Share this article
‘Experimental’ Early-Morning Attack Temporarily Diverts 0.8% of Ethereum Nodes
An attacker fraudulently added hundreds of blocks to the Ethereum chain with invalid proof-of-work, but only a small percentage of nodes were affected.
Updated May 11, 2023, 5:10 p.m. Published Sep 14, 2021, 3:27 p.m.
An attack on the Ethereum blockchain early Tuesday morning temporarily diverted a small percentage of the network’s nodes to a non-canonical chain.
Ethereum’s mainnet is now operating normally, and the attack is unlikely to be replicated at a larger scale, according to Ethereum researcher and Go Ethereum software client developer Marius Van Der Wijden.
STORY CONTINUES BELOW
The attack was first flagged by Alex S. of Flexpool on the Ethereum R&D Discord shortly after 3 a.m. Eastern time. “Anything wrong with the mainnet again?” he wrote, referring to a chain split that occurred on the network in late August.
Read more: Ethereum Faces Chain Split as Node Operators Fail to Update Geth Hotfix
He noted that some of his nodes were recording the “highest block” of the chain at a block number that technically did not exist, as it was set at a sum greater than the “current block.”
Researchers speculated in Discord that the cause was a peer publishing a version of the chain with invalid proof-of-work.
Van Der Wijden told CoinDesk the attack was “experimental” in nature.
“Someone published an invalid chain that was rejected by most clients. ~25% of Nethermind clients accepted the invalid chain,” Van Der Wijden wrote. “Judging from ethernodes, ~20 nodes were affected or 0.8% of the network. I don’t think it was a directed attack against nethermind, but rather someone experimenting and validating their experiment on the live network.”
Tomasz Stańczak, founder of Ethereum infrastructure company Nethermind, posted on Twitter that a public statement would be forthcoming.
Anybody working on security, please DM, otherwise we will provide more details publicly later.
— Tomasz K. Stańczak (@tkstanczak) September 14, 2021
Van Der Wijden noted that due to the nature of the attack, it is unlikely that a similar exploit could scale to a degree to have a major impact on the network. Ethereum is validating blocks normally.
Van Der Wijden also noted that a diversity of clients is key for the health of the network, particularly as it prepares for a transition to a new proof-of-stake consensus model.
“Especially with the switch to proof-of-stake, client diversity is extremely important as a well-balanced distribution of clients greatly decreases the probability of creating an invalid chain,” he said.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Stripe-Backed Blockchain Tempo Starts Testnet; Kalshi, Mastercard, UBS Added as Partners
Tempo, built by Stripe and Paradigm, has started testing payment-focused blockchain and has onboard a slew of institutional partners.
What to know:
- Stripe and Paradigm’s Tempo blockchain has launched its public testnet for real-world payment testing.
- Kalshi, Klarna, Mastercard and UBS are among a wave of new institutional partners now involved in the project.
- Tempo aims to offer low-cost, fast-settlement infrastructure for global payments as stablecoin adoption is accelerating globally.
Top Stories
