The privacy and security-focused coin Verge has been subject to yet another 51% attack, seeing a price of XVG drop 15% over the past 24 hours.
Last month, a Bitcointalk forum user ‘ocminer’ announced Verge was experiencing a similar 51% attack due to a bug in its code which enabled attackers to spoof timestamps enabling the hacker to repeatedly use the same mining algorithm to mint blocks.
Under regular circumstances, Verge forces miners to use different algorithms for each block in an attempt to prevent any single mining pool from controlling the majority of the hashing power.
By leveraging a series of exploits within the XVG code, the attacker was able to mine multiple blocks at one-second intervals using only the Scrypt hashing algorithm for three hours.
The Verge team responded by patching the code with an emergency commit to the repo and later initiating a hard fork, which according to ‘ocminer’ invalidated the most recent snapshot causing new wallets to fail to synchronize when building from the chain from scratch.
Recent Attack Vector Seems Eerily Familiar
The most recent attack was announced yet again by ‘ocminer,’ by leveraging a similar attack vector as the previous the malicious party was able to repeat the timewarp attack across two of the coins mining algorithms. In a post on Bitcointalk he revealed:
“Since nothing really was done about the previous attacks (only a band-aid), the attackers now simply use two algos to fork the chain for their own use and are gaining millions.”
While it is unclear whether or not the perpetrators of the attack are the same as the last, what is clear is that currently 35 million XVG coins have been minted on the Scrypt and lyra2re algorithms ahead of schedule, causing mining difficulty to plummet and the currencies price to decline steeply.
Verge’s Official Statement Remains Tight-Lipped
The Verge official Twitter account has attributed the most recent hack to a “DDOS” attack on official mining pools. However, in light of teams track record and lack any supporting documentation, such a story is incomplete at best.
We had a small hash attack that lasted about 3 hours earlier this morning, it's been cleared up now. We will be implementing even more redundancy checks for things of this nature in the future! $XVG #vergefam
— vergecurrency (@vergecurrency) April 4, 2018
With this most recent attack being the second in as many months, many in the wider crypto cryptocurrency community have voiced their concerns about the security of the network, drawing criticism from Litecoin’s own Charlie Lee:
Verge mining is being exploited again. Someone has 51% attacked and taken over the Verge network again. PornHub transactions are being reversed! 😂
Using 5 mining algorithms actually made it much worse. This is a great blog explaining what's happening: https://t.co/euf76UdDHN
— Charlie Lee [LTC⚡] (@SatoshiLite) May 22, 2018
While the first attack was quickly overshadowed by Verge’s announcement of their partnership with Pornhub, the worlds largest adult streaming platform, the most recent debacle has left many questioning the credentials of teams lead developers.
Cryptocurrency continues to present itself as a target for hackers and malicious parties. As the market continues to develop, experimental platforms will need to ensure developers continue to err on the side of caution to ensure the safety of the users and the integrity of the blockchain.
For more information on Verge, including technical information and price, see our Verge coin profile.
Cover Photo by Luther Bottrill on Unsplash