VERGE: NEW HACKING ATTACK WITH MILLION DOLLARS TO BE THEFT
Within two months, Verge seems to have been hacked with hackers to steal a substantial amount of XVG.
The recent attack is similar to that of April. It lasted a few hours, but it cost 35 million XVG worth more than $1.78 million according to CryptoCompare.
Bitcointalk.org user Ocminer – Supernova mining pools’ admin – the same user that highlighted the previous attack, the new one exploited exactly the same glitch. Only this time far more tokens were stolen.
Last month, Ocminer elaborated that weaknesses in Verge’s code allow for such hacks:
“Usually to successfully mine XVG blocks, every “next” block must be of a different algo. So, for example, scrypt, then x17, then lyra etc. Due to several bugs in the XVG code, you can exploit this feature by mining blocks with a spoofed timestamp. When you submit a mined block (as a malicious miner or pool) you simply set a false timestamp to this block one hour ago and XVG will then “think” the last block mined on that algo was one-hour ago… Your next block, the subsequent block will then have the correct time… And since it’s already an hour ago (at least that is what the network thinks) it will allow this block to be added to the main chain as well.”
By this way, malicious users were able to mine thousands of blocks within seconds and consequently earn thousands of XVG (now millions of them) in a very short-term period.
Verge, in response to the attack of April, implemented a hard-fork designed to fix the flaw on April 4.
Notably, Reddit users, at the time, argue that the taken measures did not eradicate the vulnerability.
At press time, Verge seems not to have “measure” the scale or the nature of the attack. Instead, they have attributed it to DDoS (Distributed Denial of Service attack) against some XVG mining pools.
According to Cloudflare, a DDoS is:
“A malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like a traffic jam clogging up with a highway, preventing regular traffic from arriving at its desired destination.”