Serious Vulnerabilities to be Found in PoS Tokens

Most of the affected coins are branches of the BTC codebase with implanted PoS functionality
28 January 2019   1116

At least 25 cryptocurrencies based on the Proof-of-Stake (PoS) algorithm contained or still contain vulnerabilities that allow attackers to interfere with the functioning of the systems, having only a small part of the participation in the network. This is stated in the report of the The Decentralized Systems Lab at University of Illinois, CCN reports.

In total, vulnerabilities have been identified in 26 PoSv3-based cryptocurrencies (varieties of the “proof of proportion” algorithm) using the Unspent Transaction Outputs (UTXO) model and following the consensus rule, in which the main chain is the longest. 

We call the vulnerabilities we found ‘Fake Stake’ attacks. Essentially, they work because PoSv3 implementations do not adequately validate network data before committing precious resources (disk and RAM). The consequence is that an attacker without much stake (in some cases none at all) can cause a victim node to crash by filling up its disk or RAM with bogus data. We believe that all currencies based on the UTXO and longest chain Proof-of-Stake model are vulnerable to these ‘Fake Stake’ attacks.
 

The Decentralized Systems Lab at University of Illinois 

The study notes that many of these cryptocurrencies are branches of the Bitcoin codebase with the implanted PoS functionality. However, it is safe to introduce new ideas not for all projects, which leads to the appearance of vulnerabilities.

As the researchers say, they managed to identify several attack scenarios. With one of them, the attacker, knowing the peculiarities of the block distribution method in the network, can overload the node's RAM by transferring false data to it, even without a share in the network.

In another case, the attacker may use the vulnerability in the process of validation of the displayed share, which is defined as the total number of transaction outputs (even those already spent) on a separate wallet. The attack organizer sends transactions to himself, thereby increasing its displayed share and increasing the chances of finding blocks. As stated, an attacker only needs a 0.01% share in the network and only 5000 transactions to himself in order to extract blocks with a displayed share of 50%.

These are only the main threats that attackers can take advantage of, however, according to the researchers, it would be a mistake to ignore smaller vulnerabilities, which can also harm both individual users and the network as a whole.

For this reason, developers of cryptocurrency based on the PoS algorithm should pay close attention to security issues and more thoroughly work out new ideas embedded in the code base of projects. Despite the fact that many of them separately work without any serious complaints, in combination with other solutions this can be a serious problem for the entire network.

The authors of the study state that they have already contacted the developers of 15 cryptocurrencies from the Top-200 by capitalization, who were at the greatest risk of attack, informing them of the threats detected. Many teams have responded and eliminated vulnerabilities, including projects such as Qtum, Emercoin, Particl and Nav Coin. However, representatives of other projects, however, have not yet respond, in particular, due to the lack of any recent developer activity.

Argo Blockchain to Report on x10 Revenue Increase

For the 2019, the company received Bitcoin mining revenue of £ 8.5 million, in 2018 it was £ 760,000
20 January 2020   122

Bitcoin mining company Argo Blockchain said this Monday that its revenue from its core business in 2019 increased 10 times. According to a press release on the website of the London Stock Exchange (LSE), where Argo shares are traded, for the first full year in business, the company received revenue of £ 8.5 million compared to £ 760,000 in 2018.

Argo listing on the main LSE market took place in August 2018. The data presented were not audited - the reports after the audit will be available in April.

The company clarifies that in the fourth quarter of 2019, it mined 432 bitcoins, which is six bitcoins higher than in the third quarter. However, in the last quarter, the company's revenue fell to £ 2.66 million, while in the third quarter it was £ 3.63 million.

Our mining operations continued to generate industry-best mining margin in the last quarter despite a softening in market conditions from the previous quarter. Our state-of-the-art mining platform is performing as expected and with the expansion of our mining network on pace, along with the recent rise with the price of Bitcoin, Argo is well-placed for a strong year ahead.

 

Peter Wall

Argo Blockchain CEO

 The company is increasing mining capacity in anticipation of halving and currently has 13,364 devices, including 6,375 Bitmain Antminer T17s, which were installed on January 1. By the end of the quarter, Argo intends to add another 3,625 of the same miners. It is estimated that with a full set of 17,000 devices, its computing capacity will exceed 650 petaheches.