Cyber Incident Victim: Ethereum Foundation
Date:
Sep 2016
Location:
—
Summary
A denial-of-service attack targeted the Ethereum network, exploiting the computational inefficiency of the EXTCODESIZE opcode by repeatedly calling it approximately 50,000 times per block. This caused significant processing delays as nodes were forced to read state information from disk, resulting in substantial network slowdowns without triggering consensus failures or memory overloads. The attack specifically impacted miners and full nodes by increasing block processing times, though core network functionality remained intact.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 22, 2016, the Ethereum network experienced a computational distributed denial-of-service (DDoS) attack that significantly degraded network performance. The attack exploited the EXTCODESIZE opcode, which requires nodes to read state information from disk but carried a relatively low gas cost. Attackers flooded blocks with transactions invoking this opcode approximately 50,000 times per block, forcing miners and nodes to expend excessive processing time on each block. This deliberate resource exhaustion caused substantial network slowdowns as participants struggled to validate transactions and propagate blocks efficiently. The attack specifically targeted disk I/O bottlenecks rather than overwhelming memory resources or disrupting consensus mechanisms. No consensus failures or memory overloads occurred, preserving blockchain integrity despite operational degradation. Network latency and reduced throughput represented the primary observable impacts, creating operational challenges for miners and node operators who faced extended block processing times. The Ethereum Foundation confirmed the attack's mechanics within hours of its emergence through real-time network analysis.
In response, the Ethereum Foundation issued urgent guidance to miners, prioritizing immediate mitigation through client configuration adjustments. Miners were strongly advised to switch to the Parity client with specific parameters: --cache-size-db 1024 to increase cache allocation, --gas-floor-target 1000000 to raise minimum gas limits, and --gasprice 50000000000 to substantially increase transaction fee requirements. For those continuing to use Geth, recommended settings included --cache 1024, --targetgaslimit 1000000, and identical gas price adjustments. These measures aimed to reduce disk I/O strain by optimizing cache utilization while deterring spam transactions through elevated gas costs. Development teams simultaneously worked on medium-term protocol fixes addressing the economic incentives underpinning the attack vector. Public documentation provided immediate technical instructions for client reconfiguration, though the foundation did not disclose specific timelines for permanent protocol adjustments. Network performance gradually improved following widespread adoption of these configuration changes, though residual latency persisted until longer-term solutions were implemented.