Pages:
Author

Topic: Network Attack on XVG / VERGE (Read 29534 times)

sr. member
Activity: 939
Merit: 261
Data HDD Repair - Recovery of lost information
February 19, 2021, 11:42:08 PM

 This means the code has not been fixed until today.
"nActualTimeInterval" - it can still take a value less than 0.

It took about seven to twelve days to generate 560,000 blocks.

newbie
Activity: 25
Merit: 0
February 18, 2021, 09:15:34 AM
I only know about difficulty algorithms and timestamps. This lets us know the attacker spent less than $1 to get the 567,000 blocks. The important question remains. Why were nodes rejecting the public chain for the attacker's chain that had less work?  Simply saying the attacker spun up a lot of nodes for a Sybil attack is not sufficient. The whole point of POW is to prevent that kind of problem.  What did Verge change in BTC's node communications or most-work tip selection that makes this attack possible?
legendary
Activity: 2688
Merit: 1240
February 18, 2021, 03:02:53 AM
Final analysis is in here:

https://ocminer.medium.com/the-xvg-verge-attack-74c6d64e621

and in here

https://github.com/zawy12/difficulty-algorithms/issues/68


Thanks @ zawy for second opinion and thoroughly examination of the log
newbie
Activity: 25
Merit: 0
February 17, 2021, 11:43:25 AM
My point about the Sybil attack on peer time is that if the attacker used it to corrupt node databases, then their own chain can get mined on top of by miners who do not have another option, even though the attacker's chain has less work. The attacker's chain seemed to have very little work because the difficulties I saw were like 0.000044 for most of them instead of 50,000 or something. A simple attack would start back in July like they did because they can fake a long time between block timestamps to get difficulty really low in a small number of blocks, then just assign timestamps 1 normal block time apart so difficulty does not increase. So a 1% hashrate miner might be able to get 560k blocks in only 1 day. A more advanced attack would use what I call the "timespan limit attack" (the nTargetTimespan/3 stuff above) that does not need to go back to July and could advance the chain a large number of blocks with a really low difficulty. That would also take a small miner maybe a day. In both cases, they normally only work if the attacker has >51% HR. So the peer time attack (or something similar) would have to be used for a smaller miner to succeed.
legendary
Activity: 1453
Merit: 1030
February 17, 2021, 08:18:04 AM
Wondering who or what has the hashing power to free lunch mine this non stop for half a year...
legendary
Activity: 2688
Merit: 1240
February 16, 2021, 03:49:50 PM
The attack yesterday was a massive reorganization of about 560k blocks.

3 years ago it was already a known vulnerability which could have been fixed as the massive chain reorganisation depth could have been simply limited in the code itself or a komodo-like
dPow could have used to secure the chain.

Nothing of all has happened so the attacks went along over the years and this massive reorg now was so big that many users and miners suffered empty wallets.

Instead of fixing this, just a new version number was set in the code today and people asked to update:

https://github.com/vergecurrency/verge/commit/13d052c6049816ff4fc926c90ae527b6e47e9797




However not even the minimum version requirement in the code was changed - so that new nodes would ignore the old ones, no, it's just a new version where all nodes would connect to, the vulnerability hasn't changed at all, the code is still the same, it just has a new version number.




One of the vulnerabilites was even posted in the "Issues" Section of github:

https://github.com/vergecurrency/verge/issues/1058

However the devs refuse the fix as they think it's only working on testnet which is not the case as you look through the code.





So as of now - there's a new version 6.0.3, which still allows old peers to connect to it and it also actively connects itself to other "old" nodes because the minimum peer version requirements
hasn't been changed in the code, which still wouldn't fix anything as the vulnerability itself hasn't been fixed.

Instead of getting to work the devs now start a twitter campaign against pools and people telling those are actively supporting the attack or are the attackers themselves.  Such an attack wouldn't help Pools or Exchanges because old transactions would get invalid i.e. mined blocks in a pool would become orphaned ending up in pools wouldn't be able to pay their miners as the mined blocks all become zero value.

I've posted two small fixed for their issues in the appropriate section on github:



So... Make your own decision here if you want to invest ;-)
legendary
Activity: 2688
Merit: 1240
newbie
Activity: 3
Merit: 0
November 26, 2020, 05:58:25 PM
Hi everone, i invested 9 BTC in verge back in April 2018 when it was 600 satoshi... now that that's consistently under 50 satoshi... does it have any future?
What do you guys think of the coin's future?

Im super hurt by my loss. Any help would be appreaciated.
hero member
Activity: 994
Merit: 513
October 05, 2018, 05:20:59 PM
hi guys

does anybody knows if we can mine XVG safely at this time?

I'm awaiting a brand new Dayun Zig Z1 landing today...
I'm trying to figure out what's the best coin/pool to get the highest stable yield.

Thanks for any advice!
/E

No one can tell you if there'll be another hack or not. The thing is that the dev team has been proved untrustworthy in my eyes.
What's important though is that there were already a lot of coins which were hacked and probably no one can know for sure if they have been dumped yet or not. If they have not, then the price could plunge any moment.

But in either case, would you like to support a coin and a team which was so easily hacked twice? Are you happy with the way they handled it? I had expected them to notice the problem immediately and rollback the blockchain and the hacked coins.

So... your choice.

I see mate, looks that the only reasonable choice it's to stay away!

With my brand new DaYun Zig Z1 I'm currently testing NiceHash and some multi-pools such as Zerg, that still include XVG.

Thanks for your worthy point of view!
/E

Well, I don't know, if it's the most profitable currency to mine, you could mine it and sell it as quickly as possible. XVG is a pretty liquid market and even while the attacks were occuring, it didn't drop by as much as it could have. I just wouldn't let it lie around for too long in the hope of it gaining more value over time. But I think for miners, this is generally good advise, especially when they are not the greatest of traders.

I agree that it's a shitcoin with no real substance and if you are ideologically involved in crypto and buy into the whole new paradigm thing, you should stay the hell away from it, but if you're ok with making an extra buck or two and it's the best choice, why not.
jr. member
Activity: 41
Merit: 6
October 05, 2018, 09:31:33 AM
hi guys

does anybody knows if we can mine XVG safely at this time?

I'm awaiting a brand new Dayun Zig Z1 landing today...
I'm trying to figure out what's the best coin/pool to get the highest stable yield.

Thanks for any advice!
/E

No one can tell you if there'll be another hack or not. The thing is that the dev team has been proved untrustworthy in my eyes.
What's important though is that there were already a lot of coins which were hacked and probably no one can know for sure if they have been dumped yet or not. If they have not, then the price could plunge any moment.

But in either case, would you like to support a coin and a team which was so easily hacked twice? Are you happy with the way they handled it? I had expected them to notice the problem immediately and rollback the blockchain and the hacked coins.

So... your choice.

I see mate, looks that the only reasonable choice it's to stay away!

With my brand new DaYun Zig Z1 I'm currently testing NiceHash and some multi-pools such as Zerg, that still include XVG.

Thanks for your worthy point of view!
/E
member
Activity: 232
Merit: 24
October 01, 2018, 07:25:42 AM
hi guys

does anybody knows if we can mine XVG safely at this time?

I'm awaiting a brand new Dayun Zig Z1 landing today...
I'm trying to figure out what's the best coin/pool to get the highest stable yield.

Thanks for any advice!
/E

No one can tell you if there'll be another hack or not. The thing is that the dev team has been proved untrustworthy in my eyes.
What's important though is that there were already a lot of coins which were hacked and probably no one can know for sure if they have been dumped yet or not. If they have not, then the price could plunge any moment.

But in either case, would you like to support a coin and a team which was so easily hacked twice? Are you happy with the way they handled it? I had expected them to notice the problem immediately and rollback the blockchain and the hacked coins.

So... your choice.
jr. member
Activity: 41
Merit: 6
October 01, 2018, 06:14:39 AM
hi guys

does anybody knows if we can mine XVG safely at this time?

I'm awaiting a brand new Dayun Zig Z1 landing today...
I'm trying to figure out what's the best coin/pool to get the highest stable yield.

Thanks for any advice!
/E
legendary
Activity: 3836
Merit: 4969
Doomed to see the future and unable to prevent it
July 13, 2018, 09:45:33 PM
Do you remember coinpouchapp xvg hack for 160 millions of xvg. Now things are getting funny. https://twitter.com/MinerChief5Six/status/1017520349628522496?s=19

PUre Gold!

Quote
Daniel "not giving away EOS voting rights" Goldman
@DZack23
   Jul 11
Replying to @tokenpay @SatoshiLite @LTCFoundation
Can't wait to announce my neutral, strictly-business, stakeholder-benefiting decision to incorporate Bitconnect in my new payment system - stay tuned!
member
Activity: 139
Merit: 11
July 13, 2018, 04:52:22 PM
Do you remember coinpouchapp xvg hack for 160 millions of xvg. Now things are getting funny. https://twitter.com/MinerChief5Six/status/1017520349628522496?s=19
legendary
Activity: 1526
Merit: 1014
July 12, 2018, 11:00:55 PM
No @Thecryptohero, can it still be heard somewhere? I would like to hear what they said. Thank you!
newbie
Activity: 7
Merit: 0
July 12, 2018, 07:18:18 PM
anybody heard the interview of verge yesterday on cryptoradio?
newbie
Activity: 126
Merit: 0
July 10, 2018, 10:19:48 PM
I think that the problem is the lack of concern that the project has received, focusing only on marketing and tweets.

Even marketing strategies play a big role in cryto exchange, it is inevitable for developers to aid problems regarding their platform's malfunction/s. I think the team were doing all their best, maybe wait a little more time? 
legendary
Activity: 1526
Merit: 1014
July 09, 2018, 08:33:29 AM
I think that the problem is the lack of concern that the project has received, focusing only on marketing and tweets.
member
Activity: 420
Merit: 13
July 08, 2018, 06:04:17 AM
The problem with having multiple algos like this in a coin is that nobody cares too much about any particular one. Then this happens.

Not sure about that one. I didn't see such problems at Digibyte for example, but only at XVG
sr. member
Activity: 658
Merit: 250
July 06, 2018, 06:50:31 PM
The problem with having multiple algos like this in a coin is that nobody cares too much about any particular one. Then this happens.
Pages:
Jump to: