Verge logo

A hacker found a way around a previous patch in the Verge cryptocurrency source code and took advantage of the flaw to monopolize mining operations and create Verge coins (XVG) at a rapid pace.

The attack took place on Tuesday, May 22 [1, 2, 3], and lasted only for a few hours. During this interval, the hacker used an exploit to alter normal timestamps of mining operations and allow himself to mine XVG coins to the detriment of other users who had their legitimate mining operations delayed or wasted.

Hacker made over $1.65 million

Users who looked into the attack's aftermath believe the hacker mined over 35 million XVG coins in just a few hours for a profit of $1.65 million.

The incident is eerily similar to another attack that took place on April 5, when another unidentified hacker exploited a similar flaw to mine over 15.6 million Verge coins, estimated at $780,000, at the time.

Hacker bypassed previous patches

Following the April attack, the Verge development team hard-forked the entire cryptocurrency's source code to patch the flaw exploited by the attacker and reverse his gains.

But according to several users knowledgeable of the Verge source code, the attacker found a way around the hard-fork's patch and launched a similar attack.

"Since nothing really was done about the previous attacks (only a band-aid), the attackers now simply use two algos to fork the chain for their own use and are gaining millions," said a user on the BitcoinTalk forums, the same one who analyzed the April attack.

The Verge dev team didn't appear to recognize the attack, in the beginning, calling it a DDoS on mining pools.

Nonetheless, once it became clear what was going on, developers started working on a patch once more. It is unclear if the Verge team plans to hard-fork the cryptocurrency's source code to reverse the effects of the illegal mining like it did in April.

Just like in April, no XVG coins were stolen from users' accounts, but the attack did invalidate legitimate mining operations and crashed Verge's price by 10% due to news about the attack and the creation of a large pot of new coins.

Related Articles:

Make-A-Wish Website Compromised for Cryptojacking Operation

Microsoft December 2018 Patch Tuesday Fixes Actively Used Zero-Day Vulnerability

Apple Fixes Passcode Bypass, RCE Vulnerabilities, and More in Today's Updates.

Adobe Flash Player Update Released for Remote Code Execution Vulnerability

UK's NCSC Explains How They Handle Discovered Vulnerabilities