Bad Ravencoin Code Allows Attackers to Generate Coins Without Mining

“The vulnerability does not allow the stealing of RVN or assets that you own and control, but the minting did create RVN that should not exist,” said developer Tron Black.

AccessTimeIconJul 3, 2020 at 10:16 p.m. UTC
Updated Aug 18, 2021 at 11:25 a.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Unidentified attackers exploited a Ravencoin vulnerability to mint extra RVN “beyond the coinbase of 5000 RVN per block,” Ravencoin lead developer Tron Black wrote in a Medium post on Thursday.

According to Black, members of Ravencoin’s CryptoScope team, who developed Solus Explorer, reached out to the Ravencoin developer team recently with their findings. 

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • The vulnerability was caused by a community code submission. “Law enforcement has been notified and is working with us,” Black said. 

    The extra coins increase the total supply of 21 billion RVN by 1.5% or the equivalent of 44 days worth of mining.

    Ravencoin is an open-source fork of bitcoin that launched in 2018. It’s designed to facilitate the transfer of assets from one party to another, and users can create assets on the protocol that adhere to rules independent of those on the platform. The project’s website specifically calls out the "Game of Thrones" reference to Ravens as messengers of truth, which parallels the concept of blockchains as a technology for ultimate truth. 

    The Fallout

    Black suggested the Ravencoin community either absorb the economic cost of extra RVN or shift the halving of the coins 44 days sooner. Black did not return a request for comment by press time.

    “The vulnerability does not allow the stealing of RVN or assets that you own and control, but the minting did create RVN that should not exist,” Black said. “Because those RVN were transferred to an exchange and traded, they are mixed with other RVN and therefore any programmatic attempt at burning them, with miner and community backing, would cause irreparable harm to innocent victims. As it stands, the burden has been shared across all RVN holders in proportion to their RVN holdings in the form of inflation.”

    Black urged users to keep trading to a minimum until a fix is issued. He also said that Ravencoin would not publish the details of the vulnerability until the fix could be implemented. As of yet, there is no timeline for when the chain will be updated.

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.



    Read more about