The æternity network experienced a 51% attack mid-December last year. After a thorough investigation by the Æternity Crypto Foundation core development team, it became evident that the attack was deliberate and targeted specific exchanges simultaneously. Following the attack, æternity took measures in various different directions, including improving software, vigilant network monitoring and a high volume of communication with network stakeholders. The tokens stolen by the attacker were marked as tainted.
Being a decentralized network, æternity blockchain had no way of locking those tokens, however they were tracked as soon as they started moving in early January 2021. The attacker’s attempt to hide their tracks was futile and as soon as the tainted tokens landed in an exchange, it was safe to assume there would be a second attempt to attack the network. Since neither the Æternity Anstalt nor the Æternity Crypto Foundation directly run the network, options for stopping it were limited. Although exchanges were warned immediately, this was not enough to protect the network itself.
Reacting quickly to counter the attacker’s activity, the æternity developer team worked around the clock on improving the software. A new version of the æternity node (Release 5.6, an upgrade to the previous 5.5.4) was delivered on time according to the æternity Roadmap. Over the course of the following days, the first emergency release 5.6.2 was made within hours followed by the releases 5.6.3 and 5.6.4. Promptly, the miners and exchanges were encouraged to switch to the new fork of the network. Although this presented an inconvenience for the users, we are thankful for the excellent cooperation, and are pleased to announce that all miners and all exchanges upgraded their nodes in time and picked the community fork over the attacker’s one.
The attackers tried to convince the æternity miners to join the fraudulent chain by doing multiple small chain reorganizations on the community fork. As a result some miners loosed one day worth of mining rewards.
Eventually the attacker found out that their effort was in vain and gave up. This came at a great cost to the attacker, since attempting such an intervention on a well established network such as æternity is very expensive, and on top of that, they lost the gains from their first attack and they were mining for over a week.
In the aftermath of the attack, an evident conclusion is that the æternity ecosystem and its community have proven through their quickand decisive reaction that they are much more resilient and resourceful than the attackers believed. While this is something to be celebrated, it is also a warning to the ecosystem to keep vigilant against malicious assailants, as well as to keep innovating the network, and creating new security solutions for potential attacks in the future. The Æternity security plan can be found here