Verge (XVG) has seen another serious attack. Another hacking exploit accelerated mining on May 22, withdrawing significant XVG rewards to the hackers’ wallets, even after the reward halving.
What the project revealed was a DDOS attack. But there are reports the faults with XVG go much deeper.
The belief is that the Verge network saw another time warp exploit, minting 35 million coins ahead of schedule, on very low difficulty. Some believe the multi-algorithm mining approach for XVG may be to blame.
The crypto community begins to see Verge as potentially a defunct project, unless the vulnerability is fixed.
The Verge network accepts blocks with a timestamp of up to 2 hours away from the latest block time. The hacker was submitting blocks with a fake timestamp, older by one hour. However, the mining adjustment algorithm only takes into account recent blocks. This made difficulty fall to very low levels, sliding by 99,99% – and when the hackers caught up, they managed to mine weeks’ worth of coins within 2 hours.
However, the more worrying part is that a malicious entity was able to take over the whole network and produce blocks with only one of the five algorithms – Scrypt. This mining approach is so common that an ASIC has been around for a long time. While other workers on the Verge network were mining with consumer electronics, only a few ASIC could have taken over the entire hashing power of the network, taking the block rewards.
At the moment XVG difficulty has recovered, but remains low compared to previous months. Despite the 51% attack, there are no complaints of transactions rolled back, although that would be possible in theory. Instead, the aim was the mining bounty, estimated at $1,7 million.