Privacy Coin Verge Succumbs to 51% Attack [Again]

double spend attack
A number of small-cap altcoins have been hit by double spend attacks in recent months, but larger coins are far less vulnerable.

Privacy-centric cryptocurrency Verge (XVG) appears to have succumbed to a 51 percent attack for the second time since the beginning of April.

According to data published on BitcoinTalk by forum user ocminer — operator of altcoin mining pool Suprnova — an attacker appears to have successfully forked the Verge blockchain through a 51 percent attack. To accomplish this, the attacker manipulated a bug in the Verge code that allows malicious miners to set false timestamps on blocks and then rapidly mine new ones in quick succession.

The Verge protocol uses a rotation of five mining algorithms, and an image supplied by ocminer suggests that the attacker gained control of two of them — scrypt and lyra2re — mined them at virtually no difficulty, and used false timestamps to trick the network into accepting them into the main chain.

Source: ocminer/BitcoinTalk

The attack appears to have been carried out between blocks 2155850 and 2206272, enabling the attacker to abscond with approximately 35 million XVG — worth $1.75 million at the current exchange rate — in just a few hours. The attack had subsided by the time of writing, though there does not appear to be anything that would prevent an attacker from resuming it again in the future.

The attacker managed to gain control of two XVG algorithms and mine them at almost no difficulty. | Source:

The response from Verge’s developers, meanwhile, has been less from reassuring. The project acknowledged a mining-related issue in a Monday afternoon tweet but attributed it to a DDoS attack directed at several XVG mining pools. The account has not tweeted since.

The attack appears similar to the one experienced by the Verge network less than two months ago when a malicious miner acquired 20 million XVG, worth more than $1.1 million at the time. Then, as now, Verge developers downplayed the severity of the exploit, drawing criticism from many in the community.

Verge activated an emergency hard fork intended to address the bug, but critics including ocminer argued that the upgrade was merely a “band-aid” and did not eliminate the underlying vulnerability.

The XVG price has declined approximately seven percent over the past 24 hours, which is moderately worse than the market as a whole. XVG currently ranks as the 31st-largest cryptocurrency and has a circulating market cap of about $752 million.

As reported, Verge recently inked a high-profile partnership with the owner of the world’s largest adult entertainment sites to enable users to purchase premium content using XVG.

“Well clearly @mindgeek made the right decision and chose a secure, robust cryptocurrency to implement,” concluded Riccardo Spagni, lead maintainer for privacy-centric cryptocurrency Monero, in a Tuesday tweet.

Verge did not immediately respond to a request for comment.

Featured Image from Shutterstock.

Jonas Borchgrevink edited this article for If you see a breach of our Code of Ethics or find a factual, spelling, or grammar error, please contact us.

Josiah Wilmoth

Josiah Wilmoth

Josiah is the former U.S. Editor at, where he focused on financial markets. His work has also been featured on Yahoo Finance and He lives in rural Virginia. Connect with him on LinkedIn or Muck Rack. Email him directly at josiah.wilmoth(at) Josiah Wilmoth is a Trusted Journalist.

More from this author: