Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » ‘Fake Stake’ attacks vulnerability found in 26 low-end cryptocurrencies

‘Fake Stake’ attacks vulnerability found in 26 low-end cryptocurrencies

  • The flaws could enable attackers to take control over a currency’s entire blockchain transactions and conduct fraudulent operations.
  • The research team claims that the two issues were discovered in August 2018.

Two extremely dangerous security flaws have been discovered in 26 Proof-of-Stake (PoS) cryptocurrencies. The flaws dubbed as ‘Fake Stake’ attacks can allow an attacker to crash rival network nodes and gain remote access of the same up to 51 percent.

Side-effects of the flaws

The flaws were discovered by a group of four academics from the University of Illinois at Urbana-Champaign in the US. The researchers found that the flaws could enable attackers to take control over a currency’s entire blockchain transactions and conduct fraudulent operations.

PoS cryptocurrencies are particularly based on chain-based PoSv3 (Proof-of-Stake version 3). They draw the basic codes from Bitcoin’s codebase, with the PoS functionality grafted in them. However, some of these design codes are copied inappropriately, thus leading to new vulnerabilities.

“We call the vulnerabilities we found ‘Fake Stake’ attacks. Essentially, they work because PoSv3 implementations do not adequately validate network data before committing precious resources (disk and RAM). The consequence is that an attacker without much stake (in some cases none at all) can cause a victim node to crash by filling up its disk or RAM with bogus data. We believe that all currencies based on the UTXO and longest chain Proof-of-Stake model are vulnerable to these “Fake Stake” attacks,” the researchers wrote on Medium.

Impacted cryptocurrencies

The research team claims that the two issues were discovered in August 2018. Upon discovery, it started contacting the development teams of the affected cryptocurrencies in October.

However, some of the development teams could not be informed as their GitHub accounts appear to have become inactive. Demo code for reproducing the two vulnerabilities is available on GitHub.

The list of impacted cryptocurrencies includes the names of NavCOIN, Qtum, Emercoin, HTMLCOIN, ReddCoin, CloakCoin, BitBay, Linda, Phore, PotCoin and more.

Although some cryptocurrencies have deployed mitigations for the reported bugs, researchers believe that these mitigation processes are not fool-proof. Hence, they are looking out for better ways to address the problem.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket