TLDR
- The Cardano blockchain experienced a failed DDoS attack on June 25, 2024.
- The attack started at block 10,487,530 and aimed to manipulate transaction fees and potentially steal staked ADA tokens.
- Developers quickly responded, preventing theft and stopping the attack.
- A node upgrade is now underway to enhance security against similar future attacks.
- The network experienced higher than normal load, affecting some stake pool operators.
On June 25, 2024, the Cardano blockchain faced a distributed denial-of-service (DDoS) attack, prompting developers to initiate a node upgrade to bolster the network’s defenses. The attack, which began at block 10,487,530, attempted to exploit vulnerabilities in the blockchain’s transaction fee calculations but was ultimately unsuccessful.
Raul Antonio, Chief Technology Officer of Fluid Tokens, explained that the attacker’s goal was twofold: to manipulate the Cardano blockchain into charging lower fees for high-value transactions and potentially steal staked ADA tokens from the network. This strategy aimed to take advantage of a peculiarity in how Cardano processes certain transactions.
Philip Disarro, founder and CEO of Anastasia Labs, provided more detail on the attack’s mechanism. “The idea behind this attack is to take advantage of the fact that the size of reference scripts currently does not impact the transaction fee, but it does impact the work that validators have to do to process the transaction,” Disarro explained.
However, the Cardano developer community quickly recognized and responded to the threat. Disarro, along with other developers, managed to outsmart the attacker, preventing the theft of ADA tokens and effectively halting the DDoS attack. In an ironic twist, Disarro noted that the attacker’s actions inadvertently resulted in a donation to open-source smart contract development work.
On Block 10,487,530, an attack on the Cardano network began.
???? Each transaction executes 194 smart contracts.
???? The attacker is spending 0.9 ADA per transaction.
???? They are filling each block with many of these transactions.
???? The smart contracts used are of type REWARD.In… pic.twitter.com/QUVm0pq0Q8
— elraulito (@ElRaulito_cnft) June 25, 2024
The swift response from the developer community meant that the Cardano network was not compromised and continued to function normally.
However, Intersect, a member-based organization for the Cardano ecosystem, reported that the network experienced higher than normal load during the attack. Some stake pool operators (SPOs) were negatively affected due to an increase in block height battles.
In response to this incident, Cardano developers are now working on a node upgrade to enhance the network’s security against similar future attacks. Intersect announced that once a solution has been properly tested and deployed, they will share the new node version for SPOs to upgrade to. The Intersect task force is collaborating to identify and test solutions that will minimize the impact of such spam attacks in the future.
This incident highlights the ongoing challenges faced by blockchain networks in maintaining security and stability. It also demonstrates the importance of having a responsive and skilled developer community that can quickly address emerging threats.
Disarro emphasized the importance of thorough testing and high-quality, independent audits before deploying changes to production environments.
“If you rush to deploy something to production without thorough testing and a high-quality, independent audit, you might wind up losing a lot of money to vulnerabilities just like the attacker did,” he cautioned.
For Cardano users and investors, this incident may provide reassurance about the network’s resilience and the capability of its developer community.