What has been dubbed a “fake stake” attack on more than two dozen Proof-of-Stake (PoS) cryptocurrency networks, the crypto funds are said to be vulnerable to the attack. The vulnerability of the crypto funds allows a node of these funds with a very small stake to overwhelm competing nodes with false data and essentially crash them. The attacking node can have a majority of stake on the crypto network, once competing nodes are gone, which will enable it to conduct a 51% attack as the only validating node.
Mining is replaced by the commitment of coins in a Proof-of-Stake system. The system uses existing coins to generate new coins instead of hashing power. An attacker may inadvertently make himself the only recipient of block rewards as well as transaction fees. Or, he may limit the competition pool so that he was gaining disproportionate wealth.
CCN reports that the Decentralized Systems Lab at the University of Illinois at Urbana Champaign had discovered the attack while researching cryptocurrency codebases. It was also observed that all of the coins affected had begun with a Bitcoin codebase and had dropped in PoS as an alternative to Bitcoin’s Proof-of-Work. While many Proof-of-Stake coins are forks of Peercoin, they were the first to do it. The researchers stated to CCN, these ‘Fake Stake’ attacks essentially work because PoSv3 implementations do not adequately validate network data before committing precious resources. This implicates that an attacker without much stake can cause a victim node to crash by filling up its disk or RAM with bogus data. They believed that all such currencies based on the UTXO and the longest chain Proof-of-Stake model are vulnerable to these ‘Fake Stake’ attacks.
The vulnerability exists because affected coins like Peercoin and Qtum are said to have not adequately validated their network data before committing precious resources like the disk and RAM.
For this, it has been said by the researchers that Proof-of-Stake systems must keep track of all chains in progress. Any of the existing chain in the network might become the longest, and the node must follow the longest. The researchers explained that keeping track of competing chains is difficult. As to fully validate the block, at the time of the previous block you need the set of unspent coins (UTXOs). Bitcoin actually keeps the UTXO set for the current tip of the best chain, but it doesn’t do that for all the other past blocks a fork could start from.
This design can increase the chances to participate in the network as a staking node. Staking nodes who are in competition with an attacking node might have no idea as about why their software is failing. The following blockchains have implemented some fixes for part of such vulnerability:
- Nav Coin