Where Can I Find Announcements?
The project will ensure all announcements are added to this page to keep everything on one page
Exploit Update #10
Released on 04/09/2021 to privide an update on progress with code and maths reviews as well as security audit.
We are pleased to be able to reveal that over the past several weeks, Haven Protocol has been performing discovery work with Cypher Stack, a firm specializing in cryptographic security and research to ensure their cryptographers have a full understanding of the Haven Protocol mathematical models, and enable them to perform a cryptographic analysis and protocol review of Haven 2.0.
Cypher Stack have now produced a cryptographic technical analysis of the areas of Haven protocol relevant to proof/signature construction, verification, and/or balance soundness, as well as looking for potential future improvements. You can read it here: https://github.com/haven-protocol-org/security-audits/blob/master/Cypher%20Stack%20-%20Haven%20Technical%20Note.pdf
About Cypher Stack
Cypher Stack specializes in cryptographic research, with a focus on security proofs, for blockchain projects and distributed systems. Cypher Stack employs cryptographers with the knowledge and passion to push projects to new heights of innovation and security. In addition to the firm’s cryptographic work, Cypher Stack also specialize in digital design, utilities, and infrastructure services.
You can learn more about Cypher Stack here: https://cypherstack.com/
Exploit Update #9
Released on 18/08/2021 to provide an update on progress towards launching Haven 2.0
The Haven Protocol developers are making steady progress towards Haven 2.0.
This update will mark a significant revision of Haven’s core code and a step-change in the project. It will include substantial security updates in the form of new mint and burn validation and allow conversions to be re-enabled. We cannot yet give accurate timelines for when the work will be complete, but this report provides insight into the project status. https://havenprotocol.org/2021/08/18/status-update-18th-aug-2021/
As always, we appreciate your support and will keep you informed of any further developments.
Exploit Update #8
Released on 20/07/2021 to provide more details on the rollback and progress
We’re pleased to share that the rollback fork and v1.4.0 have been successfully deployed.
Seed nodes have a new top block (886576) and have successfully created the updated chain. This block is hard-coded to force every node to sync to this block and no others.
The seeds are currently offline so mining pools can update on their side. Anyone updating to v1.4.0 right now will be stuck at rollback height 886575 until the seeds are up and running.
We expect this to occur around 19:30 UTC today, at which time we’ll share additional details and instructions for running updated Haven Vaults.
Thank you all for your understanding, the Haven Team
Exploit Update #7
Released on 19/07/2021 to update the community on the progress of the rollback
The core team has been working to deploy the rollback hard fork to block 886575. This process has been underway for the last seven hours without any significant obstacles.
The team is now mining the first block, after which point the rollback will be complete and the code and binaries will be issued.
Thank you for your patience, and stay tuned for additional updates
Exploit Update #6
Released on 16/07/2021 to communicate details of the rollback
Today we’re announcing a number of steps about the rollback and fork process.
- Most importantly: per the community’s decision, Haven Protocol will conduct a hard fork on Monday, July 19, 2021 to rollback the chain to block 886575. This will allow exchange wallets to re-open, on-chain transactions to resume, and mining to continue with confidence. xUSD and xAsset conversions will remain paused. New web, desktop, and CLI vaults will be shared prior to the fork.
- After the rollback, a second hard fork will be planned to re-enable xUSD and xAsset conversions after the completion of external audits of the updated codebase. We’re working quickly with third parties to audit and review the new code, but this process will not be rushed. We are committed to ensuring Haven Protocol’s new conversion validation structure is secure.
You can read all the details below. Please drop any questions you have in #general. We’ll be hosting another AMA on Monday after the fork to further answer questions and discuss the next steps. Thanks as always for your support and assistance! We’re committed as ever to Haven Protocol’s mission as the future of private money.
Exploit Update #5
Released on 09/07/2021 to announce the result of the vote
The community has decided. Haven Protocol will Rollback Chain to Block 886575 (June 27)
Do not conduct any transactions until further notice (unless on an exchange)
Beginning on June 22, 2021, malicious hackers attacked Haven Protocol, exploiting several related vulnerabilities. Following an extensive investigation, we conducted a wide-ranging review of the protocol and processes to ensure as smooth as possible recovery from the exploit.
We proposed a chain rollback to remove most of the inflation caused by specific exploits, particularly those with an unknown amount.
Our investigation determined that the optimal rollback point is block 886575 (June 27, 2021, at 22:21:08 UTC). We conducted a 24-hour ballot on July 8, to gain consensus from the Haven Protocol community, which voted 95% in favor of a rollback.
The roll back will be included in the next fork — further information to follow.
Exploit Update #4
Released on 08/07/2021 information on the vote to roll back the chain or move ahead with unknown inflation
Following the recent exploit the community now has a decision to make, as to whether we roll back the chain or not.
Full details of what has happened and the rationale for a rollback can be seen here:- https://havenprotocol.org/app/uploads/2021/07/Technical-Overview-of-June-2021-Exploits.pdf
Please take the time to understand the situation before casting your vote.
About the vote
The vote gives each voter two choices
Yes – roll back the chain
Rollback chain to block 886575
Pros: This will remove the largest exploits
Cons: Transactions after block 886575 will be reversed
No – do not roll back the chain
Pros: No transactions will be reversed
Cons: Hackers will be left holding a large volume of XHV (Potentially 11m XHV), and supply figures will be unknown
How will the vote work?
We have set up a #🗣governance-chat category in our Discord server to enable us to host the vote. To mitigate bot manipulation, we have added a voter registration step to the process.
Register here: #📋register-to-vote
To gain access to the voting channel here: #voter
Voting will start at circa 11.00 am UTC today, and will be open for 24 hours to ensure every time zone has the option to participate.
Thank you all for your patience and participation
Haven Protocol Team
Exploit Update #4
Released on 07/07/2021 to provide a full and detailed technical overview of the exploit
Please read the following technical overview from the Haven Protocol team which explains the impact of the June 2021 exploits, how they were resolved, proposed next steps for the project, and our key learnings.
We look forward to discussing with you the many topics raised in this document as we plan for the future.
As always, thank you for your support, patience, and assistance during these challenging weeks. Without you, there would be no Haven Protocol. The entire team remains committed to taking every necessary step to protect and strengthen the project in the days, weeks, and months ahead.
Exploit Update #3
Released on 02/07/2021 to provide a more in-depth overview of the exploit and give details on the suspected next steps
Dear Havenauts –
We’d like to thank the entire community for your patience during this challenging period as we’ve worked to unpack, analyze, strategize and mitigate the effects of the multiple attacks on the Haven ecosystem over the past weeks.
We are proud that our community and developers were the first to unlock the potential of “colored coin” conversions on top of the Monero protocol, an achievement that had long been considered implausible. Nevertheless, that innovation, and our continued incremental experiments in the form of xAssets, have provided malicious actors with additional vectors to exploit and harm our burgeoning community, which occurred these past several days.
We take full responsibility for these mistakes and are committed to increasing transparency, code reviews, testing, and aggressive white hat bounties over the coming days, weeks, and months. A log of the liabilities discovered and exploited in our original xAsset codebase is provided below.
The three most relevant and material attacks on our protocol are as follows:
- June 22nd: 203,000 xUSD and 13.5 xBTC was minted in two exploits. We originally thought we had prevented these being spent but we now know the attempted mitigation was too late. We did however prevent this attack from reoccurring.
- June 24th: An exploit in the xAsset conversion validation meant that an unknown amount of XHV was minted. We also prevented this from reoccurring. A summary of what our investigation has uncovered can be found below.
- June 29th: an exploit was leveraged that allowed for minting of 9m xUSD.
It was important for us to understand and investigate the quantity of coins minted. This is impossible to determine in Monero, but the fact that Haven’s xAsset conversions are public gave the team a chance to identify a value. While we can’t know the actual quantity of extra XHV minted with 100% certainty, a summary of our findings so far is detailed below. This is why we’ve determined a reorganization of the chain (i.e. a rollback) is now needed.
Upon recognizing these exploits, the team immediately began its mitigation efforts which included:
- Halting deposits and withdrawals of XHV and xUSD on partner exchanges.
- Pausing the xAssets conversion mechanism in the Haven Vault.
- Expediting fixes and patches to close gaps in the current codebase.
- Working closely with centralized exchanges to identify suspicious accounts, freeze relevant assets, and trace any withdrawals.
- Investigating and tracing the attacker’s illicit withdrawals of BTC and ETH from CEXes with the help of a leading blockchain investigator.
- Contacting law enforcement such as NSCS and NFIB to ensure the attacker’s remaining exchange assets are frozen.
- Assessing and finalizing plans for a chain reorganization to “roll back” certain effects of these attacks.
The development team and protocol will be taking the following actions that largely mitigate the impacts of the past week and provide for a stronger future for Haven:
- Initiating a blockchain rollback which will remove all transactions from a certain point onward, including all known malicious transactions. We will present the options for the exact block to rollback to the community to decide.
- Implementing a hard fork which will patch and solve all known minting exploits of Haven Protocol.
- All new protocol code will be made publicly available for review and testing before release to mainnet. Additional technical documentation of the exploits and solutions we’ve developed will be made available for public review.
- With the help of our friends at Cake Wallet, we are contacting Monero’s code auditors and are engaging them on all future material code implementations.
- Allocate a substantial portion of the Haven treasury for burning to mitigate the impact of token inflation caused by the unintended minting exploit. Should the community decide this action is necessary, we will post public view keys for these transactions.
- We will be reopening Haven vaults on a to be determined date, with advance notice to the community. We will request exchanges reopen deposits and withdrawals, and enable vault conversions, after successful rollback of the chain and deployment of the hard fork.
- Implement an oracle “cool off period” for conversions,after fork, and after exchanges are reopened. This will mitigate some of the impact of the exploit-driven reduced MA, while also not penalizing those who did offshore at lower prices. We expect to re-enable conversions after this cooling off period and when exchange wallets have reopened.
- We are initiating two separate bounties: Up to 200,000 xUSD for information leading to the recovery of exploited gains. These funds will be paid on a pro-rated basis for every dollar recovered. Up to 100,000 xUSD in bounties across a series of tasks to further test our protocol code and conversions.
- Hiring up to 4 additional blockchain developers with experience in Monero’s codebase. We are offering 20,000 xUSD bounties for introductions to any developers who ultimately accept a full time offer with Haven and stay committed for at least three months.
As the upcoming hard fork and chain rollback will negate the known xUSD bug, the impact of the XHV minting exploit is as follows based on the best available data from our investigation:
- Approximately 2.1M XHV were sent to centralized exchanges such as Kucoin and Tradeogre.
- A significant proportion of the 2.1M XHV have been frozen by those exchanges and we are working with the exchanges to ensure that these funds are permanently out of the attackers control. The total number of tokens sold to the XHV community was approximately 1.1M of which we believe the attackers were able to cash out 2,048 ETH in profits.
- A substantial amount of BTC, ETH and USDT is frozen in the exchange wallets of these exchange users though we cannot report an exact number while we wait on law enforcement. We are still in the early stages of working with these exchanges to determine a path forward for these assets — whether that is to remain frozen, distributed to the community, or a yet unknown option. We do not expect this to be an immediate process.
- We believe the attackers withdrew their malicious ETH and BTC to public addresses. In most cases, they subsequently moved those ETH holdings through Tornado Cash, while the BTC holdings have not yet moved from the target withdrawal wallet.
We recognize that many of the mitigation actions taken are reflective of centralized protocols. As outlined in The Path Ahead this past April, our goal has and continues to be to move Haven towards an entirely decentralized future. We continue to believe we are 18–24 months from that state. In the meantime, we elected to make painful decisions at present that we felt protected new and old investors alike, that did not compromise Haven’s ultimate mission, and that would provide the Haven Protocol community the highest degree of confidence in the veracity of their holdings.
Our decision to engage law enforcement was also not taken lightly given the protocol’s privacy focus and we attempted to ensure the safety of the XHV community without it. However, this formal involvement is mandated by our exchange partners in order to permanently freeze the accounts that continue to hold a substantial amount of exploited XHV.
This hack was sophisticated, well planned and aggressive. Nevertheless, we were able to expeditiously mitigate their impact, and follow certain trails of evidence which are being actively investigated. We would like to explicitly state our appreciation to our partner exchanges for their responsiveness in helping to minimize the impact of this exploit. If the attackers would like to return their gains, we would be willing to cease our investigative efforts with law enforcement — and are happy to communicate privately on this issue.
We are deeply apologetic for the pain and anxiety these events have caused so many in our community. We proudly took over development of Haven in early 2019 after the prior development team had obfuscated their progress, obviated their duties, and abandoned the same community they claimed to serve. We remain committed to Haven as one of the most important projects and technologies in the entire crypto ecosystem. In spite of our substantial progress these past 24 months, we recently rushed the testing process to increase the speed of xAsset progress. This decision ultimately had a detrimental effect and we are deeply committed to shoring up our code and keeping your assets safe, private, and stable henceforth.
We will be hosting two future AMAs in Discord for the community to ask questions regarding the exploits, hard fork, and mitigation actions. The first AMA will be this Sunday, July 4, at 17:00 UTC.
Thank you again to our incredible community for their support, patience, and assistance during this challenging week. Without you, there would be no Haven Protocol. We know it has not been easy given the uncertainty of the situation. We are committed to taking every necessary step to protect and strengthen the project in the days, weeks, and months ahead.
The Haven Protocol team
David, Neil, Mattyk, Akil, J-berman, Jonny_U, AHawk, MadLentil and rarecommons
Exploit Update #2
Released on 01/07/2021 to describe progress and address the community
The last 72 hours have been challenging as we’ve worked to piece together and unpack all the details of the recent exploits in our protocol. It has required the complete focus of the development team, substantial communication with affected exchanges, and work with investigators. We thank you for your patience while they work.
We understand the frustrations of the community but please be assured the entire team is completely focused right now on getting us back on track. We are making good progress and will soon release a fully detailed report and mitigation plan.
Thanks again for everyone’s patience. We’re fortunate to have such a strong and supportive community to get us through challenges like this. Haven’s future is bright. Please keep an eye out for further announcements.
Exploit Update #1
Released on 28/06/2021 to announce the team’s awareness of two suspicious transactions in the explorer
This morning, the dev team became aware of 2 suspicious transactions in the explorer. A meeting was called immediately and the team investigated the cause. After some initial exploration, we found a vulnerability that has been exploited twice in the last 3 days, resulting in the minting of a number of counterfeit coins. This explains the unusually high selling volume on Kucoin.
This is an exceptional situation and it has required an unprecedented response. It is not possible to share all details at this stage but you should be aware that we’ve taken the following actions
– Disabled exchange wallets
– Deactivated conversions in user wallets
– Frozen suspect accounts on KuCoin
The entire team has been working to mitigate the impact in every way possible. The rationale behind these decisions is as follows:
We have instructed exchanges to close wallets, to prevent anyone from profiting from the exploit, and to stabilize the situation.
We have disabled the pricing oracle – to prevent any further conversions between XHV, xUSD, or other xAssets. This was also necessary because the XHV price is invalid when the exchanges are closed. Disabling the oracle will also mean the USD price summary will not show in the web and desktop wallets.
KuCoin are supporting us in our investigation and actively freezing suspicious accounts. During Haven’s journey over the past two-plus years, the project has overcome many obstacles and challenges. We are fully committed and confident that we will do the same again and come out stronger on the other side.