Researchers Find Flaws with Proof of Stake (POS) Cryptocurrency Projects
Researchers have found vulnerabilities with a surprising number of cryptocurrencies after noticing security flaws several months ago. The findings were summarized in a blog post on Medium, on January 22, 2019. A more in-depth report will be presented soon at a conference revolving around “financial cryptography.”
Report Findings
The four researchers come from students from the University of Illinois at Urbana-Champaign (UIUC), and they have apparently found specific flaws with various proof-of-stake (POS) cryptocurrencies. The Medium blog post refers to “fake stake” attacks, where someone with a relatively small stake could actually crash a network node associated with the cryptocurrency. The students involved in the research include Sanket Kanjalkar, Yunqi Li, Yuguang Chen, Joseph Kuo, and Andrew Miller, at the Decentralized Systems Lab at UIUC.
The team began contacting the cryptocurrency development teams in October 2018, many of which have already addressed the issues. The researchers came up with 26 cryptocurrencies that are directly affected by the flaws that they found and will present their full findings next month at the Financial Cryptography conference 2019.
“Fake Stake” Attacks
For those wondering which cryptocurrencies are affected, there is a list that outlines the projects involved. The largest cryptocurrencies affected by market capitalization include QTUM, which currently ranks twenty-ninth with a market capitalization of over $180 million, as of press time.
There are other high-profile coins that trade on Binance (the world’s largest cryptocurrency exchange by daily volume), such as Neblio, PIVX, Navcoin, and more.
The way the attacks work is that an attacker can essentially cause a node to crash if they are filling up RAM with completely bogus data. The attacks can vary, to the point where nodes can simply be restarted, but in some situations, it might actually require manual intervention.
The blog post pointed out that some nodes associated with these projects now actively monitor for abnormal behavior. It also explained that a solution wasn’t necessarily easy, pointing out that it can be “difficult to distinguish an actual attack from an honest node experiencing a legitimate reorganization.”
The researchers also seemed to point out that this could be a larger issue than previously thought, because, according to them, this is the first time that a security flaw spans across so many different cryptocurrencies. As a result, the researchers seemed to state that this trend might continue, with the same security flaw affecting many cryptocurrencies at once, which could cause concern. The blog post concluded simply:
“Establishing best practices for coordinated disclosures could benefit the overall ecosystem.”