PIVX, Possibly Other PoS Chains Vulnerable to Bug, Attackers Profit

Published at: Aug. 13, 2019

Private transactions cryptocurrency PIVX and over 200 other blockchains are vulnerable to attackers obtaining disproportionately high staking rewards.

A major staking vulnerability

Cryptocurrency consulting firm Lunar Digital Assets claimed in a post published on its website on Aug. 12 that a staking vulnerability is being used across PIVX and its forks. The weakness reportedly allows the attacker to obtain mathematically impossible staking rewards on vulnerable proof-of-stake (PoS) chains.

According to the post’s author, the PIVX development team claimed to have solved the issue in January. Nonetheless, a core developer of PoS altcoin BitGreen (BITG) noticed that the vulnerability in question is allegedly being exploited again. The consequences are explained in report in the following way:

“To put it bluntly, someone or some entity has figured out a way to game the PIVX PoS algorithm. This has crippled the rewards system of several chains, and BitGreen has notified of all exchanges that it is listed on to halt all deposits and withdrawals until further notice.”

Accusations against the PIVX team

Moreover, the firm noted that “what’s worse is that PIVX has known that this bug was not fixed and has kept quiet to themselves.” The author of the report claims that he contacted the PIVX core developers and has been told that there was no other solution than waiting for an update which would be issued in the third quarter of the current year.

He also says that after he managed to contact PIVX members directly and asked about information concerning an address which was exploiting the vulnerability in question, he obtained no answer and the attack stopped. He concludes:

“The timing is very suspicious, but I can not conclusively say with evidence that PIVX developers have been using their knowledge of the bug for their own benefits — let alone use it to exploit other chains. [...] The “fake stake” exploit clearly has not been fixed for PIVX, so the question is, was it ever fixed? Or have the attackers developed a new method in carrying out similar attacks such as this one?”

As Cointelegraph recently reported, cryptocurrency exchange Binance recently claimed that a dusting attack occurred against the fourth-biggest altcoin, Litecoin (LTC).

Tags
Related Posts
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022
Pioneering hardware wallet brings enhanced staking to cold storage
Twelve months ago, the total value of cryptocurrency locked in staking programs was barely more than $1 billion. Today, there is $58 billion locked in decentralized finance, or DeFi. The adoption of DeFi has been a sea change that’s helped push the crypto industry into the mainstream, but it’s hardly the only one. Mainstream institutions including MicroStrategy and Tesla have poured billions of dollars into Bitcoin — and some have been buying the dip — while nonfungible tokens have evolved from CryptoKitties and CypherPunks to an artistic medium pulling in millions in bids for a new generation of digital artists …
Technology / June 8, 2021
Uranium Finance developer suspected of ‘leaking’ information leading to $50M exploit
The $50 million exploit of Uranium Finance, a decentralized finance protocol on Binance Smart Chain, may have been an inside job, according to a member of the project’s development team. The theory was put forward in Uranium Finance’s Telegram channel by a user named “Baymax,” who appears to be listed as an administrator. In a pinned post, Baymax explained that the security flaw leading to the exploit happened just two hours before version 2 of the protocol was launched. The suspicious timing of the exploit narrows down the list of potential perpetrators significantly. Baymax explained: “There are a total of …
Blockchain / April 28, 2021
Analyst Is 'Surprised’ There Hasn’t Been a Large-Scale Attack on Bitcoin Cash Yet
Yassine Elmandjra, a crypto asset analyst at ARK Invest, said in a May 24 tweet that the Bitcoin Cash (BCH) hashrate fell by 30% since its halving event, and only accounts for about 2% of the SHA-256 hashrate. Elmandjra now thinks it’s only a question of time before somebody takes advantage of the network: “Surprised we haven't seen a large scale attack yet.” According to data from BitInfoCharts, the Bitcoin Cash average daily hashrate fell by nearly 25.6% since its April 8 halving. Still, Elmandjra presumably did his calculations based on May 23 data, where the hashrate was down by …
Blockchain / May 25, 2020
Five Critical Vulnerabilities Discovered in EOS in 2019, HackerOne Data Shows
EOS.io, the company responsible for the development of fourth-largest crypto by market cap EOS, has handed over bug bounties for five critical vulnerabilities this year. Public activity on breach disclosure platform HackerOne revealed the bounties. On Jan. 10, $40,750 was awarded to five white hat hackers on the platform by EOS.io, and the day after, another researcher received a $10,000 bounty. Five of those bounties are equivalent to $10,000 each, which is the highest possible payout reserved by the company only for the most critical vulnerabilities. The Tron Foundation, the company behind the cryptocurrency Tron, also awarded four bounties in …
Altcoin / Feb. 5, 2019