A crypto user stumbled upon a bug in a smart contract within the Stacks (STX) network, which allowed him to gain an unusually high amount of rewards, approximately $453,105, in the form of Bitcoin (BTC) over just two weeks.

Stacks is a layer-2 solution that brings smart contract functionality to Bitcoin. It uses a consensus mechanism called Proof-of-Transfer (PoX), in which ‘Stacking’ rewards STX token holders with Bitcoin for providing consensus to the network by locking up their tokens for a certain time.

The bug occurred after an upgrade to the PoX smart contract, introducing a new function that allowed users to increase the amount of STX locked. This function had a flaw that caused the user’s STX backing their PoX address to be miscalculated, resulting in the user receiving a significantly higher amount of BTC rewards than intended.

PoX is an extension to Proof-of-burn models where miners compete by ‘burning’ (destroying) a proof-of-work cryptocurrency from an established blockchain as a proxy for computing resources. Unlike proof-of-burn, however, rather than burning the cryptocurrency, miners transfer the committed cryptocurrency to other participants in the network who are ‘Stacking’.

The Bitcoin transferred by miners is then used to provide Stacking rewards, paid in BTC to token holders for helping to ensure a stable network. ‘Stackers’ do this by locking up their tokens for a certain time and signaling the canonical chain tip.

What happened?

9 days later on April 28, 2023, the Stacks team released an update which approved two forks. The first fork would reset the PoX network state and disable Stacking temporarily while a further fix is developed. The second fork would introduce the new PoX (pox-3) contract, fixing the function causing the issue and reenabling PoX/Stacking.

How it Happened

On March 19 2023, the Stacks network upgraded to Stacks 2.1, which included changes to the PoX smart contract that handles Stacking, transitioning from PoX-1 to PoX-2.

Unfortunately, the new PoX-2 contract also introduced a bug, enabling one address to earn more BTC rewards than its allocated share of Stacking rewards associated with its reward slots. This amounted to approximately 50% of the total rewards of the entire network in that cycle. A stacking cycle is 2,100 Bitcoin blocks long, which is equivalent to approximately two weeks.

The address impacted by this bug had 2 reward slots out of a total 4000 reward slots, which should have yielded approximately 0.000038 BTC during that period. However, it yielded 15.475669 BTC (US $453,105) instead.

This bug stemmed from a newly-introduced function that allows a user to increase the amount of STX locked while the account already has locked STX. The new ‘stack-increase’ function invokes an internal function ‘increase-reward-cycle-entry’ to update the PoX contract’s data space to record the increase.

The bug caused any user who increased their total STX locked, to erroneously set the amount of STX backing their PoX address to match the current total number of STX locked by all users in that cycle, rather than the sum of their current locked STX amount and the additional amount they added.

The QLUE^TM graphs above indicate when the bug first happened, displaying how the user’s BTC holdings increased exponentially over the course of 2 weeks.

Closing Remarks

Bugs in consensus mechanisms can have drastic effects on any blockchain.

The Stacks (STX) token lost approximately a quarter of its value in the two weeks following the discovery of this bug.

This bug, if it had not been noticed and fixed promptly, and if it had been triggered enough times, it could have made the network experience a catastrophic failure, and crash entirely.

Similar issues exist in the crypto space, hence emphasizing the need for compliance, risk management as well as consumer protection.

Blockchain Intelligence Group builds technology to power compliance and intelligence for the blockchain-centric future. The company is trusted globally by banks, crypto companies, law enforcement, fintechs, regtechs and governments.

It offers a variety of tools for investigating criminal activity, transaction monitoring, risk management and due diligence for cryptocurrency and digital assets.

Blockchain Intelligence Group offers a compliance ecosystem to support your business: Address Watch, Block Explorer, Enhanced Due Diligence Reports, Case Management, Extended View which includes Exposure, Balance Over Time, Activity and more.

BitRank Verified® monitors and flags suspicious cryptocurrency transactions. Stay compliant. Get real-time transaction scoring. Clear low-risk transactions and flag high-risk ones. Quickly analyze transactions and addresses with easy-to-understand risk ratings that includes detailed flagging such as mixing, child exploitation, terrorism financing, sanctions, and more. Automate filing SARs and ExDD reports.

For more information, contact: info@blockchaingroup.io

The Spanish Civil Guard has recently dismantled a criminal organization that allegedly scammed people worldwide of more than 100 million euros (US $110.5m) through investments in fake cryptocurrencies. The criminal group is believed to have defrauded more than 3,000 people across the globe.

The investigation began after receiving a complaint from a citizen in Álava, Spain, who claimed to have been a victim of a scam involving cryptocurrency investments. The Civil Guard traced the money transfers, ultimately identifying the recipient as a company based in Palma de Mallorca.

The organization lured potential clients through various marketing strategies, such as advertisements on well-known websites, phone calls, newspaper ads and text messages. The scammers promised high returns with minimal risks, and once they convinced their victims, they entered into contracts to invest in non-existent cryptocurrencies, typically ranging between 250 and 1,000 euros (between 270 and 1100 US dollars).

In financial crime, this scheme of fraud is labeled as investment scam.

How Does a Crypto Investment Scam Work?

A fraudulent investment scam in crypto is a type of financial fraud that specifically targets investors interested in cryptocurrencies. These scams are designed to deceive investors by making false or exaggerated claims about the potential returns on investments in cryptocurrencies.

To appear legitimate and gain the trust of their victims, the criminal organization had launched a website where victims could supposedly check the profits of their investments. The website was filled with falsified charts created specifically for this purpose.

Investors received constant calls from fake brokers informing them of the “huge profits” they were making and encouraging them to continue investing. When victims attempted to recover their investments, the phony brokers demanded more money for the withdrawal of funds, citing reasons such as tax payments or annual balance closures.

The operation was carried out by cybercrime specialists from the Civil Guard of the Basque Country, Balearic Islands, and the Technical Unit of Judicial Police in Madrid. 

How to Protect Yourself?

These types of scams can be difficult to detect because they often use sophisticated tactics to appear legitimate. However, there are some red flags that you can watch out for, such as:

• Unsolicited messages or emails that promise high returns with little or no risk
• Requests for payment to withdraw profits, in the form of cryptocurrency or wire transfer.
• Lack of information or transparency about the company, its founders or its investment strategy
• Pressure to invest quickly, without giving you enough time to do your own research or ask questions

Don’t give away your personal details to promises of fortune and felicity. The end goal of most scams is to retrieve a portion of your personal details, which may lead to the leaking of secret keys and the loss of digital assets.

Additionally, as the Civil Guard recommends, do not accept unsolicited investment offers and research the reputation and opinions of websites and projects before investing. In Spain, The official state and European regulators periodically publish lists of websites operating with irregularities and posing risks.

As cryptocurrencies become more prevalent, law enforcement agencies worldwide find themselves more engaged in financial crime cases involving cryptocurrencies and digital assets. Investigators play a crucial role in protecting victims and the integrity of the financial system and must continue to adapt and improve their investigative and analytical capabilities. 

Our blockchain analytics solutions are easy-to-use and assist law enforcement agencies in tracking suspicious transactions on the blockchain and allow them to quickly take action against criminals. By leveraging the power these cutting-edge tools, law enforcement can better protect investors and combat financial crimes involving cryptocurrencies. Learn more and start investigating crypto crime cases today with QLUE^TM.

A recent survey by First AML proves that the dark underbelly of money laundering has expanded into the realm of cryptocurrencies. It reveals the mounting concerns among compliance professionals in the United Kingdom, with 70% expressing apprehension about the escalating risks of money laundering facilitated by cryptocurrency transactions. 

The study found that 41% of organizations have encountered money laundering incidents tied to cryptocurrencies. Additionally, over half of the respondents believe that current measures only partially address the problem. 

At Blockchain Intelligence Group, we are aware of the magnitude of this risk. We make easy-to-use cutting-edge blockchain analytics solutions for financial institutions and law enforcement agencies. We’re committed to combating cryptocurrency-related money laundering and other types of financial crime, by offering simple and effective technology solutions. 

Regulators and governments acknowledge crypto’s risks with its widespread adoption. They are taking various measures to combat money laundering through crypto transactions in crypto firms and banks. Governments have introduced Anti-Money Laundering (AML) regulations that require businesses and banks to verify their customers’ identities and assess the risk of money laundering. 

Nevertheless, Know Your Customer (KYC) requirements have also been put in place to ensure that businesses and banks have adequate information about their customers. In turn, banks and businesses must report suspicious activities to the authorities, perform enhanced due diligence on high-risk customers and comply with financial sanctions. 

As regulators take enforcement action against non-compliant entities, it has become evident that businesses can no longer afford to treat AML compliance as an afterthought. Even then, a staggering 78% of polled business executives acknowledge that their company’s AML compliance could be improved. With 51% of companies having faced fines or penalties due to non-compliance and 85% of them reporting adverse effects on their operations.

The survey found that 27% of respondents face difficulty identifying and tracking suspicious entities. As criminals become more adept at using digital currencies to launder money, businesses and regulators must invest in advanced technologies to pinpoint and monitor suspicious activities. This is where blockchain analytics solutions step in to bridge the gap in combating cryptocurrency-enabled money laundering.

The growing threat of crypto-enabled money laundering demands a multi-faceted approach from businesses, compliance professionals, and regulatory bodies. It is time to prioritize and invest in robust AML processes and technologies, as well as establish clear regulatory guidance to safeguard our financial systems from the evolving FinCrime schemes.

Our Solutions

We recognize the importance of staying ahead of evolving money laundering tactics and are committed to equipping our clients with the necessary tools and knowledge to safeguard their financial systems. Our company provides cutting-edge blockchain analytics solutions and certified crypto investigation training to help financial institutions and law enforcement officers address these challenges effectively.

Our solutions offer an effective way to monitor and analyze digital currency transactions in real time. By leveraging advanced techniques such as advanced graphing and crypto transaction monitoring, our solutions can identify patterns, detect anomalies, and uncover hidden connections in blockchain data, enabling businesses and regulators to pinpoint and act upon suspicious activities promptly.

Certified Training for Compliance and Investigation

We offer government-certified training programs tailored to meet the needs of compliance professionals, financial institutions, and law enforcement investigators. Our courses cover essential topics such as digital currency fundamentals, blockchain analysis techniques and best practices for investigation and reporting.

Our training programs help law enforcement officers better understand the intricacies of cryptocurrency transactions and develop the skills necessary to investigate and prosecute criminals in the age of crypto.

Learn how you can be one step ahead of the bad actors at our website.