Verge (XVG) Hacked; Developers Accidentally Hard Fork in Response
Altcoin Verge (XVG) was yesterday subjected to a network attack with $1 million believed to have been stolen. Responding to the problem, Verge developers’ proposed “fix” turned out to be an accidental hard fork and needed to be rolled back.
The attack was first raised on the BitcoinTalk forums by user “ocminer”, described by another forum member as a “*highly* respected member of the mining community”.
“There’s currently a >51% attack going on”, ocminer said, “which exploits a bug in retargeting in the XVG code”. These bugs in the the XVG code allow the possibility of “mining blocks with a spoofed timestamp”. Taking advantage of the bug meant that the “hacker is mining one block per second”. The attack appeared to stop as soon as ocminer’s original post was published.
As usual with any bad news in the crypto-world, some cried “FUD”. Ocminer said he was surprised “how much insults I receive” and pointed out that “it’s not my fault and I didn’t do the hack, I just posted evidence about it”. He added that he felt sorry for investors but said that “it’s still fixable.. blacklist the addresses, notice the exchanges and fix the code, update all nodes”.
However, it appears that Verge’s attempt at a fix caused problems of its own. Dogedarkdev (i.e. Verge’s lead developer “Sunerok”) announced on the forums, “yep.. we pushed a quick fix and most pools have already updated.. we’re already working on a whole new block verification process”. However, forum members soon pointed out that the “quick fix” was in reality an accidental hard fork.
Ocminer was again at the heart of this, informing Verge’s developers that the “blockchain snapshot is not valid anymore, the wallet’s won’t sync up from scratch anymore and the current chain is simply not usable anymore with that new “fix”. Once confirmed by other users Dogedarkdev said that “we removed that [i.e. the “fix”], and we’re doing a full fork update with extra block verifications”. That fork is expected today.
The attack was described by Verge as “a small hash attack that lasted about 3 hours” and said that “it’s been cleared up now”.
We had a small hash attack that lasted about 3 hours earlier this morning, it’s been cleared up now. We will be implementing even more redundancy checks for things of this nature in the future! $XVG #vergefam
— vergecurrency (@vergecurrency) 4 April 2018
This was not how many in the community saw it, with one user, variable42, “translating” the tweet as “due to our own incompetency, we never implemented a very basic check in the code. But we’ll spin the situation to make it seem like this is a positive thing for the network”.
Image From Shutterstock