Verge Protocol Hacked, $1,000 Stolen by the Minute – Trustnodes

Verge Protocol Hacked, $1,000 Stolen by the Minute


Verge is currently being hacked through a protocol exploit that allows the hacker to print out some $1,000 worth of XVG every minute.

The bug is similar to the one that was exploited just last month. Described at the time as what we can call time malleability:

“To successfully mine XVG blocks, every ‘next’ block must be of a different algo.. so for example scrypt,then x17, then lyra etc.

Due to several bugs in the XVG code, you can exploit this feature by mining blocks with a spoofed timestamp.

When you submit a mined block (as a malicious miner or pool) you simply set a false timestamp to this block one hour ago and XVG will then “think” the last block mined on that algo was one hour ago.”

The fix for this bug was a mere band-aid, so the problem wasn’t really fixed. The hacker therefore is now using two algos at the same time to in effect print XVG out of thin air. Ocminer, a crypto pool that mines Verge, said:

“Both algos, scrypt and lyra2re can be rented easily for a few bucks at nicehash, they simply send one block scrypt, after that a block lyra2re and so on and all with manipulated timestamps thus lowering diff to lowest possible mining several blocks per minute.”

This has been going on for at least ten hours when the first report of suspicious orphan rates was made. Seemingly no one cared about it because the attack is still on-going, with some 20,000 bad blocks produced. A cryptonian says:

“Earliest block I found as a starting point is 2,155,913. Still shows the current growth of the blockchain at around 25 blocks per minute resulting in 18250XVG or 950$ per minute for the attacker.”

That’s a lot of fake money, but the hacker is apparently not yet selling them because Verge’s price hasn’t really moved much. That may be because Verge’s wallet is offline in exchanges for some reason, leaving only those that have XVG on exchanges with the ability to sell or buy.

This crypto apparently started all the way back in 2014. Yet no one cared about it one bit, until December when for some inexplicable reason it shot up to a market cap of $3.2 billion.

We are tempted to suggest crypto roulette, as in perhaps some traders went around found this coin and decided to make it a thing, but we do not actually know why it suddenly started to gain attention.

Yet despite its many troubles, PornHub has for some inexplicable reasons decided to accept Verge for payments. Not bitcoin, not eth, but this thing. Why? Who knows.

The question now is whether this time malleability matter can actually be addressed in Verge as the protocol sort of shuffles through different mining algorithms, creating some complexity, and in its current state creating this money printing bug.

It can probably be addressed, but we’ll have to wait and see whether the one dev this crypto has can actually manage to do so.

Arguably anyone can just go and fix it, but why anyone with some talent would care to have anything to do with Verge, we do not know. So the show continues.



Comments (1)

  1. Maybe it’s the ONE developer himself. I assume he’s inside trading all day with his many countdowns to nothing pushing prices and with his criminal record…

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>