Vulnerability in Ravencoin Creates Extra 1.5% of Maximum Supply for Hackers

Published at: July 3, 2020

A vulnerability in Ravencoin (RVN) resulted in the unsanctioned minting of about 1.5% of its maximum supply of 21 billion RVN. 

The exploit was disclosed by Recencoin on Friday after initial reports were confirmed, but details remain fuzzy as the investigation is still underway. About 315 million RVN were minted, worth about $5.7 million at current prices.

Ravencoin said it notified law enforcement in hopes of catching the unknown perpetrators of the exploit, though given the nature of the bug, no money was directly stolen. Instead, the losses were spread over all RVN holders as extra inflation, which amounts to about 5% of the currently circulating supply.

The team confirmed that the extra RVN was already exchanged, making any kind of remediation effort difficult. Miners and nodes must now upgrade to a new fixed version to prevent further exploits.

According to unconfirmed rumors on the community’s Discord, the bug existed since October and involves a wallet bug. 

Concerns were raised by the community that this was due to ProgPow, the controversial Ethereum-born mining algorithm that was recently adopted by Ravencoin. However, a team member said that the issue was from “an innocuous [Github pull request] from somewhere else.”

Following the post-mortem and successful mitigation of the bug, the community will need to decide how to deal with the vulnerability. The team suggested to anticipate a planned halving in 44 days to compensate for the extra supply of tokens, though the community may also decide to leave everything as is.

Tags
Related Posts
Monero Cryptojacking Malware Targets Higher Education
According to a study published by Guardicore Labs, a malware botnet known as FritzFrog has been deployed to ten millions of IP addresses. The malware has largely targeted governmental offices, educational institutions, medical centers, banks, and telecommunication companies, installing a Monero (XMR) mining app known as XMRig. Guardicore Labs explains that FritzFrog uses a brute-force attack on millions of addresses to gain access to servers. That’s where an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. After it gets in it proceeds to run a separate process named “libexec” to execute XMRig. “It has successfully …
Technology / Aug. 20, 2020
F2Pool Returns $500K of Abnormal ETH Transaction Fee to Sender
F2Pool, a Chinese mining pool that recently mined an Ether (ETH) transaction with an abnormal transaction fee of 2,310 ETH, has returned 90% of the fee to its sender. Announcing the news on June 18, F2Pool said that the MiningPoolHub, the original owner of the address behind the transaction, has received back 2,079 ETH, or about $480,000. The mining pool specified the transaction ID showing that F2Pool has returned the amount to its original owner. In order to complete the reimbursement transaction, the original address holder had to sign the new address using the private key of the original address. …
Technology / June 18, 2020
Cryptojacking Almost 5 Times More Prevalent in India Than Global Average
Cryptojackers are hitting pay dirt in India, according to Microsoft's newly released Security Endpoint Threat Report 2019. The report states that web users in India encounter crypto mining malware attacks at a rate 4.6 times higher than the regional and global average. India experiences the second-largest number of cryptocurrency mining attacks in the Asia Pacific region, lagging only behind Sri Lanka. A cryptocurrency mining attack, commonly called cryptojacking, is an attack where hackers secretly install cryptocurrency mining malware on someone else's computer to use its computing power to mine cryptocurrencies. Attackers’ sentiments are pegged to crypto prices Cryptojacking practices saw …
Technology / July 29, 2020
Ravencoin Community Clash Over Mining Algorithm Continues
The Ravencoin community continues to argue over what mining algorithm the project should adopt in the future to best deter ASICs, despite Ravencoin conducting a hard fork intended to bolster ASIC-resistance just five months ago. Tron Black, Ravencoin’s lead developer, posted an update on Feb. 18 stating that “work is ongoing to test various alternative algos for mining Ravencoin.” He added that the campaign to change algorithms is being led by “a large contingent of GPU miners.” “Several algos have been tried with benchmarking. Some will not work because they are too slow for validation,” Black continued. The post also …
Technology / Feb. 21, 2020
Hacking Group Outlaw Upgrades Malware for Illicit Income Sources: Report
Cybersecurity firm Trend Micro has detected that hacking group Outlaw has been updating its toolkit for stealing enterprises’ data for nearly half a year at this point. Outlaw — who had ostensibly been silent since last June — became active again in December, with upgrades on their kits’ capabilities, which now target more systems, according to an analysis from Trend Micro published on Feb. 10. The kits in question are designed to steal data from the automotive and finance industries. The new capabilities of the kits The group’s new developments include scanner parameters and targets, advanced breaching techniques used for …
Technology / Feb. 11, 2020