According to a new study that was published by Security Research Labs (SRLabs), the Ethereum network could potentially experience a 51 percent attack. Due to the fact that Ethereum clients (Parity and Geth) were left unpatched, a large number of nodes were exposed to security risks.
The SRLabs report states that more than 1/3 of all Parity nodes haven’t been upgraded since the release of a security patch, with 7 percent of them remaining unpatched for more than nine months. Those nodes could have been remotely crashed by bad actors who want to wreak havoc with the Ethereum network. The same thing pertains to Geth nodes, as the chart below shows.
It is worth mentioning that Parity encouraged its users to update their software right after SRLabs suggested that the integrity and security of the Ethereum network could be at risk. By default settings, the Parity Ethereum client updates automatically only in case of a critical vulnerability.
A 51 percent attack
Similar to Bitcoin, a lot of Ethereum’s hash power is concentrated in the hands of the most powerful mining pools that, as a rule, share some nodes. Lack of “basic patch hygiene” could eventually lead to a 51 percent attack.
“Even if the miner nodes are secure for now, failure to close known vulnerabilities may lead to a collapse of the blockchain ecosystem if and when the hashing power becomes more decentralized. This failure to update could leave the blockchain ecosystem in a more vulnerable state by lowering the barrier for performing a 51% attack,” the study states.