PIVX and 200+ PoS Chains Vulnerable to Exploit; Several Chains Already Under Attack

This Article Has Been Updated. Please refer to this page for the most up-to-date developments.

The Return of PoS Exploit Kept Under Wraps

An exploit being used across PIVX and its forks have developers scratching their heads as PIVX claimed to have fixed the bug back in January 2019. However, this is most certainly not the case. The BitGreen Core developers were the first to publicly report this exploit out in the wild again and even noticed the exploit being used across various other chains, including PIVX itself. What’s worse is that PIVX has known that this bug was not fixed and has kept quiet to themselves.

Dennis aka “XeZZ” from BitGreen first notified the team of abnormal staking rewards going to a certain address. To put it bluntly, someone or some entity has figured out a way to game the PIVX PoS algorithm. This has crippled the rewards system of several chains, and BitGreen has notified of all exchanges that it is listed on to halt all deposits and withdrawals until further notice.

An example of the exploit in the wild can be seen here or in the screenshot below.

PIVX PoS Exploit Vulnerability
PIVX PoS Exploit Vulnerability

XeZZ explains, “This makes no sense at all. [The wallet] only has 87 PIVX coins but minted 48 on that address alone. The average stakeweight on PIVX is 9K, 2.3 coins per stake.” In essence, what should have taken 100 days to mint the staking rewards, took roughly 24 hours for this exploiter.

Upon further research, BitGreen Community Leader, NaDro-JJ.py, found a Medium article titled “Fake Stake Attacks” dating back to January 22nd which explains how the exploit is executed.

To carry out the attack starting from a small amount of stake, the attacker must amplify their amount of apparent stake. Apparent stake refers to the total candidate stake outputs, even the ones that are already spent. If an attacker starts with a UTXO of amount k, then the attacker can create multiple transactions spending the coins back to the attacker as shown in the figure below. Only UTXO(n+1) should be allowed for staking, but because of Check 2 above we are able to stake with all UTXO from 1 through n+1, thereby increasing the apparent stake by n*k. This increases the chances of finding a PoS block since the attacker can keep on doing this to increase his apparent stake.

For example, even with 0.01% stake in the system, the attacker only needs 5000 transactions to mine blocks with 50% apparent stake power. After the attacker has collected a large amount of apparent stake, he then proceeds to mine PoS blocks at a past time using the freshly collected apparent stake outputs. Finally, the attacker fills the disk of the victim peer with the invalid blocks as shown on the right part of the illustration above. An attacker could, for example, buy some coins from an exchange, amplify the stake through self-spends as we described, and then sell those coins back to the exchange, performing the attack at any later date. The only cost incurred to the attacker would be the transaction fees.

The BitGreen team as well as its community took swift action by dismantling a significant portion of the active masternodes to stake their coins, slowing down the attacker. Shortly after, an interim solution was issued publicly by the BitGreen team, increasing the minimum staking input threshold so that the attacker would not be able to unfairly stake with small inputs. A final fix will come in a new wallet update, where BitGreen will shift its codebase from PIVX to DASH core.

Insider Foul Play Involved?

As I was following this story I found several red flags from the PIVX core developers. I’m not the type to point fingers or accuse anyone of wrong-doing, but there are some things I can not shake off.

First, when I attempted to contact the PIVX Core Developers, they wouldn’t talk to me directly. A PIVX discord member named “bubiz” began relaying messages from the core devs, which I found to be very odd. He said that the developers were aware of the bug (which I haven’t even gotten into specifics with at this point), and that there is nothing a PIVX fork can do except wait until 4.0 was released. Naturally I asked when that would be, and the answer was “Q3 2019.” For a bug as serious as this one, you would think that they would have issued a statement for all the PIVX forks in existence (there’s a lot). And the BitGreen team has proven them dead wrong in their statement that there is “nothing you can do but wait till 4.0.”

Hours later I finally received a private message instructing me to send an email to “fuzzbawls” and “furszy” of the PIVX organization. I thought finally, I’ll be getting some answers. I couldn’t be more wrong.

In the e-mail I inquired about a PIVX address (the one I linked above) that was receiving mathematically impossible amounts of staking rewards. From then on it was radio silence. No response, no acknowledgement, no denial, absolute silence.

Things got even stranger. Shortly after, that address appears to have ceased its back-and-forth transactions momentarily, and only 2 new coins were minted since. The timing is very suspicious, but I can not conclusively say with evidence that PIVX developers have been using their knowledge of the bug for their own benefits — let alone use it to exploit other chains. But we can not rule out the possibility. The “fake stake” exploit clearly has not been fixed for PIVX, so the question is, was it ever fixed? Or have the attackers developed a new method in carrying out similar attacks such as this one?

However, I do believe that we are owed an explanation from the PIVX organization on their recklessness and irresponsibility in failing to alert the PoS communities, allowing these attacks to happen and go largely unnoticed. Millions of dollars were (and are still) at stake (pun not intended) when you consider the number of projects that are running off of PIVX forks. These types of exploits are not the kind where you simply “wait for the next version” — it demands an immediate and swift patch. The team’s nonchalant attitude towards the bug was not only alarming, but had given me a great sense of disappointment for the PIVX team.

They have yet to respond to my emails nor reached out for a comment. This is still a developing story, inaccuracies and new information will be updated.

Originally published at Lunar Digital Assets.