It seems like every week we are reporting on problems related to the Ethereum network. This week, Vitalik Buterin’s brainchild was rocked by a critical bug that affected an estimated 54% of nodes.
This is the second time in as many years that Ethereum has experienced critical bugs that caused havoc in its ecosystem. In November 2020, cryptocurrency exchanges like Binance had to stop Ethereum withdrawals after an Infura service outage.
What happened with the latest Ethereum critical bug?
Here’s exactly what we know about this month’s Ethereum bug.
- It affected around 54% of all Ethereum nodes.
- It impacts Geth clients running v1.10.7 and older.
- 73% of all Geth clients are still running older versions.
- The bug was funded by a Tornado Cash client.
- It could lead to double spending and other problems.
- It has also been exploited on BSC and Huobi ECO Chain.
Ethereum core developers released a patch on August 24, but it will only help those who have updated their nodes.
What is Tornado Cash, and why did the attackers use it?
Tornado Cash is an Ethereum token designed for anonymity. It’s the exact type of token that criminals and supporters of projects like Monero use and promote as part of their anarchist, anti-law agenda.
Systems like Tornado Cash are ideal for carrying out this sort of attack because they have been designed to “break the on-chain link between source and destination address.” That’s a direct quote from the project’s website.
Does this sound familiar? It should because it’s how the Lightning Network has been designed to work with BTC. Taking transactions off-chain makes it almost impossible to track and trace funds, so it’s highly unlikely that whoever exploited this Ethereum bug will face any consequences. Just like Lightning, nobody has a clue who deposits, moves, mixes, sends, or receives funds on Tornado Cash. Also, just like Lightning, it’s not likely that regulators will sit back and allow this sort of system to flourish under their noses.
Lessons from the Ethereum network split
Two important lessons can be learned from the August Ethereum network split.
- It isn’t a good idea to be constantly tinkering with a protocol after it has been released and people start building on it. This is why Satoshi Nakamoto said the Bitcoin protocol was “set in stone” when it was released.
- Taking transactions off-chain via anonymous systems that are impossible to track is not a good idea. It leads to exactly this sort of disruptive, unproductive, and criminal behavior. It also makes it difficult, if not impossible, to bring the perpetrators to justice.
It isn’t widely understood in the industry, but Satoshi Nakamoto designed Bitcoin to be an immutable evidence trail. He has explained at length how the system was specifically designed to help eliminate crime, fraud, and other social evils and how Bitcoin is the polar opposite of what anarchists and criminals wanted.
Perhaps the Ethereum developers should listen to Satoshi before they learn the lessons he seeks to teach the hard way?
A difference in reporting blockchain issues
It’s also worth pointing out how differently the so-called “crypto media” has reported this critical Ethereum bug as compared to how they reported the illegal and ultimately unsuccessful attack on BSV enterprise blockchain last month.
It seems that the vested interests behind most major digital currency publications are handling the Ethereum split with kid gloves, and never asking the important questions such as whether it’s a good idea to attempt to rebuild an aircraft mid-flight or how constantly changing the protocol might impact things down the line.
Yet, the same publications yelled from the rooftops that BSV had been “51% attacked” and almost celebrated when some exchanges temporarily halted BSV deposits and withdrawals. Virtually none of them followed up by informing their readers that no double-spend occurred and that honest nodes had successfully defended the BSV enterprise blockchain, just as Satoshi outlined in his 2008 whitepaper. It’s also worth noting that following reorganization attacks, BSV went on to become the world’s largest public blockchain by all major utility metrics including data storage, daily transaction volume, scaling ability and average block size.
These double standards should irk intellectually honest readers and cause them to wonder what is going on here. If an unsuccessful but major criminal attack is reported with near-jubilance, and a serious self-made security breach that jeopardizes an entire blockchain is reported with no critical thought or tough questions asked, can you trust anything these publications tell you?
How long will developers continue to tolerate Ethereum?
Questions have to be asked about Ethereum’s reckless approach of endlessly altering its protocol and refusing to acknowledge the inherent risks in doing so. Perhaps this time, they’ll get away with it, but what happens next time? And what happens to all of the projects built on the Ethereum network if it does fail spectacularly due to any of this?
For smart developers, it’s worth pondering before investing years of time and massive resources on building on Ethereum. Why take the risk when ready-made solutions that scale infinitely and will never change the protocol exist today?
New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.