The Ethereum team has decided to postpone the latest upgrade to protect users from having their funds stolen by hackers due to a cybersecurity vulnerability.
The Constantinople Upgrade has been postponed for two days so the development team can fix the issue. So, instead of the 16th of January as it was originally planned, the update will be launched on the 18th of January.
In technical terms, the cybersecurity vulnerability is what the experts refer to as “reentrancy attack”. It was discovered by ChainSecurity. The company commented that if the bug went live, the users who engaged in an Ethereum smart contract could have had their funds stolen.
A smart contract is nothing more than a script that allows you to pull funds together with other users and receive the currency back based on a set of predetermined conditions. The ChainSecurity experts noticed it was possible for a malicious actor to completely disrespect these terms to extract users’ funds without their knowledge or approval.
The reason why the exploit is called a reentrancy attack is because an attacker can re-run the same script multiple times until all the shared funds are exhausted. Luckily, though, the current version of Ethereum platform is not vulnerable to such an attack, at least according to the short and incomplete scans performed by the ChainSecurity company.
They are still scanning the platform to ensure no other vulnerabilities are present, but as of right now, Ethereum users have nothing to worry about.