Privacy-centric cryptocurrency Verge (XVG) appears to have succumbed to a 51 percent attack for the second time since the beginning of April.
According to data published on BitcoinTalk by forum user ocminer — operator of altcoin mining pool Suprnova — an attacker appears to have successfully forked the Verge blockchain through a 51 percent attack. To accomplish this, the attacker manipulated a bug in the Verge code that allows malicious miners to set false timestamps on blocks and then rapidly mine new ones in quick succession.
The Verge protocol uses a rotation of five mining algorithms, and an image supplied by ocminer suggests that the attacker gained control of two of them — scrypt and lyra2re — mined them at virtually no difficulty, and used false timestamps to trick the network into accepting them into the main chain.
The attack appears to have been carried out between blocks 2155850 and 2206272, enabling the attacker to abscond with approximately 35 million XVG — worth $1.75 million at the current exchange rate — in just a few hours. The attack had subsided by the time of writing, though there does not appear to be anything that would prevent an attacker from resuming it again in the future.
The response from Verge’s developers, meanwhile, has been less from reassuring. The project acknowledged a mining-related issue in a Monday afternoon tweet but attributed it to a DDoS attack directed at several XVG mining pools. The account has not tweeted since.
The attack appears similar to the one experienced by the Verge network less than two months ago when a malicious miner acquired 20 million XVG, worth more than $1.1 million at the time. Then, as now, Verge developers downplayed the severity of the exploit, drawing criticism from many in the community.
Verge activated an emergency hard fork intended to address the bug, but critics including ocminer argued that the upgrade was merely a “band-aid” and did not eliminate the underlying vulnerability.
The XVG price has declined approximately seven percent over the past 24 hours, which is moderately worse than the market as a whole. XVG currently ranks as the 31st-largest cryptocurrency and has a circulating market cap of about $752 million.
As CCN.com reported, Verge recently inked a high-profile partnership with the owner of the world’s largest adult entertainment sites to enable users to purchase premium content using XVG.
“Well clearly @mindgeek made the right decision and chose a secure, robust cryptocurrency to implement,” concluded Riccardo Spagni, lead maintainer for privacy-centric cryptocurrency Monero, in a Tuesday tweet.
Verge did not immediately respond to a request for comment.
Featured Image from Shutterstock.
Last modified: May 20, 2020 8:46 PM UTC