Ravencoin, a project listed in the top 100 on CoinMarketCap, was the latest cryptocurrency to suffer an attack on its network. A hacker managed to successfully exploit a vulnerability in the project's source code to increase the supply by roughly 1.5%, or 315 million new coins.
Rolling back the chain to destroy the illegitimate coins was not a viable solution since they had been immediately sold to unsuspecting users on exchanges. Even if the community were to support a hard-fork, burning the coins would have caused harm to innocent victims.
While no users had their coins stolen, the overall negative impact of the attack is that the Ravencoins already in circulation have decreased in value due to the sudden and unexpected increase in supply. The team have since patched the software, and advised miners and cryptocurrency exchanges to update their nodes to the latest version.
Ravencoin is a software fork of Bitcoin that adds several improvements including faster block times, an ASIC-resistant mining algorithm, and the ability for users to create their own tokens.
Previous Attacks On Cryptocurrencies
Ravencoin isn't the first cryptocurrency to suffer such an attack. Other cryptocurrencies, including Bitcoin itself, have gone through similar ordeals in the past.
- In 2010, a hacker was able to exploit a vulnerability in Bitcoin's source code to generate 184 billion new coins. Since no exchanges existed at the time, the community was able to work together to reverse the transaction and patch the software.
- In 2016, over 100 million dollars worth of Ether was drained from the DAO's account when a hacker exploited a vulnerability in its smart contract. After a heated debate between community members, the core developers released a patch to hard-fork the chain and return the funds to investors.
- In 2017, a vulnerability was discovered in the Ethereum Parity multisig wallet, allowing a hacker to steal 30 million dollars worth of Ether from multiple high-profile Initial Coin Offering accounts.
These attacks raise the question of what precautions people can take to protect their crypto investments from these software flaws.
Spreading your wealth among multiple projects may be the best hedge against these unexpected security breaches, especially when it comes to relatively new and unproven projects. Placing your eggs carefully in multiple baskets will keep your losses in check in the unfortunate event that one project gets compromised.
Audits and Bug Bounties
Checking that a project encourages external reviews of their code will increase your confidence in their ability to withstand an attack. Some Ethereum projects such as Compound and Augur have paid companies like OpenZeppelin to audit their smart contract code. Furthermore, some projects offer rewards to white-hat hackers who responsibly report to the team any vulnerabilities they happen to discover.
Some smart contract platforms, such as Cardano and Tezos, use formal verification to prove mathematically that a smart contract will execute as intended. Cardano in particular stresses the importance of peer-reviewed code, to provide strong evidence that the system is secure. Additionally, Cardano is based on Haskell, a functional programming language with strong typing that can catch many types of bugs.