Privacy Coin Verge Succumbs to 51% Attack [Again]

double spend attack
Advertisement

Privacy-centric cryptocurrency Verge (XVG) appears to have succumbed to a 51 percent attack for the second time since the beginning of April.

According to data published on BitcoinTalk by forum user ocminer — operator of altcoin mining pool Suprnova — an attacker appears to have successfully forked the Verge blockchain through a 51 percent attack. To accomplish this, the attacker manipulated a bug in the Verge code that allows malicious miners to set false timestamps on blocks and then rapidly mine new ones in quick succession.

The Verge protocol uses a rotation of five mining algorithms, and an image supplied by ocminer suggests that the attacker gained control of two of them — scrypt and lyra2re — mined them at virtually no difficulty, and used false timestamps to trick the network into accepting them into the main chain.

verge
Source: ocminer/BitcoinTalk

The attack appears to have been carried out between blocks 2155850 and 2206272, enabling the attacker to abscond with approximately 35 million XVG — worth $1.75 million at the current exchange rate — in just a few hours. The attack had subsided by the time of writing, though there does not appear to be anything that would prevent an attacker from resuming it again in the future.

verge
The attacker managed to gain control of two XVG algorithms and mine them at almost no difficulty. | Source: verge-blockchain.info

The response from Verge’s developers, meanwhile, has been less from reassuring. The project acknowledged a mining-related issue in a Monday afternoon tweet but attributed it to a DDoS attack directed at several XVG mining pools. The account has not tweeted since.

The attack appears similar to the one experienced by the Verge network less than two months ago when a malicious miner acquired 20 million XVG, worth more than $1.1 million at the time. Then, as now, Verge developers downplayed the severity of the exploit, drawing criticism from many in the community.

Verge activated an emergency hard fork intended to address the bug, but critics including ocminer argued that the upgrade was merely a “band-aid” and did not eliminate the underlying vulnerability.

The XVG price has declined approximately seven percent over the past 24 hours, which is moderately worse than the market as a whole. XVG currently ranks as the 31st-largest cryptocurrency and has a circulating market cap of about $752 million.

As CCN reported, Verge recently inked a high-profile partnership with the owner of the world’s largest adult entertainment sites to enable users to purchase premium content using XVG.

“Well clearly @mindgeek made the right decision and chose a secure, robust cryptocurrency to implement,” concluded Riccardo Spagni, lead maintainer for privacy-centric cryptocurrency Monero, in a Tuesday tweet.

Verge did not immediately respond to a request for comment.

Featured Image from Shutterstock.

Follow us on Telegram or subscribe to our newsletter here.

Join CCN's crypto community for $9.99 per month, click here.
Want exclusive analysis and crypto insights from Hacked.com? Click here.
Open Positions at CCN: Full Time and Part Time Journalists Wanted.

Advertisement

Josiah is an assistant editor at CCN. A former ancient and medieval literature teacher, he has been reporting on cryptocurrency since 2014. He lives in rural North Carolina with his wife and children. He holds investment positions in bitcoin and other large-cap cryptocurrencies. Follow him on Twitter @Y3llowb1ackbird or email him directly at josiah.wilmoth(at)ccn.com.