Haven Protocol (XHV), a coin based on a fork of Monero, was announced today to have been the victim of a hack on the Nanex exchange. The hack was made possible by a vulnerability that carried over from the code forked from Monero. Monero was later patched to remove the weakness, but XHV developers forgot to update their system accordingly.
Untraceability and Stability
The crypto space is growing explosively, and even in this bear market, new projects arise and others grow beyond their initial vision. Most new projects do not start with a blank slate and write their code from scratch, however. They are often forked off of other projects, some with extensive changes, others with very few.
Litecoin is a successful example of the latter, with a codebase almost identical to Bitcoin. This had allowed it to act as something of a ‘test net’ for Bitcoin, implementing Segwit and the Lightning Network before they were used for Bitcoin itself.
Havven Protocol is an ambitious project working to combine the untraceability of Monero with the security of a stablecoin. Within the Haven wallet itself, holders can ‘lock’ the dollar value of their coins by minting an amount of Haven Dollars (XHVD), and at a later time burn those to mint back into XHV. Notably, this changes the total supply of the coin – if you lock in at $0.50 per coin and mint back at $0.40, you mint 20% more coins than you started with.
This could also allow retailers to accept payment in XHV and immediately lock in the dollar value of the transaction, escaping the volatility that makes many vendors hesitate to accept crypto.
For that to happen, however, coins must be secure. The hack announced today resulted in some 311,000 XHV lost to hackers, or about 150,000 US dollars’ worth of coins, almost 10% of the total supply of XHV.
Exchange Clarifies Position
The Nanex exchange mention in their announcement that the faulty code was not written by Haven developers but by Monero’s. XHV forked off of Monero, but the vulnerability has since been patched out of the original, leading to some disagreement as to who is more responsible for the hack.
Monero devs have in the past gone to some effort to inform developers of coins that forked off their code about any new vulnerabilities that have been discovered to minimize the chance that malicious actors can use them to attack the projects.
That they did not do so regarding this vulnerability and XHV blames them in the eyes of some, while others believe that it is the responsibility of the devs of any project to watch closely changes to the code they spliced off to create their project.
