Verge (XVG), the privacy conscious cryptocurrency, suffered a dreaded 51% network attack today.
This was according to a highly respected miner and the administrator of the Suprnova mining pool. The discovery was laid out in a BitcoinTalk forum post where he detailed that the malicious miner was able to exploit bugs in the retargeting of XVG code.
This allowed the miner to mine a XVG block once every second within a three hour time period earlier this morning. The moment that the poster (OCMiner) mentioned the attack, the malicious miner stopped his pool.
So what exactly is going on with Verge?
Verge mining is a bit unique in that each Verge block is mined according to a different algorithm. So for example one block will be mined with Scrypt and the other with blake etc.
The Verge protocol will check the previous block to confirm what algorithm was used. However, given a bug in the Verge code the miner is able to submit blocks with false timestamps. Hence, the miner is able to trick the algorithm into thinking that the last block that was mined was over an hour ago.
According to OCMiner:
Your next block, the subsequent block, will then have the correct time… And since it’s already an hour ago (at least that is what the network thinks) it will allow this block to be added to the main chain as well
He then posted a breakdown of all of the blocks that the miner was able to submit. They all followed each other but had different time stamps. The block with the spoofed time stamp was immediately before a correctly timed block. The result of this exploit was that the hacker was able to mine a block once every second.
There were also other miners who mentioned problems they were having mining during that particular window. OCminer also linked to a number of the addresses that were used in order to offload the mined coins. There were no doubt many more.
Response from Verge
When this was brought to the attention of the Verge developers, they first claimed that there was nothing to correct. However, after the clear demonstration of the attack they pushed a “fix” and issued a tweet.
We had a small hash attack that lasted about 3 hours earlier this morning, it's been cleared up now. We will be implementing even more redundancy checks for things of this nature in the future! $XVG #vergefam
— vergecurrency (@vergecurrency) April 4, 2018
Of course, there were many in the Verge community who did not take kindly to the post on Bitcointalk. They replied to the original post with the usual prognostications of “FUD” and someone trying to “pick up” cheap Verge coins.
This is indeed unfortunate as the pool operator was in fact helping the community out. By spotting the network attack early and bringing coverage to it he managed to get the attacker to think twice. Moreover, it gave helpful information to the Verge Devs in order to correct the exploit.
More Trouble for Verge?
This comes at a time when opinion about Verge is highly split. There are die hard adherents of the “vergefam” phenomenon who think that it could legitimately be the next big privacy conscious cryptocurrency.
However, there are many others who view the tactics recently employed by Verge as dubious at best. For example, just last week the Verge team sent out a fundraising request in order to raise more money for securing a “secret deal”.
In the end, they managed to raise the required funds and have now moved the announcement date to the 17th of April. This has created a great deal of speculation and indeed confusion from both sides of the divide.
As the miner attack shows, there are still some technological challenges for Verge to overcome if they truly want to take on more established cryptocurrencies. One can only hope that no further exploits are discovered.
Featured Image via Fotolia