Firo (formerly known as Zcoin) has experienced a 51% attack and is now in the throes of a hash war. Firo recommends users not make transactions at this time, and said it is working with exchanges and pools to mitigate the damage. The team has also asked that all wallets and masternodes be upgraded with a newly released hot fix as soon as possible.
A 51% attack occurs when a miner (or miners) acquires more than 50% of the network’s mining hash power and takes control of the network.
The Firo team first noticed the attack at 7 a.m. UTC, according to Firo Project Steward Reuben Yap. While the attack had ceased, it is now underway again as the attacker tries to move funds.
The Firo team implemented a block on the funds the attacker consolidated.
“Many of the pools have updated and are respecting it,” said Yap. “But the attacker is trying to get their own blocks in to make their own chain, as some of the ecosystem hasn’t updated yet. The attacker is still trying to make their chain longer than ours. Once the ecosystem updates with the latest release, this problem will go away. For now, we are locking down the funds and attack vectors as we await further info from exchanges.”
At the moment, from a Proof-of-Work (PoW) perspective, both chains are valid. Eventually, whoever has the most accumulated work, will become the chain of “truth’,” according to Yap.
The attacker is trying to move the funds, which includes transactions that move their ill-gotten gains. Other pools are trying to invalidate those transactions and keep them locked.
“So that’s why it’s a hash war,” said Yap. “The miner is mining their own chain and trying to overtake the legitimate chain.”
In an email, Yap told CoinDesk the attacker created a stealth chain that was mining secretly with a huge amount of hashrate.
“The hashrate doesn’t appear to have been rented from the usual suspects, as Merkle Tree Proofs aren’t on NiceHash and there isn’t sufficient hashrate on other sites to launch it,” said Yap. “Also, this chain was not broadcast so no one was aware of it.”
Firo implemented Merkle Tree Proofs on its network for egalitarian mining.
In the meantime, according to Yap, the attacker was selling huge amounts of FIRO on the market, causing a crash. Once that was done, they exposed their chain – which was longer. The longer chain invalidated the deposits they made, and the chain rolled back 300+ blocks.
The attacker did several deposits of their funds on Binance before consolidating the vast majority of the funds into a single address.
The Firo team then activated the Lelantus emergency switch to prevent the address from being anonymized, a function that was previously approved by the community.
“To be clear, this was not a Lelantus flaw or a code flaw,” said Yap. “It appears to be a pure 51% attack on a large scale. What was interesting is the pattern of a massive amount of purchases prior and a big price run-up, and then these dumps.”
Yap said his company is still investigating the motive behind the attack and is unsure if there is a correlation or if the funds used to do the double-spend attack were obtained during the run-up. To pull off a double-spend of this magnitude, the attacker would have had to have acquired significant amounts of FIRO legitimately.
Chainlocks on Firo
Firo was weeks away from deploying chainlocks, a secondary validation layer that would have secured its chain by using its masternodes to “checkpoint every block so that you get instant finality upon block confirmation,” said Yap.
Once the chainlocks are activated, the attacker would need more than 50% control of all masternodes on top of 51% of the mining hashrate. In addition to providing a secondary layer of protection, chainlocks will also drastically increase the costs of the attack.
Chainlocks are already live on the Firo testnet.
“So the timing and the way the attacker worked are very suspicious and don’t seem to be entirely profit-oriented,” said Yap. “Especially when considering that MTP has been live on our chain for a long time and several months have passed since the first halving.”
The price of the privacy coin has dropped around 17% in the last 24 hours.
Update: Jan. 20, 2021, 18:15 UTC: This article was updated with new information from Reuben Yap regarding the nature of the attack.