Verge, a privacy-oriented cryptocurrency recently propelled into the limelight by a partnership with popular adult entertainment site Pornhub, suffered two hacks perpetrated through 51-percent attacks that saw the attackers absconding with millions of dollars-worth of its native cryptocurrency, XVG. During the first attack in April, the hacker was able to get away with 250,000 XVG. And during the latest in mid-May, an attacker was able to exploit $1.7 million-worth of the cryptocurrency from the protocol.
Sure, verge developers were only trying to design a better cryptocurrency for payments, but by tweaking small parameters, such as the length of time a block can be valid, the group has opened its blockchain up to attacks.
"Things obviously don't look good," said Daniel Goldman, the CTO of cryptocurrency analysis site The Abacus who's been tracking the attacks.
Since veteran blockchain developers, including litecoin creator Charlie Lee and monero lead developer Riccardo Spagni, have long argued the kinds of adjustments the platform made have obvious downsides, such naysayers - who have been readily attacked by a group of enthusiasts calling themselves the "Verge Army" - are feeling vindicated.
Because there is some information asymmetry in blockchain systems since nodes are spread out across the globe, the attacker was able "Spoof" timestamps tied to blocks without some noticing, according to the widely-circulated post by Goldman.
Or said another way, the attacker cleverly mined blocks with fake timestamps, forcing the cryptocurrency's difficulty to adjust down more quickly - making it easier for the attacker to mine even more XVG. When the first attack happened, verge developers quickly released a patch, stopping the attacker from printing more money.
With the attack last month, it seems the patch only went so far and the attacker found another way to execute the same hack, displaying how difficult it can be to architect a distributed system that isn't vulnerable to attacks.
After a period of little communication from verge's developers, CryptoRekt, the pseudonymous author of the verge "Blackpaper" took to Reddit on May 31, saying, that all of the verge team would "Never intentionally do anything to besmirch or hurt this project."
Still, this attack looks poorly, not only on verge itself, but also on organizations that have partnered with the verge team, Pornhub included.
While 51-percent attacks have typically been viewed as hard to execute, Liquidity Network's Gervais argued that new data appears to show that it's easier than many previously thought.
Verge's Blockchain Attacks Are Worth a Sober Second Look
Published on Jun 5, 2018
by Coindesk | Published on Coinage
Coinage
Recent News
View All
First Mover: What's Next for Bitcoin as Wall Street Gets Vaccine Booster
Bitcoin was higher for a second day, staying in a range of between roughly $15,200 and $15,600, as news of progress in developing a coronavirus vaccine appeared to touch off a rally in U.S. stocks.
Market Wrap: Bitcoin Fails to Break $15.9K; Over 50K ETH Staked on Eth 2.0 Contract
Bitcoin gained Wednesday while Ethereum 2.0 staking has been ramping up.
Citibank Analyst Says Bitcoin Could Pass $300K by December 2021
A senior analyst at U.S.-based financial giant Citibank has penned a report drawing on similarities between the 1970s gold market and bitcoin.
Blockchain Bites: Data Unions. Hard Forks. And One Citi Analyst's Case for $300K BTC.
A Citibank managing director thinks bitcoin could hit $318,000.