The past day for Verge (XVG) represents yet another fiasco for the highly controversial Dogecoin fork. Hackers have managed to mine an XVG block every second through a timestamp exploitation coupled with a 51% attack. To make matters worse, hasty developer responses have actually rendered the network even more incapable through an ineffective hard fork.
Since yesterday, hackers have mined over 17,000 XVG blocks. This translates to over 20 million XVG, a bag worth over US$1 million. The developer has already asserted that these coins will not be reverted, blacklisted, or burnt, making the hack absolutely successful. The hack took place through two intervals, one on April 4, and another today, April 5.
To make matters worse, the initial response from the April 4 mining hack was an accidental hard fork of the network. The XVG team erroneously forked their entire network to “undo” the exploited blocks, but this resulted in the entire network being unable to sync. When the team was made aware of their mistake, they were able to re-sync the network, but still have not completely defeated the issue. OCMiner of the Super Nova pool catalogued the details of the hack, and after receiving flak from the Verge team, has announced his decisions to discontinue support for XVG mining permanently.
How did the hack work?
There were two components to this hack: exploiting timestamps and controlling the algorithms. Like several other currencies, XVG mining protocol utilizes a multi-algorithm process. That is, with each block mined, the next block will require another, random algorithm out of a handful of possible alternatives. The attackers executed a method to ensure that each following block would stay on Scrypt algorithm. Additionally, they spoofed timestamps so the network accelerated beyond the regular speed in which new blocks were mined. As a result, Scrypt blocks were mined as quickly as possible- every second. However, the attacker required consensus to ensure network verification of each hacked block. They were able to ascertain 51% of the entire network’s hash rate to execute the attack.
Current implementations to stop the hack nullify the process utilized by the miner, but does not eliminate the capabilities entire. While the team claimed everything had been solved after the first exploitation, today’s interval proves that this was not the case. Additionally, IDCToken, a Bitcointalk member who claims to be part of the hack, claims that the hackers have found two more exploits to further attack the network.
This is not the first attack of its kind. Digibyte, which also utilizes multi-algorithm mining, faced a similar exploit in 2014. However, the team solved the issue by changing the method in which the algorithm of the next block is determined. Verge developers have suggested they will not be utilizing the same solution.
Surprisingly enough, Verge has seen very little price movement in response to this meltdown. After yesterday’s initial hacks, prices dipped about 20% to US$0.051. XVG recovered fairly well since, and is currently trading around $0.057. It’s no secret that Verge holders are very passionate about their coin. Despite a long history of failure and disappointment, there is a very strong community around the coin. Either due to willful ignorance or legitimate lack of understanding, supporters carry on. The coin is still up heavily in the past week.
When asked for comment on recent events on the official Verge Telegram Channel, two admins shared their two cents.
our mining was exploited, and blocks were submitted in a way that was overlooked. we made a patch that will work, and we are rewriting our block verification process. the exploit we patched is still alive in hundreds of other coins =] -verge dev