Privacy-centric cryptocurrency Verge (XVG) has adopted an emergency hard fork to address a bug that allowed a malicious miner to exploit the network’s mining algorithm for a seven-figure payday. The attack appears to have first been discovered by BitcoinTalk user ocminer -- the operator of…
Privacy-centric cryptocurrency Verge (XVG) has adopted an emergency hard fork to address a bug that allowed a malicious miner to exploit the network’s mining algorithm for a seven-figure payday.
The attack appears to have first been discovered by BitcoinTalk user ocminer — the operator of altcoin mining pool Suprnova — who posted a thread on the forum alleging that an attacker was exploiting a bug in the Verge code that allowed miners to set false timestamps on blocks, tricking the network into adding them to the main chain.
According to ocminer, the attack persisted for more than 13 hours on Wednesday before being resumed again on Thursday. The attacker appears to have made off with more than 20 million XVG, worth more than $1.1 million at the present exchange rate. Verge’s developers, meanwhile, claim that it only lasted three hours.
The response of Dogedarkdev — Verge’s lead developer — raised eyebrows, as the pseudonymous developer made a series of statements that attempted to downplay the severity of the situation.
“we’re kinda glad this happened and that it wasn’t as bad as it could have been,” Dogedarkdev said on BitcoinTalk.
“i love seeing so many people who aren’t even involved in verge talking about it though ;],” the developer wrote elsewhere in the thread, adding that the amount of funds stolen was “insignificant” compared to the amount of Ether that has been stolen this year.
The developers released what they termed a “quick fix” for the bug, though the update was actually a hard fork. Even so, ocminer claims that the fork will not fix the problem.
“The background is that the ‘fix’ promoted by the devs simply won’t fix the problem. It will just make the timeframe smaller in which the blocks can be mined / spoofed and the attack will still work, just be a bit slower,” ocminer wrote, adding that Suprnova will no longer allow its users to mine XVG.
Meanwhile, the Verge price has declined by approximately 25 percent over the past two days in response to the attack. XVG currently ranks as the 22nd-largest cryptocurrency, with a circulating market cap of $810 million.
Last modified: May 20, 2020 8:53 PM UTC