Blockchains built around proof-of-stake (POS) technology, and not proof-of-work (POW), are buggy. Lunar Digital Assets, a cryptocurrency consulting firm, has posted an article on its website that indicates that more than 200 POS blockchains may be vulnerable to attacks that would allow someone to exploit a bug in the system to receive unearned staking rewards. To make the issue worse, some blockchains have apparently known about the issue for months and haven’t done anything to correct it.
Lunar asserts in its article, which was written by Han Yoon, “An exploit being used across PIVX and its forks have developers scratching their heads as PIVX claimed to have fixed the bug back in January 2019. However, this is most certainly not the case. The BitGreen Core developers were the first to publicly report this exploit out in the wild again and even noticed the exploit being used across various other chains, including PIVX itself. What’s worse is that PIVX has known that this bug was not fixed and has kept quiet to themselves.”
BitGreen developers have shown that the vulnerability has not been patched as stated by the blockchains, providing analysis of blockchain activity as proof that it still exists. There is also concern that individuals involved in several POS blockchain platforms, including PIVX, could be exploiting the bug intentionally to fill their own wallets. Yoon points to several transactions and claims, “The timing is very suspicious, but I can not [sic] conclusively say with evidence that PIVX developers have been using their knowledge of the bug for their own benefits — let alone use it to exploit other chains. […] The ‘fake stake’ exploit clearly has not been fixed for PIVX, so the question is, was it ever fixed? Or have the attackers developed a new method in carrying out similar attacks such as this one?”
Yoon was contacted by two individuals reportedly with PIVX,