Over the last week, several events have indicated that the Proof-of-Stake based value transfer protocol Ripple is facing serious problems.
A post on the Ripple forums by a security researcher stated that Ripple Labs (the centralized organization that maintains the Ripple protocol) had ignored a bug report the researcher submitted back in May. The security researcher posted the bug report on the public Ripple forum last week.
In the security report, the researcher described an attack where it is possible to "mine" transaction ids which provide information that can be used to exploit the state of the Ripple ledger for financial gain. It is similar to the tactic of front running, in that an attacker can see trades on Ripple's exchange and make their own trades based off that information before the trade "confirms" on the ledger.
The researcher on the Ripple bug, Donovan Hide, claims to have been a security contractor for Ripple Labs at some point in the past. He posted on Github the updated code to fix the issue, but Ripple Labs has done nothing.
Just days after the security report, the Ripple forum announced that it was shutting down. The operator of the site stated that he didn't have the time to run the site.
Back in May Ripple Labs was fined $700k by FinCEN for violations of the Bank Secrecy Act. Ripple has received criticism in the past for being a centralized protocol when claiming to be decentralized.
While the open source Ripple protocol is publicly available, the company Ripple Labs primarily develops and maintains Ripple.