used one or more contracts to drain at least one faucet of its free ether. Therefore, it’s making it more difficult for app developers to obtain test ether with which they can conduct test transactions.
Secondly, because it’s mining with relatively high computing power, the miner has been able to raise the maximum amount of computational processing power allowed in each block (the ‘gas limit’) to 2GB, and is filling them with spammy transactions.
“He also deployed a contract [like] block.gaslimit or msg.gas to loop a spam in the network with max gas possible,” Schmidt said.
Put another way, the miner is hogging the transaction bandwidth so that other users struggle to use it.
The ongoing spamming is reminiscent of last year’s attacks, which slowed down transactions and smart contracts on the ethereum network for months.
The difference, of course, is this attack doesn’t affect the main ethereum network.
Decentralized applications deployed on the main network are working fine. Ethlance director of operations Joseph Urgo noted that his platform is unaffected by the attack, for example.
If the attacker were to carry out the same attack on the main network, he or she wouldn’t have much success.
The attacker spent an estimated $120 to spam the network up until last Sunday. Based on rough calculations by ethereum inventor Vitalik Buterin, it would take $4.5m to have the same effect on the main network.
“So all in all, not much cheaper than a 51% attack.”
Article Source: http://www.coindesk.com
The Takeaway Ethereum is soon to abandon bitcoin-style proof-of-work (PoS) mining in favor of a long-in-development alternative system called proof-of-stake …
May 8, 2019 7:15 am | Jit Sutradhar
The team behind ethereum’s most popular user client have released a new update that includes support for alternative consensus systems. …
April 17, 2017 9:11 pm | Jit Sutradhar
Instances of cryptojacking malware have jumped more than 400 percent since last year, a new report finds. A collaborative group …
September 22, 2018 2:37 pm | Jit Sutradhar
Privacy coin zcash is gearing up for a major upgrade with the first release of network software compatible with its …
August 18, 2018 10:52 am | Jit Sutradhar
- Staking Isn’t Just a Way to Earn Crypto Money – And It Shouldn’t Be
June 22, 2019 9:30 AM | By Jit Sutradhar
- Above $300: Ether Price Clocks 10-Month High
June 22, 2019 5:32 AM | By Jit Sutradhar
- Bitcoin Price Tops $10K for First Time Since 2018
June 21, 2019 11:55 PM | By Jit Sutradhar
- ‘Don’t Hold Your Breath:’ Australia’s Central Bank Chief Bearish On Libra
June 21, 2019 10:00 PM | By Jit Sutradhar