Anonymity-focused cryptocurrency Verge (XVG) lost 25% of an apparent hack attack which took place on 4th of April.
Notably, the verge chain was attacked with the hacker reportedly making off with $1 million-worth of tokens. The issue was first brought to notice by a user named “ocminer” on the Bitcoin Talk forum.
The verge team acknowledged the attack via Twitter in the afternoon Wednesday, while its primary developer, “DogeDarkDev,” tried to calm market nerves by stating that the team has pushed out a “quick fix” and the team is working on “a whole new block verification process”.
However, the quick fix turned out to be a hard fork, as pointed out by ocminer. That didn’t go down well with the investor community, which called for a rollback to cancel the coins mined during the hack. The developers rejected that idea, however, and attempted to downplay the whole episode by calling it a “small attack.” The team is scheduled to release the full fork update today.
Amid the melee, XVG witnessed solid two-way business.
According to various press and social media sources, including Verge developer known as Sunerok, a bug allowed manipulation of block mining timestamps. This created the potential for illegitimate coins to appear from nowhere.
“There’s currently a >51% attack going on on XVG which exploits a bug in retargeting in the XVG code,” Suprnova mining pool’s OCminer reported on Bitcointalk.
“Due to several bugs in the XVG code, you can exploit this feature by mining blocks with a spoofed timestamp. When you submit a mined block (as a malicious miner or pool) you simply set a false timestamp to this block one hour ago and XVG will then “think” the last block mined on that also was one hour ago.”
The debacle comes just three weeks after John McAfee-endorsed Verge lost control of its Twitter account to hackers, with funds reportedly not being at risk.
Following the fresh bug reports, however, Sunerok appeared to adopt a laissez faire attitude to fixing them, pushing through an accidental hard fork.
“You guys are aware that the ‘fix’ you pushed actually IS a hardfork? So your blockchain snapshot is not valid anymore, the wallet’s won’t sync up from scratch anymore and the current chain is simply not usable anymore with that new ‘fix’?” OCminer continued.
Analysis by Suprnova suggested the hack stopped April 5. “I skimmed the logs and saw the attacker started the new attack at around block 2014060 and stopped just now at block 2026196,” OCminer wrote in a further post.