//Verge (XVG) Mining Exploit Attack Megathread

Verge (XVG) Mining Exploit Attack Megathread

To reduce the multitude of posts on this topic, this megathread will take their place and include existing information and any further updates.SummaryOn April 4th, suprnova mining pool operator ocminer posted this thread notifying the crypto community and verge team that the attack had happened and how it worked.There’s currently a >51% attack going on on XVG which exploits a bug in retargeting in the XVG code.Usually to successfully mine XVG blocks, every “next” block must be of a different algo.. so for example scrypt,then x17, then lyra etc.Due to several bugs in the XVG code, you can exploit this feature by mining blocks with a spoofed timestamp. When you submit a mined block (as a malicious miner or pool) you simply set a false timestamp to this block one hour ago and XVG will then “think” the last block mined on that algo was one hour ago.. Your next block, the subsequent block will then have the correct time.. And since it’s already an hour ago (at least that is what the network thinks) it will allow this block to be added to the main chain as well.This attack given the malicious miner almost 99% of the effective hashrate, giving them the ability to perform a 51% attack and rapidly collect block rewards from thousands of blocks. In response, some exchanges have disabled deposits and some pools have disabled Verge support as they cannot currently compete.The Verge development team has said they will not rollback the chain, and has pushed an attempted fix that has been controversial about whether it will work and what unintended consequences it may have.Prior popular /r/cryptocurrency posts(Initial post): Network Attack on XVG / VERGE. Hacker mined a block every second for the past 13 hoursXVG Still Being Exploited After “Fix” By Dev (Check Block Times)What any XVG investor must see – ocminer about the recent attack, developer incompetence and hostility towards the one who reported the flawWow… XVG can go from “undisputed coin of the year” and “most trusted” (likely shilled posts, of course) to hacked apart inside of the same week. Gotta love the cryptocurrency roller coaster.Verge Is Forced to Fork After Suffering a 51% AttackTurns out the Verge fiasco is worse than thought. Devs now having to issue new wallets having accidentally hardforked their own currency trying to fix the attack. Popcorn, salt and GODL overflowingVerge holders burying their head in the sand… what has crypto become; seriously?Other resourceshttps://themerkle.com/price-of-verge-holds-above-0-50-despite-major-attack/https://ift.tt/2q3egfq

To reduce the multitude of posts on this topic, this megathread will take their place and include existing information and any further updates.

Summary

On April 4th, suprnova mining pool operator ocminer posted this thread notifying the crypto community and verge team that the attack had happened and how it worked.

There's currently a >51% attack going on on XVG which exploits a bug in retargeting in the XVG code.

Usually to successfully mine XVG blocks, every "next" block must be of a different algo.. so for example scrypt,then x17, then lyra etc.

Due to several bugs in the XVG code, you can exploit this feature by mining blocks with a spoofed timestamp. When you submit a mined block (as a malicious miner or pool) you simply set a false timestamp to this block one hour ago and XVG will then "think" the last block mined on that algo was one hour ago.. Your next block, the subsequent block will then have the correct time.. And since it's already an hour ago (at least that is what the network thinks) it will allow this block to be added to the main chain as well.

This attack given the malicious miner almost 99% of the effective hashrate, giving them the ability to perform a 51% attack and rapidly collect block rewards from thousands of blocks. In response, some exchanges have disabled deposits and some pools have disabled Verge support as they cannot currently compete.

The Verge development team has said they will not rollback the chain, and has pushed an attempted fix that has been controversial about whether it will work and what unintended consequences it may have.


Prior popular /r/cryptocurrency posts

Other resources