Verge, an ancient currency (in crypto time) that no one cared about until suddenly PornHub decided to add them, has experienced two protocol hacks in one month, with the latest hack just last week.
It took the Verge dev/s about three days to fix it, and some say it hasn’t really been fixed, leaving still an attack vector even though it may now be harder to perform.
The interesting part, however, is that the “fix” was allegedly copied from an obscure coin that launched in November 2017.
Shield Currency, which claims to be anon and quantum proof (whatever that means), implemented the below code around a month ago. Verge did so about three days ago. Spot the difference:
“Justin, you need to fix the difficulty calculating code, the block time drift fix you implemented is not enough… It’ll just take more hash power initially. I’m thinking a difficulty algo which calculates difficulty for each algo separately,” says what looks like a dev.
Justin is the pseudonymous lead Verge developer whose reply was somewhat interesting, he said: “we have a new repository with a whole new codebase we are working on. this will prevent the attack for now.”
Verge is apparently a fork of a fork with the above alleged copy-pasting being the second time the dev just copy pastes to “fix” a protocol hack. The first time was after the first hack.
Now he, or perhaps it’s a they, are to come up with a completely new codebase. Presumably because they hardly have a clue regarding what the current codebase does, and presumably because they have now learned how to code rather than just copy-paste. The latter of course is what the dev claims who says Verge was the one copied from:
Now we understand there’s about half a billion resting on this code, so we are not willfully trying to lighten things up by our not so subtle comments, but we wouldn’t be surprised (we would) if they close source the new codebase.
That should increase security (not) and should of course increase trust in this coin (not), but if close sourced code is good enough for miners (it isn’t) then the rest should be safe enough (in running for the hill.)
“It is not open source because the last thing we want is the source code to be stolen, GUI revamped then accused of us stealing their software.”
So says a person who claims he is the developer of the newly announced Verge GUI miner. Apparently the code for it is so good people will want to not only “steal” it, but then to also plot a double projection whereby they accuse this dev of stealing it from them.
Verge holders might not be the brightest lot, cruelnodes might perhaps suggest, but even they can probably clearly see what we are implying.
Anyway, the Verge dev might be right that the fix is good enough for now because XVG’s price has halved this month, so any hacker bright enough to exploit it might have gotten rich enough to now be picky and consider the new bounty to hold far too little value to bother with it.