Verge, a ”privacy coin” famed for the zealotry of its community, has fallen prey to a 51% attack. A malevolent miner gained majority control of the network hashrate, a feat that makes it possible for the controlling entity to modify transactions, calling the integrity of the entire blockchain into question. Around 250,000 verge were stolen by the attacker, forcing the project team to prepare a hard fork.
Also read: “I don’t want this” says Mt Gox CEO Mark Karpeles in Surprise ‘Ask-Me-Anything’
Accident-Prone Altcoin Has Another Bad Day
On Wednesday April 4, “ocminer”, a regular poster on the Bitcointalk forum, announced that verge (XVG) was experiencing a 51% attack. A bug in the altcoin’s code enabled the attacker to spoof timestamps and cause each new block to be produced using the same algorithm. Usually, a different algorithm must be used for each block to prevent any single miner or pool of miners from controlling the XVG hashrate. The verge community aren’t known for their tolerance of negative stories, and soon they’d piled into the Bitcointalk thread to dismiss the “fake news and FUD”. One fanboy mused:
The timing of this attack seems highly suspicious. Is it possible this was not an individual but an anti-crypto governmental organization that fears the huge deal that Verge is making? Way too much of a coincidence here. I’ve said for months that all it takes is one huge (legit) deal with an Amazon/Paypal class company and the market will quadruple overnight.
Using a number of exploits in the XVG code, the attacker was able to mine multiple blocks one second apart, all performed using the scrypt algorithm, a feat which ought to have been impossible. The attack relented after three hours, but by that time the attacker had confirmed hundreds of blocks, making a rollback of the blockchain necessary to undo the damage. Lead verge developer Justin posted an emergency commit to temporarily fix the problem and was successful – but only at the second attempt. A hard fork will now be initiated to remedy the matter once and for all.
Verge’s problems may only just be beginning though. The attacker taunted the team in a forum post, writing “Hey Verge Team, get some real developers and fix your code.
We have found another 2 exploits which can make quick hashes as well.” To compound the misery, at least one verge holder was then fooled by a Twitter scam, explaining:
I visited some hours ago the official Verge Twitter profile to read the news about the hash hack. While reading the tweet i noticed several messages offering a compensation for the attack by Verge. Send x Eth and you get some bonus back. Sounded legit to me as it was affilated to the hash attack and i suffered from it as well having had some hours only orphaned blocks on all my baikals, hence i fall victim to
