The team behind the ravencoin (RVN) token have revealed that hackers have exploited a vulnerability in the network that allowed them to mint and then trade almost USD 6 million worth of tokens.
Per an official blog post, the team stated that the exploit is still being investigated, but that hackers may have minted a whopping 315 million tokens, 1.5% of its maximum supply of 21 billion. The operators said that a “community code submission” had caused “a bug that has been exploited.”
The hackers appear to have worked quickly, and have since traded part of the sum on crypto exchanges.
Ravencoin’s market capitalization stands at USD 119,373,191 at the time of writing (12:55 UTC), while the token is trading for about 0.0182 to the USD – meaning that the hack is currently worth USD 5.74 million. RVN, ranked 68th by market capitalization, is down by 2.5% in a day and 8% in a week.
Ravencoin’s operators say they have spoken to the police, noting,
“Law enforcement has been notified and is working with us.”
The news does not look good for RVN holders, however, who may have to eat up the cost of the hack.
“Because [the minted] RVN were transferred to an exchange and traded, they are mixed with other RVN and therefore any programmatic attempt at burning them, with miner and community backing, would cause irreparable harm to innocent victims. As it stands, the burden has been shared across all RVN holders in proportion to their RVN holdings in the form of inflation.”
The operator asked RVN miners and node operators to upgrade to a safer version of the network, or risk more exploits taking place.
Ravencoin also took to Twitter to state that “every single miner and user” needed to take “responsibility for code” – but conceded that Ravencoin “must have procedures to prevent errors.”
Responsibility for code goes to not just developers but every single miner and user. The benefit of a true open sou… https://t.co/nY50nb78nk— Project Raven ????/ RVN / Ravencoin (@Ravencoin)
"Being open source is not a panacea for a project's security. It must have a sufficiently large set of skilled active developers," Casa Chief Technology Officer Jameson Lopp reacted.