Attackers have exploited a vulnerability found in Ravencoin, an open-source fork of Bitcoin that launched in 2018, to generate extra RVN tokens “beyond the coinbase of 5000 RVN per block.”
According to a Medium post published by Ravencoin lead developer Tron Black, community members from the CryptoScope team reached out to the Ravencoin team with the findings. Both teams then worked together to stop the exploit from being leaked, and started “code review to detect, isolate, and fix the issue.” The post reads:
A community code submission caused a bug that has been exploited. Law enforcement has been notified and is working with us. The vulnerability does not allow the stealing of RVN or assets that you own and control, but the minting did create RVN that should not exist.
In total, the extra coins that were minted beyond Ravencoin’s total 21 billion supply are the equivalent of 44 days worth of mining, or about 1.5% of the RVN tokens that will ever exist. Black’s suggestion on the post was for the community to absorb the economic cost of the extra tokens, or to move the halving 44 days earlier.
He added the minted RVN tokens were moved to an exchange and traded, and as a result were mixed with other circulating RVN tokens. This means that trying to burn the tokens, even if with community backing, will “cause irreparable harm to innocent victims.”
The burden, Black added, is currently being shared across all RVN holders in proportion to their holdings in the form of inflation. The developer urged users to keep trading to a minimum until a fix is issued. Details on the vulnerability will not be revealed until the fix is implemented.