QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$6 097 000 USD
DECEMBER 2024
GLOBAL
HAVEN PROTOCOL
DESCRIPTION OF EVENTS
"Haven is an ecosystem of digital assets that enables users to convert between volatile assets and stable currencies directly within their vault, in complete privacy." "You don’t need to be a computer scientist to use Haven. We provide a range of different products handcrafted and tailored to any type of user." "[T]he Haven Protocol Foundation exists to serve the project’s needs from both a financial and growth perspective. Discussions are currently ongoing on the best way to achieve this and to set up the foundation’s structure and membership accordingly."
"Haven is based on Monero giving every asset within the ecosystem world class privacy. Haven provides a range of synthetic fiat currencies and digital assets, enabling commerce and portfolio diversification. Haven enables you to store, convert and transact in the form of money you prefer with trackers for xUSD, xCNY, xAU (Gold), xBTC (Bitcoin) and more."
"Haven Protocol is similar to an offshore bank where users can create private tokens that represent stable and volatile assets, including commodities and fiat currencies (such as USD). The protocol is based on Monero, which focuses on secure, private and untraceable transactions."
"As a result, most of the features of Monero extend to the Haven protocol, including the bulletproofs and other privacy tech. The base currency of Haven is the XHV, which is burnt to provide users with private, untraceable, synthetic assets and commodities called xAssets."
"The network uses a “mint and burn” process to provide users with untraceable digital assets with standard market pricing and real asset-pegged value storage. Simply, users can burn Haven (XHV) for Haven Dollars (xUSD), which is a synthetic stablecoin."
"In addition, the first crypto pegged asset, xBTC, has been added giving anyone in the world the ability to have exposure to Bitcoin’s price movements from their own private Haven Vault with no counter-party risk or conversion slippage. In addition to XHV, xUSD, xCNY, xEUR, xAU (Gold), xAG (Silver) you can now transact or store your wealth in the following: xBTC — Bitcoin xAUD — Australian Dollar xCHF — Swiss Franc xGBP — British Pound xJPY — Japanese Yen" "As the project continues to grow and evolve we have now laid out the plans to strengthen and further decentralize the project. Having successfully gone through the launch and startup phases we are now focused on growth and adoption."
"Total network activity correct as of 30th may 2021: Number of standard transactions = 149,538 Number of XHV<>xUSD conversions = 5,900 Number of xAsset transactions = 746 Number of xAsset conversions = 1,792 Sum of XHV<>xUSD conversions = $158,584,270 Sum of xAsset conversions = $182,671,737 Total Network Value (TNV) = $170 Million"
On August 29, 2023, Haven Protocol completed a successful hard fork to v3.2.1, re-basing to Monero v0.18.1.2 and updating its tokenomics to improve functionality. Key changes include the reduction of collateral lock times from 21 days to 14 days, a decrease in collateral requirements for offshore and onshore transactions, and a simplified VBS collateral formula. Conversion fees remain at 1.5%, and the VBS values were adjusted to help regain xUSD's peg. Existing coins (XHV and xAssets) were unaffected by the fork, but users must update their vault apps (Web/Desktop/CLI) and resync to access the new version.
It turns out that a vulnerability was introduced in Haven Protocol after the Haven 3.2 rebase to Monero, which occurred in 2023. Specifically, the weakness was found in the "range proof validation" feature, which was part of the Haven 3.2 rebase to Monero v0.18.1.2. This vulnerability allowed hackers to mint illicit XHV undetected.
After noting discrepancies, Haven Protocol initiated an audit of all assets in November 2024 to ensure accurate reporting of its circulating supply, particularly after a significant discrepancy in the supply of its xUSD asset. The audit aimed to verify and recount all assets within Haven's ecosystem, including XHV, xUSD, and xBTC. Users and exchanges were required to audit their funds by the end of the audit period on January 2, 2025, or risk having their unaudited assets disabled permanently. During this audit, all conversions were suspended to prevent interference, and users were informed about the importance of auditing their funds.
To conduct the audit, users had to transfer their assets within a given timeframe to ensure proper counting. The process involved syncing wallets, using either the GUI or CLI applications, and following specific commands to audit the funds. Assets not audited were classified as "dust" and could not be processed. The Haven Protocol communicated regularly with its community to remind them about the audit period and provide guidance. Additionally, the audit system ensured that privacy remained intact, with only the unaudited amounts being visible, while the identity of senders remained anonymous.
The vulnerability was traced to a weakness in the "range proof validation" feature, which had been introduced after Haven's rebase to Monero in version 3.2. This flaw allowed an attacker to mint additional XHV without detection, and because the exploit occurred after the audit, the extra XHV was not counted in the audited supply. In response to the situation, Haven Protocol advised exchanges to halt all trading of XHV pairs, and strongly urged their community not to buy any Haven assets from exchanges. At present, discussions are ongoing within the Haven Protocol community to assess the situation and determine the next steps, with further statements expected after more evaluations.
On December 10th, Haven Protocol reported that it had fallen victim to an exploit, which was discovered when discrepancies were found in the reported supply of XHV on exchanges. The amount reported by exchanges was over 500 million XHV, far exceeding the actual supply of 263 million XHV, which was confirmed after decrypting the data from the ongoing audit. This discrepancy suggests that the excess XHV was minted illicitly through the exploit.
"To our community, followers and supporters,
This is one of the hardest messages we’ve ever had to write. After a lot of thought and discussion, we’ve made the painful decision to bring our project to a close. We owe it to our community to be open and honest about why we’ve reached this point.
When we, the community, took over this project after the original founders abandoned it in 2019, we had one clear goal: to build a private stablecoin that anyone, anywhere, could use to transact and communicate securely and privately. This goal came close to being realised, but we were faced with growing challenges that in the end we couldn’t overcome, despite giving it everything we had.
The most devastating blow came recently when our developers discovered a major exploit. Since the start of the Audit, this vulnerability allowed a potential 1.3 billion illicit XHV to be minted through at least 42 transactions that our developers found. This estimated figure doesn’t include the amount of XHV that could have been minted between August 2023 and the start of the Audit. The unknown amount, or part of it, would likely be audited if we continued, thereby inflating the supply even further. Over 94% of the known supply is now controlled by the attackers. Continuing the project under these conditions would only risk more losses while rewarding malicious actors. That’s not something the current team would want to be part of and allow it to happen.
The lack of resources has been an ongoing issue. Over the past two years, our small team worked tirelessly, mostly without compensation. We did it because we were driven and motivated by our community and the project’s vision. But the truth is, this level of dedication can only go so far without the funding and support needed to grow, develop, and secure the project in the long term.
After exploring every possible option, we, the Haven Oversight Committee and developers, concluded there’s no realistic way forward. Rolling back the chain to a pre-Audit period would have been one possible solution, however, we would have had to mint hundreds of millions of XHV to make exchanges whole. Even then, this wouldn’t have guaranteed a positive outcome, because the exploit has been active since August 2023 and an unknown amount of XHV could lie hidden, waiting to be audited even after a roll back. The privacy-centric nature of our protocol prevents us from identifying and locking the wallets or outputs containing any illicit coins.
This decision is heart-breaking, especially knowing how much this project has meant to all of us. The community’s belief and encouragement kept us going all this time and we can’t thank you enough for sticking with us through everything.
We firmly believe in the vision of privacy and decentralised finance. While Haven may not have achieved the ultimate goal, we hope it has laid the groundwork to build on what we started.
From the bottom of our hearts, thank you for being part of this journey."
Haven Protocol is an ecosystem of digital assets focused on privacy. It offers a range of synthetic assets like xUSD, xBTC, and xAU, all backed by the privacy features of Monero. Users can mint and burn assets through a "mint and burn" process, creating untraceable assets like xUSD and xBTC. After a hard fork in 2023, a vulnerability was introduced in the "range proof validation" feature, which allowed illicit XHV to be minted undetected, leading to a significant discrepancy in the reported supply. Due to a lack of resources and this exploit, the team announced the painful decision to shut down the project in December 2024. The protocol's inability to recover from the exploit, compounded by an overwhelming amount of XHV believed to be controlled by attackers, made it impossible to continue, ultimately ending the journey for Haven Protocol. Users who had synthetic assets had significant time to audit and sell them, and anyone who didn't perform both of these steps has unfortunately lost their funds.
@HavenXHV Twitter (Jan 23)
Haven Protocol XHV – Private Money (Aug 22)
Haven Protocol price today, XHV live marketcap, chart, and info | CoinMarketCap (Aug 22)
Project Closure Announcement – Haven Protocol XHV – Private Money (Jan 24)
Audit – Haven Protocol XHV – Private Money (Jan 24)
@HavenXHV Twitter (Jan 24)
@HavenXHV Twitter (Jan 24)
Haven Protocol v3.2 – Hard Fork Successful – Haven Protocol XHV – Private Money (Jan 24)
Haven Protocol Price History and Historical Data | CoinMarketCap (Jan 24)
