Elrond’s (EGLD) blockchain developer teams scrambled on the night of June 5, 2022 to tackle a attack by an unknown person. We have indeed been able to observe large-scale transfers of EGLD over the network. These movements have fueled the suspicion of the leaders which opened the investigation.
The attack within the Elrond blockchain
The story begins with the use of a named endpoint “executeOnDestContextByCaller”. The previous week, a small group of developers found a way to develop a lottery contract. Thanks to this, they were able to reverse the transactions, so the hackers won every time. To avoid a wave of scams without their knowledge, the Elrond teams have implemented a patch, which will ban the use of this feature “executeOnDestContextByCaller”. However, this update takes at least a week to deploy, with validations and approvals.
But during the evening, Sunday, June 5, an unknown attacker attacked the Elrond network, 36 hours before the patch arrived. He targeted the contract ” egld-esdt-swap », Which allows you to create and exchange wrapped EGLDs. The hacker targeted all the regular shards involved in this smart contract. He then tried to squeeze out as much EGLD as possible and sell them at a loss.
Elrond’s teams immediately organized to counter the attack, suspending the exchange of Wrapped EGLD and bridge. Additionally, they froze stablecoins, such as USDC and UTK, as well as ESDT. This allowed to slow down the attacker’s activities. However, it is impossible to freeze EGLD, which remains the main victim of the attacker.
The team decided to implement an emergency solution. This procedure requires the approval of at least 66% of the validators. Fortunately, many of them woke up. Elrond’s team was able to start the update 20 minutes later. Half an hour later most of the network was working with the new version.
The consequences of this attack on Elrond
Although the attack was brought under control in time, the funds were lost. Elrond’s team then implemented recovery procedures. Quite quickly, most of the funds were recovered. Also, on the same day, the team decided to roll out a second patch that permanently removes this feature “executeOnDestContextByCaller”to avoid similar problems in the future.
This incident on the Elrond blockchain caused a lot of noise on the networks. The community was in real danger, but the blockchain teams able to control the situation in time. But what would have happened if the validators were not available during this attack to validate the emergency patch?
Get a summary of news in the world of cryptocurrencies by subscribing to our new daily and weekly newsletter service so you don’t miss any of the essential Cointribune!
Interested in investing and financial markets after a business school in Chambéry, the passion for cryptocurrencies was evident. The blockchain is certainly the universal tool of tomorrow.