Chainlink confirmed the attack when reached, but did not comment on how much ETH was drained and how many node operators were affected.CEO Hendrik Hofstadt said that Certus One has lost 20 ETH or about $7,500 at current prices.
Chainlink Node operators, which play a significant role in providing price feeds to DeFi protocols suffered a major setback when it was attacked on August 30th. The attack proved to be a major detriment for the DeFi circles because it had drained out about 700 ETH worth about $335,000 at the time when this happened. This happened from their hot wallets and insiders informed that the attacker began the attack by sending out valid price feed requests. This resulted in the operators paying a hefty gas fee. The Chainlink node operator Certus One furnished details on the attack and informed that the attack has affected nice node operators.
Chainlink came out and confirmed the attack but they have not commented on how much ETH was drained and how many node operators were affected. Even on Sunday, there was a spam attempt for nearly 2 hours, a spokesperson from Chainlink said.
“While this spam attempt did require Chainlink nodes to spend additional ETH, this need was quickly removed when the network properly addressed the spam.”
The attack was termed as a failed attempt on Sunday to spam the Chainlink network which had no impact on the network or its feeds. The spokesperson believes that the Sunday attack which went futile only proves to show how resilient the network has become. But this new attack still points out that there are risks being a node operator and that scammers and malicious actors could go to any lengths to destroy the ecosystem.
Chainlink feeds data on to the blockchain smart contracts through its node operators. The need for node operators is clear because smart contracts are not designed to communicate with external systems. Chainlink pays its node operators in its native token LINK. The scammers could perform the attack by using the operator’s spare gas to mint Chi gas tokens created by the decentralized exchange aggregator 1inch.Exchange. The attacker sends a price feed request and the node responds as it usually does. This makes the operator in question spend a lot of gas which the attacker manages to take advantage of.
The nine node operators had their ETH balances drained but they could also not complete the data requests in the attack period which lasted for about 2 hours. As a result of the draining out of the node, it is unable to pay for transactions anymore making it impossible for them to respond to requests. The team at Chainlink believes that the node operators kept refurbishing their node because they were under the impression that it was all due to a gas spike that particular night.
“My team actually noticed the strange pattern of the gas token being minted and so we immediately reported that to the Chainlink team and they patched their security team,” said Hofstadt. “And within like half an hour to an hour, we had to come to the conclusion that we need to look at this whitelist and that this is the best solution.”