Verge (XVG) Hard Forks After 51% Attack Nets Malicious Miner $1 Million

Ali Raza
  • A malicious manager managed to rake in $1 million through a 51% attack on Verge's blockchain
  • The cryptocurrency's team launched a hard fork to fix bugs the miner was taking advantage of, but the "fix" may not be effective.
  • The hacker claims there are other bugs out there

A so-called 51 percent attack allowed malicious miners to rake in much as $1 million worth of Verge (XVG) before the cryptocurrency’s developers managed to fix the bugs allowing the miners to attack. The solution was an ‘accidental’ hard fork.

Verge had been under attack for three hours when a post on the BitcoinTalk forum appeared. The post was published by Supernova mining pool’s admin OCminer. In it, OCminer reported the attack on Verge’s blockchain, as he recognized the 51 percent attack.

According to OCminer, the attack was possible because of bugs in Verge’s code. He explained:

“Due to several bugs in the XVG code, you can exploit this feature by mining blocks with a spoofed timestamp. When you submit a mined block (as a malicious miner or pool) you simply set a false timestamp to this block one hour ago and XVG will then “think” the last block mined on that algo was one hour ago.”

OCMiner

The result were roughly 10,000 new blocks produced on the cryptocurrency’s blockchain, all using the same algorithm. The attack supposedly stopped soon after OCMiner’s post, but by that time, the attacker had already managed to mine around $1 million in XVG.

Verge’s Response

Upon noticing the attack, Verge’s developers attempted to use a “quick fix” that, according to OCminer, turned out to be a hard fork on the cryptocurrency’s network. The fix, according to the forum member, won’t work either way:

“The background is that the ‘fix’ promoted by the devs simply won’t fix the problem. It will just make the timeframe smaller in which the blocks can be mined / spoofed and the attack will still work, just be a bit slower.”

OCminer

Verge then published a tweet, stating that the attack was nothing serious. In fact, the team behind it even described it as a "small hash attack".

While Verge’s team claimed the attack lasted three hours, OCminer claimed it was actually 13. The altcoin mining pool operator noted that it will no longer allow Supernova’s users to mine XVG.

More details on the attack later emerged on Reddit, where the user by the name of "Variable 42" stated that the attack wasn’t minor at all. The Redditor provided information on the payout the malicious miner managed to get away with, and blamed Verge’s team for the breach.

The final twist to this story came from the supposed attacker himself. On the forum, using the same thread OCminer created, a user claiming to be the attacker stated that there are even more exploits out there, and that Verge needs to up its game.

The attack came at a time in which Verge’s community expects a mysterious partnership to be revealed on April 16. The partnership, according to the cryptocurrency’s team, will be “the largest cryptocurrency collaboration to hit the market.”

John McAfee Reveals He's Working on New Privacy Coin 'Ghost'

Francisco Memoria

Eccentric cybersecurity entrepreneur John McAfee has revealed he is working on a new privacy-centric cryptocurrency called Ghost.

The cryptocurrency, according to McAfee, will have a proof-of-stake (PoS) consensus algorithm and will be supported on his decentralized cryptocurrency exchange McAfeeDex. McAfee further claimed the decentralized exchange will support atomic swaps between Ghost and major cryptocurrencies like bitcoin (BTC), bitcoin cash (BCH), and ether (ETH).

A website on the project appears to show Ghost transactions will be verified using zero-knowledge proofs, which allow users to verify transactions on a blockchain without knowing who’s behind them. It also claims Ghost’s transactions “are processed on chain in under 60 seconds with just a fraction of a penny paid in transaction fees.”

The website further reveals that the Ghost network will be supported by a network of masternodes, which will “earn a share of the transaction fees using the staking and masternode features for Ghost.” Notably, Ghost tokens will be allocated to “ESH token holders.” The ESH token, according to the references given on the website, appears to be highly illiquid.

McAfee’s Cryptocurrency Endeavors

John McAfee is a well-known personality in the cryptocurrency space, as he predicted BTC would hit $500,000 by the end of 2020 in July 2017. By November of that year, McAfee claimed the model he used to make the prediction saw BTC at $5,000 by the end of that year, while the cryptocurrency hit a near $20,000 all-time high in December 2017. As such, he adjusted the prediction to $1 million.

Earlier this year, however, McAfee dropped his $1 million price prediction claiming it was all a “ruse” to onboard new users, and that bitcoin is “ancient technology.” Earlier this month, the eccentric entrepreneur also claimed BTC is “worthless.”

The last cryptocurrency McAfee launched was an ERC-20 token dubbed “Epstein Did Not Kill Himself,” using the WHACKD ticker. IT appears to exclusively trade on McAfee’s decentralized exchange, and blockchain data shows it only had two transactions in the last 24 hours.

Featured image by Craig Adderley from Pexels.