Cardano devs outsmart DDoS attacker, stop disrupting attempt, and secure funds
The Cardano network remained secure and operational throughout the incident.
Share this article
Cardano recently faced a DDoS attack that targeted staked ADA. But the attacker failed to disrupt the network as Cardano developers quickly mitigated the attempt and secured funds.
On Tuesday, Raul Antonio, Fluid Tokens’ CTO, reported that an attacker launched a distributed denial-of-service (DDoS) attack on the Cardano network, starting at block 10,487,530.
Antonio said the attack involved sending transactions, each executing 194 smart contracts labeled “REWARD.” The attacker kept transaction costs minimal by spending only 0.9 ADA per transaction. The goal was to overload the network with unnecessary processing and steal staked ADA.
On Block 10,487,530, an attack on the Cardano network began.
🐛 Each transaction executes 194 smart contracts.
🐛 The attacker is spending 0.9 ADA per transaction.
🐛 They are filling each block with many of these transactions.
🐛 The smart contracts used are of type REWARD.In… pic.twitter.com/QUVm0pq0Q8
— elraulito (@ElRaulito_cnft) June 25, 2024
However, the attack failed mid-way as Philip Disarro, the founder and CEO of Anastasia Labs, a Cardano-focused development platform, quickly identified the attack strategy and shared a countermeasure on X.
Hey, if anyone wants to claim 400 Ada from the attacker just deregister the stake credentials they are using (you get 2 Ada per stake credential you deregister and the attacker is using 194 always succeeds credentials). Also, this would immediately stop their DDOS on the network… https://t.co/hbw8gUpElr
— phil (@phil_uplc) June 25, 2024
According to him, the attack was ineffective because the Cardano network is designed to handle large amounts of data. Even though validators had to process the extra scripts, it didn’t significantly impact the network’s performance.
He also highlighted the financial loss to the attacker due to the fees incurred in executing the scripts.
Disarro suggested deregistering the stake credentials used in the attack, which would cost the attacker additional ADA to restart. He also pointed out that deregistering these credentials would immediately stop the DDoS.
The attack ceased after the attacker read Disarro’s tweet, attempting to protect their funds. However, it was too late, as Disarro and other developers had already begun reclaiming the stolen ADA.
“DDOSer halted his attack after reading my tweet in an effort to protect his funds. Alas, they were too late and the pillaging of their funds is already in progress,” Disarro stated.
“The attacker who presumably wanted to damage the ecosystem actually ended up donating to the open-source smart contract development work we do at [Anastasia Labs] & funding Midgard,” he added.
While the Cardano blockchain continued to function normally, some stake pool operators reported a higher load and minor impacts on transaction timings and chain density, according to Intersect, a Cardano membership group.
“The network has experienced a higher load than normal and some SPOs have been negatively affected due to an intensification in block height battles. However, the chain as a whole is functioning as expected, with only a small impact on overall transaction timings and some reduction in chain density,” the group highlighted.
Share this article