Some Parity Ethereum Nodes Not Syncing, Parity Suspects an Attack

Various users have been reporting Ethereum nodes running on Parity Technologies’ ETH Client have been “randomly falling out of sync.” After investigation the issue, Parity issued an emergency fix warning an attack may be underway.

According to blockchain services firm Bitfly, multiple reports pointed out nodes using Parity seemingly simply stopped synchronizing with the Ethereum mainnet. Responding to Bitfly’s tweet one user confirmed his nodes stopped syncing, but restarting Parity seemed to be a temporary fix.

The issue seems to have first been spotted on mainnet block 11355 after GitHub user Peter Prascher revealed on the platform his client would stop syncing and only resumed after a restart, showing errors when it wasn’t keeping up with the Ethereum blockchain.

Parity Technologies reacted to the reports revealing that after investigating them, it found “there may be an attack underway.” In response it issued a new release.

The organization has urged all of its users to update to the newest version as soon as possible, whether or not they’re experiencing issues with their Ethereum nodes. Shortly after ETC Cooperative asked Ethereum Classic Parity node operators to upgrade as well, adding the vulnerability also affected the cryptocurrency.

ETC Cooperative later explained how the attack worked:

The attack used a cache poisoning vulnerability, where a carefully crafted invalid block could stall the Parity-Ethereum client. MultiGeth and Hyperledger Besu are not vulnerable.

The attack came shortly before the Ethereum network is set to undergo a scheduled hard fork, dubbed “Muir Glacier.” The update has been scheduled for block number 9,200,000, which is expected to occur on January 1, 2020.

The hard fork will delay the planned increase of Ethereum’s mining difficulty, dubbed the “Ice Age” by an estimated 611 days. The goal is to prepare for the cryptocurrency’s transition from a Proof-of-Work (PoW) consensus algorithm to a Proof-of-Stake (PoS) consensus algorithm.

Featured Image Credit: Photo via Pixabay.com

Weekly Newsletter

Attacker Exploits Defi Protocol to Make $360,000 in a Single Transaction

Francisco Memoria

Ab attacker has managed to exploit the decentralized finance (DeFi) protocol bZx to make over $360,000 worth of profit in a single transaction through what’s known as flash loan.

Using a decentralized trading platform dYdX, a hacker borrowed 10,000 ETH, currently worth around $2.5 million, and then sent half of it to decentralized finance lending platform Compound, and half to decentralized trading platform bZx.

Using the funds on Compound, it borrowed 112 wrapped bitcoin tokens (wBTC), ERC-20 tokens backed 1:1 by bitcoin. Using the half on bZx, the hacker entered a short position for 112 wBTC. He then sent the 112 wBTC it got from Compound to another trading platform, Uniswap, in a move that lowered the price of the tokens which made the short sale profitable.

The hacker then repaid his loan to dYdX and kept the profit from the short sale, 1,300 ether that were then worth $360,000. All of this was made in a single transaction that cost around $8 worth of transaction fees.

single transactionSource: Etherscan

The attack was pulled in a single transaction through what’s known as a flash loan. Essentially, the attacker borrowed 10,000 ETH without any collateral as he borrowed the funds in the same transition that paid them back. Through a smart contract, it was possible to pull the transaction.

Using the exploit, the hacker made over 1,000 ETH in profit and cost the bZx protocol over $620,000 in equity. bZx has made it clear users won’t suffer from the loss as it will compensate them. Those behind the project are set to release a detailed analysis at 5pm MST.

Data from DeFi Pulse shows that investors quickly started withdrawing from bZx right after the incident occurred, but started regaining confidence as soon as the project addressed the issue and clarified they wouldn’t be socializing the loss.

Featured image via Pixabay.