NEWSLETTER
<img src="https://crypto.news/app/uploads/2025/02/crypto-news-ethereum-option51.webp” />
An unknown attacker led ethereum's developers to launch a “private solution” as the network dealt with technical problems during the tong update in Sepolia Testnet.
In an incident reportThe ethereum developer, Marius van Der Wijden, revealed that the attacker exploded a “border case” overlooked, which triggers errors by sending zero token transfers to the deposit contract, which further complicates a problematic deployment.
What happened?
On March 5, the tong update was launched in Sepolia, but almost immediately, developers began to see error messages appearing in their Geth nodes, along with an increase in the empty blocks that are extracted.
According to Van Der Wijden, the problem arose from the deposit contract that issued an unexpected event, a transfer event instead of the required deposit event, which caused the nodes to reject the transactions and produce only empty blocks.
The error was linked to EIP-6110, which required that all records of the deposit contract be processed uniformly.
The Geth team launched a solution that “ignored all erroneous records from the deposit contract,” but the developers overlooked a specific edge case in the ERC-20 standard.
“The ERC20 standard does not prohibit the transfer of tokens 0, this allows anyone (even if they do not have any token) transfer 0 tokens to another address that will issue an event,” said Van Der Wijden, and added that an “attacker” took advantage of this repeatedly sending zero transfers to the deposit contract.
This activated the same error and caused the network to continue mining empty blocks.
Initially, the developers suspected that a trusted validator had made a mistake, but after the investigation, they tracked the problem to a freshly financed account of a public tap.
To stop the attack, developers needed to filter the transactions that interact with the deposit contract. However, they suspected that the attacker was monitoring their chats, which led them to launch a “private solution” to select Devops nodes that control approximately 10% of the network.
Once the solution was implemented, the nodes resumed producing complete blocks, allowing the chain to function normally at 14:00 UTC. A few blocks later, the attacker's transaction was extracted successfully, confirming that all the node operators had been updated.
Despite the interruptions, ethereum “never lost the completion”, and the problem was limited to Sepolia, since its deposit contract activated by Token differ from the ethereum Mainnet deposit contract, according to Van Der Wijden.
However, developers have decided to delay the update of sirty for new tests and purification.
What is ethereum's sicking update?
The Pink's sight is designed to improve the commitment to eth, improve the scalability of layer 2 and expand the capacity of the network. It presents 11 proposals for the improvement of ethereum (EIPS) and marks the first important update since Dencun, which was launched in March 2024.
As previously reported by crypto.News, developers planned to implement sicking in the Netnet on April 8, provided that both Holesky and sepolia testnets successfully completed their updates.
The update was first implemented in Holesky Testnet on February 24, where they also encountered technical problems that prevented the end.
