The cryptocurrency Verge — which prides itself on “security/anonymity/privacy” — was hacked yesterday. In a short period of time, the attacker made off with around 250’000 coins.
The hack was discovered by “ocminer,” a poster on Bitcointalk forums, yesterday afternoon. According to ocminer, the attacker took advantage of “several bugs” in Verge’s code to mine an extraordinarily vast number of new blocks on Verge’s blockchain, in turn rewarding him with a large amount of coins over a very short period of time.
Despite registering substantial gains recently, the cryptocurrency experienced what has been dubbed a “51% attack” which wiped more than 22% of its value. The company came to its defense, calling the breach a “small hash attack” that has been “cleared up now” on Twitter. This isn’t the first time the coin developers have been in hot water. Just a few weeks ago their official Twitter account was hacked.
Ocminer called this a 51% attack, which is notable because this type of attack is theoretically possible on different blockchains which rely on proof-of-work (PoW) validation mechanisms. That stated, even though this attacker technically managed to gain the majority of mining power on Verge’s network.
Typically, PoW-based cryptocurrency systems are pretty robust. The problem is that if one miner (or mining pool) were to capture the majority of the network’s mining power — as has occurred with Verge — they can have a massive impact on the network, including spending coins that were already spent in what’s called double spending.
Verge uses five different cryptographic algorithms for mining, changing to a new one for every block, but the attacker figured out a way to fake the timestamps of his/her blocks, permitting them to be mined all with one algorithm. Because of this, he/she was able to capture the majority of the network’s mining power with considerably less computing power than would usually be required.
The attack is especially serious as it requires a hard fork to exclude the blocks the attacker has mined. It’s also notable because it shows that even a seemingly foolproof PoW system can be compromised.
Verge Cryptocurrency Hit By 51% Attack, Loses 250,000 ..,
https://www.newsbtc.com/2018/04/05/cryptocurrency-verge-has-been-hit-with-a-51-a (accessed April 05, 2018).