It appears Verge has suffered another hack, barely one month after the previous attack. According to reports filtering in on online crypto forums, the attackers seem to be using pretty much the same tactics at the last time.
Instead of one algorithm, the hacker used two algorithms to fork the main Verge chain, claiming all the block rewards and earning millions of XVG tokens in the process. Ocminer pointed out the exploit when it was used by hackers last month.
As seen in the image above, both the scrypt and lyra2re algorithms were set to the same infinitesimal difficulty level.
Each one was used interchangeably to manipulate transaction blocks time-stamps, enabling the hacker to essentially “manufacture” 25 blocks per minute which amount to 18,250 XVG ($950) per minute. According to Reddit user u/Flenst, the attack appears to be over. The third edit on Flenst’s post reads:
It seems the attack is over, 35.000.000 XVG were generated in a few hours. But this also means there is still no fix, and this is possible at any time again. Meanwhile, the only official info out there is ‘mining pools are DDoS’d’.
Verge Appears to Have no Answers to its 51% Hacking Problem
With today’s hack coming firmly on the heels on the previous hack, the question remains, “is Verge secure?” When Ocminer alerted the crypto community to last month’s hack, the Verge development initially tried to dismiss the claims.
They later put up a statement on Twitter acknowledging the hack but called it a “small hash attack.” As at the time of writing this article, the only response from Verge is a tweet saying that some mining pools are under DDoS attack.
The prevailing narrative at the moment is that Verge didn’t solve the problems with its network. The fact that hackers can use essentially the same exploit protocols to initiate a 51% attack is cause for worry for many XVG enthusiasts.