As the sidetangle is bonded to the maintangle, the nodes crash and slow down the entire network. Notably, the incident has exposed the vulnerability of directed acyclic graph (DAG) based cryptocurrencies.
IOTA, a popular and widely used DAG crypto, has a market cap of about $2.7 billion and a trading volume of over $50 million per day. A majority of cryptocurrencies use a blockchain, which requires writing new transactions to a chain containing all previous transactions. In case of Bitcoin, each node uses the full transaction history of Bitcoin to validate new transactions. IOTA’s DAG, however, verifies only the previous two transactions. This has made IOTA network a no fee system and computationally efficient.
Now, it seems the transaction verification system of IOTA can be misused by hackers by creating a sidetangle, which acts as a parasite chain. A sidetangle is programmed by “selecting tips that only reference themselves.” The transactions are unlikely to confirm in such a scenario. The hacker can create millions of transactions like this, which forms the sidetangle, and these transactions never confirm. By creating millions of such transactions , which will not confirm, the nodes are made to crash.
IOTA is designed such that the sidetangle stays aloof from the maintangle and have no effect. However, in this case, it is believed that the hackers have created software which bonds the sidetangle to the main tangle. This means nodes will have sidetangle in their database. As sidetangle is flooded with transactions, the nodes will crash. This is quite similar to the DDoS (Distributed Denial of Service) attack
Ralf Rottman says, who is on the IOTA Foundation Board of Directors, said
“People continually try to attack the tangle, and we learn from these attacks to make it more resilient over time. Remeber, IOTA is an early-stage project and these kinds of events are par for the course. As long as someone can get such a large percentage of hash power, they can do whatever they like. This is true for any DLT, and the exact reason we have the coordinator ensuring that tokens are safe during this early period.”
Head of engineering at the IOTA Foundation, Edward Greve, says,
“The current sidechain and syncing issues are a new phenomenon for the Tangle, and we’re taking the opportunity to acquire data about how the Tangle is responding and performing. We will keep you posted and share new information as we are able to. Please understand, these new phenomena are not always obvious, and investigation takes time.”
On the Brightside, no IOTA has been lost from the current sidetangle attack. However, the network has slowed down considerably. The incident has also exposed the weakness in DAG networks and developers must address it soon. As of now, there is no solution to the sidetangle attack.