• Market Cap
    $401.246B 0.43%
  • POW Market Cap
    $313.680B 1.57%
  • POS Market Cap
    $18.785B -0.10%
  • Masternodes Market Cap
    $1.165B 2.45%

New vulnerabilities discovered in PoS-based cryptocurrencies (Fake Stake attacks)

By Rafał - 2019-01-25

Recently, the advisor Andrew Miller and the students of Decentralized System Labs investigated some vulnerabilities which has affected around 26+ proof of stake (PoS) based cryptocurrencies until now. The attacks through these vulnerabilities are termed as “fake stake” attacks and it enables a network attacker with minimal or no stake at all to crash any of the network nodes running the analogous software.
PoS cryptocurrencies based on chain-based PoSv3 are most vulnerable to such attacks because PoSv3 implementations do not decently validate network data before committing valuable resources such as RAM and disk. This enables any attacker with minimal or no stake at all to crash a node by filling up its disk or RAM with fraudulent data.
Stake Amplification and Spent Stake Attack
source: https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806

CryptoBridge reacts

On 24th January one of the major cryptocurrency exchange ‘CryptoBridge’ temporarily suspended deposits and withdrawals for several PoS-based crypto assets as a precautionary step to the ‘Fake Stake’ attacks which are believed to be potentially affecting those cryptocurrencies. All these assets will remain disabled until its team ensures that the necessary changes to the code have been made and the risk is eliminated.
 

Great work by Decentralized Systems Lab. Be aware and share.https://t.co/RTAR0VT0Rz

— CryptoBridge (@CryptoBridge) January 24, 2019
 
A disclosure about these vulnerabilities was done to the development teams of affected cryptocurrencies back in October 2018 before this current public disclosure. Accordingly, the development teams of most of the cryptocurrencies have already taken some necessary measures such as ad-hoc defences and deployed mitigations. Although, an efficient way to deal with ‘fake stake’ attack is yet to be discovered which will reject the invalid blocks instantly and avoid getting stuck on a chain split risk.
For detailed information on these vulnerabilities and ‘Fake Stake’ attack, visit
https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806
CryptoBridge announcement can be found here https://crypto-bridge.org/2019/01/24/deposit-and-withdrawal-precautions-fake-stake-vulnerability/