Hacker attacked Verge Blockchain and steal $1.65 million in tokens

Ddos May 25, 2018 2 minutes read

A mysterious hacker exploited the security flaw of an existing patch in the Verge cryptocurrency source code and monopolized mining operations. In just a few hours, he was dug up to a value of $1.65 million in tokens.

The mysterious hackers discovered a security flaw around the original patch in the Verge cryptocurrency source code and changed the normal timestamp of the mining operation. As a result, other users who mining in a legal manner encountered operation delay or wasted power. All other legal blocks are invalidated, allowing only hackers to mine XVG tokens themselves, thereby monopolizing mining operations and quickly creating Verge tokens (XVG). The entire mine pool and miners are affected.

The hackers captured more than 3.5 million XVG tokens in a matter of hours and earned a total of 1.65 million U.S. dollars. The incident was very similar to another attack that occurred on April 5, 2018. Another unidentified hacker exploited similar loopholes to dig more than 15.6 million Verge tokens. At that time, the estimated value was $780,000.

After the advent of the April 2018 attacks, the Verge development team enhanced the overall cryptocurrency source code to address the deficiencies exploited by the attackers and to recover the period proceeds. However, according to several users who knew the Verge source code, the attacker pointed to a patch related to the hard bifurcation and then launched a similar attack.

A user from the BitcoinTalk forum (who had previously analyzed the April attack activity) pointed out that “Since nothing really was done about the previous attacks (only a band-aid), the attackers now simply use two algos to fork the chain for their own use and are gaining millions.”

it appears some mining pools are under ddos attack, and we are experiencing a delay in our blocks, we are working to resolve this.

— VergeCurrency $XVG | XVGETH (@vergecurrency) May 22, 2018

After figuring out what happened, the Verge development team immediately began writing the patch again and said that it would soon launch a new set of code. It is unclear whether the team has any plans to hard fork the source code of the cryptocurrency (as it did in April of this year) to reverse the impact of illegal mining activities.

Similar to the April 2018 situation, there has been no XVG token theft to user accounts. However, as a result of the attacks and the illegal emergence of a large number of new token news releases, a considerable portion of legitimate mining operations was considered invalid, and Verge token prices dropped by 10%.

Source: bleepingcomputer