Unpatched Ethereum Clients Pose 51% Attack Risk, Says Report

Ethereum clients that still haven’t patched known vulnerabilities pose a security risk to the entire network, according to new research.

A report from Security Research Labs that used ethernodes.org data, indicates that a large number of nodes using the most popular clients Parity and Geth have been left exposed for “extended periods of time” after patches for security flaws have been released.

SRLabs says it reported a vulnerability in the Parity client in February that can open nodes up to being crashed remotely.

The report states:

“According to our collected data, only two thirds of nodes have been patched so far. Shortly after we reported this vulnerability, Parity released a security alert, urging participants to update their nodes.”

Another patch, released on March 2, was also not picked up by 30% of Parity nodes, it says, while 7 percent of Parity nodes still have a version vulnerable to a critical consensus vulnerability patched last July.

While the Parity client does have an automated update process, it “suffers from high complexity” and not all updates are included, the report says.

Unpatched Ethereum Clients Pose 51% Attack Risk, Says Report 1

Chart: Percentage of unpatched ethereum nodes decreases slowly over time (Credit: SRLabs)

The patch scenario for Geth is even worse, the research indicates.

“According to their announced headers, around 44% of the Geth nodes visible at ethernodes.org were below version v.1.8.20, a security-critical update, released two-month before our measurement.,” say the SR Labs team, noting that Geth does not have an auto-update feature, apparently by design.

SR Labs goes on to say that by leaving large numbers of clients potentially open to attacks, the whole ethereum network, which relies on having nodes highly available, is vulnerable too.

It warns:

“If a hacker can crash a large number of nodes, controlling 51% of the network becomes easier. Hence, software crashes are a serious security concern for blockchain nodes (unlike in other pieces of software where the hacker does not usually benefit from a crash).”

To address the issue, the team suggests that “more reliable” processes for auto-updating clients are required. Further decentralizing the ethereum network by moving hashing power away from concentrations of miners would also help, it adds, although that looks unlikely to happen and wide security awareness would be key to the move’s success.

Hat tip: ZDNet

Network image via Shutterstock

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews



Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Millions in Cryptocurrency Stolen by Scammers in the Last Month According to Tenable Research
November 24, 2021
Behind The Scenes: How this Crypto Community Responded to + $50m Hack
October 18, 2021
Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021

Blockchain/Cryptocurrency Questions and Answers

Crypto casinos
How Does Bitcoin Casino Work + 2021 Beginner’s Guide
November 8, 2021
Cryptocurrency
How to Buy and Sell Cryptocurrency
November 8, 2021
What Are Bitcoin Futures And How Will They Work In 2022?
November 4, 2021
Ethereum
The Unconventional Guide to Ethereum
October 28, 2021
ICo Presale
The Science Behind ICO Presales…
October 14, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin51,502 0.65 % 8.29 % 10.97 %
Ethereum4,419.2 0.41 % 11.51 % 0.57 %
Binance Coin590.67 0.91 % 6.48 % 5.31 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Solana203.32 0.23 % 13.59 % 0.50 %
Cardano1.470 0.48 % 14.26 % 8.42 %
USD Coin1.000 0.14 % 0.20 % 0.17 %
XRP0.8396 0.61 % 10.50 % 15.31 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
Terra69.63 0.97 % 9.74 % 34.99 %

bitcoin
Bitcoin (BTC) $ 51,257.00
ethereum
Ethereum (ETH) $ 4,411.26
binance-coin
Binance Coin (BNB) $ 588.45
tether
Tether (USDT) $ 1.00
solana
Solana (SOL) $ 203.09
cardano
Cardano (ADA) $ 1.46
usd-coin
USD Coin (USDC) $ 1.00
xrp
XRP (XRP) $ 0.836132
polkadot
Polkadot (DOT) $ 29.00
terra-luna
Terra (LUNA) $ 68.38