- The attackers used a community code submission to inject the bug into Ravencoin.
- The bug enabled the attackers to create RVN past the hard limit of 5000 RVN per block.
- Law enforcement and exchanges have been notified and are collaborating with Ravencoin developers on the matter.
EDIT: The emergency has been resolved according to the latest update, and the use of the network can resume as normal. The effects of the attack cannot be reverted, but the technical aspects of the network are stabilized as most of the mining pools and exchanges have updated to the latest version of Ravencoin. However, the damage remains and the RVC economy is hurt by the increased inflation caused by the attack.
The Ravencoin developers are calling for patience and abstinence from transacting RVN until updates have been initialized across the Ravencoin network, following a unique type of attack on the network.
Exact details of the bug are not released as the Ravencoin developers are waiting on the blockchain to stabilize and the majority of the users to initialize the fix. Once this happens, any future uses of this part of the code will not yield any rewards for the attackers.
The bug was discovered by CryptoScope and was promptly reported to Ravencoin developers, who took swift action to mitigate the damage and prevent the use of the bug. As a result, an update has been issued, which removes the part of the software necessary for the bug.
The vulnerability was injected by an unknown GitHub user, who issued a code submission and it was accepted. Before it was discovered, the bug was used to generate 44 days worth of RVN.
The developers are now thinking of ways to solve the issue, but removing of the extra tokens is out of the question, as according to them, the tokens have already been liquidated at various exchanges. The results of burning tokens would only hurt innocent victims.
One idea is to shorten the next halvening date by 44 days, causing the blockchain and total supply to maintain the original parameters.
The community is accepting this relatively well, congratulating Tron on the swift response and providing encouragement for the rest of the RVN ecosystem that this matter will be solved and the system will come out stronger on the other end. Few are disappointed, and even fewer have their trust in Ravencoin completely crushed.
For now, the best course of action seems to be to update your mining software to the latest version, and if you are interested wait for a followup describing the vulnerability.