The integrity and reliability of Verge Currency has once again been questioned, following a massive blow that the blockchain suffered from hackers which is not the first of its kind.
A currency which taunts itself as being a “secure and anonymous”, telling people that “privacy has a choice” yesterday fell into the bait of hackers, where a malicious miner took over 51% of the network’s Hashrate.
The Wednesday April 4, attack was made known on a Bitcointalk forum, by a regular poster ocminer who stated that about 250,000 verge was carted away.
The attack, according to the forum was made possible due to the availability of some bugs in the altcoin’s code, giving the hackers the possibility to mine new blocks with a spoofed timestamp using the same algorithm.
“Usually to successfully mine XVG blocks, every “next” block must be of a different algo.. so for example scrypt,then x17, then lyra etc”.
“Due to several bugs in the XVG code, you can exploit this feature by mining blocks with a spoofed timestamp. When you submit a mined block (as a malicious miner or pool) you simply set a false timestamp to this block one hour ago and XVG will then “think” the last block mined on that algo was one hour ago.. Your next block, the subsequent block will then have the correct time.. And since it’s already an hour ago (at least that is what the network thinks) it will allow this block to be added to the main chain as well”, the forum post reads.
The attack went on for about 3 hours until Verge’s lead developer, Justin successfully proffered solution to the problem temporally after a second attempt with an emergency commit post. However, by that time, hundreds of blocks has been established by the hacker and it was irreversible.
In a bid to down play the attack, verge, on its twitter account posted:
In a bid to compound the altcoin’s problem, the supposed hacker in a post said, “hey Verge Team, get some real developers and fix your code.
We have found another 2 exploits which can make quick hashes as well.”
Narrating an experience of the event, a Verge holder explained:
“I visited some hours ago the official Verge Twitter profile to read the news about the hash hack. While reading the tweet I noticed several messages offering a compensation for the attack by Verge”.
“Send x Eth and you get some bonus back. Sounded legit to me as it was affilated to the hash attack and I suffered from it as well having had some hours only orphaned blocks on all my baikals, hence I fall victim to this damn scam on the official twitter page”.
In another post, a user lodged a complaint stating: “based on what I see from the dev postings here it’s apparent that if ocminer had never brought this to everyone’s attention, the XVG team would have never admitted to or disclosed what happened. Trying to downplay and being flippant about the severity here is just pissing on the XVG faithful.”
It can also be recalled that last month, Verges Twitter account was also taken over by hackers where users were asked for coin.
Musing over the all the occurrence of heist, the developer is preparing a hard fork for the altcoin.