Today the STEEM blockchain got hit with an attack aimed at disrupting its usual functionality. Particularly by stalling steemd nodes causing witnesses to miss blocks.
The Big One
Numerous witnesses missed blocks because of the size of the transaction that is being broadcast. The blockchain rejected those blocks, causing witnesses to fail at processing normal transactions.
The transaction is as follows:
{"trx":{"ref_block_num":4943,"ref_block_prefix":2623990396,"expiration":"2018-04-23T20:49:12","operations":[["custom_json",{"required_auths":["notahotdog"],"required_posting_auths":[],"id":"nothotdog0.2866754495943664","json":"["biggadicka",{"data":"BiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKaBiGGaDiCKa....
The Culprit
The account the attack was launched from is @notahotdog and the actual attack consisted of sending a long custom JSON transaction as seen here:
Looking forward to check in on steem.chat and github for a potential node update as soon as possible.
You got my upvote because I do appreciate the information but drakos has a point...
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Has there been multiple attacks?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Not a good idea to tell people about vulnerabilities until they are fixed. You just handed malicious users a tool they could use. I suggest you delete this post until a fix is implemented.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Well, shit. I read this right after I hit the resteem button... I appreciated the information but I had not thought of THAT.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
It's common sense.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Lol! That reply reminds me of the IT guy at the office I used to manage. I would call him in to fix something technical, and he would make some comment implying I was the only one in the building who would not understand what the problem was...
My reply was "You want to go do an eye exam? Whenever you are ready to trade jobs just let me know."
I am not a tech person, I have no "sense" about blockchain issues so it may be common but it bypassed me!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
The vulnerability is occurring precisely at the time the modifications to the platform are made. We are working on a beta application, security will be perfected, but hackers are around the corner stalking day and night. If you have noticed, this is related to the theft of accounts.
We all have something to lose, so we must be informed of all events.
Be in good hands, that you work several hours a day to perfect the platform. Let's have a little patience, and take our personal actions for individual security that will result in the security of the platform itself.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Don't believe so. The phishing/voting botnets haven't seemed to be intentionally attacking the chain.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
You have a point, that being said I don't feel anything in this post is overly revealing about the technique used here. Anyone can see these transactions on steemd or in their node logs. This is about spreading the word that there are vulnerabilities causing certain issues and the community needs help to fix. Rather than attracting wrongdoers (which are already here) it may attract some positive feedback.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
thank you for sharing donchate, I for one appreciate you being transparent and spreading the news so we're not all in the dark and not cowtowing to pressure.
please consider saying hi at our discord, would love to chat.
ॐ we are one ॐ
@lanmower is a
steemPunk
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Why has this post been downvoted? So that the vunerability will not be duplicated?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I only see upvotes now.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Yep me too now. Thanks.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
You don't upvote yourself? I'd upvote your reply but it wouldn't count.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
No, have never self voted intentionally.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Oh. I'd upvote your replies but it wouldn't count because of the .02 earnings threshold.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Hey, friend, at 80 SP you ought to be able to overcome the dust threshold if you let your voting power recover! On a recent post you showed a screenshot of about 17% vote power. That comes from voting (or flagging) too often.
It recovers about 20% a day, and drains about 2% with each vote. So we get roughly 10 votes per day if we want to stay near full power. I just recently learned this, hope you find it helpful.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Nope. At 100% my vote is about .015. It may show as .02 but it's still worthless if I go solo. FYI you can upvote my posts and comments after 30 minutes and earn curation rewards. I always make my posts and upvotes count.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I support your choice:-)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Hello friend @dracos, it is no longer Top 50, now it is Top 26. Congratulations.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I'm trying really hard not to snicker at this ridiculous code. I'm not succeeding.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit