Home / News / Ethereum News / How Bad Is Ethereum’s Latest Geth Exploit?

How Bad Is Ethereum’s Latest Geth Exploit?

By Prashant Jha

Ethereum blockchain’s most popular software client Geth also known as “Go Ethereum,” has faced a major exploit on the older versions yesterday. The bug impacted older versions of Geth clients, specifically v1.10.7 and earlier.

The exploit reportedly affected more than 50% of older Ethereum clients who have not updated to the latest hotfix released by Go Ethereum developers on August 24. As a result of the exploit, the Ethereum blockchain went under an unplanned hard fork splitting the blockchain in two. 74% of the clients use Geth and out of those 73% were on the older version which means a whopping 54% of Ethereum nodes are running with the bug.

The Go Ethereum team discovered the vulnerability on August 18 itself but didn’t reveal the nature of it to avoid others to exploit the issue. Ethereum team lead Péter Szilágyi had said they would reveal the attack vector on an upcoming date,

“The exact attack vector will be provided at a later date to give node operators and dependent downstream projects time to update their nodes and software,”

While the Go Ethereum team didn’t reveal the nature of the vulnerability, it seems the attacker managed to figure it out and went about attacking older clients that have not updated the hotfix. While the network requested everyone to upgrade to the latest version, the data suggest only 30% of validators did so which made the attack easier once the vulnerability was found.

Advertisement
Advertisement

What was the Nature of the Attack and How Does it Impact Ethereum Blockchain?

The idea to make people aware of the bug in advance failed miserably as it was a matter of time before someone managed to identify the problem. The Ethereum developers believe the plan failed miserably but more so because the node validators failed to update to the patched version in time. The attacker managed to commit changes to a PRE-Compiled contract by adding a change to the same memory location as a function.

A Twitter user who goes by the name of “Good Guy Biker – Vancouver BC Canada” gave a complete breakdown of the exploit and also explained the nature of the attack. As a result of the vulnerability, the Etheruem network was running two chains simultaneously and if the bad one was not discarded in time it could have lead to a double-spend or 51% attack since a majority of validators had not updated their clients.

This is not the first time when the Ethereum network has faced a chain split due to a vulnerability in the older client version of Geth. In November a similar issue led to another chain split as validators failed to upgrade. Talking about the pre-announcement, an Ethereum developer said,

“Last time we did a hotfix, people were angry that we didn’t announce it. This time we decided to try it differently. Let’s see which works better,”

Advertisement
Prashant Jha
An engineering graduate, Prashant focuses on UK and Indian markets. As a crypto-journalist, his interests lie in blockchain technology adoption across emerging economies.
Why trust CoinGape: CoinGape has covered the cryptocurrency industry since 2017, aiming to provide informative insights to our readers. Our journalists and analysts bring years of experience in market analysis and blockchain technology to ensure factual accuracy and balanced reporting. By following our Editorial Policy, our writers verify every source, fact-check each story, rely on reputable sources, and attribute quotes and media correctly. We also follow a rigorous Review Methodology when evaluating exchanges and tools. From emerging blockchain projects and coin launches to industry events and technical developments, we cover all facets of the digital asset space with unwavering commitment to timely, relevant information.
Investment disclaimer: The content reflects the author’s personal views and current market conditions. Please conduct your own research before investing in cryptocurrencies, as neither the author nor the publication is responsible for any financial losses.
Ad Disclosure: This site may feature sponsored content and affiliate links. All advertisements are clearly labeled, and ad partners have no influence over our editorial content.

Premium Partners

image
Bitget

Sign Up
image
PepeDollar

Join Presale

image
WinnerMining

Sign Up
image
Tapzi

Join Presale

image
Quid Miner

Sign Up

image
BC Game

Play Now
  • LATEST
  • TRENDING
Ethereum News: Latest On-chain Activity Hints Massive ETH Purchase by Bitmine (BMNR) and SharpLink (SBET)
VanEck Pushes for Staked Hyperliquid ETF in US, Expects HYPE Coinbase Listing Soon
Crypto ETF Update: Rex-Osprey’s XRP ETF, DOGE ETF to Launch Friday as SEC Review Ends
SEC’s Paul Atkins Pushes for On-Chain Capital Raising Without Uncertainty
SEC Delays Decision On Staking For BlackRock’s Ethereum ETF
Who Could Win Hyperliquid Stablecoin Bid? Paxos, Frax, or LayerZero?
Holoworld AI (HOLO) Lands on Binance, Here’s What Users Should Know
Worldcoin (WLD) Whale Moves $2.69M; Smart Play or Red Flag?
SEC to Host Crypto Privacy Roundtable on October 17: Agenda and Key Details
Why is Litecoin’s Trading Volume Soaring High Today?