Hacker Uses Exploit To Generate Verge Cryptocurrency Out of Thin Air

An anonymous reader quotes a report from Bleeping Computer: An unknown attacker has exploited a bug in the Verge cryptocurrency network code to mine Verge coins at a very rapid pace and generate funds almost out of thin air. The Verge development team is preparing a hard-fork of the entire cryptocurrency code to fix the issue and revert the blockchain to a previous state before the attack to neutralize the hacker's gains. The attack took place yesterday, and initially users thought it was a over "51% attack," an attack where a malicious actor takes control over the more than half of the network nodes, giving himself the power to forge transactions. Nonetheless, users who later looked into the suspicious network activity eventually tracked down what happened, revealing that a mysterious attacker had mined Verge coins at a near impossible speed of 1,560 Verge coins (XVG) per second, the equivalent of $78/s. The malicious mining lasted only three hours, according to the Verge team. According to users who tracked the illegally mined funds on the Verge blockchain said the hacker appears to have made around 15.6 million Verge coins, which is around $780,000.

Generate Verge Cryptocurrency Out of Thin Air

[tomxor]

... That is the general idea.

How is this an attack?

How is this an attack? Sounds like somebody smart figured out how to mine very quickly.

Re:Generate Cryptocurrency out of thin air?

[Kaenneth]

air thick with pollution from wasted energy.

Greed fail

If the attacker would have created coins at a reasonable rate the attack may have never been detected.

Re:Greed fail

[bobbied]

Yea, crooks are usually more greedy than they are smart. Bright enough to figure out how to do this, not smart enough to make it pay very long. Actually, if you think about it, the inability to delay gratification is likely one of the key traits that makes one inclined to cheat so that makes sense.

Despite what you see on the Crime shows on TV, most petty criminals get caught because they are stupid, at least according to my brother in law who's been a cop for 25 years. He says that detectives really just follow the obvious trail of stupid stuff to the usual suspects, who then confess to the crime before they can get the handcuffs on.

He should've been less greedy

[davidwr]

If he'd kept the mining down to a high-but-not-suspicious level he could've mined for weeks and sold his Verge for USD nd walked away with tens or hundreds of thousands of dollars by summer and maybe millions by Christmas.

Hmm, maybe he or one of is buddies did and this is his way of "shutting the whole exploit down."

We will probably never know.

Blockchain Secuirty

So transactions in a blockchain are NOT secure and are NOT permanent. If a blockchain can be AND IS forked from a previous point in time, then doesn't that defeat all security and reliability in the blockchain currency?

Re: Blockchain Secuirty

[reanjr]

You're statement is probably accurate for pretty much all alt coins. But not BTC. The BTC network's entire value prop is an immutable ledger. They don't need to pander to people who lose money like all the altcoins do.

Legit transactions

[enriquevagu]

The Verge development team is preparing a hard-fork of the entire cryptocurrency code to fix the issue and revert the blockchain to a previous state before the attack to neutralize the hacker's gains.

And to neutralize all the legit (if any) transactions, by the way, creating money out of thin air for those that spent it, and destroying it for those that received it.

Remember this if you are investing real money in Bitcoin, or any other well-known cryptocurrency: Some few people have the power to revert all operations back and make your money vanish, as proven here.

Illegal or just following the protocol?

[Nkwe]

According to users who tracked the illegally mined funds on the Verge blockchain...

Is not what is "legal" for a blockchain what the majority of nodes maintaining the chain say is legal? If someone broadcast a "weird" transaction on the network but all of the other nodes accepted it and agreed to include it in the blockchain, isn't by definition the transaction done and considered "legal" by the network? After all the rules of the network are what the network says they are; without this concept it wouldn't really be a non centralized, distributed system.

Are the coin's valid?

[rsilvergun]

because if so, what difference does it make how they're mined? And if not, shouldn't you be able to stop the invalid coins?

Generate Verge Cryptocurrency Out of Thin Air

[kenh]

Which cryptocurrency isn't generated out of "Thin Air"?

Just like all crypto-currency

[Required+Snark]

It all comes out of thin air.

The nominal value of crypto-currency is a consensual agreement among it's users. The technology is the hand waving part that gives a pseudo-rationality to the shared delusion. At the point that enough people doubt the value it ceases to exist.

Nations that maintain currencies have resources to manage currency: courts, law enforcement, armies, laws, taxes, international agreements, the world wide banking system. And even with all that it's not always possible to keep things from going haywire.

Crypto-currency is dependent on a rule of law maintained by the same entities that are responsible for regular currency. It is intrinsically less secure then regular traditional money.

And you can take that to the bank.

Original "Fix"

More amusingly, this was the original attempt to fix it before deciding to fork

-static const int64 nMaxClockDrift = 2 * 60 * 60; // two hours
+static const int64 nMaxClockDrift = 2 * 15; // fifteen minutes

Because, yeah, 2 * 15 seconds is fifteen minutes.

They then had another go and just added "* 15" to increase the value, creating a weirdly obscure way to specify 7.5 minutes

+static const int64 nMaxClockDrift = 2 * 15 * 15;