Han Yoon

CEO @ Lunar Digital Assets, Hobbyist Writer, Cryptonaut. CyberSecurity Researcher. Noonie Nominee.

[UPDATE #2] PIVX and 200+ PoS Chains Currently Vulnerable; Chains Already Under Attack

An exploit being used across PIVX and its forks have developers scratching their heads as PIVX claimed to have fixed the bug back in January 2019. However, this is most certainly not the case. The BitGreen Core developers were the first to publicly report this exploit out in the wild again and even noticed the exploit being used across various other chains, including PIVX itself. What’s worse is that PIVX has known that this bug was not fixed and has kept quiet to themselves.
Dennis aka “XeZZ” from BitGreen first notified the team of abnormal staking rewards going to a certain address. To put it bluntly, someone or some entity has figured out a way to game the PIVX PoS algorithm. This has crippled the rewards system of several chains, and BitGreen has notified of all exchanges that it is listed on to halt all deposits and withdrawals until further notice.
An example of the exploit in the wild can be seen here or in the screenshot below.
XeZZ explains, "This makes no sense at all. [The wallet] only has 87 PIVX coins but minted 48 on that address alone. The average stakeweight on PIVX is 9K, 2.3 coins per stake." In essence, what should have taken 100 days to mint the staking rewards, took roughly 24 hours for this exploiter.
Upon further research, BitGreen Community Leader, NaDro-JJ.py, found a Medium article titled “Fake Stake Attacks” dating back to January 22nd which explains how the exploit is executed.
To carry out the attack starting from a small amount of stake, the attacker must amplify their amount of apparent stake. Apparent stake refers to the total candidate stake outputs, even the ones that are already spent. If an attacker starts with a UTXO of amount k, then the attacker can create multiple transactions spending the coins back to the attacker as shown in the figure below. Only UTXO(n+1) should be allowed for staking, but because of Check 2 above we are able to stake with all UTXO from 1 through n+1, thereby increasing the apparent stake by n*k. This increases the chances of finding a PoS block since the attacker can keep on doing this to increase his apparent stake.
For example, even with 0.01% stake in the system, the attacker only needs 5000 transactions to mine blocks with 50% apparent stake power. After the attacker has collected a large amount of apparent stake, he then proceeds to mine PoS blocks at a past time using the freshly collected apparent stake outputs. Finally, the attacker fills the disk of the victim peer with the invalid blocks as shown on the right part of the illustration above. An attacker could, for example, buy some coins from an exchange, amplify the stake through self-spends as we described, and then sell those coins back to the exchange, performing the attack at any later date. The only cost incurred to the attacker would be the transaction fees.
The BitGreen team as well as its community took swift action by dismantling a significant portion of the active masternodes to stake their coins, slowing down the attacker. Shortly after, an interim solution was issued publicly by the BitGreen team, increasing the minimum staking input threshold so that the attacker would not be able to unfairly stake with small inputs. A final fix will come in a new wallet update, where BitGreen will shift its codebase from PIVX to DASH core. 

Insider Foul Play Involved?

As I was following this story I found several red flags from the PIVX core developers. I'm not the type to point fingers or accuse anyone of wrong-doing, but there are some things I can not shake off.
First, when I attempted to contact the PIVX Core Developers, they wouldn't talk to me directly. A PIVX discord member named "bubiz" began relaying messages from the core devs, which I found to be very odd. He said that the developers were aware of the bug (which I haven't even gotten into specifics with at this point), and that there is nothing a PIVX fork can do except wait until 4.0 was released. Naturally I asked when that would be, and the answer was "Q3 2019."
For a bug as serious as this one, you would think that they would have issued a statement for all the PIVX forks in existence (there's a lot). And the BitGreen team has proven them dead wrong in their statement that there is "nothing you can do but wait till 4.0."
Hours later I finally received a private message instructing me to send an email to "fuzzbawls" and "furszy" of the PIVX organization. I thought finally, I'll be getting some answers. I was dead wrong.
In the e-mail I inquired about a PIVX address (the one I linked above) that was receiving mathematically impossible amounts of staking rewards. From then on it was radio silence. No response, no acknowledgement, no denial, absolute silence.
Things got even stranger. Shortly after, that address appears to have ceased its back-and-forth transactions momentarily, and only 2 new coins were minted since.
The timing is very suspicious, but I can not conclusively say with evidence that PIVX developers have been using their knowledge of the bug for their own benefits — let alone use it to exploit other chains. But we can not rule out the possibility.
The “fake stake” exploit clearly has not been fixed for PIVX, so the question is, was it ever fixed? Or have the attackers developed a new method in carrying out similar attacks such as this one?
However, I do believe that we are owed an explanation from the PIVX organization on their recklessness and irresponsibility in failing to alert the PoS communities, allowing these attacks to happen and go largely unnoticed.
Millions of dollars were (and are still) at stake (pun not intended) when you consider the number of projects that are running off of PIVX forks. Over 200 chains are at risk because of their lack of foresight to warn the PoS community.
These types of exploits are not the kind where you simply “wait for the next version” — it demands an immediate and swift patch. The team’s nonchalant attitude towards the bug was not only alarming, but had given me a great sense of disappointment for the PIVX team.
They have yet to respond to my emails nor reached out for a comment. This is still a developing story, inaccuracies and new information will be updated.

Important Updates as of 8/12/19 7:45 PST

I'm not sure where to even begin. The fact that the devs downright lied, started attacking me personally, banned me from their Discord after requesting a civil discussion so that I can clear their name of any wrong-doing, or being called a "nobody with a shitty chain."
I made the mistake of wandering into the PIVX discord room, and surely enough, I saw posts of not only the devs trying to discredit me, but spewing lies that contradict what they had said through their "proxy man" the other day.
1. The developers maintained their stance that the issue has been fixed. One problem though. That directly contradicts what I've been told the other day.
2. The developers then blamed the attacks on "crappy chains" because of their decision to comment out a line that would lead to a missing nTime check.
But wait a minute... the address that I posted which was exploiting this bug was a PIVX address? So did PIVX remove their nTime check as well?!
3. I decided to jump into the convo again, and the personal attacks began.
[7:17 PM] Han | TeamLunar: All I wanted was any sort of response from the devs -- received 0
[7:18 PM] Han | TeamLunar: I hope no one takes this personally; I have a duty to protect my clients as well as the blockchain space
[7:18 PM] Han | TeamLunar: and the fact that devs still havent come out with a statement to me in 36 hours is concerning
[7:19 PM] Han | TeamLunar: I will edit the article as soon as they give a statement on wtf is going on
[7:21 PM] furszy: 36hs in a weekend and you prepared all of that nonsense? Someone have everything planned for a long time.. we work for PIVX, not for your crappy chain. We are working.. something that you seems to not know.
[7:21 PM] furszy: go to whatever place you want, you are not welcome here.
[7:21 PM] Han | TeamLunar: I don't "have any chain." All I asked was for an explanation .
[7:22 PM] Han | TeamLunar: Keeping things civil
[7:22 PM] furszy: nah, you are just stating crap and requesting stuff when you are nobody
[7:23 PM] Han | TeamLunar: so can I get an explanation or not?
At this point I was banned from the channel; luckily I saw it coming and managed to get the chat logs to show the world that their mentality is still in high school drama.
4. The lack of maturity, the constant avoiding of a simple question, and the unwillingness to talk taught me a lot about "furszy." Would it have been so hard to simply explain something along the lines "X happened, but Y caused some issues, so we're working on Z."
In fact, simple human psychology studies would characterize his incredibly defensive stance as a trait of someone who is hiding something -- someone feeling extreme guilt and of whatever it may be and the fear of getting caught.
5. Was I in the wrong to be asking questions? I really wanted to clear their name of any wrong doing. This was the first email I sent to them - polite and respectful.
6. Why was the BitGreen devs able to halt the attack in a few days, while PIVX has knowingly let this exploit go on for god knows how long?
Something fishy is definitely going on in the fantasy world of PIVX. Lies, coverups, and silence is just scratching the surface.

Last Update as of 8/14/19 7:00 AM

It appears that it is not the same 'fake-stake' bug from earlier this year. I apologize for jumping to that conclusion. However, that does not change the fact that:
1. When I first engaged with them, they said they were already aware of the bug and were working on a fix for 4.0.
2. They deny any problems on their network and blames "shitty forks" for removing a line of code, when it's happening on their blockchain
3. Once media picks up the story now they publicly admit to be "looking into the matter seriously."
Nothing adds up here. If they knew about the bug but were only made aware of the bug after I had notified them, are they implying that there are more bugs? Or are they backtracking to save their asses... Anyways, I don't have time to write a response to their response in an ongoing back and forth, but don't blame me for publishing the story when you personally attack me and ban me from Discord without answering a single question.

Tags

Comments

August 13th, 2019

Here comes an official statement from PIVX developers (Fuzzbawls/etc):
In response to the article currently being circulated: We were made aware of suspicious behavior on the PIVX network last week and have since been investigating the claim that our proof-of-stake algorithm is under attack. At this point, we can confirm that the suspicious behavior is in fact NOT a resurgence of the “Fake Stake” attack from earlier this year, as the article claims.

There are no indications that user funds are at risk, or that the network’s stability or chain trust have been compromised.

We are in communication with other projects and will seek to include as many as possible as our investigations progress and report to them how to properly fix any problem(s) keeping in the spirit of Responsible Disclosure practices.

Investigations are still under way as to the reported suspicious behavior, and a more detailed findings report will be issued once investigations are concluded.

Of note: the author of the article was informed of this ongoing investigation, but chose to jump to false conclusions instead of wait for the proper response.

Please join our discord if you need to talk with the team!

More by Han Yoon

Topics of interest