Hacker Uses Exploit To Generate Verge Cryptocurrency Out of Thin Air

An anonymous reader quotes a report from Bleeping Computer: An unknown attacker has exploited a bug in the Verge cryptocurrency network code to mine Verge coins at a very rapid pace and generate funds almost out of thin air. The Verge development team is preparing a hard-fork of the entire cryptocurrency code to fix the issue and revert the blockchain to a previous state before the attack to neutralize the hacker's gains. The attack took place yesterday, and initially users thought it was a over "51% attack," an attack where a malicious actor takes control over the more than half of the network nodes, giving himself the power to forge transactions. Nonetheless, users who later looked into the suspicious network activity eventually tracked down what happened, revealing that a mysterious attacker had mined Verge coins at a near impossible speed of 1,560 Verge coins (XVG) per second, the equivalent of $78/s. The malicious mining lasted only three hours, according to the Verge team. According to users who tracked the illegally mined funds on the Verge blockchain said the hacker appears to have made around 15.6 million Verge coins, which is around $780,000.

How is this an attack?

How is this an attack? Sounds like somebody smart figured out how to mine very quickly.

Blockchain Secuirty

So transactions in a blockchain are NOT secure and are NOT permanent. If a blockchain can be AND IS forked from a previous point in time, then doesn't that defeat all security and reliability in the blockchain currency?

Original "Fix"

More amusingly, this was the original attempt to fix it before deciding to fork

-static const int64 nMaxClockDrift = 2 * 60 * 60; // two hours
+static const int64 nMaxClockDrift = 2 * 15; // fifteen minutes

Because, yeah, 2 * 15 seconds is fifteen minutes.

They then had another go and just added "* 15" to increase the value, creating a weirdly obscure way to specify 7.5 minutes

+static const int64 nMaxClockDrift = 2 * 15 * 15;