What happened on the 18th of January 2024 on Manta Pacific L2?
Manta Network, a layer-2 blockchain, experienced a significant Distributed Denial of Service (DDoS) attack on January 18, 2024. This attack coincided with the listing of its Manta token on major exchanges such as Binance, Bithumb, and KuCoin. The DDoS attack occurred precisely when Manta tokens began trading on exchanges, leading to longer transaction times and increased gas fees. Despite the attack, the demand for the Manta Network token remained strong.
What’s a DDoS attack?
The network was flooded with over 135 million fake Remote Procedure Call (RPC) requests. For those who don’t know, Remote Procedure Calls are like request messages sent by apps or users to ask the blockchain to do something, such as sending transactions or reading contract states. In this attack, fake RPC requests flooded the blockchain, causing it to slow down and not respond to real requests properly, causing initial fluctuations in network performance and leading to a network-wide slowdown. This massive number of requests severely limited communication between applications and the blockchain.
An intermediary layer between a blockchain, as a distributed set of nodes, and users that send Remote Procedure Calls are RPC providers. Most likely the attack was directed at RPC providers, hence anyone who has a private node for that blockchain is on to a good thing. For such a person or entity, the blockchain works the same, as it is not dependent on RPC providers.
How a DDoS attack can be prevented?
DDoS attacks can be prevented through the implementation of various security measures such as rate limiting, traffic analysis, and intrusion detection systems to identify and block malicious traffic. Additionally, employing Content Delivery Networks (CDNs) and load balancers can help distribute and absorb traffic spikes, while maintaining service availability. What’s more, leveraging a combination of anti-DDoS appliances and cloud-based mitigation services can enhance a network’s resilience against such attacks.
However, each above security measure comes at a cost and sometimes even hard to accept trade-offs. Another protection measure can be employing a form of Proof of Work that makes the spamming attack infeasibly expensive. Lastly, one could protect against DDoS by bundling operations with a form of payment, even for a reverted one, so that the cost of attack increases and it becomes unprofitable
DDoS threat in Web2
It’s important to note that Distributed Denial of Service (DDoS) attacks can originate from both Web 2.0 and Web 3.0 environments. They can target websites, applications, or networks regardless of whether they operate on traditional infrastructure or blockchain-based platforms. The motivations and techniques behind DDoS attacks are often similar, regardless of the technology of the targeted entity.
In February 2020, Amazon Web Services (AWS), a cloud service used by over a million companies, experienced a major DDoS attack. Hackers sent an enormous 2.3 terabits per second of data to overwhelm AWS servers. They did this by taking over user directories on specific servers and flooding AWS with information. Fortunately, Amazon stopped the attack in time to protect user data. This attack was the largest of its kind on AWS up to that point.
“Even though DDoS attacks are a well-known concept in the engineering space, there are a few flavours to how they are implemented. At RedStone we take the highest security standards for each component of our modular oracles to ensure redundancy against DDoS attempts,” said Alex Suvorov, RedStone Oracles Tech Lead.
About RedStone
RedStone is revolutionizing Oracles industry by implementing a novel modular design and 3 tailor-made data consumption models. You can build the new generation of DeFi & Web3 protocols based on RedStone’s versatile data offering of long-tail, Lp, and Ecosystem-native tokens, as well as Real World Data and custom feeds.