Hacker Uses Exploit To Generate Verge Cryptocurrency Out of Thin Air (bleepingcomputer.com) 85
An anonymous reader quotes a report from Bleeping Computer: An unknown attacker has exploited a bug in the Verge cryptocurrency network code to mine Verge coins at a very rapid pace and generate funds almost out of thin air. The Verge development team is preparing a hard-fork of the entire cryptocurrency code to fix the issue and revert the blockchain to a previous state before the attack to neutralize the hacker's gains. The attack took place yesterday, and initially users thought it was a over "51% attack," an attack where a malicious actor takes control over the more than half of the network nodes, giving himself the power to forge transactions. Nonetheless, users who later looked into the suspicious network activity eventually tracked down what happened, revealing that a mysterious attacker had mined Verge coins at a near impossible speed of 1,560 Verge coins (XVG) per second, the equivalent of $78/s. The malicious mining lasted only three hours, according to the Verge team. According to users who tracked the illegally mined funds on the Verge blockchain said the hacker appears to have made around 15.6 million Verge coins, which is around $780,000.
Oops (Score:2)
Hard-fork to rollback? Of it goes the can never forget a transaction, apparently it looks like it useful to forget, can't see why they make it a feature.
Generate Verge Cryptocurrency Out of Thin Air (Score:5, Insightful)
Are the coin's valid? (Score:3)
How is this an attack? (Score:2, Interesting)
How is this an attack? Sounds like somebody smart figured out how to mine very quickly.
Re: (Score:2)
Re: (Score:2)
And if the "mining" is just busywork, then it is inefficient and wasteful.
Certainly not $780,000 (Score:1)
If he tries to use the funds he will bring the value down to a fraction of that. It is sad that other people will suffer as well.
Re: (Score:2)
If he tries to use the funds he will bring the value down to a fraction of that. It is sad that other people will suffer as well.
It looks like the value is pretty darn low in the first place. They won't lose much.
Re:Generate Cryptocurrency out of thin air? (Score:4, Insightful)
air thick with pollution from wasted energy.
Re: (Score:2)
Thin air seems rather convenient by comparison. Perhaps too convenient.
Re: (Score:1)
Not at all. One old currency was cowry shells. [wikipedia.org]
Anything works as a currency so long as it's not widely available for nothing in the culture it is used within.
Greed fail (Score:3, Insightful)
If the attacker would have created coins at a reasonable rate the attack may have never been detected.
Re:Greed fail (Score:4)
Yea, crooks are usually more greedy than they are smart. Bright enough to figure out how to do this, not smart enough to make it pay very long. Actually, if you think about it, the inability to delay gratification is likely one of the key traits that makes one inclined to cheat so that makes sense.
Despite what you see on the Crime shows on TV, most petty criminals get caught because they are stupid, at least according to my brother in law who's been a cop for 25 years. He says that detectives really just follow the obvious trail of stupid stuff to the usual suspects, who then confess to the crime before they can get the handcuffs on.
Mighta just been a hacker (Score:2)
Re: (Score:2)
Re: (Score:1)
So long as it's around long enough for the Student Loan Checks [kgun9.com] to be disbursed, it will serve it's purpose.
Re: (Score:2)
most petty criminals get caught because they are stupid, at least according to my brother in law who's been a cop for 25 years.
In other words, cops are only smart enough to catch really dumb criminals who make obvious stupid mistakes.
Well, mostly that's true. But we don't pay cops all that much so what do you expect? There are a few (like my brother in law) who actually like the job regardless of what it pays, but in most places they have been continually lowering their recruiting standards trying to hire enough people.
And, if they don't have to work all that hard to solve 99% of the crimes in that small town... Why not harvest the low hanging fruit? that actually sounds smart to me.
Re: (Score:2)
It seems to work well enough.
However, even a smart criminal is likely to screw up at least once, as opposed to making money in legit or financial-institution means, so prison is more of a deterrence to them.
Re: (Score:1)
True... but at the same time, if this was the result of a bug, then that bug could have been fixed at any time, possibly before the person attempting the attack had an opportunity to make a decent amount from it, and negating the point of doing it in the first place... He might have gotten away with it, but all he may have walked away with before the bug got fixed was a few bucks.
And just how spread out do you think he would have to have done that to not be detected, while at the same time still generati
He should've been less greedy (Score:5, Insightful)
If he'd kept the mining down to a high-but-not-suspicious level he could've mined for weeks and sold his Verge for USD nd walked away with tens or hundreds of thousands of dollars by summer and maybe millions by Christmas.
Hmm, maybe he or one of is buddies did and this is his way of "shutting the whole exploit down."
We will probably never know.
Re: (Score:1)
You're kidding right? You really don't understand how realistic the previous post is? Sure they wouldn't have made "millions" with a crappy crypto but that's exactly what people said about bitcoin years ago. Theres every chance that it would NOT have been fixed as well. Who is to say they couldn't have started mining in the same manner from more than one direction.
Re: (Score:2)
Michael Bolton: I always miss some mundane detail.
Peter Gibbons: This is not a mundane detail, Michael!
white hat, grey hat, black hat, joker hat (Score:1)
That guy must've been wearing a "joker hat" - he wound up with nothing except the "joy" of seeing a bunch of people having to deal with cleaning up his mess, just like Gotham City's Joker.
A white hat would've reported the bug quietly. A black hat would've capitalized on it with a lot more "smarts" so he wouldn't walk away with nothing.
A grey hat would've done something in between, but he wouldn't have done it just for the lulz.
Blockchain Secuirty (Score:2, Interesting)
So transactions in a blockchain are NOT secure and are NOT permanent. If a blockchain can be AND IS forked from a previous point in time, then doesn't that defeat all security and reliability in the blockchain currency?
Re: Blockchain Secuirty (Score:3)
You're statement is probably accurate for pretty much all alt coins. But not BTC. The BTC network's entire value prop is an immutable ledger. They don't need to pander to people who lose money like all the altcoins do.
Re: (Score:1)
It's the One True Cryptocurrency.
For now. Anyway.
Legit transactions (Score:5, Insightful)
The Verge development team is preparing a hard-fork of the entire cryptocurrency code to fix the issue and revert the blockchain to a previous state before the attack to neutralize the hacker's gains.
And to neutralize all the legit (if any) transactions, by the way, creating money out of thin air for those that spent it, and destroying it for those that received it.
Remember this if you are investing real money in Bitcoin, or any other well-known cryptocurrency: Some few people have the power to revert all operations back and make your money vanish, as proven here.
Re: (Score:2)
Remember this if you are investing real money in Bitcoin
Actually this is something far harder to do with Bitcoin than some tiny no-name currency no one has ever heard of. Hell Bitcoin couldn't even agree on a fork for technical reasons designed to save the currency, do you think such an agreement needed is a possibility because someone gets hacked and wants to roll back the blockchain?
I'll happily bet a BTC that it will never happen, and we've seen some bitcoin heists that make this look like petty theft which hasn't caused such a response.
Re: (Score:2)
And yet, Bitcoin forked. It's why we have Bitcoin (BTC) and Bitcoin Cash (BCH). And everyone was basically saying to move your money out of CoinBase (which will not handle the fork
Re: (Score:2)
And yet, Bitcoin forked.
Yes but what happened. There's a reason the situation ended like you said it did. The fork happened and no one gave a shit. Free money turned out to not exist. Bitcoin cash has 5% of the trading volume of bitcoin which caused it's price to plummet. Not only that, the trading volume is so incredibly small than attempts to cash out would affect the price even further.
It is a prime example of how on a major currency like bitcoin, forking does nothing as it becomes too difficult to get people to use the fork. T
Out of thin air? Sounds entirely normal... (Score:2)
That basically is the way these things are generated. Sure, usually it takes more time, but that is the only thing that went wrong here. Also describes well what these "coins" are worth: Absolutely nothing. That is, unless you find a sucker that is willing to pay for them.
Illegal or just following the protocol? (Score:5, Insightful)
According to users who tracked the illegally mined funds on the Verge blockchain...
Is not what is "legal" for a blockchain what the majority of nodes maintaining the chain say is legal? If someone broadcast a "weird" transaction on the network but all of the other nodes accepted it and agreed to include it in the blockchain, isn't by definition the transaction done and considered "legal" by the network? After all the rules of the network are what the network says they are; without this concept it wouldn't really be a non centralized, distributed system.
Re: (Score:2)
Re: (Score:1)
If someone broadcast a "weird" transaction
"...using this one weird old trick." [slate.com]
Re: (Score:2)
Is not what is "legal" for a blockchain what the majority of nodes maintaining the chain say is legal?
Makes perfect sense to me, in a laissez-faire kind of way.
Of course, by that same token, if the majority of the nodes cry foul the next day and accept/demand a "do over" in the form of a hard-fork, then that too is "legal" as far as the system is concerned.
Re: (Score:2)
without this concept it wouldn't really be a non centralized
They are rolling back the block chain to fix it. Does it sound like Verge is "non-centralised" ?
Re: (Score:2)
without this concept it wouldn't really be a non centralized
They are rolling back the block chain to fix it. Does it sound like Verge is "non-centralised" ?
It does not, and that is part of my point. One of the primary reasons you would use a blockchain with distributed transaction verifiers (miners) is so that you are NOT centralized. If you are going to have centralized control there are much better ways to store transactional data. If you are storing value (money) in a blockchain because you "don't trust the man" but that blockchain is centralized, then you are "trusting the man". If the blockchain you are using is non-centeralized, you are "trusting the peo
Re: (Score:2)
The mere fact that a hack could "create" cryptocurrency out of thin air is proof enough that all cryptocurrencies are thin air,
You might want to reread the chapter on inference in the presence of quantifiers.
Generate Verge Cryptocurrency Out of Thin Air (Score:4, Insightful)
Which cryptocurrency isn't generated out of "Thin Air"?
Re: (Score:1)
Re: (Score:2)
Given the way my fans spin I would say Bitcoin is generated out of "Thick Air"
Everyone in the bitcoin community knows this (Score:1)
So what's the actual attack? (Score:2)
I read through TFA and the submitted patch, but it's not actual clear what the flaw was. I figured /. would like to some full description rather than vague handwaving.
Just like all crypto-currency (Score:3)
The nominal value of crypto-currency is a consensual agreement among it's users. The technology is the hand waving part that gives a pseudo-rationality to the shared delusion. At the point that enough people doubt the value it ceases to exist.
Nations that maintain currencies have resources to manage currency: courts, law enforcement, armies, laws, taxes, international agreements, the world wide banking system. And even with all that it's not always possible to keep things from going haywire.
Crypto-currency is dependent on a rule of law maintained by the same entities that are responsible for regular currency. It is intrinsically less secure then regular traditional money.
And you can take that to the bank.
Original "Fix" (Score:2, Interesting)
More amusingly, this was the original attempt to fix it before deciding to fork
-static const int64 nMaxClockDrift = 2 * 60 * 60; // two hours // fifteen minutes
+static const int64 nMaxClockDrift = 2 * 15;
Because, yeah, 2 * 15 seconds is fifteen minutes.
They then had another go and just added "* 15" to increase the value, creating a weirdly obscure way to specify 7.5 minutes
+static const int64 nMaxClockDrift = 2 * 15 * 15;