TLDR
- On June 25, 2024, the Cardano blockchain was subjected to a failed DDoS attack.
- The attack initiated at block 10,487,530, with the intention of manipulating transaction fees and possibly pilfering staked ADA tokens.
- Swift action from developers thwarted the attack and averted token theft.
- Efforts are underway for a node upgrade aimed at fortifying defenses against future attacks of this nature.
- During the attack, some stake pool operators encountered performance impacts due to heightened network traffic.
On June 25, 2024, the Cardano blockchain The blockchain endured a distributed denial-of-service incident. , prompting developers to consider a node upgrade to strengthen the network against potential vulnerabilities. The attack, beginning at block 10,487,530, sought to exploit transaction fee loopholes in the blockchain but ultimately failed.
Raul Antonio, the CTO of Fluid Tokens, shed light on the attack, describing a twofold objective: to trick the system into lower transaction fees for high-value operations and to steal staked ADA tokens. The attackers leveraged a quirk in the transaction processing of Cardano.
Philip Disarro, founder and CEO of Anastasia Labs, delved into the mechanics of the attack, explaining, 'The attacker took advantage of the fact that reference script sizes don't affect fees, though they do increase processing work for validators.'
However, the Cardano developer community quickly recognized the threat and countered it adeptly. Disarro and other developers outwitted the attacker, safeguarding ADA tokens and halting the DDoS attempts. Ironically, the attack resulted in unexpected contributions to open-source smart contract projects.
The attack on Cardano's network began at block 10,487,530.
???? Each transaction executed involved 194 smart contracts.
???? Every attack transaction cost the hacker 0.9 ADA.
???? The attack strategy was to inundate each block with many transactions.
???? The utilized smart contracts were of the REWARD type.In… pic.twitter.com/QUVm0pq0Q8
— elraulito (@ElRaulito_cnft) June 25, 2024
Thanks to the rapid developer response, Cardano's network integrity remained intact, with operations proceeding smoothly.
Nevertheless, Intersect, an organization with a member-based structure for the Cardano ecosystem , noted unusual network load changes during the attack, which created challenges for some stake pool operators due to increasing block height conflicts.
In the aftermath, Cardano's developer team is actively engaged in a node upgrade to heighten the network's resistance to future similar attacks. Intersect indicated that the new node version would be available for SPOs post extensive testing and deployment validation. A coordinated task force is working to develop and test solutions that will mitigate the impact of such spam attacks going forward.
This incident underscores the ongoing struggle blockchain networks face in maintaining balance between security and performance. Moreover, it highlights the significance of supportive and agile developer communities in promptly neutralizing emerging threats.
Disarro stressed that deploying changes without exhaustive testing and comprehensive independent audits could result in financial losses akin to those faced by the attacker.
He advised, 'Rushing deployments to production without rigorous testing and thorough audits can lead to significant financial losses, much like the losses incurred by the attacker.'
For those involved with and investing in Cardano, this situation may bolster confidence in the robustness of the network and its capable development team.
