A hacker found a way around a previous patch in the Verge cryptocurrency source code and took advantage of the flaw to monopolize mining operations and create Verge coins (XVG) at a rapid pace.
The attack took place on Tuesday, May 22 [1, 2, 3], and lasted only for a few hours. During this interval, the hacker used an exploit to alter normal timestamps of mining operations and allow himself to mine XVG coins to the detriment of other users who had their legitimate mining operations delayed or wasted.
Users who looked into the attack's aftermath believe the hacker mined over 35 million XVG coins in just a few hours for a profit of $1.65 million.
The incident is eerily similar to another attack that took place on April 5, when another unidentified hacker exploited a similar flaw to mine over 15.6 million Verge coins, estimated at $780,000, at the time.
Following the April attack, the Verge development team hard-forked the entire cryptocurrency's source code to patch the flaw exploited by the attacker and reverse his gains.
But according to several users knowledgeable of the Verge source code, the attacker found a way around the hard-fork's patch and launched a similar attack.
"Since nothing really was done about the previous attacks (only a band-aid), the attackers now simply use two algos to fork the chain for their own use and are gaining millions," said a user on the BitcoinTalk forums, the same one who analyzed the April attack.
The Verge dev team didn't appear to recognize the attack, in the beginning, calling it a DDoS on mining pools.
it appears some mining pools are under ddos attack, and we are experiencing a delay in our blocks, we are working to resolve this.— vergecurrency (@vergecurrency) May 22, 2018
Nonetheless, once it became clear what was going on, developers started working on a patch once more. It is unclear if the Verge team plans to hard-fork the cryptocurrency's source code to reverse the effects of the illegal mining like it did in April.
Small update about the 51% attack today. Developer is working on a patch. But something more awsome to look forward to is we will have a complete new codebase soon!!#xvg #verge @Xvghodlgroup #Vergecurrency #wow pic.twitter.com/grEIiv1o1M— AkashiroNL (@Akashiro_NL) May 22, 2018
Just like in April, no XVG coins were stolen from users' accounts, but the attack did invalidate legitimate mining operations and crashed Verge's price by 10% due to news about the attack and the creation of a large pot of new coins.