According to data published on BitcoinTalk by forum user ocminer — operator of altcoin mining pool Suprnova — an attacker appears to have successfully forked the Verge blockchain through a 51 percent attack. To accomplish this, the attacker manipulated a bug in the Verge code that allows malicious miners to set false timestamps on blocks and then rapidly mine new ones in quick succession.
— supr nova *no giveaways* (@SuprnovaPools) May 22, 2018
The Verge protocol uses a rotation of five mining algorithms, and an image supplied by ocminer suggests that the attacker gained control of two of them — scrypt and lyra2re — mined them at virtually no difficulty, and used false timestamps to trick the network into accepting them into the main chain.
The attack appears to have been carried out between blocks 2155850 and 2206272, enabling the attacker to abscond with approximately 35 million XVG — worth $1.75 million at the current exchange rate — in just a few hours. The attack had subsided by the time of writing, though there does not appear to be anything that would prevent an attacker from resuming it again in the future.
The response from Verge’s developers, meanwhile, has been less from reassuring. The project acknowledged a mining-related issue in a Monday afternoon tweet but attributed it to a DDoS attack directed at several XVG mining pools. The account has not tweeted since…