Article By Jeremy Wall
A new study conducted by a team of US researchers has discovered a fatal vulnerability that affects 26+ proof-of-stake (PoS) cryptocurrencies. The vulnerability allows a network attacker with a very small amount of stake to crash any of the network nodes running the corresponding software, hence the name “Fake Stake” attacks.
According to the article, the researchers have notified each of the cryptocurrencies susceptible to this attack, many of which have already deployed mitigations . The study lists which cryptocurrencies are susceptible to this type of attack, which ones have fixed the issue, and which ones are working on a solution.
The cryptocurrency known as Cardano (ADA) is one of the few proof-of-stake cryptos that have published a blog post regarding these “Fake Stake” attacks and declared they are not vulnerable to this type of attack.
The “Fake Stake” Vulnerability
According to the researchers, the proof-of-work cryptocurrencies susceptible to Fake Stake attacks are those based on chain-based PoSv3 (Proof-of-Stake version 3). These types of cryptocurrencies are essentially based off of Bitcoin’s core code, UTXO model, and longest-chain consensus rules.
However, they have replaced the idea of proof-of-work with proof-of-ownership of coins by grafting in PoS functionality. This has proven to be problematic because some of the design ideas are copied over insecurely and lead to new vulnerabilities such as Fake Stake attacks.
As explained in the researchers’ article:
“Essentially, [Fake Stake attacks] work because PoSv3 implementations do not adequately validate network data before committing precious resources (disk and RAM). The consequence is that an attacker without much stake (in some cases none at all) can cause a victim node to crash by filling up its disk or RAM with bogus data. We believe that all currencies based on the UTXO and longest chain Proof-of-Stake model are vulnerable to these Fake Stake attacks.”
Why Cardano (ADA) Is Different
While many popular proof-of-stake cryptocurrencies are vulnerable to Fake Stake attacks, this type of vulnerability is not found on Cardano. This is because the team at IOHK took a different approach to create Cardano.
Instead of going the easy route by creating a minimal variation of Bitcoin, IOHK hired world-leading academics and researchers to create a new protocol and codebase from scratch. As well, they required that their new protocol was to provide security guarantees that are equivalent or better to that of Bitcoin but rely entirely on PoS.
The result of these measures is the first provably secure PoS protocol, called Ouroboros, in which Cardano is built upon. It is a completely different system than that of Bitcoin and PoSv3 systems vulnerable to Stake Attacks. Cardano is built from the ground up to support a PoS system, it’s not built to just adapt it like PoSv3 systems.
As explained by IOHK in their official blog post regarding Fake Stake attacks:
“Cardano is secure against fake stake attacks because it’s based on a fundamentally different system. PoSv3 cryptocurrencies run on proof-of-work (PoW) systems, modified to take stake into account in the implicit leader election, and the vulnerability in question is a result of that modification, and the additional complexities it involves.”