Verge suffers a new 51% attack

Verge Hack: Verge has been experiencing a series of difficulties that have further divided the user community between haters and hodlers. The security flaws have become more evident than ever. This problem along with an unorganized development team has led the crypto to a questionable position within the crypto sphere.

Previously known as Dogecoin Dark, Verge became famous after being recommended by John McAfee as an altcoin with excellent growth potential.

However, after the hype, its price went on a really bearish trend, leading many to believe that it would be possible to try a Pump and Dump. The unfulfilled promises to implement the Wraith protocol [protocol that allows users to choose whether they want anonymous or transparent transactions] generated strong dissatisfaction in the community.

Despite the problems, developments have continued, and the community has remained united. The last hard fork was intended to solve some security problems that had been detected. This led to a further increase in the market cap of the crypto.

Verge Hack

However, a new hack put Verge on the news. Apparently, a possible 51% attack would have been carried out, something that was denied by important personalities within the Verge ecosystem, clarifying that it was a DDoS attack.

A few hours ago, Charlie Lee, creator of Litecoin and known for being an XVG skeptical, announced that somebody was carrying out a 51% attack on the network.

Mr. Lee Attached an article explaining the Verge hack modus operandi. The explanation is so well compiled that it seems even “easy” because of how simple it looks:

According to the article, it is important to know that it is not possible to carry a real mark of all the existing blocks in a blockchain because the data is not transmitted instantly between nodes, for this reason, networks allow some disagreements between nodes with blocks whose timestamp does not exceed a specific time. For XVG the time span is 2 hours.

The hacker saw this feature [adopted to facilitate the behavior of the currency] as a vulnerability to exploit. The method used is quite interesting:

“And hence the problem: if enough faulty timestamps are getting created, all bets are off. And this is what the hacker did — examining the blockchain data reveals that throughout the duration of the hack(s), every other block was submitted with a timestamp roughly one hour before the present time, tragically confusing the protocol’s mining adjustment algorithm. If the protocol were sentient and fluent in English, it would be saying something like “Oh no! Not enough blocks have been submitted recently! Mining must be too difficult — let’s make it easier!” Since timestamps were continuously being spoofed, the protocol continuously lowered the difficulty, until mining got laughably easy. To give a general idea, the average difficulty in the hours before the initial attack was 1393093.39131, while during the attack, it got as low as 0.00024414, a decrease in difficulty of over 99.999999%. Lower difficulty in submitting a block means more blocks get submitted— in this case, roughly a block every second.”

The hacking method provided the characteristics of a 51% attack despite controlling far less hash power than required:

“Or, put another way, no matter the difficulty, a single attacker would still need 51% of the mining power to dominate the network, which is just as hard as it was to do before the attack.”

>>IOTA News: IOTA Signs MoU with UNOPS

However, this hacker did indeed take over the entire network and was able to do so with far less than 51% of the hash-rate. What enabled them to do this is the second component of this exploit, which has to do with Verge’s use of multiple mining algorithms.

Verge uses five consensus algorithms to avoid centralization. Each algorithm has its own difficulty. The hacker did not attack ALL the algorithms but only the one they were interested in (Scrypt):

“What this means is that our timestamp forger didn’t actually lower the difficulty of mining for the whole network; he only lowered it for those mining with one of the five algorithms — Scrypt, it turns out. So while the Scrypt miners now all enjoy comically easy mining difficulty, the miners utilizing the other four algos are stuck having to work just as hard as before, rendering all of their hash-power effectively useless for securing the network. Crucially, this meant that the attacker only had to mine with the Scrypt algorithm and only had to compete against the others doing the same; thus, required hash-power for our attacker to dominate goes from over 50% (dominating the whole network) to over just 10% (dominating the other Scrypt miners).”

Other analysts calculate the actual hashing needed by the hacker to be 0.4% instead of +51%

So far, Verge’s team has not made any official announcements regarding the Verge hack. They only issued a response to Charlie Lee’s tweet, complaining about Bashing XVG:

Featured Image: twitter

Related posts

Leave a Comment