It appears that Syscoin (SYS) cryptocurrency’s blockchain has been compromised. (Update [July 4, 8 AM UTC]: Syscoin has since released a statement claiming the complications did not originate from its network. Read the updates at the bottom for more details.)
Syscoin’s blockchain explorer shows that more than one billion of its coins were transacted in a single block (Updated: The piece earlier wrongly used the word ‘mined’). This is peculiar because the cryptocurrency’s total possible supply is 888 million — significantly less than the amount in the block number 87670.
Syscoin confirmed on Twitter that it’s investigating a possible issue with its blockchain, and stated that it has asked all cryptocurrency exchanges to halt its trading for the time being. The company hasn’t been able to determine the cause of the vulnerability yet.
We are investigating a possible issue on the Syscoin blockchain, nothing is confirmed but we have asked for exchanges to halt trading while we investigate.
— Syscoin (@syscoin) July 3, 2018
Bitcoin developer Jameson Lopp told Hard Fork over email that if a hack indeed occurred, the hackers could have exploited a vulnerability in the blockchain’s protocol to achieve this.
“Breaking the monetary supply rules for a cryptocurrency can’t be accomplished via a 51 percent attack; this indicates that a flaw has been found and exploited at the protocol level,” Lopp told Hard Fork. “It’s likely similar to the buffer overflow vulnerability that was exploited in Bitcoin in 2010 that allowed someone to create 184 billion BTC.”
But it is not just the block that is raising eyebrows about Syscoin. It saw further suspicious activity on the cryptocurrency exchange desk Binance.
One single SYS coin (valued at $0.453290 at the time of writing) — was bought for 96 BTC on Binance ($623,000).
The ridiculously high buy order placed on Binance has led to a skyrocketing pump in the price of Syscoin, despite the possible blockchain hack. As per CoinMarketCap data, Syscoin’s price has surged by nearly 85 percent over the last 24 hours.
Whether the trade on Binance and the surge in price are related to the blockchain compromise is not yet established. But it would be a surprising coincidence if they are not, given how closely both these events occurred.
Update 1 [July 4, 01:30 AM UTC]: Binance has announced a system maintance following the Syscoin debacle. Some social media users are hinting that it could have been an issue with Binance rather than Syscoin.
Update 2 [July 4, 8:00 AM UTC]: Syscoin has since stated that while it observed “odd trading behavior coupled with atypical blockchain activity,” the blockchain itself remains safe.
As a precaution we had requested exchanges halt $SYS deposit/withdrawal today after we observed odd trading behavior coupled with atypical blockchain activity. After investigating the #Syscoin blockchain is safe. We are asking exchanges to reopen. Detailed wiki post tomorrow. pic.twitter.com/NEypr531zi
— Syscoin (@syscoin) July 4, 2018
Binance has also announced that it is resetting its trading API.
“Due to irregular trading on some APIs, Binance will remove all existing API keys as a precautionary security measure,” the company said on its website. “All API users are requested to recreate their API keys.”
The exchange has refrained from revealing the exact reason for resetting the API keys in the statement. It remains unclear whether the Syscoin trading irregularity that took place on its platform had anything to do with this move.
Update 3 [July 4, 9:00 AM UTC]: Binance has acknowledged that the system maintenance was launched in the wake of the Syscoin incident. The exchange desk has announced that it will offer zero-fee trading between July 5 and July 14 to all those who were “negatively affected by choosing to trade the rising SYS price.”
Binance has also stated that it is creating a separate fund — named Secure Asset Fund for Users (SAFU) — to reimburse its users in situations such as this one.
“To protect the future interests of all users, Binance will create a Secure Asset Fund for Users (SAFU). Starting from 2018/07/14, we will allocate 10% of all trading fees received into SAFU to offer protection to our users and their funds in extreme cases. This fund will be stored in a separate cold wallet,” the company said on its website.
Disclaimer: This post was temporarily unpublished as we gathered more details. We apologize for the inconvenience.
Published July 3, 2018 — 23:55 UTC