According to rumors circulating in cryptocurrency forums, Verge just got hacked. Again. Not even a full month after the last attack and, the worse news is, this hacker used essentially the same method as the previous one.
History repeats itself
There’s a user at the Bitcointalk forum called “Ocminer“. He was the guy who blew the whistle last month when Verge got hacked. He reported that Verge just got hacked again and explained what happened this time.
The trick is to create a fork in the main Verge chain so the forked chain is all yours and then you can have all the block rewards in that new chain for yourself because you control all the confirmations. It’s called a 51% attack. You can get millions of tokens that way. The main difference is that this time the trickster used two algorithms at the same time instead of one like they did a month ago.
So you have these two algorithms called script and lyra2re. Presumably, you start by setting them at the same difficulty level so they become interchangeable enough to manipulate time-stamps in transaction blocks. This allowed the hacker to create twenty-five blocks per minute which are equivalent to 950 USD or 18.250 XVG.
Reddit’s Flenst reports that the attack is already over:
“It seems the attack is over, 35.000.000 XVG were generated in a few hours. But this also means there is still no fix, and this is possible at any time again. Meanwhile, the only official info out there is ‘mining pools are DDoS’d’.”
Current exchange rates mean that this hacker got away with almost two million dollars.
Is Verge out of answers to solve its hacking problems?
As we write this, Verge has acknowledged nothing like a hack at all. They have limited themselves to tweet that some mining pools are experiencing a DDoS attack which is delaying blocks and that they’re working on it.
As things stand right now, it seems that Verge did nothing to address the security loopholes that allowed for last month’s hack to happen since the very same loopholes were exploited again to carry out a 51% attack (which is the kind of attack that remains strictly hypothetical on other blockchains). This is bad news for XVG aficionados. And for Pornhub.