Lazy Updates Could Endanger Ethereum’s Network

Credit: Alexander Uhrin / Shutterstock

Cryptocurrency is like a financial trust exercise. Because most of them are decentralized, their users rely on the underlying network to make sure everything is on the up-and-up. Security Research Labs revealed last week that Ethereum’s network could be vulnerable to attack because node operators are terrible at installing updates. This apparent disregard for the network’s integrity could lead to serious problems for Ethereum owners.

Many enthusiasts are probably familiar with Ethereum because its boom and bust had significant impacts on the graphics market. During the boom it was all but impossible to find a graphics card, and the ones that could be found were outrageously priced. The bust then left companies like AMD and Nvidia scrambling to deal with excess GPUs. A market that usually belongs to gamers and large businesses was basically subject to a crypto-drive-by.

But the cryptocurrency relies on more than just graphics cards and spite. Its network relies on nodes running various clients, two of the more popular of which being Parity and Geth. Security Research Labs found that many of these nodes are vulnerable to attack because they’re running old versions of their respective client software. These vulnerabilities shouldn’t be a problem anymore, but they are because node operators didn’t update their clients.

Security Research Labs discovered a vulnerability in February that let attackers crash nodes running Parity. That could be disastrous because if someone manages to gain control over 51% of nodes, the firm said they would be able to double-spend the cryptocurrency. Their victims could be left penniless–or at least Ether-less depending on the transaction–and it would be significantly more difficult for the network to regain any trust.

The firm said that 30% of Parity nodes hadn’t installed the update addressing this vulnerability one month after Parity released it. Some 7% hadn’t been updated in 18 months, and…

Source Link