Several days have passed since the Facebook project Libra was announced and there are already clone codes on GitHub, one example is Libra Classic.
Currently, there is no official code released by Facebook, but there is only a testnet for the demonstration of Libra’s prototype software.
However, there have been some developers who have enjoyed commenting on the official page saying that they have found a vulnerability in the code itself, as stated by a user.
I’ve discovered an alarming vulnerability, but fortunately, there’s a really simple fix so I’ve sent a pull request to address it.
“In the current implementation, trusted ‘validator nodes’ are core to the security model. This means that hard power is centralised around these few entities. The protocol itself depends on these entities to (as the name suggests) validate the protocol. This means the protocol is whatever they decide it is. These entities can change the rules whenever they want. This means they can freeze your coins, take your coins, issue new coins, or really whatever they want – the sky is the limit.
This problem can easily be solved by using a permissionless system where the hard power is decentralised across a very large number of participants in such a way that making changes to the protocol is impossible without near unanimous agreement by everyone involved.
This pull request contains a patch to the existing codebase to resolve this issue.
Edit: related issue: binance-chain/node-binary#36”
Obviously, the discussion has been closed precisely because, besides the lack of a real code, it generates scaremongering and the spread of false news.
Others went further and created completely independent projects without any link to the initial project, as in the case of Libra Classic, which the author defined as a Libra fork.
As can be read on the Github project page, the features of Libra Classic include Nakamoto’s consensus (a set of rules such as mining, deflation, block rules), the ability to do only private transactions, a script for smart contracts on bitcoin, Ripple compatibility, the use of Haskell code and finally the ability for anyone to create and maintain a node.
None of this is true here either, it’s just a joke making fun of Libra.
In recent days also the Calibra website has been the victim of a cloning that promised fake tokens in order to steal ETH and private keys.