- Ethereum might be under an impending attack, the core developer team says.
- This is coming on the heels of a malfunction by a number of Parity based nodes which failed to sync to the main chain.
- Parity is the preferred Ethereum node client mainly because of its speed, and holds 20% of all Ethereum nodes.
Although not all of the nodes were affected by the malfunction, the core team has sent a word of caution to Parity users to upgrade to a newer version of the client to prepare for the possible attack. In an official statement by parity confirming the incident also encourages even nodes that are not affected to upgrade.
We have investigated reports of some Parity Ethereum nodes not syncing and believe there may be an attack underway. New releases v2.6.8-beta & v2.5.13-stable protect against this. Download the update here.
Please update your nodes to the newest version ASAP, whether or not you may be experiencing issues.
Why an attack may be underway
Parity Ethereum client users have had similar experiences in the past which pointed to an attack. Early this year, a report was published by the company saying a node attack vector was discovered which could attack older versions of the client. According to the report, an attacker could send RPC requests to these nodes and they will crash. At the time, an upgrade was suggested just like it is suggested now.
Similarly in August, the same “RPC Call” Bug in Parity clients. The vulnerability which was discovered by blockchain analytics firm Amberdata, attacks nodes that have their
Parity [RPC] port exposed and who also have the tracing module enabled on their system,
according to Scott Bigelow, an official at the firm.
Failure to sync by some Parity nodes at this time therefore may also be pointing to another attempt to attack those nodes. The attack vector discovered in February targeted nodes that serve JSONRPC as a public service, attacks are for nodes with specific characteristics which may explain why not all nodes have been affected.
Parity on its way down?
The incessant problems with Parity Ethereum clients as opposed to other clients such as Geth is worrisome and starting to tell on its patronage. As reported in August that it was connecting 3,000 nodes to the mainnet but the current statistics reveal it only has about half the number of nodes. Most of these nodes have moved to Geth despite the speed and advanced features that the latter possesses.
If something is not done on the safety of nodes using the client, it may just be a matter of time before it loses all its nodes to Geth. Some major companies that depend heavily on the client were already considering migrating in 2020 and with this latest panic, 2020 may be a bad one for Parity.
One further reason for migration to other ETH clients could be the announcement that Parity will migrate its code base to a DAO ownership and maintenance model. The Parity team explained a few weeks ago that they are already having trouble finding resources just to maintain the project. Furthermore, they intend to concentrate on their most recent project, Polkadot.
The price of Ethereum is moving sideways (-1.80%) and is trading at 132,47 USD.