Go Ethereum error warning leads to attack

A critical flaw was detected in the 1.10.7 (and earlier) version of Geth, the Ethereum client also known as Go Ethereum. 

The bug warning wasn’t an incentive enough to update

According to CoinGape, the exploit endangered over 50% of Ethereum nodes running the old version of the client that missed the update released on August 24th. As a result, the entire blockchain was forced to undergo an unplanned hard fork that split the network in half. 74% of the nodes used Geth, of which about 73% had an older version installed. Meaning, about 54% of the nodes were in danger. 

The vulnerability was spotted on August 18th. Péter Szilágyi, leader of the Geth team, assured that the vector of the attack would be revealed soon. 

PSA: On Tuesday Aug 24th, Geth will issue a hotfix to a high severity security issue. Please make any necessary preparations to upgrade to the upcoming release (v.1.10.8). #ethereum #geth

— Go Ethereum (@go_ethereum) August 18, 2021

Although the team didn’t disclose any specific information about the flaw, it still somehow found its way into the attacker’s hands. Despite the many warnings given by the team, only 30% of the users updated their clients to the latest version, making most of the current user base susceptible to the attack. 

The nature and the impact of the attack 

The developers think that warning the users was a mistake. They say it was the warning that ultimately drove the hacker to take advantage of the exploit. 

The Twitter user Good Guy Biker gave a detailed description of the exploit and explained the nature of the attack.

The vulnerability set two Ethereum chains running in parallel. The update was able to fix the issue for one of the chains, leaving the other one unprotected. 

As promised here is a breakdown on the current ongoing exploit of the gETH network. Attack contract here https://t.co/aDazyM2WaK

Using STATICCALL the recompiled contract to execute RunPrecompiledContract function. The contract returns the 0x4 smart contract reference of … pic.twitter.com/lQtST36NqQ

— Good Guy Biker – Vancouver BC Canada (@SpillyGuy) August 28, 2021

The Ethereum team has faced similar issues before. In November 2020, the network failed to announce a potential danger in the network’s workflow, causing great discontent among its validators. This time around, they did warn the users, only to face more issues afterwards. 

The big takeaway is that all users should be more heedful of security warnings. After all, it’s in everyone’s best interest. 

Recevez un condensé de l’actualité dans le monde des cryptomonnaies en vous abonnant à notre nouveau service de newsletter quotidienne et hebdomadaire pour ne rien manquer de l’essentiel Cointribune !