Ethereum Was 'Significantly Less Secure Than Bitcoin' Until Last Month

Last week, a team of security researchers from Boston University and the University of Pittsburgh published a report detailing an attack that would allow anyone to double-spend ether, the in-house cryptocurrency on the Ethereum network, with relative ease.

Double-spending uses the same cryptocurrency token for two different transactions—an analogy with the physical world is difficult, but imagine it as being able to spend the same bill twice thanks to some glitch in the laws of physics. Preventing double-spends is arguably one of the main functions of any blockchain technology, so an attack that enables double-spending is a critical threat to any cryptocurrency.

The vulnerability was revealed to Ethereum developers in January and patched on February 14. According to the researchers, however, "prior to the disclosure of this work in January, Ethereum's peer-to-peer network was significantly less secure than that of Bitcoin."

The Ethereum “eclipse attack,” as it’s known, was developed by Boston University computer scientist Sharon Goldberg, University of Pittsburgh researcher Yuval Marcus, and Boston University PhD candidate Ethan Heilman, who was the first to execute an eclipse attack on the Bitcoin network in 2015 and was recently at the center of a controversy over security protocols for IOTA, a cryptocurrency optimized for the Internet of Things.

Although there are different ways of pulling off an eclipse attack, the effect is always the same: It isolates a targeted Ethereum node from other legitimate nodes on the network. The security of the Ethereum blockchain is ultimately dependent on the ability of nodes to communicate with one another to form a consensus about what the blockchain looks like at any given time—in other words, nodes are constantly sharing information on who owns which digital coins. If a node doesn’t have access to the other nodes on the network, it can be tricked into double-spends or forced to waste its computing power on an obsolete version of the blockchain.

The Ethereum eclipse attack is notable for its low cost to the attacker. When Heilman first demonstrated an eclipse attack on the Bitcoin blockchain in 2015, it was considered too resource intensive to be practical. An attacker would have to control a botnet with hundreds of machines, each tied to a unique IP address, to pull it off. The Ethereum eclipse attack, in contrast, requires only two normal computers with unique IP addresses to pull off since a single computer can technically host an unlimited number of nodes. As the researchers wrote in their paper, “our attacks can be run by any kid with a machine and a script.”

Before we dive into how Goldberg and her colleagues managed to pwn the security of the second largest cryptocurrency with such an “easy” attack, let’s look at the architecture of the Ethereum network that made it possible.

The Ethereum network is comprised of about 21,000 nodes, each of which is identified with a unique public address or ID and stores a record of the transactions occurring on the Ethereum blockchain. These nodes talks to other nodes to compare their versions of the Ethereum blockchain to make sure that they match perfectly.

It would be wildly inefficient if every single node had to check its version of the blockchain with each of the 21,000 other nodes. Instead, an Ethereum node makes a connection to 13 other nodes and relies on them to feed it accurate information.

An Ethereum node chooses which nodes it will connect to using a technique based on the Kademlia protocol, which is mostly used for efficiently finding content in peer-to-peer file sharing networks, such as The Pirate Bay. On torrent networks like TPB, a movie or music file is only hosted by a small subset of users who ‘seed’ that file for the rest of the network. The Kademlia protocol ensures that a node trying to find a file on the network only has to search a small portion of it before finding the file.

With Ethereum, there aren’t a bunch of different movie or music files that nodes are trying to find, however. In fact, every node is looking for the same piece of content: The Ethereum blockchain. This means that the Kademlia protocol is really only used to find other nodes on the Ethereum network.

Unlike nodes in the Bitcoin network that connect to one another randomly, the Kademlia protocol behind Ethereum is structured, meaning that some nodes are more likely to be selected than others for a connection.

This means that an attacker can predict preferred connection nodes with a high degree of accuracy, according to Goldberg and her colleagues. All an attacker needs to do is generate a bunch of node IDs that are likely to be selected for connections by a target node, monopolizing all the node’s outgoing connections with fraudulent connections.

At this point, the attacker is in control of all the information that node gets about the state of the Ethereum network, allowing them to push double-spends and otherwise manipulate the target node since it is cut off from any legitimate connections to the Ethereum network. In short, the target node in an eclipse attack only “sees” the Ethereum network as the attacker wants it to. The attacker’s moon has blocked out the Ethereum network’s sun.

The researchers tested their attacks in a variety of different configurations, such as leaving a target node on for several weeks versus a few hours, or positioning a target node in Singapore rather than in the US. Using the methods outlined in their report, the researchers were able to successfully eclipse the target node almost every time using only two attack computers.

In January, Goldberg and her colleagues made the vulnerability known to the Ethereum Foundation, which does the main development on the Ethereum network. On February 14, the Foundation pushed out a new version of geth—the Ethereum node interface—that added countermeasures suggested by the researchers, such as limiting the number of incoming connections for a node.

According to developers at the Ethereum Foundation, the fundamental code behind Ethereum remained unchanged in the update. Moreover, the researchers wrote that the updates were pushed to geth made the Ethereum network much more robust against eclipse attacks, which would now require thousands of computers with unique IP addresses to pull off.

The most amazing thing about the Ethereum eclipse revelation is how long it went unnoticed, despite how easy it would’ve been for a malicious attacker to exploit. It’s a timely reminder that the cryptocurrency space is still very much a Wild West and a devastating exploit could always be hiding in plain sight.

Disclaimer: The author of this article owns a small amount of Ether.