Verge, a privacy-oriented cryptocurrency recently propelled into the limelight by a partnership with popular adult entertainment site Pornhub, suffered two hacks perpetrated through 51-percent attacks that saw the attackers absconding with millions of dollars-worth of its native cryptocurrency, XVG. During the first attack in April, the hacker was able to get away with 250,000 XVG. And during the latest in mid-May, an attacker was able to exploit $1.7 million-worth of the cryptocurrency from the protocol.
Sure, verge developers were only trying to design a better cryptocurrency for payments, but by tweaking small parameters, such as the length of time a block can be valid, the group has opened its blockchain up to attacks.
"Things obviously don't look good," said Daniel Goldman, the CTO of cryptocurrency analysis site The Abacus who's been tracking the attacks.
Since veteran blockchain developers, including litecoin creator Charlie Lee and monero lead developer Riccardo Spagni, have long argued the kinds of adjustments the platform made have obvious downsides, such naysayers - who have been readily attacked by a group of enthusiasts calling themselves the "Verge Army" - are feeling vindicated.
Because there is some information asymmetry in blockchain systems since nodes are spread out across the globe, the attacker was able "Spoof" timestamps tied to blocks without some noticing, according to the widely-circulated post by Goldman.
Or said another way, the attacker cleverly mined blocks with fake timestamps, forcing the cryptocurrency's difficulty to adjust down more quickly - making it easier for the attacker to mine even more XVG. When the first attack happened, verge developers quickly released a patch, stopping the attacker from printing more money.
With the attack last month, it seems the patch only went so far and the attacker found another way to execute the same hack, displaying how difficult it can be to architect a distributed system that isn't vulnerable to attacks.
After a period of little communication from verge's developers, CryptoRekt, the pseudonymous author of the verge "Blackpaper" took to Reddit on May 31, saying, that all of the verge team would "Never intentionally do anything to besmirch or hurt this project."
Still, this attack looks poorly, not only on verge itself, but also on organizations that have partnered with the verge team, Pornhub included.
While 51-percent attacks have typically been viewed as hard to execute, Liquidity Network's Gervais argued that new data appears to show that it's easier than many previously thought.
Verge's Blockchain Attacks Are Worth a Sober Second Look
Published on Jun 5, 2018
by Coindesk | Published on Coinage
Mainstream crypto adoption and DeFi were the main topics discussed at the Hangzhou International Blockchain Week
The Hangzhou International Blockchain Week 2020, one of the largest blockchain and crypto conferences in China, put a heavy focus onto mainstream adoption, with influential figures from the industry discussing the ways hundreds of millions of users could be drawn to the space.
Cardano Foundation Warns About Suspicious Activities in Japan
The Cardano Foundation has warned that a suspicious firm is trying to rake in investments by claiming contact with the foundation.
Texas Regulators Take Aim at South African Cryptocurrency MLM Scheme
The Texas State Securities Board has successfully shut down the operations of an illegal cryptocurrency investment scheme.
Cointelegraph Exclusive: CFTC Moves Annual Fintech Conference Online
On July 9, LabCFTC, the fintech office of the Commodity Futures Trading Commission, announced that it will replace its annual one-day Fintech Forward conference with three separate online sessions under the series title Empower Innovation 2020.