{"id":143768,"date":"2021-11-04T20:07:31","date_gmt":"2021-11-04T20:07:31","guid":{"rendered":"https:\/\/precoinnews.com\/?p=143768"},"modified":"2021-11-04T20:07:31","modified_gmt":"2021-11-04T20:07:31","slug":"antifragile-the-story-of-the-haven-protocol","status":"publish","type":"post","link":"https:\/\/precoinnews.com\/crypto\/antifragile-the-story-of-the-haven-protocol\/","title":{"rendered":"Antifragile: The Story Of The Haven Protocol"},"content":{"rendered":"

We live in a world where privacy has become a privilege for the few, it is now at a premium and our individual sovereignty is at stake. It takes a bit for that idea to sink in, but once it does it tends to change everything.<\/span><\/p>\n

The original promise of cryptocurrency was the autonomy of the individual, but this has been eroded as governments, companies, and centralized organizations quickly caught up, leading to semi-private solutions in the crypto space.<\/span><\/p>\n

Privacy coins were the next step in advancing the privacy fundamentals, but their inherent volatility came as a stumbling block for those seeking stability.<\/span><\/p>\n

That’s why when the <\/span>Haven Protocol<\/span> announced private stable assets (in the form of xUSD, xEUR, etc.) in 2018, I dove head-first into the project.\u00a0<\/span><\/p>\n

It was a project that could offer all the privacy of Monero, but none of its volatility, giving users access to a reliable, stable coin, while maintaining sovereignty over their financial life. It’s seemed to me, that this was everything we’re as a crypto-commuity were fighting for.<\/span><\/p>\n

And that’s why what came next came as such a shock.<\/span><\/p>\n

We have a situation…<\/span><\/h2>\n

\u201cWhat do you mean we’ve been hacked? What happened?\u201d<\/span><\/p>\n

It can be hard to keep your cool when the hit comes, but the true measure of an open source project is how they handle themselves when things go wrong. How and what they do to protect the future of their project.<\/span><\/p>\n

In our case, what had happened was a hacker (or hackers), discovered a weakness in our code. This vulnerability allowed them to change the block reward for mined blocks, giving them the capacity to reward themselves with far more coins than they would have earned otherwise. This wasn’t only obvious, but blatant. It was as if they wanted us to see.<\/span><\/p>\n

Their next move was a bit more insidious.\u00a0<\/span><\/p>\n

They modified the same area of the codebase to allow for counterfeit token creation. A hidden weakness that took us all of our experience and know-how to uncover. By that time they had made off with over $50-million in tokens and produced an existential threat to the entire Haven Protocol.<\/span><\/p>\n

The clock was ticking.<\/span><\/p>\n

If we didn’t do something, the unknown inflation of assets could have resulted in a very difficult position for the protocol. If our attacker converted his ill-gotten gains into XHV and crashed its price as they shifted over to BTC or ETH, the steady rolling snowball could have reduced the value of XHV to zero.<\/span><\/p>\n

The idea of a private stable coin was in the hands of our response.<\/span><\/p>\n

Understanding the significance of an existential threat<\/span><\/h2>\n

The response to this attack had to be handled correctly and with all due haste.<\/span><\/p>\n

We couldn\u2019t waste time deliberating. We couldn\u2019t lay blame. But to say that it was \u2018easy\u2019 to handle the shock would be completely wrong. Our entire core team, myself included, had given up tremendous opportunities to be a part of this project.<\/span><\/p>\n

From leaving well paying careers, to exiting successful online businesses – our team has made tremendous progress through tremendous sacrifice. The team and community who work on the Haven protocol <\/span>believe<\/span><\/i> wholeheartedly in the idea of financial privacy. It is the reason <\/span>why<\/span><\/i> we have all been willing to progress forward.\u00a0<\/span><\/p>\n

Witnessing the aftermath of destruction, and pushing forward to pick up the pieces that a single hack can have is extremely difficult. It is worse when years of time has been invested, entire livelihoods are at stake, millions of dollars of community investments have been stolen, and trust in the project is being questioned.<\/span><\/p>\n

Yet despite these challenges, our team and community did not flinch.\u00a0<\/span><\/p>\n

We adopted the stance that anything that had happened in the past to cause what’s happening today, was our inheritance and our challenge.\u00a0<\/span><\/p>\n

We recognized immediately we needed to own it and fix the hack for the survival of the project.\u00a0<\/span><\/p>\n

But first we needed to prevent any further damage.\u00a0<\/span><\/p>\n

A quick and intense response<\/span><\/h2>\n

We went to the community to decide the way to go forward as a collective.<\/span><\/p>\n

We contacted all of our exchange partners, KuCoin, TradeOgre and Bittrex, and asked them to close all XHV wallets. This ensured there would be no future deposits or withdrawals in our stolen funds.<\/span><\/p>\n

Next, we removed the ability for conversion metrics to be calculated, effectively shutting down the hacker’s ability to convert more funds. Freezing an aspect of the protocol like this, while drastic, ensured the damage the hacker could cause would be limited.<\/span><\/p>\n

Last, we returned to the community and inquired if they wanted to roll back the blockchain to reverse the transactions that happened in the attack. We did this knowing full well the hacker could still potentially affect any potential vote. The community, with overwhelming support and belief in the project, agreed.<\/span><\/p>\n

We knew the next move belonged to our adversary and he did not disappoint.<\/span><\/p>\n

Enemy in our midst<\/span><\/h2>\n

The hacker decided that causing damage to the project was not enough. He joined the community and had a lengthy chat with one of our core team members. (As an aside, the chat can still be publicly seen in our Discord channel.)<\/span><\/p>\n

It seems the modus operandi for these types of hacks is often the same: they claim to not be in it for the money\u2014which is doubtful. Instead, they cast themselves as an anarchic agent of chaos, sowing discord in pursuit of a \u201cchaotic neutral perspective of life.\u201d (His words \u2013 not mine)<\/span><\/p>\n

They claim to want to help by poking holes in code and security to retest and strengthen and then arrive with mock concern when they find weaknesses. And yet, when approached with genuine desire to provide reward for discovering exploits as we did, they turn a blind eye.\u00a0<\/span><\/p>\n

Ultimately our hacker admitted his motives were financial.<\/span><\/p>\n

The way forward and lessons learned<\/span><\/h2>\n

While we’ve patched the vulnerabilities and have made many changes to the way in which Haven works. Some of the notable improvements have been:<\/span><\/p>\n