PIVX, a private transactions altcoin, and allegedly another 200 other chains are vulnerable to a bug that has been used across multiple PoS blockchains.
Private transactions cryptocurrency PIVX and over 200 other blockchains are vulnerable to a vulnerability allowing the attacker to obtain disproportionately high staking rewards.
A major staking vulnerability
Cryptocurrency consulting firm Lunar Digital Assets claimed in a post published on its website on Aug. 12 that a staking vulnerability is being used across PIVX and its forks. The weakness reportedly allows the attacker to obtain mathematically impossible staking rewards on vulnerable Proof of Stake (PoS) chains.
According to the post’s author, the PIVX development team claimed to have solved the issue in January. Nonetheless, a core developer of PoS altcoin BitGreen (BITG) noticed that the vulnerability in question is allegedly being exploited again. The consequences are explained in report in the following way:
“To put it bluntly, someone or some entity has figured out a way to game the PIVX PoS algorithm. This has crippled the rewards system of several chains, and BitGreen has notified of all exchanges that it is listed on to halt all deposits and withdrawals until further notice.”
Accusations against the PIVX team
Moreover, the firm noted that “what’s worse is that PIVX has known that this bug was not fixed and has kept quiet to themselves.” The author of the report claims that he contacted the PIVX core developers and has been told that there was no other solution than waiting for an update which would be issued in the third quarter of the current year.
He also says that after he managed to contact PIVX members directly and asked about information concerning an address which was exploiting the vulnerability in question, he obtained no answer and the attack stopped. He concludes:
“The timing is very suspicious, but I can not conclusively say with evidence that PIVX developers have been using their knowledge of the bug for their own benefits — let alone use it to exploit other chains. […] The “fake stake” exploit clearly has not been fixed for PIVX, so the question is, was it ever fixed? Or have the attackers developed a new method in carrying out similar attacks such as this one?”