The verge mining exploit: how they did it, and why the price is still up.
As I stated in my previous article, I would be going over the mining exploit, which is still continuing. Thankfully, the rate has slown down.... But not removed it completely.
Credit here goes to ocminer, the man who runs the Super Nova mining pool. He gave a detailed response on bitcointalk.org which is currently over 43 pages long as of writing. At the end of the article, I will link the forum post at the bottom. Quite an interesting read. Now let's begin.
On April 4th, ocminer posted to the bitcointalk forums bringing light to the attack. Directly quoting ocminer,
"Due to several bugs in the XVG code, you can exploit this feature by mining blocks with a spoofed timestamp. When you submit a mined block (as a malicious miner or pool) you simply
set a false timestamp to this block one hour ago and XVG will then "think" the last block mined on that algo was one hour ago.. Your next block, the subsequent block
will then have the correct time.. And since it's already an hour ago (at least that is what the network thinks) it will allow this block to be added to the main chain as well."
Below his statement shows the code of what he's talking about.
SetBestChain: new best=00000000049c2d3329a3 height=2009406 trust=2009407 date=04/04/18 13:50:09
ProcessBlock: ACCEPTED (scrypt)
--
SetBestChain: new best=000000000a307b54dfcf height=2009407 trust=2009408 date=04/04/18 12:16:51
ProcessBlock: ACCEPTED (scrypt)
--
SetBestChain: new best=00000000196f03f5727e height=2009408 trust=2009409 date=04/04/18 13:50:10
ProcessBlock: ACCEPTED (scrypt)
--
SetBestChain: new best=0000000010b42973b6ec height=2009409 trust=2009410 date=04/04/18 12:16:52
ProcessBlock: ACCEPTED (scrypt)
--
SetBestChain: new best=000000000e0655294c73 height=2009410 trust=2009411 date=04/04/18 12:16:53
ProcessBlock: ACCEPTED (scrypt)
--
SetBestChain: new best=0000000013490372b825 height=2009411 trust=2009412 date=04/04/18 12:16:54
ProcessBlock: ACCEPTED (scrypt)
--
SetBestChain: new best=0000000017192ea8924b height=2009412 trust=2009413 date=04/04/18 13:50:13
ProcessBlock: ACCEPTED (scrypt)
--
SetBestChain: new best=0000000007f75f237b3b height=2009413 trust=2009414 date=04/04/18 12:16:55
ProcessBlock: ACCEPTED (scrypt)
--
SetBestChain: new best=0000000006ecb5753261 height=2009414 trust=2009415 date=04/04/18 13:50:14
ProcessBlock: ACCEPTED (scrypt)
--
SetBestChain: new best=0000000019eb5bfd2f76 height=2009415 trust=2009416 date=04/04/18 12:16:56
ProcessBlock: ACCEPTED (scrypt)
--
SetBestChain: new best=0000000018d5b80c0ee9 height=2009416 trust=2009417 date=04/04/18 13:50:15
ProcessBlock: ACCEPTED (scrypt)
--
SetBestChain: new best=00000000159ca0701894 height=2009417 trust=2009418 date=04/04/18 12:16:57
ProcessBlock: ACCEPTED (scrypt)
--
SetBestChain: new best=000000000ad1a8cd6b44 height=2009418 trust=2009419 date=04/04/18 13:50:16
ProcessBlock: ACCEPTED (scrypt)
--
SetBestChain: new best=000000001002986218fc height=2009419 trust=2009420 date=04/04/18 12:16:58
ProcessBlock: ACCEPTED (scrypt)
--
SetBestChain: new best=000000000b58e4fed470 height=2009420 trust=2009421 date=04/04/18 13:50:17
ProcessBlock: ACCEPTED (scrypt)
--
SetBestChain: new best=000000000d9f0707d83f height=2009421 trust=2009422 date=04/04/18 12:16:59
ProcessBlock: ACCEPTED (scrypt)
--
SetBestChain: new best=0000000007283d98dbb0 height=2009422 trust=2009423 date=04/04/18 12:17:00
ProcessBlock: ACCEPTED (scrypt)
--
SetBestChain: new best=0000000002ec7b8a6e80 height=2009423 trust=2009424 date=04/04/18 12:17:01
ProcessBlock: ACCEPTED (scrypt)
(Shortened up the code greatly due to the massive amount of detail. Take a lot at the original post for the full length)
Take note of the times. As you can see, it's showing that the previous block was found 1 hour prior to the new block. Doing this, they are fooling the chain thinking it's been a long time, allowing to find the next block 1 second later. This is done continuously, allowing each block to be found in ONE SECOND. Pretty damn crazy, as it destroys any chance a mining pool has to find a block. For those curious, each time a block is found the miner is rewared 1560 verge. Doesn't seem like alot, until you factor in how fast they are getting blocks.
You would think discovering something like this would get some praise. Unfortunately, due to the way Verge fanboys act, that wasn't the case. He received responses like, "The FUD factory started. Missed out on low sats and got frustrated" or "Sounds to me like you're fudding to try to drive the price down". There is much more responses like this in the thread, along with all over the verge subbreddit. Think about this for a second. What benefit does ocminer have to bring some fake news to the table? None! He runs mining pool of various coins including verge. HODLers of verge hate any type of fact. Like this guy from my previous post :)
That right there is reason number one of why the price isn't dropping. HODLers of verge are so delusional at this point because of this so called announcement. They still believe that this mystery "partnership" will be a game changer. Even though token pay actually paid for majority of this partnership?
This caused some conspiracy theories. Maybe token pay fronted the money and the verge devs themselves are responsible for the exploit? Obviously none of that is factual , but the cimcumstances around their response to acting like this exploit along with the window of their announcement does raise suspicions for sure.
Anyways, so the attempts of the verge devs trying to fix this issue lead to them forking the network, making none of the wallets work, which brings us to reasom number 2 of why the price isn't dropping. Both crypto exchanges binance and bittrex closed deposits and withdrawals. Any panic that could of happened because of this exploit didn't allow any dumping besides what people might have had on the exchanges. You can't sell if its in a private wallet. It still remains to be seen once this is all taken care of will we see drops.
After shitty responses from both the community and the developers, ocminer had enough and closed the pool mining verge indefinitely. He listed a lengthy conversation with a certain verge man on irc which makes me agree with his reasoning of dropping verge. To quote the whole log,
[16:08:43] yes i put it in both branches
[16:10:11] ed__ (319465d0@gateway/web/freenode/ip) joined the channel
[16:12:43] hmm no filtering/rollback of the attackers coins ?
[16:12:55] thats over 20 mills for him...
[16:13:08] we dont do rollbacks.
[16:13:16] we roll forward
[16:13:17] <@Epsylon3> i imagine the mess :p
[16:13:31] <@Epsylon3> the only this you can do is tracking the coins
[16:13:38] ocminer, would have been great if you contacted someone from our team. by you putting this on bitcointalk, you invited a ton of other people to attack as well.
[16:13:39] <@Epsylon3> talking with exchanges
[16:14:01] also your quote The vergeDEV @ Discord says "everything is okay - there's nothing to fix"..
[16:14:03] thats bullshit.
[16:14:05] i never said that
[16:14:15] why are you quoting me saying something i never said?
[16:14:18] -.-
[16:14:25] i already talked to bittrex and binance, theyre updated
[16:14:55] you just don't understand what this is all about
[16:16:02] how so?
[16:16:14] i do understand. we are having blocks injected with spoofed timestamps.
[16:16:20] <@Epsylon3> what the amount mined per day ?
[16:16:22] <@Epsylon3> is*
[16:16:24] and i never said "everything is okay - there's nothing to fix"
[16:16:46] <@Epsylon3> i need to add a script command for that :p
[16:16:54] also your commit won't fix it
[16:16:57] but ..
[16:17:12] go ahead and "move forward"
[16:17:14] ~4mill/day
[16:17:17] <@Epsylon3> XVG: current block_time set in the db 0mn35 (35 sec)
[16:17:18] <@Epsylon3> XVG: avg time for the last 2048 blocks = 0mn13 (13 sec)
[16:17:18] <@Epsylon3> XVG: avg time for the last 1024 blocks = 0mn31 (31 sec)
[16:17:35] <@Epsylon3> my script dont go so far :p
[16:17:51] 12000 * 1560 = 18.7 mills already
[16:17:53] <@Epsylon3> XVG need 20x that :p
[16:18:30] yeah it wasnt that bad until ocminer posted it on bitcointalk, and then everyone and their mother joined in.
[16:18:51] and also misquoted me completely
[16:19:00] lol, now you're blaming me for an attack on your blockchain ? srsly ? Smiley
[16:19:07] did i blame you?
[16:19:09] <@Epsylon3> 2026860 now... 2000000 was 2018-04-01 17:39:37
[16:19:11] i said the attack wasnt as bad
[16:19:14] [16:18:30] yeah it wasnt that bad until ocminer posted it on bitcointalk, and then everyone and their mother joined in.
[16:19:15] it was worse after
[16:19:20] <@Epsylon3> 3 days..
[16:19:25] <@Epsylon3> 4
[16:19:27] yes that is correct. congrats, you got a quote correct
[16:20:03] <@Epsylon3> so yep, maybe not 12000 blocks
[16:20:14] <@Epsylon3> i may create a script to check :p
[16:20:49] <@Epsylon3> Height: 2010000
[16:20:49] <@Epsylon3> Time: 2018-04-04 14:22:01
[16:21:03] <@Epsylon3> after first hack so
[16:21:31] <@Epsylon3> will do the script, i like right numbers
[16:26:22] listen.. kid... you have a absolutely trashy shitcoin pumped in heaven through that tweet from john mcafee back in that day.. you probably made a lof of money by that idiot tweeting xvg to the moon.. you should have used the chance and invested some of that money and invest it into a decent dev team, as seriously, and everyone knows that, you have not the slightest idea of coding whatsoever... If you've had done that, you could have patched your
[16:26:22] super-old codebase already to a super-recent codebase like myriad or digibyte and wallets would't have memory leaks all over, wouldn't take >30 mins until they startup and also those two drama's with the earlier tor hardforks wouldn't have happen. I'm not the guy who "keeps bullshit silent" - when I see something is happening, I report it - immediately and from my POV your users/miners have been betrayed by over 20 M coins which were injected
[16:26:22] maliciously into the blockchain... This is not a kiddo script hack and my post didn't change anyhting but just revealing what is happening at the moment (as you didn't notice yourself until I came into your hostile discord) and it's not a bad thing to post that publicly. You know see me as your enemy or whatever - I don't care, if you want to continue with your coin, go ahead, surely without me, but this should be your utmost last warning - think
[16:26:22] about yourself, think about how you make decisions and maybe come down a bit from your emperor throne and get help from professionals if you can't handle it alone... You'll see what happens after your HF - nothing, guaranteed, because you don't fix the root cause of this.
[16:26:27] vergeDEV (~sunerok@unaffiliated/sunerok) left IRC (Ping timeout: 240 seconds)
[16:26:50] And Epsylon3 ... you
[16:27:04] <@Epsylon3> i slept
[16:27:09] <@Epsylon3> :p
[16:27:22] Hi, sorry I come back late
[16:27:23] 're not much better than him.. only looking for the profits here.. .your miners also lost a lof of coins during the network was stalled and the 15k blocks mined...
[16:27:34] I am running unimining where there is XVG
[16:27:36] <@Epsylon3> you are wrong
[16:27:38] (on blake2s)
[16:27:39] if you'd be honest, you'd shutdown the pool and let him fix his shit up
[16:27:41] <@Epsylon3> i stopped the pool the whole day
[16:28:02] <@Epsylon3> and answered everyone why
[16:28:08] it's up and running already, without any fix for the malicious coins
[16:28:10] <@Epsylon3> lot of spam
[16:28:16] <@Epsylon3> took the whole day
[16:28:37] <@Epsylon3> i pasted the fix i made this morning
[16:28:38] sorry I will read what you said few minutes ago, I am late but I'll shut the pool if coin dev say so then I can explain to my miners that I follow coin dev orders
[16:28:52] when a coin explodes randomly and coin dev don't care then I delist it
[16:28:58] <@Epsylon3> which is the commit, with proper knowledge and amount of seconds
[16:29:04] but XVG risk is high for Uni so I may delist it
[16:29:07] that fix from him is just bullshit, it changes nothing, just the timespan of which they do the attacks.. .they will be slowed down a bit, but that's all
It's extremely sad to see a developer blaming a miner for his OWN FUCK UP.
I personally expect to get some backlash from the verge community on this one, so fire away!
Thanks for reading, feel free to comment below!(even you verge lovers)
Link to top image: https://www.bleepingcomputer.com/news/cryptocurrency/hacker-uses-exploit-to-generate-verge-cryptocurrency-out-of-thin-air/
And the link to the Bitcoin talk forum post: https://bitcointalk.org/index.php?topic=3256693.0
Again, credit here goes to ocminer, giving all the details of the exploit , including showing everyone that lovely chat log.
I had all verge on exchange,and sold all at recent pump. :)
Smart man. If u do decide to buy back into it, make sure to rid of it for before the announcement day.
Ill buy back at next bigger crash,it will happen,sooner or later. :)
Congratulations! This post has been upvoted from the communal account, @minnowsupport, by mrbearbear from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews, and netuoso. The goal is to help Steemit grow by supporting Minnows. Please find us at the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.
If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP.
Be sure to leave at least 50SP undelegated on your account.