The altcoin Verge (XVG) has been under attack for an unclear amount of time since April 4 following ‘multiple’ exploits found in its blockchain. These exploits, strung together, allowed a hacker to control the hashrate and trick the system into issuing thousands of newly mined XVG. The entire affair reflects poorly on the coin's prospects, but even worse for the development team. The Verge developers have appeared to have little understanding into the severity of this issue, or the consequences of the fixes they’ve implemented.
How has the Verge development team responded to the hack? By implementing an ‘accidental’ hard fork in its blockchain. It’s a bit of a comedy of errors. Hackers will always look to find exploits in code, and it’s unreasonable to assume any development team is invincible. But, it’s the way the Verge development team has handled itself that will leave seasoned investors hesitant to back the coin in a long position.
The exploit gives a hacker acting as a miner almost 99% capacity of the hashrate, allowing them to perform a ‘51% attack’ and collect freshly generated rewards from +1000s of blocks. Some exchanges disabled deposits and some mining pools have disabled Verge as they're unable to effectively compete with the a malicious miner.
Verge’s rough time began a few weeks ago when the team lost control of their Twitter account to hackers about three weeks ago. It doesn’t instill confidence whenever security issues are present. But it can happen to anyone. The beauty of blockchain technology, though, is that it is incredibly difficult to hack: you’d somehow need have a controlling stake in the mining nodes.
Hackers have always targeted cryptocurrency, but generally from a end user point. This exploit takes advantage of this fact and 'creates' a 'controlling stake'. The attack utilizes several vulnerabilities in Verge’s blockchain to make off with vast quantities of crypto from freshly mined blocks, essentially creating the cryptocurrency out of thin air without spending any mining power or waiting for any actual transactions.
The attack increased Verge’s transaction volume significantly, exceeding $350M USD in 24 hour trading volume, but this is a boosted number as a direct result of the hack which began April 4, and lasted about a day (as advised by the development team). However, Reddit users have examined the blockchain to show that the exploit continued after the Verge development team claimed this vulnerability fixed.
'Quick fix' results in unintentional hard fork
The development team claim to have resolved the issue through a "quick fix" which inadvertently hard forked the Verge blockchain. However, the team did not realize this was the case until it was pointed out to them and the community at large by Bitcointalk memeber Ocminer. Ocminer advised that a hard fork was the result of their ‘fix’ implementation, and it appears as though from this point, the communication with the community from the developers changed accordingly to downplay the exposure.
Throughout, the Verge team have had their ‘public relations’ faces on, going as far as publicly stating they were ‘kind of glad this happened’ as the hack ‘wasn’t as bad as it could have been’. They advised that they would not ‘roll back’ the blockchain, opting for the hard fork, but they don’t necessarily know the consequences of this method.
Serious doubts are cast on the core development team as a result of the actions leading up to and surrounding the hack. Considering Verge's surprising recovery following the 25% dip as a result of the news, the charts do not reflect this sentiment. What is in store for the long-term however, is not looking positive.
It’s possible this, in combination with past displays of incompetence, will eventually lead the cryptocurrency to fall into dreaded 'altcoin obscurity'. Hacks happen, and cryptocurrency developers come up with solutions, however the problem here, and what makes this situation worst, is that the attack exposed not only holes in Verge's blockchain, but holes in the leadership team. In a system where trust isn’t required because we lean on good cryptography, we need to believe there is good people managing the system to keep it all afloat. It’s easy to now say that isn’t the case with Verge.
Featured image from Shutterstock
Never miss a thing and suscribe to our newsletter.
Con’s a writer. His education background is law, where he’s published in law journals on the legal issues of crypto-currency. His opinion editorials tend to focus the relationship between people and technology, as well as the societal challenges technology can present. He’s consulted for non-profit privacy and digital rights groups, aiding governmental submissions. His passion is for information security, technology and the intertwining legal issues.