Cardano Developers to Release Node Upgrade Following Failed DDoS Attack
Following a failed DDoS attack on the Cardano blockchain on June 25, developers are set to release a node upgrade to enhance security and prevent similar future attacks.
The swift response from the Cardano community kept the network operational and saved Cardano from a potentially big disaster.
Failed Cardano DDoS attack Prompts Node Upgrade
The Cardano network experienced an attempted DDoS attack beginning at block 10,487,530. Raul Antonio, chief technology officer of Fluid Tokens, explained that the attack tried to manipulate the blockchain into charging lower fees for high-value transactions.
A distributed denial-of-service (DDoS) attack involves overwhelming a target, such as a server or a blockchain network, with a flood of internet traffic to disrupt normal operations. The attacker uses multiple compromised systems to generate massive fake traffic, causing the target system to become slow or entirely unavailable to legitimate users.
On Block 10,487,530, an attack on the Cardano network began.
🐛 Each transaction executes 194 smart contracts.
🐛 The attacker is spending 0.9 ADA per transaction.
🐛 They are filling each block with many of these transactions.
🐛 The smart contracts used are of type REWARD.In… pic.twitter.com/QUVm0pq0Q8
— elraulito (@ElRaulito_cnft) June 25, 2024
The attack caused each transaction to execute 194 smart contracts, with the attacker spending 0.9 ADA per transaction.
They filled each block with numerous transactions, using REWARD-type smart contracts to send large transactions while spending the least possible amount. Despite the attacker’s efforts, the DDoS attack did not achieve its intended goal and failed to move any stolen funds.
Additionally, if successful, the attacker could have stolen staked Cardano tokens from the network.
“The idea behind this attack is to take advantage of the fact that the size of reference scripts currently does not impact the transaction fee, but it does impact the work that validators have to do to process the transaction,” Anastasia Labs founder and CEO Philip Disarro said.
Update: DDOSer halted his attack after reading my tweet in an effort to protect his funds. Alas, they were too late and the pillaging of their funds is already in progress.
Thanks for the free money moron.
Truly iconic that the attacker who presumably wanted to damage the…
— phil (@phil_uplc) June 25, 2024
Disarro and other Cardano developers outsmarted the attacker, reclaiming the stolen ADA tokens and stopping the DDoS attack.
The attacker eventually halted the attack and failed to move any stolen funds.
“Thanks for the free money, moron,” Disarro commented. “Truly iconic that the attacker who presumably wanted to damage the ecosystem actually ended up donating to the open-source smart contract development work we do.”
Cardano Blockchain Will Upgrade To Minimize Attacks
“If you rush to deploy something to production without thorough testing and a high-quality, independent audit, you might wind up losing a lot of money to vulnerabilities just like the attacker did,” he said.
Intersect, a member-based organization for the Cardano ecosystem, confirmed the attack and thanked the developer community for their swift resolution.
Update on the spam attack attempted today ⬇️
We want to thank the community for quickly mobilizing to help support us in identifying the source of today’s spam attack on the Cardano mainnet. To complement the community effort to resolve the issue, we have coordinated a technical…
— Intersect (@IntersectMBO) June 25, 2024
Although the Cardano network was not compromised and continued to function normally, Intersect noted that “the network has experienced a higher load than normal, and some stake pool operators (SPOs) have been negatively affected due to an intensification in block height battles.”
Intersect assured that “once a solution has been properly tested and deployed, we will share the new node version for SPOs to upgrade to.”
The Intersect task force is collaborating to identify and test a solution to minimize the impact of such spam attacks further.
Unfortunately, Cardano is not the first blockchain to have experienced a DDoS attack in 2024. In January, layer-2 blockchain Manta Network suffered a DDoS attack shortly after successfully listing its Manta token on multiple exchanges. The attack caused the blockchain’s nodes to experience over 135 million remote procedure call (RPC) requests.
