Cardano Nodes Undergoing Upgrade to Boost Security After DDoS Attack
Jun. 26, 2024.
2 mins. read.
1 Interactions
Cardano developers are upgrading nodes after a failed DDoS attack on June 25 aimed to exploit transaction fees and steal staked ADA. Prompt action by the community ensured network security.
Following a Distributed Denial of Service (DDoS) attack, Cardano blockchain developers are implementing a node upgrade to bolster security against similar future threats. This move comes after the network withstood an attempt on June 25 to manipulate transaction fees and steal staked ADA tokens, which ultimately failed due to prompt action by the developer community.
The attack commenced at block 10,487,530. According to Raul Antonio, CTO of Fluid Tokens, the attackers aimed to exploit a vulnerability related to the transaction fee mechanism. “They attempted to use the size of reference scripts, which doesn’t currently affect transaction fees, to reduce costs for high-value transactions,” Antonio explained. Despite their efforts, the blockchain’s security measures held firm.
Philip Disarro, founder and CEO of Anastasia Labs, shared insights on the attackers’ failed strategy. “The size of reference scripts doesn’t impact the transaction fee, but it does increase the workload for validators. This was their angle,” said Disarro. He revealed that the community quickly recovered the stolen ADA, thwarting the attackers’ plans. Disarro quipped about the unsuccessful attempt, “Thanks for the free money, moron. It’s ironic that their effort to harm the ecosystem ended up benefiting our open-source development.”
Following the attack, Intersect, a member-based organization within the Cardano ecosystem, acknowledged the incident. They praised the developers’ swift action preventing any serious damage to the network. “Although the network remained secure and operational, the load increased significantly, affecting some stake pool operators,” a representative from Intersect stated. They confirmed that a thoroughly tested solution will soon be available for stake pool operators to enhance their systems.
The developer community remains vigilant, continuing to improve the blockchain’s defenses. Disarro emphasized the importance of careful deployment: “Rushing to implement changes without adequate testing and independent audits can expose you to risks, much like the attacker experienced.” As the Cardano network moves past this incident, the focus remains on fortifying its infrastructure against potential future attacks.
1 Comments
One thought on “Cardano Nodes Undergoing Upgrade to Boost Security After DDoS Attack”
A few corrections / clarifications:
The attacker was not trying to steal staked ADA. There is no way to attack staked ADAs any more than unstaked ones. Staking on Cardano does not mean sending them to a smart contract or ‘locking into the protocol’ in any way. Delegation to stakepool(s) is done by signing an on-chain certificate. ADAs stay in the user’s wallet completely liquid, indistinguishable from unstaked coins secured by the private keys controlled by the owner. Staking is not a transaction of coins.
The purpose of the attack was to halt the chain by using a script that fills a maximal amount of block space with minimal costs. The failure of the attack was not “due to prompt action by the developer community”. Protocols from Ouroboros family are designed to function under high loads. The only harm that can follow is that transaction settlement times increase.
What happened was that Philip from Anastasia Labs realized how it is possible to drain funds by from the attacker’s badly written contract he was using for the attack. So after realizing he is losing funds he stopped. That was the fastest way to stop it immediately although the problem of reference script and cost relation probably has a fix today as well.
Thus, there was not any “recovering of the stolen ADA” as no-one except the attacker lost a single coin in the first place. When they say that the attacker “ended-up funding the open source development” they refer to two things. First, there is the fact that a portion of all the transaction fees goes to Cardano protocol’s decentralized treasury. Secondly, Anastasia Labs who received funds from the attacker develops open-source software on Cardano.
Cheers 🙂
🟨 😴 😡 ❌ 🤮 💩