I will formulate the attack: The "Second Pirate Savings and Trust" attack on Proof-of-Stake
1. The attacker creates the "Second Pirate Savings and Trust" modelled after the "First Pirate Savings and Trust" later called "Bitcoin Savings and Trust"
https://bitcointalksearch.org/topic/m.605957. This is done in a falling market.
2. The "trust" offers a very attractive rate of interest payable in the POS coin. This rate is significantly higher than the stake rate
3. The "trust" allows investors to leave the interest in the "trust" and roll over the investment.
4. The "trust specifically disclaims that it is a HYIP / Ponzi scam
https://bitcointalksearch.org/topic/m.6059815. The attacker sells a portion of the borrowed POS coin say 50% for XBT, another POW alt-coin, one or more fiat currencies etc. This will becomes the attackers profit at the end. This will also depress the price by short selling creating the "bear raid"
6. A portion of the received POS coins is used to repay interest to those investors that do not reinvest their interest. This is the "ponzi" component; however see below.
7. The rest of the borrowed POS coin is kept by the attacker, accumulated and staked.
At this point this is no different from any bear raid on a stock, fiat currency POW currency etc. If the market exchange rate falls faster than 2x the interest rate less the stake rate then in the 50% example above, the attacker is actually in the black and there is no ponzi. In the normal bear raid the attacker, if the attacker can depress the price enough and cover the short, can actually walk away with a profit. The problem with the simple bear raid is that in covering the short the exchange rate can rise sharply. This converts the bear raid into a ponzi and the scheme collapses in a rising market.
This is what happened to "First Pirate Savings and Trust". It collapsed during a rise in the Bitcoin price. It is at this point where the specific to Proof-of-Stake part of the attack comes into play.
8. The attacker continues the ponzi until he has accumulated enough stake to launch a network attack.
9. The attacker is also accumulating a greater debt in the POS coin and can even continue selling 50% of the borrowed coin to increase his profit.
10. The attacker launches the attack on the coin causing its value to fall to zero. This wipes out the attacker's stake, but more importantly also wipes out the attacker's debt. The specifics of the attack will of course depend on the particular POS coin.
11. The attacker is left with is profit in some other currency, a worthless amount of the POS coin and a debt denominated in the now worthless POS currency.
Countermeasure:
The only known countermeasure is the intervention of the state.
http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370539730583#.VLncGTVVIWw.
The challenge here is to devise a countermeasure to this attack that does not involve the involvement of the state or some other centralized authority for example a corporation.
Edit: The network attack can be any attack on a POS coin that requires the attacker to have stake.
