Ethereum has skirted through what could possibly be a catastrophic event, after the main Ethereum blockchain was forced to split due to the severity of a known bug. The bug was found in the Geth software - which is deployed by around 75% of all user on the Ethereum network. Geth is mostly used as a mining node for Ether, and enables the creation of software that runs atop the Ethereum blockchain.
The Ethereum Foundation security lead, Martin Swende, said that "A consensus bug hit #ethereum mainnet today, exploiting the consensus-bug that was fixed in geth v1.10.8. Fortunately, most miners were already updated, and the correct chain is also the longest (canon).” This means that the Ethereum network is safe - but that users making transactions in the outdated sidechain might see them being reversed when they finally update Geth and are brought back into the main chain and its different history of transactions.
The bug was already known for the developers, which prompted them to push an update to Geth. Version v1.10.8 had already been launched before the bug was ever exploited - the developers released the update absent of any documentation, indicating only that it fixed a critical security flaw. However, as is always the case in these matters, the mere indication that a severe security flaw was available in previous versions of Geth could motivate bad actors to pore over the code update so as to determine where and how the bug could be exploited. Despite the developers' best efforts, and calls for users to update Geth to the latest version, around 73% of Geth-powered nodes still haven't been updated today - which means its users are left in an Ethereum side-chain that will eventually lead to nowhere.
A chain split is one of the most devastating attacks a blockchain can suffer - and throws the security and impervious block history down the proverbial drain. Controlling over 51% of Ethereum's nodes would allow an attacker to overwrite transactions already written to the blockchain, claiming that their version was the correct one over those already inscribed. This would allow them to revert transactions or even change the destination address of existing ones - to a wallet or series of wallets controlled by the attacker, for instance. Of course, when the grandfather blockchain, Ethereum, is vulnerable, that means that all other chains sitting atop it - such as Binance or Polygon, to name a few - are also theoretically made vulnerable. Due to users not updating their Geth software to the latest version, around 54% of total Ethereum nodes were thus vulnerable - above the 51% required to enable a concerted attack and eventual chain split. However, there is a final level of security - the longest chain is typically considered to be the "canon" one, in case of a split. This is why those users in the previous version of Geth aren't now a part of the Ethereum main chain.
So, if you're running Geth - update your software, and return to the fold.
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
Francisco Pires is a freelance news writer for Tom's Hardware with a soft side for quantum computing.
Chain splits must be loads of fun for the whole family if you happen to be on either side of a non-trivial transaction when it happens.Reply