Verge Suffers Yet Another 51% Attack
The security and privacy-focused crypto coin Verge has suffered yet another 51% attack, which has led to the price of XVG dropping by 15% in just 24 hours. It was just a month ago when ‘ocminer’ on Bitcointalk, announced that Verge was suffering a 51% attack because of a bug in the code. This bug made it possible for attackers to spoof timestamps that made it possible for hackers to use the mining algorithm to make blocks.
How Verge Works
In normal circumstances, the Verge blockchain will force miners to use a different algorithm for every block. This is in an attempt to prevent any mining pool from having control of the majority of the hashing power. By leveraging on various exploit is the code, the attacker successfully mined multiple blocks in one-second intervals. To do this, the hacker only utilized the Scrypt hashing algorithm for three hours.
Verge responded by patching the code using an emergency commit to the repo. Later on, they initiated a hard fork, which invalidated the recent snapshot. This led to a widespread failure in new wallets to synchronize as they built the chain from scratch.
The New Attack Vector is Quite Similar
The recent attack on XVG seems quite similar to the one that took place a month ago. Yet again ‘ocminer’ announced this attack. The new attack was able to replicate the timewarp attack across two mining algorithms. On Bitcointalk ‘ocminer’ revealed that “Since nothing really was done about the previous attacks (only a band-aid), the attackers now simply use two algos to fork the chain for their own use and are gaining millions.”
What is not known is whether the perpetrator of this new attack is the same as the previous one. However, what is known is that 35 million XVG coins were minted using the Scrypt and lyra2e algorithms ahead of time. This caused the mining difficulty to fall, this leading to a steep drop in prices.
Verge Remain Tight-Lipped
The official twitter account for Verge claimed the recent attack was due to a DDOS attack on the mining pools.
it appears some mining pools are under ddos attack, and we are experiencing a delay in our blocks, we are working to resolve this.
— vergecurrency (@vergecurrency) May 22, 2018
However, without any documentation, this story is incomplete at best. The tweet claimed that Verge would implement more redundancy measures to check such things in future.
With this being the second attack in the second month, many in the crypto community have voiced concerns about how secure the network is on Twitter and Reddit:
DDOS attack on #Verge? You spelled mining exploit wrong. It’s the same attack as last time, slightly modified. Your Devs didn’t listen or correct the problem from last go around.
— bluethundr (@bluethundr) May 22, 2018
So does a ddos attack generates 35.000.000 XVG in a few hours ? you get hacked via the same method twice, in less than what , 2 months ? is this the security of XVG, is this the best you can do ? Not even a joke
— Heretus Barranar (@Heretus) May 23, 2018
While the first attack was overshadowed by the announcement that Verge would collaborate with Pornhub, this latest one has cast doubt on the abilities of the lead developers. Pornhub, which is the biggest adult content streaming platform on earth, helped to quell fears about the future of Verge.
Crypto continues to be a target for hackers and malicious groups. As the market develops, experimental projects will need to ensure their developers are cautious. This will ensure that users are safe and that the trust in blockchain technology remains firm.