TL;DR
- The PIVX network is stabilizing. The same attack vector attempt is no longer possible.
- The Main network was not compromised. No coins were at risk, or are currently at risk.
- Most/All exchanges have put PIVX wallet into maintenance.
- New 5.0.1 has been released that addresses the vulnerability once and for all. Please update now.
- Once the PIVX network is more stable, we will notify exchanges to upgrade and open deposits back up.
The Details:
Attempted Attack First Noticed:
At block 2,678,402 (January 14th, 2021), PIVX core developers noticed an improper event on the network, leading to an awareness of an attempted attack (improper coin creation) on the PIVX network during a superblock.
What was observed/how did PIVX notice what had occurred:
The PIVX chain forked due to an invalid superblock payment which created more coins than what it was supposed to create to pay for a proposal. This abnormality in the payment output was immediately noticed by the PIVX core developers who were able to identify the invalid block, the total aberrant coin creation attempt, and the forked chain.
Please note that the superblocks only occur once every month and are the blocks in which any governance budget payouts occur (for the proposals that were submitted to the network, successfully voted on, and which requested a budget amount). This was/is the only “window” (which is a few days window) during which this attempted attack could take place. Thus, once the superblock has passed, there is no longer an opportunity to attempt the same attack for another 30 days.
What the PIVX Core Developers then did:
The PIVX core developers analyzed the attack. They knew that the bad actor would not be able to spend any of these maliciously created coins due to the minimum coinstake maturity depth (The malicious actor needed +100 blocks to be able to attempt to spend the coins), and thus immediately announced the attack attempt publicly in order to ensure the entire PIVX community (including self node hosters, exchange operators, 3rd party node host providers, etc) would be able to get back on the correct chain while a new release was being prepared and ensure the fraudulent chain (and fraudulently created coins) would be invalidated and unable to be spent.
When the community was first alerted:
9:46am EST, Jan 14th, 2021
What transpired:
The entire PIVX community (and many on Twitter) mobilized to alert the entire network (exchanges, explorers, hosted services, and individual node runners) of what had transpired and immediate steps to take in order to secure the PIVX network.
The Result:
Within an hour, the majority of every service running PIVX had been notified and given appropriate information to secure the network with the appropriate chain. Additionally, exchanges and swap services were notified, and the PIVX wallets were put into maintenance mode to prevent deposits (or swaps) while the correct PIVX chain was stabilized.
As a result, the malicious actor who had attempted to create extra coins was forked onto their own (invalid) chain without being able to spend them. Thus, thanks to the quick work of the PIVX core developers, community, and supporters of PIVX, we were able to avoid any issues (economic inflation as a result of the attack). No coins were ever at risk, and the fraudulent coins were prevented from being moved/spent as a result of the rapidity of the entire crypto space.
Users who get into the correct chain will not see/have any problem (because (1) the chain passed the superblock height and (2) v5 enforcement contains the final fix for this issue which happens before the next superblock).
The Fix:
The core developers prepared and tested a stable and secure patch. Releasing PIVX v5.0.1. https://github.com/PIVX-Project/PIVX/releases/tag/v5.0.1
What Now?
PIVX 5.0.1 is out now. Depending on your current chain, you may recover automatically after this upgrade, as there is a checkpoint.
If you were on the bad chain prior to the upgrade, you will need to invalidate the bad block as described below or resync the PIVX chain from scratch, details below as well.
To invalidate the bad block
- Stop your PIVX wallet.
- Edit pivx.conf to include: maxreorg=5000 and addnode=blockbook.pivx.link
- Start your PIVX wallet.
- Issue these 3 console commands one by one:
- invalidateblock 224316f972019f228dfa3c3b67343dd6d98e50d31f25c8135a51fab072402f01
- addnode explorer.pivx.link onetry
- clearbanned
To resync from scratch
- Firstly open your PIVX-QT wallet and wait for it to open
- Select Settings
- Select "Debug
- Select "Wallet Repair"
- Lastly, select "Delete local Blockchain"
More Background / Details
The potential vulnerability was only just discovered by the PIVX core developers 5 days ago (2 days after v5.0 was released). The core developers immediately put into place patched nodes to fork the network in case of someone exploiting this unlikely potential vulnerability. The full patch (into the core wallet) had been built in a private repo, and was scheduled to be released shortly after this past superblock (see PR #2137). The reason for this “apparent” delay in pushing that patch is several-fold:
- The Patch/Vulnerability potential could not have been made public before otherwise the vulnerability would have been broadcast and disclosed when there was still an open window to exploit. Put another way, it would have broadcast the potential to exploit the network to the world.
- Deploying a mandatory upgrade that short before a superblock could have been fairly catastrophic to the network (resulting in missed treasury payouts and other network confusions).
Thus, the decision was to try and maintain the best network security while preparing a failsafe stopgap measure in the highly unlikely event that the vulnerability was uncovered and exploited. This entailed keeping the patch in the private repo (ready to be deployed immediately after the superblock), while in the meantime, deploying patched nodes as that failsafe to fork the network in case of someone exploiting this unlikely potential vulnerability.
Had these not been put into place, the PIVX network would have accepted the malicious block that created these PIV out of thin air.
Instead, thanks to the work of the PIVX developers, fast reactions of the community, exchanges, and larger crypto-verse, this attack attempt was averted, resulting in a tighter, more robust PIVX codebase.
Stay posted for more updates on discord, PIVX.org, and PIVX official twitter.