Just Days After Pornhub Integration, Verge 51% Attacked for Millions (Again)
In the early hours of Tuesday May 22nd, an unknown actor began a 51 percent attack on the Verge network, utilizing a known vulnerability from a month prior. This vulnerability may be one of the largest mining-based thefts in crypto history, all on the heels of Pornhub’s Verge-based membership offering.
Subscribe to the Bitsonline YouTube channel for more great interviews featuring industry insiders & experts
Let’s Do the Time Warp (Again)
This attack isn’t a new one. In early April, a very similar attack was executed successfully on Verge. All an attacker has to do is spoof a time-stamp when submitting a block to mine arbitrarily quickly with limited hashpower. The developers have issued no less than 2 “fixes” for this vulnerability but both have proved wholly ineffective, because the underlying time verification code was never altered.
In the new version of the attack, the bad actor needs only switch algorithms (Verge accepts five for valid mining, for some reason) and by juggling the fake time-stamp between each, achieve the exact same effect.
The earliest exploited block from this new 51 percent attack seems to be 2,155,910. The official Verge block explorer has stopped reflecting the chain updates, but since the start of the attack, at least 51 thousand blocks have been mined.
Even with the recent reward halving, that’s around 223 BTC or $1.9 million USD at press time. (Only people running full verge nodes have the most current block height at present, so this number may well be much higher.)
Verge Mishandles The Fallout
The official line is that “mining pools are being DDOSed” – but there’s solid evidence otherwise. In addition, they’ve been hostile to the person that found the original attack, and shouted down his prediction that their band-aid fixes would not solve the vulnerability.
it appears some mining pools are under ddos attack, and we are experiencing a delay in our blocks, we are working to resolve this.
— vergecurrency (@vergecurrency) May 22, 2018
While we’ve reached out to Pornhub for comment on their stance on the attack as well as the Verge team’s handling of the issue, they had not elected to comment at press time.
Only time will tell what this means for the partnership between the streaming service and cryptocurrency, but the nature of the attack suggests negligence or incompetence that raise other serious questions about the coin’s value and long-term viability.
Do you consider Verge to be stable and trustworthy? Let us know in the comments.
Images via Verge, Pixabay