Students from Decentralized Systems Lab have identified more than 26 cryptocurrencies that are vulnerable to “Fake Stake” attack. In this, an attack with small amount of stake could crash any of the network nodes running the corresponding software.
Fortunately, instead of attacking the network, these students contacted the affected cryptocurrencies and they have already deployed mitigations that prevent the “Fake Stake” attack from happening.
Here is an important snippet from the article.
In a permission less cryptocurrency network, peers must not be trusted. So, to prevent against resource exhaustion attacks, Bitcoin nodes first check the PoW for any received blocks before committing more resources, such as storing the block in RAM or on disk. However, it turns out that checking a Proof-of-Stake is a lot more complicated and context-sensitive than validating a Proof-of-Work.
Developers from these coins have already churned out software updates.
Qtum, Navcoin, Particl, HTMLcoin, Emercoin.
Following teams are yet to release update – StratisX, PivX, ReddCoin, Nebilio, Peercoin, Cloackcoin, Experience points, BitBay, Linda, Phore, ColossusCoinXT, PotCoin, DeepOnion, ALQO, Bean Cash, Divi, NoLimitCoin, LUXcoin, HempCoin, BlackCoin and Diamond.
Again, huge respect for these students for not abusing the bugs for themselves.