Topic: Network Attack on XVG / VERGE - page 57. (Read 29513 times)

cough cough

https://en.wikipedia.org/wiki/Flying_fish

 

I understand your frustration. But calling them names or cursing them will change nothing unfortunately. What you see here might as well have nothing to do with them having closed their ears. It could be that they just plainly don't understand the code so they are incapable of providing a fix. Months ago, when I did my research on Verge looking at the source code I realised that the lead dev is at most a Junior dev that lacks the experience to provide any high quality complex code. This has been proven so many times by their "accidental" mistakes or the copy/pastes that include bugs of others.. Any rants/vents I had, went immediately away. There was no point in venting at a fish because it will not fly.. Its incapable of doing this in the first place..

Take the whole thing as a lesson. An experience to make us smarter in researching and making our choices.

Thank you for the long and detailed post.
You know what? I am calling the verge team thieves. They are stealing xvgs and no one else whosoever!!!!!  They can do what ocminer advised but they have closed their fucking ears. Do they have ears? I highly doubt. I didn't do enough research. But I didn't lose much money. I just only lost hope.
Fuck them. They will burn in hell with their loots.

one your a newbie so i take your "words" with a literal grain of sand, and do i look like the dev to you lmao?

this is not the place to be shilling other coins, its to discuss the issue currently surrounding verge, but like usual seems to have brought all the cancer out into the open, which i am not surprised about.

I strongly disagree with that sentence. If something is clearer more than ever after all these events is that at this point in time and I would argue that in the future too, technical fundamentals don't matter when it comes to investments. Price of XVG didn't flicker because markets don't give a f*** about fundamentals.

You can invest money in Shit™, and be sure that if Shit™ has a good marketing team and Shit™ is on an exchange where it can be traded, Shit™ will eventually go up in price and people will make money of it.

i won'T read the whole thread: are some new news out there for a working fix? Thanks!

Agreed, I have seen that "documentary" in action during recent ICO's. Tron,XVG,XRP,Credits etc will lead the army of morons to moon.

Quite frankly, given the iq of the current generation and of the state of the planet in general, i have to say with a lot of regret that the duplicators are

the ones that will be succeeding.

You guys should watch Idiocracy http://www.imdb.com/title/tt0387808/

I really think it's a documentary made by someone who's trying to warn us that we need to get our affairs in order.

¯\_(ツ)_/¯

First off, let me preface by saying that I read all 30+ pages from start to finish last night after being tipped by a post on reddit.

They say crypto is like the "wild west" right now, and I can fully agree. We've had coins come and go, we've had great marketing teams and we've had car salesman [Bitconneeeeeeeecctt!] and we have had some very knowledgeable, professional figures enter the space, as well as script kiddies looking to make a quick buck.

If you can't distinguish between the two based purely on the context posted in this thread, then you really shouldn't be investing large sums of money in crypto.

This world is filled with innovators and duplicators. In the end, who do you really think will succeed?.

Should add a gravity well or blackhole to sluff off excessive low-diff scrypt-only blocks when they are solved in succession like this.  The behavior displayed by the miner should be easy enough to isolate then if they are all low-diff scrypt-only at diff 0 or under 1 then let that diff increase exponentially until it matches the network diff within 1 minute.

Be sure to push all patches hot and in production, so you get to see real world results without ever testing anything.

Ughh, what?
I don't think Sunerok is liable for anything

Besides, even if he was, this would be a shit move.


This is no excuse.

You should be better than other coins if you want to go to TOP 3, as you've stated.

please enough with the DGB shills lol... so many shills everywhere

oh as a side note, dgb went through the same kind of attack once upon a time.

Yes I have gone thru GH and found other coins with the issue, as you correctly call it ,unlike those peercoin folks who dismissed it. However I did not find a coin of significance like XVG still using the code, that I could tell. This doesn't mean they aren't out there, of course.

To be clear, the issue was brought up in peercoin and it was thought to not be a threat by some, thought to be a threat by others, and it was never tested afaik. That you call it an issue confirms what I said above, people need to be checking this stuff; that other coins have this problem is unimportant, the vergefam's skin is in this game.

sharing this from grant hunter.... worth the read.

VERGE XVG ‘MINING ATTACK’ UPDATE:

This has just been shared with The Crypteia Program, and after a lengthy conversation with Michael Sloggett earlier, we all decided it was very important to release this to the wider community as part of a unified message.

This is the facts as much as we know them at this stage, it is up to you to DO YOUR OWN RESEARCH and plan accordingly.

In terms of trading, Verge XVG has been trading epically since the news about the upcoming industry partnership: It has a huge, dedicated following and gets the volume needed to trade and make serious gains. It’s been traded very technically; hitting the fibs, support, resistance and trend lines.

Unfortunately, this attack on Verge’s blockchain exploits a flaw in the code, so that the person who is attacking, has effectively taken over the blockchain, and made the original one obsolete for the time being.

As of this morning, the vulnerability is still there and there have been two main attacks:

1- Blocks 2007365 - 2010039 = 2674 blocks.
Rounded down to 2500 @ 1560 XVG per block = approx 3.9 million XVG
2- Blocks 2014060 - 2026196 = 12,136 blocks
Rounded down to 10k @ 1560 XVG per block = approx 15.6 million XVG

This gives a conservative estimate of 19.5 million XVG

As stated previously, this attack exploits a flaw in the code which XVG uses to switch between each one of the 5 algorithms it uses for mining. For every new block to be mined, the algorithm must be switched, and all 5 must be used in rotation. (This is something that other coins like Myriad and Digibyte use. They have also been attacked in a similar way in the past, and have fixed their issues - although they were experiencing much less volume at the time as what Verge is now).

The exploit itself is very smart. The attacker has used the flaws in Verge’s code to put an older timestamp on their fake blocks to trick the network into thinking that the fake chain is the real one, by having this broadcast to over 51% of the nodes. They have gained consensus, effectively taking control of the XVG chain. This has meant that the ‘real’ blocks being mined by legitimate miners, are seen as the false ones, and therefore are ignored (orphaned).

The reason why trading is still possible, is because the ‘fake’ chain is still verifying transactions so people can still trade the coin, however, the attacker is adding extra blocks and making extra free XVG for themselves.

This is a summary of events of how this situation has been handled by OCMINER and Sunerok of Verge during this situation:

1) OCMINER (Supernova Mining Pools) approached verge dev team in their discord group after noticing the issue in their pool.
2) This was unsuccessful, and nothing was taken further at that stage by the verge dev team.
3) OCMINER then posted details of the attack onto Bitcointalk.org, in order to alert the wider mining community of the attack.
3) Verge dev then got involved, and attacked OCMINER for advertising the issue and making the problem worse.
4) Verge dev then attempted to fix the issue by copying and pasting a fix for Peercoin into Verge.
5) This piece of code had a flaw which wasn’t picked up on and this caused the issues yesterday where wallets wouldn’t sync, and the real blocks were still be ignored by the chain.
6) A new fix was suggested by OCMINER to Verge Dev, which included:

- New code to fix the flaw (from DGB - which would need to be merged with Verge’s code in the correct places as they are slightly different).
- A method to blacklist the malicious addresses - meaning the attacker could no longer use the coins they falsely mined.

7) During this time there has been a private discussion between OCMINER and Sunerok, which was fairly heated at times, and saw no resolution between the two.

At this stage, there has been no fix implemented. The vulnerability is still open and the attacker still controls the longest chain.

FYI - Attacks, hacks and exploitations are very common. These have been going on since the late 70’s when UK and US intelligence agencies invented cryptography as a way to communicate secretly with each other. This situation should be seen as a good thing - simply for the advancement that it leads to. After every attack, the code is made stronger, however:

The most important part of this type of situation is how the dev team respond to it, because it has the potential to cause havoc. Both in terms of public perception (trust) of Cryptocurrency, and for Verge itself.

Remember there are two sides to this market - the facts and the PR. Verge is a PR machine, and its following is fanatical in its belief of the project. Up to now, the PR is working, and the price hasn’t been too negatively affected. One reason for this is that most of the comments about on this attack on Verge social media (twitter / reddit) are being censored by Verge, and the information being put out by Verge isn’t wholly accurate in terms of the seriousness of the matter.

With the upcoming announcement of the ‘new industry partnership’ being rumoured as being a German Bank, this issue if not resolved effectively, could lose them the partnership and reduce public trust in both crypto and Verge, simply because it will be seen as another failure.

In terms of the actual privacy of the coin, the maliciously mined coins can be tracked using a blockexplorer - bringing into question the legitimacy of the how private the blockchain currently is.

I have absolutely no idea which way this will go - either way it’s not good.

There is potential for it to be fixed and with the strength of the Verge community, the price of the coin could still maintain its action in the run up to the partnership announcement.

There is equally as much chance that this could implode bringing Verge to its knees and seeing a mass sell off of the coin, leaving many out of pocket.

My aim with posting this is to inform and give everyone the opportunity to look into this further themselves, make whatever decisions they want regarding any Verge XVG they currently hold.

This post is a summary of the thread linked below and all details of this situation are there, with all links to relevant sites to verify the information given. Please look into this further, and learn as much as you can, so you are as informed as you want to be:

really ? can you elaborate please ?

It seems to me they have NOTHING yet

that's why they slowed down blocks

I see no other explanation

Everyone normal (if had solution) would stop this ASAP

And they are deleting posts on reddit, which they obviously can't here.

If you leave your door open and thieves come in and steal everything from your house, who is really at fault there..? I'm inclined to say that the responsibility is shared between you and the thieves. Thieves shouldn't exist, but they do. You were aware of their existence and you did nothing to prevent them from coming in.

In software industry there always going to be someone trying to find/exploit vulnerabilities, and someone trying to counter them. You will never be 100% secure because the solutions made by humans are by nature imperfect. The best thing we can do is become aware of the known weaknesses and try to patch them.

And here is where I challenge you:
In a project that concerns money, investments, trading and so forth. What exactly where the measures taken to assess the security of it..? You as a consumer/user of this project, what facts did you investigate and use to convince you of the security aspect of the project..? Thats the thing.. You talk about a good project, in what aspect..? Did you really investigate that it was a "good" project..? Today you read about a vulnerability that was there for 4 years. Of course this can happen (and it has) in the best companies and products. But those companies do regular security pen tests, hire security experts to do research and offer security bounties to communities. For every single vulnerability someone may find, you can be sure the companies have already found and patched a 1000 more of them.

Why don't you ask the team of your good project, to demonstrate to you, the actions they have taken in the last 4 years to assess the security status of the project..? Ask them to share with you the reports of the security assessments, to show you which security experts they invited/hired/asked for help to assess the code base. To show you how their development process exactly is, how regularly the codebase is assessed for security vulnerabilities, how and with what mechanisms do they ensure the quality of the process..?

But then again you shouldn't ask for them, that info should be publicly available right..? Or else you wouldn't put your hard earned money in a project that you are not sure if its secured "enough" (for your needs).

Well this escalated very quickly. I had an encounter with Vergedev a while back and he alone kept me from holding XVG. I bought enough to ride the pump but got the hell off because I was sure the future would not have been bright.

I've mined some XVG and holding a few ... just to see if the partnership and the talk was true and big as it was mentioned.

But to be honest...I'm glad and proud to be a strong DGB holder after seeing all of this. Even if there marketing isnt that great right now and they don't hype anything they do.
It's by far the best coin outside and far ahead of all other... with the time people will realize that professional work will always take the best results.

Just wait and believe, 2018 is the year of DGB.