Firo has been able to reactivate their protocol, after a block that took place in February. Project steward Reuben Yap said, “in February, an unknown attacker utilized Firo’s Letlantus privacy protocol to forge fake proofs in an attempt to generate new coins, which led to abnormalities in the system. The Firo team swiftly noticed this and used the emergency switch functionality to temporarily disable Lelantus until the situation could be resolved.”
Lelantus was tested before it was released, but nevertheless the hacker was able to forge spends. In fact, the hacker constructed the first proof of development, and then made another proof halfway through. After this second attempt, the first proof was edited, to ensure that it would pass security measures.
This kind of ‘double spending’ can cause the hacker to copy funds. Dr. Aaron Feickert, a researcher for Monero, said, “If the audience sees you shuffle the desk first, it’s easier to think you did something wild and magical. This attack is like being allowed to examine the deck and order it in front of the audience. The trick doesn’t seem so magical anymore.”
Firo brought on Feickert to analyze any suspicious activity, and fix holes in the system. He also helped develop their existing protocol, so that it could get back on its feet stronger than ever. Now, transactions have to be selected explicitly for full transparency.