Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Bitcoin Security The Almighty Buck

Hacker Uses Exploit To Generate Verge Cryptocurrency Out of Thin Air (bleepingcomputer.com) 85

An anonymous reader quotes a report from Bleeping Computer: An unknown attacker has exploited a bug in the Verge cryptocurrency network code to mine Verge coins at a very rapid pace and generate funds almost out of thin air. The Verge development team is preparing a hard-fork of the entire cryptocurrency code to fix the issue and revert the blockchain to a previous state before the attack to neutralize the hacker's gains. The attack took place yesterday, and initially users thought it was a over "51% attack," an attack where a malicious actor takes control over the more than half of the network nodes, giving himself the power to forge transactions. Nonetheless, users who later looked into the suspicious network activity eventually tracked down what happened, revealing that a mysterious attacker had mined Verge coins at a near impossible speed of 1,560 Verge coins (XVG) per second, the equivalent of $78/s. The malicious mining lasted only three hours, according to the Verge team. According to users who tracked the illegally mined funds on the Verge blockchain said the hacker appears to have made around 15.6 million Verge coins, which is around $780,000.
This discussion has been archived. No new comments can be posted.

Hacker Uses Exploit To Generate Verge Cryptocurrency Out of Thin Air

Comments Filter:
  • Hard-fork to rollback? Of it goes the can never forget a transaction, apparently it looks like it useful to forget, can't see why they make it a feature.

  • by tomxor ( 2379126 ) on Thursday April 05, 2018 @05:05PM (#56389601)
    ... That is the general idea.
  • by Anonymous Coward

    How is this an attack? Sounds like somebody smart figured out how to mine very quickly.

  • by Anonymous Coward

    If he tries to use the funds he will bring the value down to a fraction of that. It is sad that other people will suffer as well.

    • If he tries to use the funds he will bring the value down to a fraction of that. It is sad that other people will suffer as well.

      It looks like the value is pretty darn low in the first place. They won't lose much.

  • Greed fail (Score:3, Insightful)

    by Anonymous Coward on Thursday April 05, 2018 @05:31PM (#56389729)

    If the attacker would have created coins at a reasonable rate the attack may have never been detected.

    • by bobbied ( 2522392 ) on Thursday April 05, 2018 @05:49PM (#56389795)

      Yea, crooks are usually more greedy than they are smart. Bright enough to figure out how to do this, not smart enough to make it pay very long. Actually, if you think about it, the inability to delay gratification is likely one of the key traits that makes one inclined to cheat so that makes sense.

      Despite what you see on the Crime shows on TV, most petty criminals get caught because they are stupid, at least according to my brother in law who's been a cop for 25 years. He says that detectives really just follow the obvious trail of stupid stuff to the usual suspects, who then confess to the crime before they can get the handcuffs on.

      • screwing with it for it's own sake. Hell, he might have already made all his money, decided anything more would be pointless, and did this again, for the hell of it.
      • How long do you think this will last? Have you heard of Verge cryptocurrency before this? Don't you think it will be completely gone before the end of the year?
    • by mark-t ( 151149 )

      True... but at the same time, if this was the result of a bug, then that bug could have been fixed at any time, possibly before the person attempting the attack had an opportunity to make a decent amount from it, and negating the point of doing it in the first place... He might have gotten away with it, but all he may have walked away with before the bug got fixed was a few bucks.

      And just how spread out do you think he would have to have done that to not be detected, while at the same time still generati

  • by davidwr ( 791652 ) on Thursday April 05, 2018 @05:47PM (#56389785) Homepage Journal

    If he'd kept the mining down to a high-but-not-suspicious level he could've mined for weeks and sold his Verge for USD nd walked away with tens or hundreds of thousands of dollars by summer and maybe millions by Christmas.

    Hmm, maybe he or one of is buddies did and this is his way of "shutting the whole exploit down."

    We will probably never know.

  • Blockchain Secuirty (Score:2, Interesting)

    by Anonymous Coward

    So transactions in a blockchain are NOT secure and are NOT permanent. If a blockchain can be AND IS forked from a previous point in time, then doesn't that defeat all security and reliability in the blockchain currency?

  • Legit transactions (Score:5, Insightful)

    by enriquevagu ( 1026480 ) on Thursday April 05, 2018 @06:08PM (#56389851)

    The Verge development team is preparing a hard-fork of the entire cryptocurrency code to fix the issue and revert the blockchain to a previous state before the attack to neutralize the hacker's gains.

    And to neutralize all the legit (if any) transactions, by the way, creating money out of thin air for those that spent it, and destroying it for those that received it.

    Remember this if you are investing real money in Bitcoin, or any other well-known cryptocurrency: Some few people have the power to revert all operations back and make your money vanish, as proven here.

    • Remember this if you are investing real money in Bitcoin

      Actually this is something far harder to do with Bitcoin than some tiny no-name currency no one has ever heard of. Hell Bitcoin couldn't even agree on a fork for technical reasons designed to save the currency, do you think such an agreement needed is a possibility because someone gets hacked and wants to roll back the blockchain?

      I'll happily bet a BTC that it will never happen, and we've seen some bitcoin heists that make this look like petty theft which hasn't caused such a response.

      • by tlhIngan ( 30335 )

        Actually this is something far harder to do with Bitcoin than some tiny no-name currency no one has ever heard of. Hell Bitcoin couldn't even agree on a fork for technical reasons designed to save the currency, do you think such an agreement needed is a possibility because someone gets hacked and wants to roll back the blockchain?

        And yet, Bitcoin forked. It's why we have Bitcoin (BTC) and Bitcoin Cash (BCH). And everyone was basically saying to move your money out of CoinBase (which will not handle the fork

        • And yet, Bitcoin forked.

          Yes but what happened. There's a reason the situation ended like you said it did. The fork happened and no one gave a shit. Free money turned out to not exist. Bitcoin cash has 5% of the trading volume of bitcoin which caused it's price to plummet. Not only that, the trading volume is so incredibly small than attempts to cash out would affect the price even further.

          It is a prime example of how on a major currency like bitcoin, forking does nothing as it becomes too difficult to get people to use the fork. T

  • That basically is the way these things are generated. Sure, usually it takes more time, but that is the only thing that went wrong here. Also describes well what these "coins" are worth: Absolutely nothing. That is, unless you find a sucker that is willing to pay for them.

  • by Nkwe ( 604125 ) on Thursday April 05, 2018 @07:15PM (#56390097)

    According to users who tracked the illegally mined funds on the Verge blockchain...

    Is not what is "legal" for a blockchain what the majority of nodes maintaining the chain say is legal? If someone broadcast a "weird" transaction on the network but all of the other nodes accepted it and agreed to include it in the blockchain, isn't by definition the transaction done and considered "legal" by the network? After all the rules of the network are what the network says they are; without this concept it wouldn't really be a non centralized, distributed system.

    • It could be covered under standard fraud laws, depending on the exact wording of those laws (and how a judge can be convinced to interpret them).
    • If someone broadcast a "weird" transaction

      "...using this one weird old trick." [slate.com]

    • by Jeremi ( 14640 )

      Is not what is "legal" for a blockchain what the majority of nodes maintaining the chain say is legal?

      Makes perfect sense to me, in a laissez-faire kind of way.

      Of course, by that same token, if the majority of the nodes cry foul the next day and accept/demand a "do over" in the form of a hard-fork, then that too is "legal" as far as the system is concerned.

    • without this concept it wouldn't really be a non centralized

      They are rolling back the block chain to fix it. Does it sound like Verge is "non-centralised" ?

      • by Nkwe ( 604125 )

        without this concept it wouldn't really be a non centralized

        They are rolling back the block chain to fix it. Does it sound like Verge is "non-centralised" ?

        It does not, and that is part of my point. One of the primary reasons you would use a blockchain with distributed transaction verifiers (miners) is so that you are NOT centralized. If you are going to have centralized control there are much better ways to store transactional data. If you are storing value (money) in a blockchain because you "don't trust the man" but that blockchain is centralized, then you are "trusting the man". If the blockchain you are using is non-centeralized, you are "trusting the peo

  • by kenh ( 9056 ) on Thursday April 05, 2018 @07:29PM (#56390169) Homepage Journal

    Which cryptocurrency isn't generated out of "Thin Air"?

  • There are well-known not peer reviewed or peer reviewed and vulnerable altcoins out there. This is one of them. There's another popular one written in trinary instead of binary and then down-converted because its owners thought it would be cool. That's the level of stupid we're dealing with here but 99% of the community knows to stay away from sketchy side garbage like this.
  • I read through TFA and the submitted patch, but it's not actual clear what the flaw was. I figured /. would like to some full description rather than vague handwaving.

  • by Required Snark ( 1702878 ) on Thursday April 05, 2018 @09:27PM (#56390605)
    It all comes out of thin air.

    The nominal value of crypto-currency is a consensual agreement among it's users. The technology is the hand waving part that gives a pseudo-rationality to the shared delusion. At the point that enough people doubt the value it ceases to exist.

    Nations that maintain currencies have resources to manage currency: courts, law enforcement, armies, laws, taxes, international agreements, the world wide banking system. And even with all that it's not always possible to keep things from going haywire.

    Crypto-currency is dependent on a rule of law maintained by the same entities that are responsible for regular currency. It is intrinsically less secure then regular traditional money.

    And you can take that to the bank.

  • Original "Fix" (Score:2, Interesting)

    by Anonymous Coward

    More amusingly, this was the original attempt to fix it before deciding to fork

    -static const int64 nMaxClockDrift = 2 * 60 * 60; // two hours
    +static const int64 nMaxClockDrift = 2 * 15; // fifteen minutes

    Because, yeah, 2 * 15 seconds is fifteen minutes.

    They then had another go and just added "* 15" to increase the value, creating a weirdly obscure way to specify 7.5 minutes

    +static const int64 nMaxClockDrift = 2 * 15 * 15;

There's no future in time travel.

Working...