Early adopter or innovator?InfoQ has been working on some new features for you.Learn more About InfoQ Our Audience Contribute About C4Media Exclusive updates on: Ethereum Security Alert Issued, Ethereum Foundation Responds with “From Shanghai, With Love” Share Read later Reading List On September 18th, hours before the Ethereum Foundation devcon 2 conference was about to start, a DOS security alert was posted on the Ethereum blog.The alert was related to a vulnerability discovered on the Ethereum blockchain, in block 2283416, and was considered to have a high likelihood and severity.Ethereum is an open blockchain platform that allows people to build decentralized applications, also known as DAPPs, through the use of distributed ledgers.In a distributed ledger system, transactions get recorded across every node in the network, leading to greater transparency over closed systems.The bug caused an out of memory error to occur within Go-based Ethereum 1.4.11 clients, known as Geth, halting the mining of further blocks.

Parity, an Ethereum client written in Rust, was not affected during this time.During the outage to Geth, ether miners were encouraged to switch to the Parity client.The offending smart contract transaction, which exposed the vulnerability, contained a message payload that included the message “Fahrt nach Hause” written in German which translates to “Go Home”.Some reddit contributors felt this message was a targeted at devcon 2 attendees.The following screenshot, illustrates the behavior of the vulnerability, by timing out and subsequently reporting “fatal error: out of memory.” //user/DeviateFish_ Alex Van de Sande, a UX designer at the Ethereum Foundation and lead of the Mist Wallet team, tweeted the following image showing the devcon 2 media room being transformed into a “war room” where Ethereum Developers worked on fixing the bug.The patch, called “From Shanghai, with love (1.4.12)” was built, tested and made available on GitHub within hours.The timely response, drew applause from many in the Ethereum community, including reddit user actuallymentor: “I think most non-devs don't get how extraordinary it is to have such a fast and committed response from devs.

This is what sets Ethereum apart in my mind.Yes, it is open source, but it also has professional and committed visionaries behind it.bitcoin lottery hackThanks for the love from Shanghai, we love you back.” Once the issue was publicly announced, some exchanges ceased Ethereum funding on their exchanges, including Kraken, but service quickly resumed after the patch was issued.bitcoin core keeps crashingThe price of ether dropped to $12.36 USD on September 18th but since increased to more than $13 USD on September 19th.bitcoin gambling tricksOnce the bug had been fixed, Van de Sande proclaimed the “the total damage of the vulnerability was that devcon 2 presentations are running 30 min late.” Devcon is the Ethereum Foundation’s annual conference where they bring together their development team and community to talk about their research, current issues and future plans.litecoin cpu mining how to

In this year’s edition, key topics include scaling, state channels, storage and security.Adoption Stage and all content copyright © 2006-2017 C4Media Inc.bitcoin unicode symbol hosted at Contegix, the best ISP we've ever worked with.ethereum mining rewardPrivacy policy Close Login to InfoQ to interact with what matters most to you.Email Password Follow your favorite topics and editors Quick overview of most important highlights in the industry and on the site.More signal, less noise Build your own feed by choosing topics you want to read about and editors you want to hear from.Stay up-to-date Set up your notifications and dont miss out on content that matters to you BTThe Ethereum network suffered a computational DDoS attack yesterday when an unknown actor leveraged a recently disclosed security issue to slow down Ether transactions.

The attacker carried out multiple Ether transactions that caused miners, servers that process transactions, to launch 50,000 additional queries on the Ethereum network before validating the initial transaction.The Ethereum team noticed this problem over the weekend and issued a warning on Sunday, September 18.The problem affected only the Go implementation of the Ethereum protocol, which received a fix the following day, on Monday.Described as a network DoS (Denial-of-Service) issue, the bug was with the EXTCODESIZE attribute, which is one of the details included in each transaction with the Ether crypto-currency.An attacker could use this attribute and ask for additional checks against the Ethereum network database.Ethereum network admins noticed someone spamming the network with additional and useless queries via this flaw, which resulted in slower Ether transaction confirmations.Since Ether transactions are anonymous, there are no details available about the attacker's identity."The consequence of this is that the network is greatly slowing down, but there is NO consensus failure or memory overload," Jeffrey Wilcke of the Ethereum team said.

"We have currently identified several routes for a more sustainable medium-term fix and have developers working on implementation."The Ethereum team is now working on a fix at the network level.Some temporary workarounds are available for Ether miners using the Go lang implementation of the Ethereum protocol.An important reason why the Ethereum network survived this attack is because it provides multiple mining client alternatives, besides the Go implementation.At the time of writing, the transaction spam attacks have halted, the Ethereum team announced.Despite the huge computational DDoS attack, a Reddit user pointed out that Ethereum is still two-three times faster than regular Bitcoin transactions.Attacks on crypto-currency networks happen often, and most of the times they're used to manipulate the market by causing the exchange rate to drop in a particular manner.The graph above shows slight price drops on September 18, when the security issue was announced, and on September 22, when the Ethereum team announced the attack.