Miner – Network attack on Verge

Verge (XVG), had apparently suffered a network attack yesterday. The administrator of the Suprnova mining pool noticed the attack.

The discovery was published in a BitcoinTalk forum post in which he explained that the malicious Miner was able to exploit bugs in the redirection of XVG code. So the miner had an XVG block mined once per second within three hours.

Incorrect Bitcoin profit

Verge Mining is unique in that each XVG block is mined according to a different algorithm for Bitcoin profit. For example, one Bitcoin profit block is mined with Scrypt and the other with Blake etc.

The Verge protocol checks the previous block to confirm which algorithm was used. However, due to an error in the Verge code, the Miner could send blocks with incorrect timestamps. This allowed the Miner to trick the algorithm.

OC Miner announced a breakdown of all blocks that the miner could submit. They all followed each other, but had different timestamps. The block with the fake time stamp was immediately before a correctly clocked block. The result of this exploit was that the hacker could mine a block once per second.

There were also other miners who spoke of problems they had during this time window. OC Miner also linked a number of addresses that were used to pay out the mined coins.

Answer by Bitcoin revolution

When the message was delivered to the Bitcoin revolution developers, they initially claimed that there was nothing to correct according to onlinebetrug. After the clear demonstration of the attack, however, this was reversed via tweet:

We had a small hash attack that lasted about 3 hours earlier this morning, it’s been cleared up now. We will be implementing even more redundancy checks for things of this nature in the future! $XVG #vergefam

Of course, there were many in the XVG community who didn’t take the Bitcointalk contribution seriously. They replied with the usual statements like “FUD” and that someone is trying to spread lies to influence the market.

This is indeed regrettable, as the pool operator has actually helped. It detected the network attack at an early stage. It also gave the Verge developers helpful information to correct the bug.