Vulnerability in Ravencoin Results in the Unsanctioned Minting of 1.5% of its Maximum Supply for Hac
It has been reported by Ravencoin today after initial reports were confirmed, but details remain fuzzy as the investigation is still underway. About 315 million RVN were minted, worth about $5.7 million at current prices.
However, Ravencoin said that it notified law enforcement in hopes of catching the unknown perpetrators of the exploit, though, given the nature of the bug, no money was directly stolen. Instead, the losses were spread over all RVN holders as extra inflation, which amounts to about 5% of the currently circulating supply.
As per the report, the team confirmed that the extra RVN was already exchanged by making any kind of remediation effort difficult. Miners and nodes must now upgrade to a new fixed version to prevent further exploits.
According to unconfirmed rumors on the community’s Discord, the bug existed since October and involves a wallet bug.
Ravencoin suffered a vulnerability that created 1.5% of its maximum supply as extra coins, which were then sold on the market https://t.co/97znEm64xt — Cointelegraph (@Cointelegraph) July 3, 2020
It has been analyzed that concerns were raised by the community that this was due to ProgPow, the controversial Ethereum-born mining algorithm, which was recently adopted by Ravencoin.
A team member said that the issue was from “an innocuous [Github pull request] from somewhere else.”
However, after the post-mortem and successful mitigation of the bug, the community will need to decide how to deal with the vulnerability.
Thus, the team suggested anticipating a planned halving in 44 days to compensate for the extra supply of tokens, though the community may also decide to leave everything as is.