Ethereum’s Constantinople Hard Fork Delayed Due to Discovery of Critical Bug, ETH Price Drops Over 7%

Siamak Masnavi

On Tuesday (January 15th), Zurich-based blockchain security firm ChainSecurity announced that it had discovered a critical bug in Ethereum's code changes for the Constantinople upgrade that could leave some smart contracts vulnerable to attacks that could lead to loss of user funds. This means that the Constantinople hard fork, which was expected to be activated around 20:00 PT on January 16th (i.e. 04:00 UTC on January 17th) at block number 7,080,000, has had to be delayed.

ChainSecurity offers three types of services:

  • smart contract audits (based on its "proprietary audit platform");
  • a secuity audit platform (a set of "automated tools for developers and auditors" -- this takes a smart contract and its formal specification as inputs and produces a security report as the output; and
  • security monitoring ("ideal for exchanges and response teams") -- this type of monitoring "inspects smart contracts on-chain to ensure compliance and absence of security exploits".

ChainSecurity's Medium blog post, which was published around 16:00 UTC on January 15th, was titled "Constantinople enables new Reentrancy Attack." Here is the summary of the critical vulnerability that ChainSecurity had discovered:

"The upcoming Constantinople Upgrade for the ethereum network introduces cheaper gas cost for certain SSTORE operations. As an unwanted side effect, this enables reentrancy attacks when using address.transfer(...) or address.send(...) in Solidity smart contracts. Previously these functions were considered reentrancy-safe, which they aren’t any longer."

So, basically, ChainSecurity was saying that the implementation of one of the Constantinople's five main changes, Ethereum Improvement Proposal (EIP) 1283 contained a critical bug. This discovery led to Ethereum's core developers, as well as other key stakeholders such as Ethereum creator Vitalik Buterin, speaking via Zoom audio call and agreeing to delay the hard fork while they studied this issue, with a further meeting scheduled for this Friday to decide on a new fork date.

This is how the Ethereum Foundation announced (at 21:45 on January 15th) the news about the postponement of the Constantinople hard fork:

Ethereum Foundation's blog post had this avice for anyone running a node:

"Out of an abundance of caution, key stakeholders around the Ethereum community have determined that the best course of action will be to delay the planned Constantinople fork that would have occurred at block 7,080,000 on January 16, 2019. This will require anyone running a node (node operators, exchanges, miners, wallet services, etc…) to update to a new version of Geth or Parity before block 7,080,000. Block 7,080,000 will occur in approximately 32 hours from the time of this publishing or at approximately January 16, 8:00pm PT / January 16, 11:00pm ET / January 17, 4:00am GMT."

This blog post pointed out that "if you are a person who simply interacts with Ethereum (you do not run a node), you do not need to do anything." This includes smart contract owners (since "the change that would introduce this potential vulnerability will not be enabled").

As for those running an Ethereum node, it advised them to update their "Geth and/or Parity instances when they are released." (These new releases should become available by around 02:00 UTC on January 16th.)

At press time, according to CryptoCompare, ETH is trading at $120.15, down 7.31% in the past 24-hour period.

Featured Image Credit: Photo via Pexels.com

FBI Arrests Russian Rapper for Crypto Laundering After Flaunting Wealth on Instagram

  • The FBI arrested Russian rapper Maxim Boyko on charges related to cryptocurrency laundering.
  • Authorities say Boyko, who has ties to now-defunct exchange BTC-e, was flaunting "substantial" sums of money on social media.

The Federal Burea of Investigation (FBI) has arrested a Russian rapper in the United States on charges of cryptocurrency laundering. 

According to a report by The Moscow Times, authorities arrested Maxim Boyko, 29, in a Miami condo on Friday. Boyko first came to the US with his wife and January and told customs agents his earnings came from bitcoin investments and rental properties in Russa. Boyko also operated several social media pages promoting himself as a rap artist under the alias Plinoffiical. 

The report claims Boyko’s Instagram page showed him flashing large sums of money, giving authorities a tip-off. 

In a request for an arrest warrant on Mar. 27, an FBI agent wrote, 

[Boyko’s] Instagram social media and Apple iCloud accounts include photographs of him with substantial sums of U.S. and foreign currencies dating back as far as 2015.

Authorities were able to trace the Russian rapper’s iCloud account to now-defunct crypto exchange BTC-e. According to the report, Boyko’s account had received almost $388,000 and withdrawn 136 bitcoin until the exchange was seized by authorities in mid-2017. 

The FBI alleges that Boyko is linked to an organized crime group by the name QQAAZZ which has facilitated the theft of “tens of millions of dollars.”

Boyko faces up to 10 years in prison if convicted. 

Featured Image Credit: Photo via Pixabay.com