It appears Verge has suffered another hack, barely one month after the previous attack. According to reports filtering in on online crypto forums, the attackers seem to be using pretty much the same tactics at the last time.
Hacker Used Modified Version of the Previous Attack Vector
According to Bitcointalk user “Ocminer,” the attacker used a modified version of last month’s attack vector to spoof the blockchain. Instead of one algorithm, the hacker used two algorithms to fork the main Verge chain, claiming all the block rewards and earning millions of XVG tokens in the process. Ocminer pointed out the exploit when it was used by hackers last month.
As seen in the image above, both the scrypt and lyra2re algorithms were set to the same infinitesimal difficulty level. Each one was used interchangeably to manipulate transaction blocks time-stamps, enabling the hacker to essentially “manufacture” 25 blocks per minute which amount to 18,250 XVG ($950) per minute. According to Reddit user u/Flenst, the attack appears to be over. The third edit on Flenst’s post reads:
It seems the attack is over, 35.000.000 XVG were generated in a few hours. But this also means there is still no fix, and this is possible at any time again. Meanwhile, the only official info out there is ‘mining pools are DDoS’d’.
At the current XVG price, the hacker has carted away about $1.8 million.
Verge Appears to Have no Answers to its 51% Hacking Problem
With today’s hack coming firmly on the heels on the previous hack, the question remains, “is Verge secure?” When Ocminer alerted the crypto community to last month’s hack, the Verge development initially tried to dismiss the claims. They later put up a statement on Twitter acknowledging the hack but called it a “small hash attack.” As at the time of writing this article, the only response from Verge is a tweet saying that some mining pools are under DDoS attack.
it appears some mining pools are under ddos attack, and we are experiencing a delay in our blocks, we are working to resolve this.
— vergecurrency (@vergecurrency) May 22, 2018
The prevailing narrative at the moment is that Verge didn’t solve the problems with its network. The fact that hackers can use essentially the same exploit protocols to initiate a 51% attack is cause for worry for many XVG enthusiasts.
What are your thoughts on the vulnerability of the Verge network to 51% attack? Let us know your thoughts in the comment section below.
Images courtesy of Bitcointalk/Ocminer, Verge