Open in app

Sign in

Write

Sign in

Incident — Pinkcoin Network Attack

Danny Johnson
5 min readDec 24, 2017

--

2017–12–22 Pink Block Height: 315055

By Pinkcoin Development Team 2017–12–24

https://chainz.cryptoid.info/pink/#@diff after attack, showing exploiting chain with low difficulty, overriding honest blocks.

TLDR:

The attackers found a vulnerability that allowed them to produce a large number of blocks and make them appear to be created in a very short period of time without increasing their difficulty.

We believe a block difficulty validation routine vulnerability was the cause of exploitation.

This led to a rush of new blocks at a lower difficulty, allowing the attacker to generate pinkcoin.

The attacker ‘rewound’ honests blocks after 315055 to seize control of the chain.

All your pinkcoin are safe, and no coins were stolen in this attack.

The network was hardforked with a new protocol revision number at block 315065.

The HF fixes the time-warp difficulty adjustment bug, and undoes all the dishonestly mined blocks.

Any transactions after this height (2017–12–22/23) will need to be resent to the network to be processed.

We are coordinating with exchanges and miners with the updated wallet.

Please update to Pinkcoin 2.1.0.3, this is a mandatory HF to mitigate an active attack against the Pinkcoin Network.

Post-Update steps

  • Remove any old ‘addnodes’ in your pinkconf.txt
  • Delete peers.dat from your .pink2 datadir. These stale peers may be running older versions. Let it get new peers from DNS/new network
  • When running, rescan the blockchain from the HF height:
  • ./Pinkcoin-Qt -startfrom=315065
    or
  • Pinkcoin-Qt.exe -startfrom=315065

For a visual on how to do this check out our blog post here

Chain Proof Of Work difficulty validation and time-warp bug

After block ~316000, users reported that block explorers were out of sync, and transactions were confirming/being unconfirmed.

‘too weak’ PoW blocks were being accepted as valid.

This allowed a malicious party the ability to generate many coins in a rush of new empty blocks.

After the last dishonest block in a series was accepted, an honest block will build on top, but at a greatly reduced difficulty.

The honest block would then scale the difficulty back to its correct network hashrate levels.

This allowed honest miners to obtain more blocks than the network hashrate would expect, and restored the chain to network difficulty after that phase of the attack had ended.

After the chain had recovered, the attacker would start building off their hours old chain, and apply the exploit again to invalidate honest blocks.

These rush of new blocks also caused stake blocks to become orphaned, as they were superseded by the dishonest mined blocks.

The attacker could then generate a chain of valid, yet not difficult enough blocks containing the single coinbase tx (reward).

The attacker also built on previous dishonest chain after honest miners/stakers caught up.

Eventually, the attacker overtook the PoW/PoS by producing ‘weak’ work value blocks and using the vulnerability to make it appear that they were created in a very short period of time.

The attacker could spend an hour mining blocks with a locked difficulty setting, and then flood the chain with the blocks with timestamps that take advantage of the vulnerability.

The wallet would calculate all of the accumulated difficulty as taking place during a very small amount of time.

The attacker kept overtaking the main chain. Normally the Proof of Stake blocks are meant to act as checkpoints; but as the vulnerability allowed the attacker to maintain a modest difficulty while producing a large number of then-valid blocks pinned to a specific time, they were able to 51% attack the network with a chain that did not include stake blocks

It is expected that ~1200 blocks will be produced in a day, where as on 2017–12–22 there were over ~5000.

This caused over ~300,000+ coins to be produced prematurely, inflation, and will throw out Proof of Stake Balance.

The attack injected this chain of weak blocks in at least three different periods, and then stopped when the chain was ‘halted’.

This attack was repeated several times, and we also detected lots of garbage transactions in the mempools of clients.

The root cause is a bug in the way nActualSpacing is calculated. This bug created a condition where blocks with a timestamp set earlier than the previous block would have their difficulty calculated as if they were found 2 minutes after the previous block.
The intention of this is to ensure a consistent emission under large network clock skew.

However, the attacker could fix time/difficulty by ‘warping’ around this 2 minute window. Under easier difficulty they could forge valid blocks easily.

Additional checks to verify that inserted blocks correctly match the expected difficulty should also harden against this attack.

Justification for HF

  • Attackers were invalidating honest blocks, and dropping valid transactions.
  • If the chain recovered, the attackers created a new malicious fork.
  • After the exploit had been triggered, the chain organised into a series of good branches from the attack fork, and these cannot be stitched back together.
  • It would be possible re-exploit this bug when and if the attack stopped, reducing confidence in the availability of the network.
  • Without HF, Attacker could keep the 300,000+ coins generated, throwing out Proof of Stake balance.
  • We had to organize a reset to before the attack

We will HF the network to before the attack in 2.1.0.3

To fix, the protocol version was incremented to 60014 causing the hard fork.

Clients will reject other protocol version 60013 clients.

New consensus rules past block 315065 are:

https://github.com/Pink2Dev/Pink2/commit/e8c2d3a739c401ce7bed9caed2177298be2bc69f

https://github.com/Pink2Dev/Pink2/commit/b0197c780e2e2551c2176366f54c6290a7133a65

https://github.com/Pink2Dev/Pink2/commit/cb923a94b708a28c1d495e1d750d4d36e733c143

https://github.com/Pink2Dev/Pink2/commit/de138d21be6edc14f2e658c7385db76898f2a1a2

https://github.com/Pink2Dev/Pink2/commit/4b7691cd0a8e137e3429b674039d4868ea6b9477

https://github.com/Pink2Dev/Pink2/commit/435124057faf722d0947f7ee8608ca083eb401e3

  • GetNextTargetRequired: Remove (nActualSpacing < 0) nActualSpacing = nTS after block 315064
  • Root cause, allowing timewarp 2 minute fixation
  • ConnectBlock: Enforce double-check of proof of work/proof of stake difficulty [nBits check]. (Hardening)
  • CheckBlock: Beyond block 315064, require the drift be no more than 1 min in the future
  • Peers must accept 60014 protocol revision from peers

Please update to 2.1.0.3

Strengthen the network and run the latest build, blocking the time-warp difficulty fixation bug.

2.1.0.3 can be downloaded here at our website

Intelligence

We believe the following 10 addresses performed the PoW attack:

2DXWRnwkw6ZsmczHM4VnGMhCtk23xiG2ba

2EftNMxxavs5TfbCDjB3VEhioPFfW2idSK

2ESbKuvyChHUXjkrMRdnqNVQ9NGvnj8qNu

2JDaL57PzB5GcZqjwiGs2thoqUDdBDQiRd

2Mfz71ijWTMotvpkCowKcitbvnmos1vrM9

2PJEs4CsyJcicM291E8z6k4J3LB5Kd9nbW

2Vfu7XgmKx3UcxpmqmzGuoUudha2wjhw1A

2W3xqiUN9qPEZv5Jd9e9BSmxY2XsGxBryW

2Y5cCojPmY5DzwzshQuHJ7bxF7Xeb1J5x1

2Zq4Ch2oKTtThPWhJs1HhpfGmmxBV5k8jG

Vulnerability Disclosure

If you know of a vulnerability, weakness or fault in the current Pinkcoin code, please reach out to us on Discord.

We can award everything from kudos to neat swag to cold hard cryptocurrency for bugs (depending on severity).

Please do not exploit vulnerabilities on the mainnet — this has caused a great deal of time to be lost, and for no gain to the attacker.

We are not a massive project like Bitcoin, just a few developers working in their spare time to build a self-sustaining charity for the betterment of humanity.

Bitcoin
Pinkcoin
Cryptocurrency
Mining
Christmas

--

--

Danny Johnson

Written by Danny Johnson

8 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams