Hackers have successfully executed attacks on three cyrptocurrency blockchains in the past week.
Verge, Bitcoin Gold and MonaCoin were all robbed of coins in the attacks.
The network of a purported privacy coin called Verge was successfully hijacked last weekend when hackers hijacked the network and mined blocks at very low difficulty. Attackers were able to mine blocks in very quick succession and reap the resulting block rewards.
The price of Verge spiked briefly in April after the coin announced it had been added as a payment method at the popular porn site PornHub.
Critics, however, have expressed serious doubts about Verge’s coding and true privacy levels. One anonymous critic in January posted a list of supposedly exposed Verge transaction addresses.
If it's a public blockchain then it's not a privacy-focused currency. The one is the antithesis of the other.
— Riccardo Spagni (@fluffypony) August 5, 2017
Members of the Verge community called the website listing exposed addresses, ‘fake news.’ Verge founder, Justin Valo told Coindesk that the addresses, “are just locations of Tor relay nodes…None of those are our actual users’ home IP addresses.”
When the PornHub partnership was announced, a researcher for rival privacy coin Monero told CoinDesk, “I don’t view their deal with Pornhub as any endorsement or indication of their technical value. It just indicates that you can make a deal with Pornhub if you pay millions of dollars.”
Verge has downplayed the significance of the attack on Twitter. For about 40 hours after news of the attack became public, the company issued just a single tweet stating that the hack was a mere “ddos attack” on miners.
Yesterday around noon, a marketer tweeted to the “Verge Family” that the attack was short-lived and a matter of growing pains. “The whole attack only lasted for 6 hours and a patch is already on its way. Resolving this issue will only make #Verge and our network stronger!”
#VergeFam Verge was under attack 2 days ago. The whole attack only lasted for 6 hours and a patch is already on its way. Resolving this issue will only make #Verge and our network stronger! Stay updated, follow @vergecurrency
— Arend (XVG Marketing) (@Arend_XVG) May 23, 2018
CCN covered technical details of the attack and posted a tweet from @SuprnovaPools about the extent of the attack.
— supr nova *no giveaways* (@SuprnovaPools) May 22, 2018
This attack follows another of the same nature endured by the Verge network in early April in which 250,000 coins were stolen.
Coinswitch has reported that 35 million Verge coins, worth about $1.7 million, were stolen in this latest hack.
Bitcoin Gold, a coin generated as a hard fork of Bitcoin to supposedly resist mining centralization, was hit with a significant “double spend” attack around May 16th.
“To execute the attack, the miner acquired at least 51 percent of the network’s total hashpower, which provided them with temporary control of the blockchain. Obtaining this much hashpower is incredibly expensive — even on a smaller network like bitcoin gold — but it can be monetized by using it in tandem with a double spend attack,” wrote CCN writer Josiah Wilmoth.
As the attack took place, the attacker began depositing stolen BTG back and forth between exchanges and a “hot” (or online) wallet controlled by the attacker. The hacker passed the coins through exchanges by depositing and then quickly withdrawing again while using his or her control of the network to “reverse” earlier transactions and deposit them same coins again at an exchange.
The wallet address associated with the attack reportedly received over 388,000 BTG, coins that could conceivably be sold for around $18 million.
Bitcoin Gold tweeted about the attack May 16th and linked to a blog post where they urged exchanges to up the number of confirmations they require to process coins.
An unknown party accessing large amounts of hashpower is using "51% attacks" to perform "double spend" attacks on Exchanges. We have been advising all exchanges to increase their confirmations requirement and to review large deposits. https://t.co/1PAQ1BKM2A
— Bitcoin Gold [BTG] (@bitcoingold) May 18, 2018
Finally, Japanese cryptocurrency MonaCoin reportedly suffered an attack last week in which a “selfish miner” managed to co-opt mining on the MonaCoin blockchain by secretly establishing a longer chain.
“As is standard in most blockchain protocols, the chain with more blocks is considered by the mining network to be the correct chain…when the secret miner makes their longer chain public, it invalidates any and all of the blocks discovered by other miners during the time the secret chain was hidden,” writes Coinswitch.
All three of the recently attacked coins use the same energy-intensive system of network processing that Bitcoin does, a system called proof-of-work. Some critics of proof-of-work have used the attacks to cast doubt on that system.
Yesterday, however, prominent Bitcoin developer Jimmy Song blamed the attack not on proof-of-work, but on the fact that Verge code allows adjustments to mining difficulty on its network and too frequently uses five different algorithms. (Difficulty-adjusting algorithms modulate competition in mining networks.) Bitcoin adjusts its mining difficulty only every two weeks.
Hackers were able hijack the algorithm with the lowest difficulty and essentially print Verge rapidly for themselves.
Song said that attacks like these are a result of incompetent building. “This is why you don’t role you own crypto, kids…You get into edge cases like these that you don’t handle very well.”
[clickToTweet tweet=”‘This is why you don’t role you own crypto, kids…You get into edge cases like these that you don’t handle very well.'” quote=”‘This is why you don’t role you own crypto, kids…You get into edge cases like these that you don’t handle very well.'”]