More than two dozen Proof-of-Stake (PoS) cryptocurrency networks are vulnerable to what has been dubbed a “fake stake” attack. The vulnerability allows a node with a very small stake to overwhelm competing nodes with false data and essentially crash them. Once competing nodes are gone, the attacking node can have a majority of stake on the crypto network, enabling it to conduct a 51% attack as the only validating node.
In a Proof-of-Stake system, mining is replaced by commitment of coins. The system uses existing coins to “mint” new coins instead of hashing power. A successful attacker could inadvertently make himself the only recipient of block rewards as well as transaction fees. At a minimum, he could limit the competition pool such that he was gaining disproportionate wealth.
The Decentralized Systems Lab at University of Illinois at Urbana Champaign uncovered the attack when researching cryptocurrency codebases. All of the coins affected had begun with a Bitcoin codebase and dropped in PoS as an alternative to Bitcoin’s Proof-of-Work. Peercoin were the first to do this, and many Proof-of-Stake coins are forks of Peercoin.