Taking advantage of spoofing timestamps in blocks, attackers were able to accelerate mining in the Verge network and earned about 17 million XVG coins.

Anonymous cryptocurrency Verge (XVG), which became widely known after advertising on Twitter by John McAfee, the pioneer of cybersecurity, was attacked by intruders. Hackers took advantage of the vulnerability in the code of altcoin, shifting back the timestamp of a mined block. Thus, they were able to deceive the network, which uses five different algorithms for mining blocks. Those algorithms, Scrypt, X17, Lyra2rev2, myr-groestl and blake2s, need to rotate, making it less possible for any single miner or pool to control the Verge hashrate. By changing the timestamp, attackers were able to extract blocks on one Scrypt algorithm at a fast rate of one block per second.

At the same time, the network started to reject blocks extracted by other miners. Thus one fraudulent miner received more than 51% of hashrate of the Verge network.

According to the Verge supporters' estimates, the attackers managed to produce more than 10 thousand blocks, which, taking into account that the reward for one block is 1560 XVG, implies a profit of 15.6 million coins. Other users calculated that, by 5 April, the fraudulent miner extracted more than 12,000 blocks. Thus, he was able to earn 17 million XVG or $906,000 at the current rate (1 XVG = $0.05206).

The Verge team of developers did not recognize the scale of the problem and announced a "small hash attack" in their official twitter.


Within the last 24 hours, the rate of the cryptocurrency fell by 23.5%.