Cryptocurrency service Verge has suffered another cyberattack - the second one targeting the firm’s blockchain in two months. Hackers managed to exploit an old flaw in Verge’s blockchain and mine multiple blocks one second apart to create Verge cryptocoins at a rapid pace. During the attack that lasted a few hours, the attacker managed to mine over 35 million XVGs (worth about $1.7 million).
The hacker appeared to have exploited the flaw to alter normal timestamps of mining operations allowing him to have 51% mining capacity over the entire blockchain network and mine XVG coins by delaying or wasting other legitimate mining operations.
Verge initially downplayed the attack as a DDoS attack on some XVG mining pools in a statement on Twitter. “It appears some mining pools are under DDOS attack, and we are experiencing a delay in our blocks, we are working to resolve this,” Verge tweeted.
Verge suffered a similar 51% attack attack on April 5, that resulted in the theft of 250,000 XVG. The hackers exploited the same glitch to mine multiple blocks one second apart using the same scrypt algorithm. Following the first attack, a Reddit user pointed out that the vulnerability was still not fixed after Verge prepared a hard fork in response to the attack.
Researchers said that a patch was a “band-aid” and did not eliminate the underlying vulnerability in Verge’s systems. Furthermore, XVG currently has a market cap of around $752 million. Since the attack, the price has declined fast and is likely to worsen.This isn’t the first time the privacy-focused cryptocurrency has encountered a security issue. In March, the company’s Twitter account was hacked with hackers coaxing Verge followers to donate XVG to a fraudulent wallet and receive a larger payout in return. There have also been reports suggesting that Verge inadvertently exposes users’ IP addresses. However, Verge has disputed the reports.