Hackers Exploit Vulnerability in Ravencoin Protocol to Mint 315 Million Fake RVN

Ravencoin is the latest altcoin project to suffer an inflation bug, after discovering an attack that saw rogue actors mint 315 million counterfeit RVN tokens. 

Ravencoin Suffers Inflation Bug

The Ravecoin network announced the news of the attack via a Medium blog post on Thursday (July 2, 2020). According to the post, the CryptoScope team alerted Ravencoin to the incident. Both teams worked together not to release particulars of the vulnerability to prevent copycat attacks.  

Rogue actors were able to carry out the action as a result of a vulnerability in the Ravencoin protocol. According to the official report, the hackers minted about 1.5% of the total supply cap of 21 billion, which amounts to about 315 million “coins.” 

A statement from the publication reads: 

“The vulnerability does not allow the stealing of RVN or assets that you own and control, but the minting did create RVN that should not exist. We’ve discussed the impact of the extra RVN and what can be done. Because those RVN were transferred to an exchange and traded, they are mixed with other RVN and therefore any programmatic attempt at burning them, with miner and community backing, would cause irreparable harm to innocent victims.”

The Ravencoin team proposed two solutions to the community. The first option was that since the hackers already minted 315 million extra coins, there will be 44 extra days of mining. Another option was to allow the original 21 billion coins to coexist with the new coins with halving occurring 44 days earlier. 

Consequently, the team has asked crypto exchanges and miners to upgrade to the newest Ravencoin version. Also, the network is also collaborating with law enforcement agencies. 

Bugs Plaguing Altcoin Blockchains

Ravencoin joins the list of blockchain networks to suffer inflation bugs. In response to the Ravencoin incident, Casa co-founder, Jameson Lopp listed some altcoin networks that have suffered similar incidents. They include Stellar, Bitcoin Private, Verge, and Bytecoin. Lopp further said:

“Being open source is not a panacea for a project’s security. It must have a sufficiently large set of skilled active developers.”

As reported by CryptoPotato back in 2019, the Zcash team discovered a vulnerability in their protocol in March 2018. Unlike Ravencoin, Zcash did not publicly announce the incident until February 2019. According to the Zcash team, keeping mum was a better option to avoid hackers from exploiting the vulnerability. 

Apart from counterfeit vulnerability, low-security proof-of-work (POW) altcoins also suffer 51% attacks. At the beginning of 2020, hackers stole over $70,000 in Bitcoin Gold (BTG) tokens in a double-spend attack.