Haven Protocol Exploits: Mitigation Plan and Next Steps

Dear Havenauts –

We’d like to thank the entire community for your patience during this challenging period as we’ve worked to unpack, analyze, strategize and mitigate the effects of the multiple attacks on the Haven ecosystem over the past weeks.

We are proud that our community and developers were the first to unlock the potential of “colored coin” conversions on top of the Monero protocol, an achievement that had long been considered implausible. Nevertheless, that innovation, and our continued incremental experiments in the form of xAssets, have provided malicious actors with additional vectors to exploit and harm our burgeoning community, which occurred these past several days.

We take full responsibility for these mistakes and are committed to increasing transparency, code reviews, testing, and aggressive white hat bounties over the coming days, weeks, and months. A log of the liabilities discovered and exploited in our original xAsset codebase are provided below.

The three most relevant and material attacks on our protocol are as follows:

  1. June 22nd: 203,000 xUSD and 13.5 xBTC was minted in two exploits. We originally thought we had prevented these being spent but we now know the attempted mitigation was too late. We did however prevent this attack from reoccurring.
  2. June 24th: An exploit in the xAsset conversion validation meant that an unknown amount of XHV was minted. We also prevented this from reoccurring. A summary of what our investigation has uncovered can be found below.
  3. June 29th: an exploit was leveraged that allowed for minting of 9m xUSD.

It was important for us to understand and investigate the quantity of coins minted. This is impossible to determine in Monero, but the fact that Haven’s xAsset conversions are public gave the team a chance to identify a value. While we can’t know the actual quantity of extra XHV minted with 100% certainty, a summary of our findings so far is detailed below. This is why we’ve determined a reorganization of the chain (i.e. a rollback) is now needed.

Upon recognizing these exploits, the team immediately began its mitigation efforts which included:

  1. Halting deposits and withdrawals of XHV and xUSD on partner exchanges.
  2. Pausing the xAssets conversion mechanism in the Haven Vault.
  3. Expediting fixes and patches to close gaps in the current codebase.
  4. Working closely with centralized exchanges to identify suspicious accounts, freeze relevant assets, and trace any withdrawals.
  5. Investigating and tracing the attacker’s illicit withdrawals of BTC and ETH from CEXes with the help of a leading blockchain investigator.
  6. Contacting law enforcement such as NSCS and NFIB to ensure the attacker’s remaining exchange assets are frozen.
  7. Assessing and finalizing plans for a chain reorganization to “roll back” certain effects of these attacks.

The development team and protocol will be taking the following actions that largely mitigate the impacts of the past week and provide for a stronger future for Haven:

  • Initiating a blockchain rollback which will remove all transactions from a certain point onward, including all known malicious transactions. We will present the options for the exact block to rollback to the community to decide.
  • Implementing a hard fork which will patch and solve all known minting exploits of Haven Protocol.
  • All new protocol code will be made publicly available for review and testing before release to mainnet. Additional technical documentation of the exploits and solutions we’ve developed will be made available for public review.
  • With the help of our friends at Cake Wallet, we are contacting Monero’s code auditors and are engaging them on all future material code implementations.
  • Allocate a substantial portion of the Haven treasury for burning to mitigate the impact of token inflation caused by the unintended minting exploit. Should the community decide this action is necessary, we will post public view keys for these transactions.
  • We will be reopening Haven vaults on a to be determined date, with advance notice to the community. We will request exchanges reopen deposits and withdrawals, and enable vault conversions, after successful rollback of the chain and deployment of the hard fork.
  • Implement an oracle “cool off period” for conversions, after fork, and after exchanges are reopened. This will mitigate some of the impact of the exploit-driven reduced MA, while also not penalizing those who did offshore at lower prices. We expect to re-enable conversions after this cooling off period and when exchange wallets have reopened.
  • We are initiating two separate bounties: Up to 200,000 xUSD for information leading to the recovery of exploited gains. These funds will be paid on a pro-rated basis for every dollar recovered. Up to 100,000 xUSD in bounties across a series of tasks to further test our protocol code and conversions.
  • Hiring up to 4 additional blockchain developers with experience in Monero’s codebase. We are offering 20,000 xUSD bounties for introductions to any developers who ultimately accept a full time offer with Haven and stay committed for at least three months.

As the upcoming hard fork and chain rollback will negate the known xUSD bug, the impact of the XHV minting exploit is as follows based on the best available data from our investigation:

  • Approximately 2.1M XHV were sent to centralized exchanges such as Kucoin and Tradeogre.
  • A significant proportion of the 2.1M XHV have been frozen by those exchanges and we are working with the exchanges to ensure that these funds are permanently out of the attackers control. The total number of tokens sold to the XHV community was approximately 1.1M of which we believe the attackers were able to cash out 2,048 ETH in profits.
  • A substantial amount of BTC, ETH and USDT is frozen in the exchange wallets of these exchange users though we cannot report an exact number while we wait on law enforcement. We are still in the early stages of working with these exchanges to determine a path forward for these assets — whether that is to remain frozen, distributed to the community, or a yet unknown option. We do not expect this to be an immediate process.
  • We believe the attackers withdrew their malicious ETH and BTC to public addresses. In most cases, they subsequently moved those ETH holdings through Tornado Cash, while the BTC holdings have not yet moved from the target withdrawal wallet.

We recognize that many of the mitigation actions taken are reflective of centralized protocols. As outlined in The Path Ahead this past April, our goal has and continues to be to move Haven towards an entirely decentralized future. We continue to believe we are 18–24 months from that state. In the meantime, we elected to make painful decisions at present that we felt protected new and old investors alike, that did not compromise Haven’s ultimate mission, and that would provide the Haven Protocol community the highest degree of confidence in the veracity of their holdings.

Our decision to engage law enforcement was also not taken lightly given the protocol’s privacy focus and we attempted to ensure the safety of the XHV community without it. However, this formal involvement is mandated by our exchange partners in order to permanently freeze the accounts that continue to hold a substantial amount of exploited XHV.

This hack was sophisticated, well planned and aggressive. Nevertheless, we were able to expeditiously mitigate their impact, and follow certain trails of evidence which are being actively investigated. We would like to explicitly state our appreciation to our partner exchanges for their responsiveness in helping to minimize the impact of this exploit. If the attackers would like to return their gains, we would be willing to cease our investigative efforts with law enforcement — and are happy to communicate privately on this issue.

We are deeply apologetic for the pain and anxiety these events have caused so many in our community. We proudly took over development of Haven in early 2019 after the prior development team had obfuscated their progress, obviated their duties, and abandoned the same community they claimed to serve. We remain committed to Haven as one of the most important projects and technologies in the entire crypto ecosystem. In spite of our substantial progress these past 24 months, we recently rushed the testing process to increase the speed of xAsset progress. This decision ultimately had a detrimental effect and we are deeply committed to shoring up our code and keeping your assets safe, private, and stable henceforth.

We will be hosting two future AMAs in Discord for the community to ask questions regarding the exploits, hard fork, and mitigation actions. The first AMA will be this Sunday, July 4, at 17:00 UTC.

Thank you again to our incredible community for their support, patience, and assistance during this challenging week. Without you, there would be no Haven Protocol. We know it has not been easy given the uncertainty of the situation. We are committed to taking every necessary step to protect and strengthen the project in the days, weeks, and months ahead.


The Haven Protocol team

David, Neil, Mattyk, Akil, J-berman, Jonny_U, AHawk, MadLentil and rarecommons

Ecosystem of private stable assets. Based on Monero. The world's first private stablecoin xUSD is now live.