Earlier today we released a statement about the Hotbit incident. On 1/7 and 1/13, a malicious miner conducted a 51% block withholding attack on the MWC network.
At the time of the first attack, Hotbit was requiring 6 confirmations before accepting deposits. For the second attack, it had been increased to 60 confirmations. This was insufficient.
Based on data provided from Hotbit, it appears that the attacker made a number of deposits to Hotbit on these days that appeared to confirm on the blockchain, but were later part of a large reorg. There were also a large number of regular deposits made to Hotbit during the attacks which appeared to confirm, but were later part of a reorg and thus not actually confirmed on the blockchain. Those funds, never made it to Hotbit and remained in the wallets of the senders.
Hotbit is using mwc713, which is a free open source software project available in the mwcproject github repo. This program was originally a fork of the GRIN wallet "wallet713". wallet713 is itself a fork of the grin-wallet project.
mwc713 shared the same transaction logging logic that came from the GRIN code. We are not aware of how Hotbit supports GRIN trading but they have done so for a significant period of time.
This logic, which relates to the transaction logging was not modified by the MWC developers and it did not update the logs when a reorg occurred.
Since this is logging data, it should not be relied on for checking the status of the chain and instead either output verification through an API call to a full node or sweeping funds from a deposit wallet to another wallet should be implemented by exchanges to ensure funds are actually deposited. Nevertheless, in an ideal world, this logging data would be updated in the case of a reorg so as to reflect accurate data.
The GRIN team actually updated this logic in the grin-wallet 3.0 version to make some bug fixes which was released right around the time of this attack. We don't think those fixes would have specifically addressed this issue.
Additionally, GRIN added a change to the 3.0.0 full node that fixed a CVE. Immediately after the successful GRIN hard fork and when the CVE no longer posed a threat to the GRIN network, the GRIN developers disclosed the CVE to the public and made no attempt to disclose the CVE to any of the teams working on GRIN forks until after they had released the CVE to the public.
This is after the MWC Team notified them that since GRIN and MWC shared much of the same codebase therefore it would helpful to both teams if GRIN disclosed any CVEs to the MWC Team responsibly. This CVE also impacted several other GRIN forks and there was no reason to not disclose it to the developers of the fork before publicly releasing full details of the vulnerability.
The MWC Team released their our own native qt wallet: https://github.com/mwcproject/mwc-qt-wallet and have fixed numerous bugs in GRIN. Some of these bug fixes have been merged into GRIN itself.
Also, see this article on a bug found by TradeOgre in grin-wallet which the MWC Team fixed: https://www.mwc.mw/mimble-wimble-coin-articles/mwc-team-fixes-another-grin-bug-this-time-in-grin-wallet
And the MWC Team fixed this deadlock bug in GRIN which was causing MWC pools to freeze: https://github.com/mwcproject/mwc-node/commit/8a3544340b463ec69f4cc45b7af909c271be8084
The MWC Team also implemented a secure version of mwcmqs (based on grinbox). Grinbox does not support SSL on Windows: https://www.mwc.mw/mimble-wimble-coin-articles/major-upgrade-to-mwc-mq-mwc-message-queue-released-today
Since the GRIN code had already successfully hard forked, there was no way for GRIN users to be harmed by this vulnerability. Since the MWC code and the code all other GRIN forks had not been patched because the GRIN team had not responsibly disclosed the CVE to any of the teams, therefore, it caused the MWC Team to release an emergency patch to resolve the issue and left the MWC network vulnerable until this patch could be released. Fortunately, the patch was released and updated on critical infrastructure extremely quickly.
Nevertheless, the attacker may have been very familiar with the GRIN software and release schedule. The MWC Team had been testing the grin-wallet 3.0 update and found that even after the GRIN Team's fix to this issue, there are some other issues that make the transaction log data unreliable in GRIN.
The MWC Team fixed some of these other issues as well. Exchanges should never rely solely on transaction log data for verification of deposits and instead simply sweep deposit funds into a secondary wallet. This is a standard architecture and guarantees that funds are actually available on chain if there are sufficient confirmations.
All in all, this attack caused Hotbit to lose around 90,000 MWC. Although the MWC chain has performed flawlessly according to the consensus rules since mainnet was released on November 11th, nevertheless, the MWC Team has agreed to give Hotbit these funds from the unclaimed airdrop funds in order to make whole Hotbit and its customers that were early buyers of MWC.
While the MWC Team does not generally think bailouts are a good idea, it is very early in the project and this is a learning experience for the team, users and exchanges.
Excess funds should never be left on exchanges and should be routinely withdrawn by users. The MWC Team has warned and forewarned exchanges that they should harden their security and infrastructure. Next time it is highly unlikely that funds will be available for these purposes.
Nevertheless, with significant community input, the MWC Team feels this was a good use of the unclaimed airdrop funds at this stage in the project.
In addition, to help exchanges integrate MWC the MWC Team has made a best practice guide available here: https://github.com/mwcproject/mwc-node/blob/master/doc/exchange_reccomendations.md
It's been brought to our attention that some of the GRIN developers have commented on this article in the GRIN discord. See JasperVDM's (lead developer of wallet713 and grin contributor) comments:
We are surprised by this comment because we very clearly communicated this to the two GRIN security contacts listed on their responsible disclosure page. See screenshot of our email dated 12/5/19:
As we mentioned they were notified about our shared codebase on 12/5/19 and without reason disclosed a vulnerability on 1/22/20 that their own network was not vulnerable to due to their recent hard fork. This vulnerability could have caused harm to not only the MWC network, but also all other forks of GRIN which hadn't patched (or even been made aware of this issue) including Bitgrin and Epic Cash and others. They use the flimsy excuse that there was no bilateral agreement in place at the time even though our desires had been clearly communicated AND THE VULNERABILITY THEY DISCLOSED POSED ABSOLUTELY NO RISK TO THE GRIN NETWORK. Due to these reprehensible actions and blatant disregard for other open source projects and communities, we would call into question any researchers who disclose critical vulnerabilities to the GRIN developers. Instead, they should disclose them directly to the MWC developers. The MWC policy states that we will disclose the critical vulnerabilities to forks and other modifications of MWC that we are aware of. See "Forks and other modifications of MWC" section on our security page.