Private transactions cryptocurrency PIVX
and over 200 other blockchains are vulnerable to a vulnerability
allowing the attacker to obtain disproportionately high staking rewards.
A major staking vulnerability
Cryptocurrency consulting firm Lunar Digital Assets claimed in a post published
on its website on Aug. 12 that a staking vulnerability is being used
across PIVX and its forks. The weakness reportedly allows the attacker
to obtain mathematically impossible staking rewards on vulnerable Proof
of Stake (PoS) chains.
According to the post’s author, the PIVX
development team claimed to have solved the issue in January.
Nonetheless, a core developer of PoS altcoin BitGreen (BITG)
noticed that the vulnerability in question is allegedly being exploited
again. The consequences are explained in report in the following way:
“To
put it bluntly, someone or some entity has figured out a way to game
the PIVX PoS algorithm. This has crippled the rewards system of several
chains, and BitGreen has notified of all exchanges that it is listed on
to halt all deposits and withdrawals until further notice.”
Accusations against the PIVX team
Moreover,
the firm noted that “what’s worse is that PIVX has known that this bug
was not fixed and has kept quiet to themselves.” The author of the
report claims that he contacted the PIVX core developers and has been
told that there was no other solution than waiting for an update which
would be issued in the third quarter of the current year.
He also
says that after he managed to contact PIVX members directly and asked
about information concerning an address which was exploiting the
vulnerability in question, he obtained no answer and the attack stopped.
He concludes:
“The timing is very suspicious, but I
can not conclusively say with evidence that PIVX developers have been
using their knowledge of the bug for their own benefits — let alone use
it to exploit other chains. [...] The “fake stake” exploit clearly has
not been fixed for PIVX, so the question is, was it ever fixed? Or have
the attackers developed a new method in carrying out similar attacks
such as this one?”
source link
