Cryptocurrency Verge (XVG) was the victim of another attack, and in both cases the attacker has used almost identical tactics.
Verge is a privacy-oriented coin, who became famous after website pornhub.com started taking it as a method of payment. In April of this year, the cryptocurrency Protocol was hacked, the result of which was generated coins Verge on the millions of dollars that an attacker successfully translated itself as a reward.
The new attack was almost identical and use the same malicious code. It is worth noting that the Verge has three characteristics that increase the risk of using this exploit:
Verge uses an algorithm adjusting the difficulty of Dark Gravity Wave. It adjusts the difficulty of mining Verge for each block. For comparison, Bitcoin adjusts its difficulty every 2016 blocks.
Verge uses multiple hashing algorithms, dividing the security between them, depending on the share of hash rate yet.
Verge admits putting incorrect time stamps, since to get the correct timestamps in a decentralized system is difficult, and providing miners with certain exceptions helps to mitigate the situation.
During the first attack, the attacker sends a number of blocks with incorrect timestamps, so the system has received information that the blocks do not come in the same time. As a consequence, the algorithm repeatedly lowered the difficulty (about 99.999999%). After that, because hash rate Verge was divided among the five algorithms, the attacker was relatively easy to attack 51% with one of these algorithms, sending all mined coins to yourself as a reward.
The main difference of the new attack was that this time the criminal attacked two mining algorithm — Scrypt, and Lyra2re. Apparently, so he managed to bypass the team’s Verge the security patch. As a result, the attacker managed to get XVG equivalent of about $ 1.5 million.
Yesterday’s attack, as well as the first, demonstrates the value of already-proven code of Bitcoin. The attacks have been many exchanges and the owners of the cryptocurrency in the Bitcoin Protocol had not been subjected to hacking for seven years, despite the highest industry capitalization of the top cryptocurrencies.
Algorithm Dark Gravity Wave and some other innovations were developed to solve several specific issues. But in the end they led to the emergence of a much more serious problem. Many members of the community are questioning the effectiveness of team Verge updates, comparing them with the «band-aid».