Ethereum Developers Uncover Interference in Pectra Deployment on Sepolia

Issues with the activation of the Pectra hard fork on March 5 in the Sepolia testnet were exacerbated by the actions of a malefactor, as reported by Ethereum developer Marius Van Der Wijden.

I wrote up the story of the Pectra incident on Sepolia, its an interesting story about edge cases, coordination and an attacker who swooped in and made our lives much harder!

Check it out (4min read): https://t.co/0ezGnm0Z8j

— MariusVanDerWijden (@vdWijden) March 9, 2025

Following the deployment of the update, the Geth client team began reporting errors and mining empty blocks. The malfunction was caused by incorrect event generation by the deposit contract. A test transaction had been sent to it to check the withdrawal functionality.

Developers created a patch and coordinated its deployment approximately three and a half hours later. However, the network soon began producing empty blocks again. Programmers discovered another problematic transaction that led to the same error.

According to Van Der Wijden, they initially thought a trusted validator had made an error. However, it turned out the operation was conducted from a new, recently funded account.

The developer noted that the attacker exploited an edge case they had overlooked. The ERC-20 standard allows anyone to make zero-value transfers to other addresses, even without tokens. The attacker triggered the malfunction again with such a transaction.

The Ethereum team suspected the attacker was monitoring some of their chats and decided to proceed with the update discreetly.

“The only way to stop the attack was to filter all transactions interacting with the deposit contract. So we made a private fix, which we deployed on several of our own nodes,” Van Der Wijden explained.

These nodes comprised about 10% of the network, allowing full blocks to be proposed again and the testnet to be used for further coordinated fixes.

“We did not lose finality during the incident. As mentioned earlier, the issue arose only on Sepolia because we use a deposit contract with a token lock, unlike the mainnet,” the developer added.

The team scheduled the activation of Pectra on the Ethereum mainnet for early April.