Haven Protocol Triple Attack

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Haven Protocol

Haven Protocol is a complex blockchain focused around privacy. There were at least 3 vulnerabilities in the blockchain, which allowed the minting of a significant number of additional tokens, which were then sold by the hacker.

The Haven Protocol has subsequently rolled back the largest attack and focused extensively on security, releasing multiple upgrades. Haven Protocol also worked with exchanges to make sure that customers were all made right. It is unknown if any vulnerabilities exist in 2.0, however is it certainly more secure.

This is a global/international case not involving a specific country.^{[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16]}

About Haven Protocol

"Haven is an ecosystem of digital assets that enables users to convert between volatile assets and stable currencies directly within their vault, in complete privacy." "You don’t need to be a computer scientist to use Haven. We provide a range of different products handcrafted and tailored to any type of user." "[T]he Haven Protocol Foundation exists to serve the project’s needs from both a financial and growth perspective. Discussions are currently ongoing on the best way to achieve this and to set up the foundation’s structure and membership accordingly."

"Haven is based on Monero giving every asset within the ecosystem world class privacy. Haven provides a range of synthetic fiat currencies and digital assets, enabling commerce and portfolio diversification. Haven enables you to store, convert and transact in the form of money you prefer with trackers for xUSD, xCNY, xAU (Gold), xBTC (Bitcoin) and more."

"Haven Protocol is similar to an offshore bank where users can create private tokens that represent stable and volatile assets, including commodities and fiat currencies (such as USD). The protocol is based on Monero, which focuses on secure, private and untraceable transactions."

"As a result, most of the features of Monero extend to the Haven protocol, including the bulletproofs and other privacy tech. The base currency of Haven is the XHV, which is burnt to provide users with private, untraceable, synthetic assets and commodities called xAssets."

"The network uses a “mint and burn” process to provide users with untraceable digital assets with standard market pricing and real asset-pegged value storage. Simply, users can burn Haven (XHV) for Haven Dollars (xUSD), which is a synthetic stablecoin."

"In addition, the first crypto pegged asset, xBTC, has been added giving anyone in the world the ability to have exposure to Bitcoin’s price movements from their own private Haven Vault with no counter-party risk or conversion slippage. In addition to XHV, xUSD, xCNY, xEUR, xAU (Gold), xAG (Silver) you can now transact or store your wealth in the following: xBTC — Bitcoin xAUD — Australian Dollar xCHF — Swiss Franc xGBP — British Pound xJPY — Japanese Yen" "As the project continues to grow and evolve we have now laid out the plans to strengthen and further decentralize the project. Having successfully gone through the launch and startup phases we are now focused on growth and adoption."

"Total network activity correct as of 30th may 2021: Number of standard transactions = 149,538 Number of XHV<>xUSD conversions = 5,900 Number of xAsset transactions = 746 Number of xAsset conversions = 1,792 Sum of XHV<>xUSD conversions = $158,584,270 Sum of xAsset conversions = $182,671,737 Total Network Value (TNV) = $170 Million"

"Regarding specific attacks, on June 24, 203,000 xUSD and 13.5 xBTC were minted in two attacks; on June 27, an unknown amount of XHV was minted due to a vulnerability in the conversion verification of xAsset; June 29 , The attacker exploited a vulnerability that allowed the minting of 9 million xUSD." "The attack[s] took advantage of several vulnerabilities: Miner reward validation hack, xJPY to xBTC conversion/transfer, Hidden burn/mint amount bug, and Zero value price record due to oracle being disabled."

"June 22nd: 203,000 xUSD and 13.5 xBTC was minted in two exploits." "At 5 am on June 23, 2021 it came to our attention that there had been an attempted exploit on Haven Protocol. Upon investigation, we found that it was possible for an unscrupulous miner to modify the code to take advantage of a previously unknown vulnerability in the miner-reward-validation code. This meant that it was possible to mint a much higher mining reward than was due." "Value of exploit: 2 equal transactions totaling 13.46 xBTC and 202,920 xUSD" "The developers were quickly able to replicate the exploit, design and implement a fix, and issue a patch that permanently prevents a future occurrence of this exploit." "The team attempted to disable the counterfeit inputs in the deployed patch." "We originally thought we had prevented these being spent but we now know the attempted mitigation was too late. We did however prevent this attack from reoccurring."

"June 24th: An exploit in the xAsset conversion validation meant that an unknown amount of XHV was minted. We also prevented this from reoccurring. A summary of what our investigation has uncovered can be found below." "On the morning of June 28, 2021, the dev team became aware of two suspicious transactions in the explorer. A meeting was called immediately, and the team investigated the cause. After some initial exploration, we found a vulnerability that was exploited twice in three days, resulting in the minting of several counterfeit xBTC coins. This ultimately resulted in the unusually high selling volume of XHV on KuCoin." "Value of exploit: 2 transactions totaling 112.2 xBTC" "Using an xJPY input and xBTC output, it was possible for the attacker to take advantage of a vulnerability in the get_tx_type() function. This function determines transaction type (offshore, onshore, etc.). By modifying outputs, they were able to make the transaction look like an xAsset transfer. Since the transaction was being seen as a transfer rather than conversion, it bypassed the conversion validation code so the incorrect tx was accepted by the daemon."

"June 29th: an exploit was leveraged that allowed for minting of 9m xUSD." "We found a bug that allowed the reporting of the actual number of assets minted or burnt to be manipulated. This isn’t an exploit per se, and it doesn’t allow for any inflation, but it does allow a bad actor to hide transactions. It is possible to identify the transactions in the block scanner report, so we can see that it was used extensively after 886595. This is why it is impossible to trust the supply figures after this block. We have seen 35 instances of this in the last scan, starting at block 886595."

"In response to the xJPY exploit, the decision was taken to disable conversions by disabling pricing records. This was intended to block exploits in conversions and mitigate the impact of a rollback — if needed. The protocol is designed to invalidate conversions when no price record is available. However, a vulnerability in this protocol meant that it was possible to exploit the zero price when constructing a transaction to mint additional funds."

"The attacker was able to pass through proof-of-value and burnt/mint checks by modifying his tx and setting the amount burnt/mint to 0. Since 0 * x = 0, the validation passed, as it is supposed to return a 0 result. This is because inputs-(outputs + fee) should normally = 0. This then allowed the attacker to manipulate the output values to mint an arbitrary amount." "Occurred: 18 times between 887361 (2021–06–29 00:45:20) and 887409 (2021–06–29 02:15:23)"

"Each issue has left an identifiable anomaly in the blockchain data. This meant it was possible to build a blockchain scanner, which scans the entire chain to form a complete list of affected transactions. This allows us to better understand the extent and impact of each exploit. It also gives us a high level of confidence that we have not missed any transactions."

"Haven Protocol (XHV) released analysis reports and measures for [all] three serious attacks in late June. The chain rollback plan will be initiated and a hard fork will be implemented. Fix the known vulnerabilities in protocol minting." Rollback to "Block: 886575 Time: 2021–06–27 22:21:08" "If we rollback to a block before this point, when the exchange wallets were open, users or exchanges could lose funds. If we rollback to a block after this point, it would allow blocks with hidden mint burn data to survive, which hide unknown exploits." "A decision was made by the community to roll back the chain to block 886575 by a decisive 95% majority." Haven "conducted a 24-hour ballot on July 8, 2021 to gain [the] consensus from the Haven Protocol community."

"Because of time differences, KuCoin was the last to close deposits and withdrawals. They actioned our request at 1:56 am on the June 28th. Block 886575 is only 3 hours and 35 minutes before this point, meaning we still have a short window for disruption. We hope to work with KuCoin to put this right." "The exchange data we have seen so far suggests that most of these funds have already been sold and that the hacker does not hold much more."

"We’ve calculated below the total inflationary impact of these exploits. Miner validation reward: Total exploit [left after rollback] of 13.46 xBTC and 202,920 xUSD xJPY to xBTC conversion: Total exploit of 112.2 xBTC" That's a "Grand total of 125.66 xBTC and 202,920 xUSD"

"It is critical to note that this total is also offset by the 440,000 XHV (~$1.5 million) that is currently frozen in suspected KuCoin accounts, and 100,000 XHV ($~350,000) that is frozen in suspected TradeOgre accounts. We hope to recover and burn these funds."

"This would result in approximately $2.6 million in total inflationary impact, or 3% of Haven Protocol’s current market cap, based on today’s market prices."

"Our decision to engage law enforcement was also not taken lightly given the protocol’s privacy focus, and we attempted to ensure the safety of the XHV community without it. However, this formal involvement is mandated by our exchange partners in order to permanently freeze the accounts that continue to hold a substantial amount of exploited XHV."

"The rollback [was] complete and successful." "Haven Protocol successfully deployed a hard fork (version 1.4.0) to rollback the chain to block 886575." This "allow[ed] exchange wallets to re-open, on-chain transactions to resume, and mining to continue with confidence. However, xUSD and xAsset conversions in the Haven Vault remain[ed] paused." "After the rollback, a second hard fork [was completed] to re-enable xUSD and xAsset conversions after the completion of external audits of the updated codebase." "[T]he majority of exchanges, pools, and other nodes are now running the latest version of Haven Protocol." "Some miners experienced an issue with the original fork (v1.4.0) which resulted in reports of rejected transactions. This issue was resolved by the latest version (v1.4.1). The chain [began] functioning smoothly. XHV, xUSD, and xAssets can now be sent and received without any issues." [Haven Protocol worked] "with each exchange to ensure their own internal balances are correct and making payments from the governance wallet where necessary to meet our obligations."

A "[f]ix [was made to the] miner reward issues [by] add[ing] additional checks for validate_miner_transaction · GitHub. [Haven] fix[ed the] xAsset conversion issues [through a] asset type bug fix. [They] fix[ed] 0 price record issue [and] add[ed] 0 pr and amount bunt/mint check. [Finally, they] fix[ed the] conversion fee overflow issue (found in block scan) [and] [i]mplement[ed] “proof-of-coin” into the protocol." The "Haven Protocol validation [was] based on a proof of value. We are now extending this concept to include public mint and burn data, to ensure that it matches the hidden values in the proof of value calculation." "This gives the protocol a second layer of validation, ensuring any future attempt to manipulate mint and burn data will not be valid and cause the transaction to be rejected."

"The Haven Protocol developers are making steady progress towards Haven 2.0. This update will mark a significant revision of Haven’s core code and a step-change in the project."

"Haven 2.0 will mark a significant revision of Haven’s core codebase and a critical step-change in the project. It will also include substantial security updates." "This release will also mark a major milestone for the project. With a significantly improved protocol, the delays of the June 2021 exploits will be behind us, and we’ll benefit from new processes and procedures with a focus on security and testing. At this point, the team and community’s focus can shift back to growing the future of private money, with collaborations such as THORChain, exchanges, and third-party wallet integrations."

"It will include substantial security updates in the form of new mint and burn validation and allow conversions to be re-enabled." "In addition to Haven’s original proof of value (detailed on page 5 of Haven’s whitepaper), the team has designed a new mint and burn validation logic. This works by including additional data in conversion transactions to guarantee that the mint and burn values supplied by the sender are correct. This new validation eliminates any possibility of a repeat of the June 2021 exploits."

"We have submitted a complete written description of the design to auditors — Monero mathematics specialists with in-depth knowledge of the Monero codebase. We will continue collaborating with this team and others until we are 100% confident that the approach for this new validation is secure."

"Once all of the above steps are complete, along with any associated code changes and testing (both on testnet and new stagenet), the final and official audit can be conducted. Passing this audit will be the last step before planning the fork."

"We’d like to thank the entire community for your patience during this challenging period as we’ve worked to unpack, analyze, strategize and mitigate the effects of the multiple attacks on the Haven ecosystem over the past weeks." "As painful as this process has been, it has hardened the team and the protocol. There is no doubt that the project is now stronger because of it."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

• Known history of when and how the service was started.
• What problems does the company or service claim to solve?
• What marketing materials were used by the firm or business?
• Audits performed, and excerpts that may have been included.
• Business registration documents shown (fake or legitimate).
• How were people recruited to participate?
• Public warnings and announcements prior to the event.

Don't Include:

• Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
• Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

• When the service was actually started (if different than the "official story").
• Who actually ran a service and their own personal history.
• How the service was structured behind the scenes. (For example, there was no "trading bot".)
• Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost has been estimated at $11,600,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

General Prevention Policies

There were no recorded customer losses in this case, however the token supply was inflated which would lower it's value slightly. The end rate of inflation is comparable to <2 years of fiat inflation, so this does not seem to represent a significant loss either.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References