Author

Topic: [2018-06-05]Verge's Blockchain Attacks Are Worth a Sober Second Look (Read 141 times)

newbie
Activity: 52
Merit: 0
The notorious 51-percent attack: it's the major fault in cryptocurrency protocols but it's rarely seen, especially among the most popular cryptocurrencies.

Yet, in the past couple months, the exploit – whereby a single miner (or group of miners) takes control of over half of the network's total computing power and can then bend the protocol's rules in their favor – has been seen twice. And on the same blockchain.

Indeed, verge, a privacy-oriented cryptocurrency recently propelled into the limelight by a partnership with popular adult entertainment site Pornhub, suffered two hacks perpetrated through 51-percent attacks that saw the attackers absconding with millions of dollars-worth of its native cryptocurrency, XVG.

During the first attack in April (only a couple of weeks before the Pornhub partnership), the hacker was able to get away with 250,000 XVG. And during the latest in mid-May, an attacker was able to exploit $1.7 million-worth of the cryptocurrency from the protocol.

According to researchers, the exploits are a product of simple changes to the underlying code which cryptocurrency protocols are typically built on and the challenges of being able to predict what unintended consequences will arise from those changes.

Sure, verge developers were only trying to design a better cryptocurrency for payments, but by tweaking small parameters, such as the length of time a block can be valid, the group has opened its blockchain up to attacks.

"Getting incentives right and keeping them right is hard," Imperial College London assistant professor and Liquidity Network founder Arthur Gervais said.

That is blockchains are built on very precariously stacked incentives whereby all stakeholders work together toward a common goal so as to remove the chance that one entity takes full control.

"Things obviously don't look good," said Daniel Goldman, the CTO of cryptocurrency analysis site The Abacus who's been tracking the attacks. "The issues that initially slipped into the codebase were a result of pure carelessness — incorporating code from other open-source software without understanding its implications."

Goldman added:

"I hate to say it, but if I had to summarize: the attacker is doing better due diligence than the developers. I'd try to poach him if I were them."

And since veteran blockchain developers, including litecoin creator Charlie Lee and monero lead developer Riccardo Spagni, have long argued the kinds of adjustments the platform made have obvious downsides, such naysayers – who have been readily attacked by a group of enthusiasts calling themselves the "Verge Army" – are feeling vindicated.

"So many important lessons to be learned from this," Fidelity investment research analyst Nic Carter tweeted, summing up the general state of verge's development.

Representatives from the verge developer team did not respond to a request for comment from CoinDesk.

See more: https://www.coindesk.com/verges-blockchain-attacks-are-worth-a-sober-second-look/
Jump to: