Topic: [$XVG] VERGE [POW][MultiAlgo][TOR/i2P][no premine/ico!] - page 121. (Read 843777 times)

Yeah right!  Verge moved up to #8 in coin gecko!  https://www.coingecko.com/en

When a coin project grows to this stage and value, it's is time to put away the childish defense of ego and self and step back to view the bigger picture, the protection of the investors and users. If what you are saying is true, and I have no reason to doubt it, the Dev here needs to step up and fix this NOW if it hasn't been already done. As a programmer and software/network engineer, I can understand the reluctance of plugging in someone else's code or, implementing another Dev's fix but, the future and security of the coin/project MUST take precedence over ego and self.

Let's get this fixed so we can move on before it's too late...  DISCLAIMER: I hold XVG and therefore have a large self interest in seeing this project succeed.

P.S. This not a "dig" against the developers, we all react differently in these situations, no one is perfect and information never transfers without errors of omission when humans are involved. 

it was also widely discussed that OCMiner didnt say who he was, when he went into the public discord channel, and started spouting off.

    It is all based on perspective.

  Im sure the real truth is inbetween there somewhere.

patches are being made, certain block will have a fork.

   just use the K.I.S.S. method.

sharing this from grant hunter.... worth the read.

VERGE XVG ‘MINING ATTACK’ UPDATE:

This has just been shared with The Crypteia Program, and after a lengthy conversation with Michael Sloggett earlier, we all decided it was very important to release this to the wider community as part of a unified message.

This is the facts as much as we know them at this stage, it is up to you to DO YOUR OWN RESEARCH and plan accordingly.

In terms of trading, Verge XVG has been trading epically since the news about the upcoming industry partnership: It has a huge, dedicated following and gets the volume needed to trade and make serious gains. It’s been traded very technically; hitting the fibs, support, resistance and trend lines.

Unfortunately, this attack on Verge’s blockchain exploits a flaw in the code, so that the person who is attacking, has effectively taken over the blockchain, and made the original one obsolete for the time being.

As of this morning, the vulnerability is still there and there have been two main attacks:

1- Blocks 2007365 - 2010039 = 2674 blocks.
Rounded down to 2500 @ 1560 XVG per block = approx 3.9 million XVG
2- Blocks 2014060 - 2026196 = 12,136 blocks
Rounded down to 10k @ 1560 XVG per block = approx 15.6 million XVG

This gives a conservative estimate of 19.5 million XVG

As stated previously, this attack exploits a flaw in the code which XVG uses to switch between each one of the 5 algorithms it uses for mining. For every new block to be mined, the algorithm must be switched, and all 5 must be used in rotation. (This is something that other coins like Myriad and Digibyte use. They have also been attacked in a similar way in the past, and have fixed their issues - although they were experiencing much less volume at the time as what Verge is now).

The exploit itself is very smart. The attacker has used the flaws in Verge’s code to put an older timestamp on their fake blocks to trick the network into thinking that the fake chain is the real one, by having this broadcast to over 51% of the nodes. They have gained consensus, effectively taking control of the XVG chain. This has meant that the ‘real’ blocks being mined by legitimate miners, are seen as the false ones, and therefore are ignored (orphaned).

The reason why trading is still possible, is because the ‘fake’ chain is still verifying transactions so people can still trade the coin, however, the attacker is adding extra blocks and making extra free XVG for themselves.

This is a summary of events of how this situation has been handled by OCMINER and Sunerok of Verge during this situation:

1) OCMINER (Supernova Mining Pools) approached verge dev team in their discord group after noticing the issue in their pool.
2) This was unsuccessful, and nothing was taken further at that stage by the verge dev team.
3) OCMINER then posted details of the attack onto Bitcointalk.org, in order to alert the wider mining community of the attack.
3) Verge dev then got involved, and attacked OCMINER for advertising the issue and making the problem worse.
4) Verge dev then attempted to fix the issue by copying and pasting a fix for Peercoin into Verge.
5) This piece of code had a flaw which wasn’t picked up on and this caused the issues yesterday where wallets wouldn’t sync, and the real blocks were still be ignored by the chain.
6) A new fix was suggested by OCMINER to Verge Dev, which included:

- New code to fix the flaw (from DGB - which would need to be merged with Verge’s code in the correct places as they are slightly different).
- A method to blacklist the malicious addresses - meaning the attacker could no longer use the coins they falsely mined.

7) During this time there has been a private discussion between OCMINER and Sunerok, which was fairly heated at times, and saw no resolution between the two.

At this stage, there has been no fix implemented. The vulnerability is still open and the attacker still controls the longest chain.

FYI - Attacks, hacks and exploitations are very common. These have been going on since the late 70’s when UK and US intelligence agencies invented cryptography as a way to communicate secretly with each other. This situation should be seen as a good thing - simply for the advancement that it leads to. After every attack, the code is made stronger, however:

The most important part of this type of situation is how the dev team respond to it, because it has the potential to cause havoc. Both in terms of public perception (trust) of Cryptocurrency, and for Verge itself.

Remember there are two sides to this market - the facts and the PR. Verge is a PR machine, and its following is fanatical in its belief of the project. Up to now, the PR is working, and the price hasn’t been too negatively affected. One reason for this is that most of the comments about on this attack on Verge social media (twitter / reddit) are being censored by Verge, and the information being put out by Verge isn’t wholly accurate in terms of the seriousness of the matter.

With the upcoming announcement of the ‘new industry partnership’ being rumoured as being a German Bank, this issue if not resolved effectively, could lose them the partnership and reduce public trust in both crypto and Verge, simply because it will be seen as another failure.

In terms of the actual privacy of the coin, the maliciously mined coins can be tracked using a blockexplorer - bringing into question the legitimacy of the how private the blockchain currently is.

I have absolutely no idea which way this will go - either way it’s not good.

There is potential for it to be fixed and with the strength of the Verge community, the price of the coin could still maintain its action in the run up to the partnership announcement.

There is equally as much chance that this could implode bringing Verge to its knees and seeing a mass sell off of the coin, leaving many out of pocket.

My aim with posting this is to inform and give everyone the opportunity to look into this further themselves, make whatever decisions they want regarding any Verge XVG they currently hold.

This post is a summary of the thread linked below and all details of this situation are there, with all links to relevant sites to verify the information given. Please look into this further, and learn as much as you can, so you are as informed as you want to be:

there it is

Dev was on it fast, got the codes setup in 3hrs of it.
after that the attacks were harder?

    Dev posted a few posts back.

Crypto business is definitely an investment without any guarantees whatsoever, if you cannot stand dropping go take action else.

(no tech skill)
   i dont think it was the...block , it only affected mining side.
  it was spoofing the timestamp in such a way to ...get the rewards.
done from a pool.  (again, as far as i understand it)

Was this hack as bad as the people telling.  XVG blockchain needing forks to fix this meaning the current blockchain it has isn't safe from hackers?

is the wallet updates released? i havent looked yet today.

soon as i do, ill post about it.

how to update wallet it doesnt work

These blocks have already been confirmed

I forget the block number, but fork happening soon.

its not the pools vault. There is an hack going on orphaning all blocks mined by legit miners while the hackers can mine whole blocks within 1 second.

Number 2 is the major issue here. Whether its a minor issue or not, an attack of any sort doesnt look good and would be a concern for any partner.

Any coin that is on the 'verge' of success will have its tech tested by hackers, we see it all the time. No one can mine it, its been hacked and possibly a major issue for a potential partner. I am suprised the market hasnt reacted, possible slow to react so i have sold andwait to see what happens. ...

The same

ok, until you fix this attack on the chain, I will mine something else in dual
wish the best & come back asap

Recently, there is a strong growth of your coin. Although total market went down but your coin's price still raise. You are a security coin which I choose to invest

I am aware of this incident, but I was seeing the volatility and defiance of btc price as being in a more POSITIVE range...