When we think about tokens and cryptocurrency projects such as Qtum, Reddcoin and Stratis, we might struggle to conjure up much imagination about them. As tokens that generally reside within the top 100 cryptocurrencies by market cap however, there’s no denying that each of these tokens are important, and that the projects are making waves within the blockchain industry. One of the things that makes these tokens similar is that they exist as Proof-of-Stake or PoS cryptocurrencies and another is that they might be considered as ‘altcoins’, coins that are alternative to the more traditional Bitcoin format cryptocurrency.
What exactly is a PoS cryptocurrency? Well, according to Investopedia:
“Proof of Stake (PoS) concept states that a person can mine or validate block transactions according to how many coins he or she holds. This means that the more Bitcoin or altcoin owned by a miner, the more mining power he or she has.”
Peercoin is famous as the very first PoS cryptocurrency, which means that the more Peercoin an investor owned, the more power they would have to mine further tokens. It’s a buying incentive that gives those with more assets, access to a greater inventory through which they can acquire even more. Furthermore:
“With a PoS, the attacker would need to obtain 51% of the cryptocurrency to carry out a 51% attack. The proof of stake avoids this ‘tragedy’ by making it disadvantageous for a miner with a 51% stake in a cryptocurrency to attack the network. Although it would be difficult and expensive to accumulate 51% of a reputable digital coin, a miner with 51% stake in the coin would not have it in his best interest to attack a network which he holds a majority share.”
In short, PoS brings great incentive to the network and also in a sense, makes it a little more secure than it’s rival, Proof-of-Work or PoW, the system currently employed within the Bitcoin blockchain, among others.
Ironically, one of the things Qtum, ReddCoin, Stratis and indeed Peercoin all have in common is that despite being PoS based tokens, they are, or have been vulnerable to a new type of attack that has been discovered by researchers at the University of Illinois, according to ZDNet.
The flaw discovered was found to have impacted 26 PoS cryptocurrencies all in all and allowed an attacker on the network to use a very small amount of cash to attack a node that runs mining software on the network. Essentially, the idea that PoS prevents a 51% attack is wrong according to this research. In reality, attackers could still control large portions of the network, without having to cash in on a tonne of cryptocurrency.
According to ZDNet, the research team have discussed their findings, which stipulates two vulnerabilities that exist. We should note that since these findings have been published, a number of the affected cryptocurrencies have been able to remove the vulnerabilities from their network and that as it stands, Qtum and Stratis are no longer affected, however at the time of writing, both ReddCoin and Peercoin are, as well as 18 other PoS based altcoins.
You can see a full updated list of the affected coins for yourself, here.
Here’s what the research team have had to say:
"Many cryptocurrencies are in fact forks (or at least descendants) of Bitcoin's codebase, with the PoS functionality grafted in. However, some design ideas are copied over insecurely, leading to new vulnerabilities that did not exist in the parent codebase. We call the vulnerabilities we found 'Fake Stake' attacks. Essentially, they work because PoSv3 implementations do not adequately validate network data before committing precious resources (disk and RAM). The consequence is that an attacker without much stake (in some cases none at all) can cause a victim node to crash by filling up its disk or RAM with bogus data."
As we have stated, since then a number of the affected coins have made changes to their networks to patch some of these vulnerabilities, though it seems the research team are sceptical about how much of an impact this could have, stating that there is no absolute way to stop these attacks on a network that does not require full validation:
"All these mitigations make the attack difficult to carry out but are still no substitute for full validation."
With Qtum and Stratis in the clear, no doubt ReddCoin, Peercoin and the others won’t be too far behind. This shouldn’t be anything to worry about, however it should serve as a reminder about how risky this industry is. Even tokens that seem to be pretty sturdy in terms of their security, researchers will always find new vulnerabilities. If the researchers can find them, so can the hackers - perhaps this is something to worry about.
For now though, keep calm and carry on. Just be wary that not everyone in this scene is an honest actor.
Crypto Revolution Giveaway
Have you heard? Crypto Daily have launched their latest Ethereum giveaway, one that is set to inspire the start of a new crypto revolution!