On April 8, we had reported about the 51% attack faced by Verge (XVG), which claims to offer features such as anonymity, security, and privacy. We had also mentioned that the hacker had vouched to come back again to exploit the software bugs.
The notorious hacker, it seems, has come back again. Yesterday, Verge suffered another hacking incident, almost identical to the previous one.
Verge uses a different kind of protocol to maintain its network. The protocol known as Dark Gravity Wave difficulty adjustment algorithm automatically adjusts the mining difficulty at the end of every block. Notably, Bitcoin adjusts its mining difficulty at the end of every 2016 blocks. Verge uses five different hashing algorithms (Scrypt, Myr-Groestl, Lyra2Rev2, Blake2s, x17), switching to a new one for every block.
Depending on the use, the hashrate security is split among the algos. Verge, being a decentralized system, allows incorrect time stamping. Last time, this feature of Verge was exploited by the hacker who submitted multiple blocks with incorrect timestamp. The system mistook it as arrival of blocks at a different time and lowered the difficulty by as much as 99.99%. As the hashrate is split among five algos, the hacker was able to reign over the network and directed all the rewards to his own wallet.
The main difference this time is the hacker attacked two algorithms, Lyra2re and Scrypt, instead of one. The hacker was able to get around the fix put in place last time by Verge team.
The hacker was able to generate ~35 million XVGs as mining rewards, worth above $1.7 million, using the attack. Last time, the network lost 250,000 XVGs in the attack. Even the official blockchain explorer has been on and off. Similar to last time, the Bitcointalk forum poster ‘ocminer’ has provided a screenshot highlighting the vulnerability.
Following the previous attack, Verge implemented a hardfork. However, at that time, Redit user R_Sholes pointed out that the vulnerability still exists. Again, Verge team has downplayed the hacking incident as a “denial-of-service (DDos)” attack on some of the Verge mining pools. However, coding experts have clearly mentioned that it is much more than a simple DDos attack.
it appears some mining pools are under ddos attack, and we are experiencing a delay in our blocks, we are working to resolve this.
— vergecurrency (@vergecurrency) May 22, 2018
The hacking incident once again brings forth the importance of perfect coding. The Bitcoin network has never been attacked due to its structure. New innovations need to be put under a lot of test before introducing it to the general public. Innovations such as the Dark Gravity Wave were developed to sort out some other perceived problems of Bitcoin. However, it has resulted in far more complex issues which allow crypto skeptics to question the tamper proof and secure nature of blockchain itself.