Lelantus disabled temporarily

As you may have noticed, we have temporarily disabled Lelantus via our emergency switch after we observed irregular behavior in Lelantus and several suspicious transactions.

Our core team is working with several parties, including engineers from Trail of Bits (who audited our Lelantus cryptographic library), Sarang Noether (cryptographer) and a black hat to identify the issue. We have made significant progress in narrowing down the cause and are working on a proof-of-concept code to verify that what we’ve found is the core issue before resuming Lelantus functionality. Our team is also determining a plan to restore Lelantus functionality with minimum impact.

While we have taken practical precautions including audits and review, developing cutting edge privacy tech comes with risks. The safeguards we put in place in recognition of this has mitigated damage as the technology matures and becomes battle-tested.

We will post updates as we have them, and thank you for your patience.

16 Likes

While this is not great news, I remind myself here that we are dealing with serious cutting edge technology for privacy. This is the space of innovation that no one has ever done before and that tends to be complex.

I’m relieved that if there is an exploit it was identified (and fixed if there is one) so soon after Lelantus launch. The foresight of the team and community for the spork functionality on Lelantus to mitigate any exploit in cases like this continues to prove to have been the right call. Thank you for guarding and protecting Firo and the community by taking the time to stop Lelantus and analyze and fix anything suspicious you find. 100% trust you guys, and really hope that there’s a nice long boring break after this.

This will make Firo more secure in the long run and as a Firo technology advocate, I’m looking forward to hearing more about what was learned.

-K

12 Likes

Yes we do think that the current attack is quite sophisticated but through the process we also found other ways to beef up our security.

7 Likes

The hacker is our teacher.

6 Likes

Being on the bleeding edge has it’s pros and cons. Lelantus is a foundational protocol that paved the way for new tech, like Monero’s Triptych and Arcturus (not yet deployed). Trailblazing in this way will lead to some unexpected roughage that other projects “don’t have to deal with”. But they don’t have to deal with it because they’re playing it safe.

Nothing ventured, nothing gained. I’m excited to see the Firo continuously push the boundaries, and experiment with what is possible with privacy on a distributed ledger, even if there are some hiccups along the way.

For those of you in the current community that are living through the present frustrations, remember: when everyone across the space comes to appreciate what Firo has done for privacy, you’ll get to say you were here all along.

9 Likes

Someone, or a group, or several groups have really got it in for Firo! While this is very annoying for the core team and wider community it is clearly a sign that the project has given others serious reasons for concern, or otherwise said, there is something of real value being developed here. It is the proud nail which gets beaten down, clearly Firo has something that its competitors in the privacy space don’t.

Who could these aggressors be? A childish millionaire with a vengeful streak unhappy about losing a speculative bet on Firo? A group of spooks whose worried paymaster fears the subversive impact of digital cash on the fiat system? A lone genius black hat who likes an intellectual challenge? A rival privacy coin who stands to lose when Firo succeeds? We could imagine any or all of these actors to be in the game but as we are talking about the sphere of internet privacy it is unlikely that any of them will ever reveal themselves. One thing becoming more clear is that those who wish Firo harm have got deep pockets . . . The team and the community should be proud of such attention, and wear it as a badge of honor. We should also be grateful to our opponents, after all, what does not kill a project makes it stronger.

9 Likes

Are you able to go into more detail about what was happening?

4 Likes

加油,firo肥肉的团队们 :fist: :fist: :fist: :fist: :fist:

4 Likes

Have your back ! When we usually do reseach, it is definitely normal to find some bugs, that’s why we need the audits. Hope to get over this !

5 Likes

Not at this time :slight_smile: But luckily it doesn’t appear to be a protocol issue but a subtle implementation detail. I’m glad this was caught early in Lelantus’ life cycle.

Thus far, it appears that the fix can be implemented relatively easily but we are being extra careful.

Trail of Bits has also graciously agreed to an additional audit on the week of March 8th to ensure the protocol is secure to be reactivated.

13 Likes

That is so cool, thanks to the Firo team, Trail of Bits, and everybody involved in this, our $FIRO are #SAFU :hamburger:

6 Likes

What doesn’t kill you, makes you stronger!

9 Likes

生而伟大 firo 一一切的成功都源于一个梦想和不断的坚持.

5 Likes

Glad it was caught it time! Great work guys.

6 Likes

Great job team, what does not kill FIRO makes it stronger :wink:

5 Likes

Firo的Lelantus协议什么时候才会稳定到不会被黑客来捣蛋阿,鲁本

1 Like

I think after this round I’ll be quite confident especially after the second round of audits and the feedback of Sarang.

5 Likes

那将是一件很酷的事情,很荣幸我们能在一辆车高速列车上!

1 Like

Who is Sarang? 这个人是谁呢?

1 Like

Dr. Sarang Noether is a cryptographer and researcher who has a done a lot of work for Monero Research Lab and has also provided assistance with improving Lelantus. He’s also the main researcher behind Triptych.

9 Likes