This article was first published on Hello ICON World - Medium
Fixing Vulnerability and Defending Network against Malicious Attacker
Dear ICON Community,
Over the weekend, the ICON network experienced an attack by a malicious individual exploiting a vulnerability in the Multiple Unstaking Requests feature. We would like to share a post-mortem on what happened in this post. At this time, the situation is fully under control and no user funds were impacted. It was imperative to wait until the vulnerability was fixed prior to sharing these details in order to prevent additional attacks.
The ICON Foundation proposed the Revision 9 Proposal two weeks ago and at block height 22,657,896 (UTC 2020–08–13 10:02:54), the Revision 9 update was activated with the Multiple Unstaking Requests feature.
At UTC 2020–08–22 18:00:06, a few community members alerted telegram admins of unusual activity with a specific user account. It was immediately escalated to ICON Team members and the investigation began.
The ICON Team, along with the help of dedicated community members and P-Reps, identified that the account was attacking the ICON Network using the ‘SetDelegate’ function to mint unauthorized ICX tokens. Realizing the potential severity of the situation, we quickly gathered all Main P-Reps to remain on standby for an emergency network update to remove the ‘SetDelegate’ function and blacklist the attacker’s accounts while we explored the root vulnerability the attacker was abusing. Exchanges were notified with specific accounts to freeze and to disable deposits and withdrawals while the patch was being developed. The network was then upgraded and the attacker was permanently stopped. The entire attack, coordination of a defense and development of a solution occurred over the course of approximately 11 hours.
The team worked tirelessly to successfully trace the funds and also track down the attacker. Thanks to the efforts of our exchange partners, P-Reps, and community members, we were able to recover the majority ...
To keep reading, please go to the original article at:
Hello ICON World - Medium