A group of specialists from the Research and Development Department of the University of Illinois (USA) analyzed the work of cryptocurrencies operating on the Proof-of-Stake (PoS) mechanism (evidence of participation in the blockchain). Scientists have discovered two vulnerabilities. It turned out that a user who is not related to a distributed digital asset registry may interfere with its work. The department published the information in the report.
The authors of the study believe that PoS cryptocurrencies need to abandon the use of the UTXO system – unspent transaction outputs. Also, they need to stop using the consensus rule, under which the main chain is the one that is the longest. Otherwise, the security of the cryptocurrency on the PoS will be at risk. Hackers will be able to disable them by overloading the RAM. At the same time, not having a stake in the blockchain.
Researchers said a similar bug was found in 5 digital assets. Coins Qtum, Particl, and tokens Navcoin, HTMLcoin. Also, a bug was found in the Emercoin.
In the cryptocurrency, mentioned above, was the next vulnerability. A hacker who was not involved in the functioning of the blockchain could cause an overload of the node’s memory. To do this, it was enough to send fake data.
The next bug found by scientists is called “spent stake attack”. With it, the attacker can overload the entire blockchain of the cryptocurrency and turn it off.
The vulnerability is as follows. A user with a share in the blockchain of 0.01% can start transferring small amounts of money to himself. When he sends funds 5,000 times, he will win up to 50% of the share in the distributed registry.
However, this indicator will be displayed only visually. Technically, the attacker will not have a 50% share.
With the help of the wound interest of “participation”, the hacker will be able to mine blocks of cryptocurrency in the past time. This will overload the RAM, and the blockchain will stop working.
The researchers said they dedicated this work to fifteen cryptocurrencies on the PoS mechanism, which have a high level of capitalization. Also, it is reported that copies of the study were sent to teams of programmers who create these digital assets.