While the cryptocurrency world battles to be back on the side of the green, atleast three cryptocurrencies suffered a 51% attack in one week.
Privacy centric coin Verge (XVG) lost coins worth $1.75 Million. Japanese Cryptocurrency Monacoin lost $90000 in a selfish mining attack. The last and the worst attack was on Bitcoin Gold (BTG) where exchanges lost BTG worth as much as $18.5 Million.
Verge (XVG) Attack
An attacker was able to manipulate a bug in the Verge code that allowed miners to set false timestamps on blocks and then quickly mine new blocks in succession.
Since more and more blocks got added with a bogus timestamp, the difficulty kept on reducing. This Time-warp attack allowed the miners to mine blocks eventually with virtually zero difficulty. But to really reap the benefits the attackers had to control atleast 51 percent of the hashpower which they did by getting control over two of the five algorithms Verge uses for PoW.
The two algorithms are scrypt and lyra2re as reported on Bitcointalk forum by user OCMiner.
The attack happened between blocks 2155850 and 2206272 in which the attacker got away with 35 Million XVG worth $1.75 Million currently. Verge network faced a similar attack in April as well. The “upgrade” to fix the vulnerability seems to not have worked well.
Bitcoin Gold Attack
The exchanges may have lost about $18.5 Million in the double spend attack on the BTG network. In the double spending attack, the hacker was able to gain control of atleast 51 percent of the hash power of the BTG network and hence could easily manipulate the chain.
The hacker sent Bitcoin Gold to a few exchanges and then made a withdrawal out of the exchange into a private wallet. Later the hacker reversed all the transactions and sent the BTG to the private wallet again. Basically, the exchanges lost the deposited BTG.
The last transaction was sent on May 18 and BTG has advised exchanges to increase the number of confirmations for accepting BTG deposits. The attacker’s wallet has about 388201 BTG and assuming all of them are acquired by double spending, he/she/they stole 18.5 Million dollars worth of BTG and the ones losing the money are the exchanges.
This is a selfish mining attack, it means that a miner has mined the block but does not broadcast it to other miners. Now, if this secret miner can mine another block, this secret chain becomes the longest chain in the network, larger than what other nodes have.
When the secret chain is made public, since it is the longest chain, it invalidates all of the blocks created while the secret chain was hidden.
The attacker gained control of 57% of the hashpower and sent Monacoin to another exchange in order to swap it for other cryptocurrency. Once the secret chain is published, the attacker’s transaction to exchanges will be invalidated but he/she/they would have already converted it to another cryptocurrency and got out of there.
It is said the attacker was trying to get this done for over six months now. The damages due to the selfish mining cost $90000.
What do you think of these hacks? Let us know in the comments below