Buggy Verge crypto-cash gets hacked, devs go fork themselves, hard

The Verge cryptocurrency has seen its value drop by 25 per cent after hackers exploiting a bug in the alt-coin's software forced its developers to hit the reset button and hard-fork the currency.

Programmers on Wednesday confirmed that the fun-bux had been on the receiving end of a "small hash attack" that caused its value to drop from $0.07 to $0.05 per XVG. The developers claimed they had cleared up what was portrayed as a minor hiccup.

We had a small hash attack that lasted about 3 hours earlier this morning, it's been cleared up now. We will be implementing even more redundancy checks for things of this nature in the future! $XVG #vergefam

— vergecurrency (@vergecurrency) April 4, 2018

According to netizens observing the attack from the Bitcointalk forums, however, the shenanigans were anything but minor. Rather, bugs were present in the XVG code that allowed miscreants to mine blocks with bogus timestamps, messing up the currency's blockchain.

The programming blunders were leveraged by persons unknown to generate new blocks at a rate of roughly one per second. This, in turn, allowed the attackers to net an estimated $1m.

"Usually to successfully mine XVG blocks, every 'next' block must be of a different algorithm," explained forum poster OCminer, of the Suprnova Mining Pools. "So, for example, scrypt, then x17, then lyra, etc.

"Due to several bugs in the XVG code, you can exploit this feature by mining blocks with a spoofed timestamp. When you submit a mined block, as a malicious miner or pool, you simply set a false timestamp to this block one hour ago and XVG will then "think" the last block mined on that algorithm was one hour ago. Your next block, the subsequent block, will then have the correct time. And since it's already an hour ago – at least that is what the network thinks – it will allow this block to be added to the main chain as well."

OCminer added it was a 51 per attack, in which miscreants seize control of the majority of miners on a cryptocurrency's network.

We've asked the Verge currency team for comment on the matter, but have yet to hear back at the time of publication.

In addition to the attack, the handling of the aftermath is also drawing criticism. To remedy the issue, the developers hard forked XVG, effectively creating a new blockchain.

"The XVG team erroneously forked their entire network to 'undo' the exploited blocks, but this resulted in the entire network being unable to sync," noted cryptocurrency news site The Merkle.

"When the team was made aware of their mistake, they were able to re-sync the network, but still have not completely defeated the issue."

XVG is itself a fork of Dogecoin, funnily enough. ®