Verge (XVG) Suffered a Massive Hacker Attack
The known by its community “Privacy Coin”, Verge (XVG), has suffered from a major 51% attack. It was an attack by a malevolent miner that gained a great part of the control of the Verge network hashrate. This feature makes it possible for the controlling entity to modify transactions, which obviously calls the integrity of the entire blockchain into question. Some rumors talked about more than 3 million verge coins stolen, but for now the real numbers point out that it was around 250,000 coins stolen by the attacker, even so, the project team will be forced to prepare a hard fork.
This attack worked because there was a bug in Verge’s code that enabled the attacker to spoof timestamps and by doing this he could cause each new block to be produced using the same algorithm. In normal circumstances, a different algorithm must be used for each new block to prevent any miner or pool of miners from controlling the XVG hashrate.
Here is an ocminer that, on Wednesday April 4, announced and detailed this attack.
The attacker while being able to control the XVG hashrate, was able to mine multiple blocks one second apart, all performed using a single algorithm, something that obviously should be impossible to do.
This attack was able to go on for about 3 hours, this damage called for a rollback on the blockchain in order to undo the damage. The lead developer from verge, Justin, posted an emergency commit to fix the problem, temporarily (of course) that was successful- even so only on the second attempt.
By this chain of events a Hard Fork is now a real must in order to solve this problem once and for all.
We hope this fork comes soon and is successful, in order for us not to hear about this hacking news around Blockchain, but Verge will need to know what its doing since they already have more treats online.
On a blog post, the supposed attacker wrote “Hey Verge Team, get some real developers and fix your code. We have found another 2 exploits which can make quick hashes as well”.”
For now, at least one verge holder already was fooled by a Twitter scam, and he wrote:
“I visited some hours ago the official Verge Twitter profile to read the news about the hash hack. While reading the tweet I noticed several messages offering a compensation for the attack by Verge. Send x ETH and you get some bonus back. Sounded legit to me as it was affiliated to the hash attack and I suffered from it as well having some hours only orphaned blocks on all my baikals, hence I fall victim to this damn scam on the official twitter page.”
Verge tried to hide, and then tried to make the attack a smaller deal than it was
In the following tweet, we read verge team calling this event a “small hash attack”.
We had a small hash attack that lasted about 3 hours earlier this morning, it's been cleared up now. We will be implementing even more redundancy checks for things of this nature in the future! $XVG #vergefam
— VergeCurrency $XVG | XVGETH (@vergecurrency) April 4, 2018
Something like this should never be seen as small, since we are talking about blockchain technology. This technology is supposed to be the safest we can find and an hack attack to it, can be a called a wide variety of adjectives, but small is never one of the options.
The Verge team did not stop to try and bury this deal on this point.
Later on, on a Bitcointalk forum we see a team member writing “we are kinda glad this happened and that it wasn’t as bad as it could have been.”
One forum member even wrote something that I personally agree but at the same time see as something only big corporations try to do and I feel it should never be in the values of a great cryptocurrency: “Based on what I see from the dev postings here it’s apparent that if ocminer had never brought this to everyone’s attention, the XVG team would never admitted to or disclosed what happened. Trying to downplay and being flippant about the severity here is just pissing on the XVG faithful.”
It is a sad truth to find.
A 51% attack is really rare to find
For someone to be able to control the majority of bitcoin’s hashrate, an attacker would need more than 14 exahashes of power, something that would be impossible.
But, Altcoins have a much lower hashrate, but even so it is very unusual to witness. The thing is, there was already another report on a Proof of Work (POW) coin, electroneum, so now what is believed is that this kind of attack is “easier” to do on this type of coin is easier to do.
Verge Partnership and Update
Verge promised a major partnership to be announced on the 16th of this month, and this was a cryptocurrency that was starting to go on a runner up, on their price value.
Sadly, when such bad news appeared they fell 16% in the last 24 hours. Let’s hope the hard fork will not be needed, and even if it comes it won’t be so big that this partnership has to be cancelled, because I believe that right now it is the only thing able to save Verge from collapsing.
Of course this event only affects Verge’s community directly, but at the same time I see it as a really bad image for all blockchain community, because now people that are not inside this world, the ones that only say it is “not trustworthy” will be able to use this as a major argument against every coin, when in fact this is something that we will never see in other type of cryptocurrencies.