LIVE NOW

Verge (XVG) crypto attack highlights its crisis management skills

Posted: 23 May 2018 12:30 pm News

The renewed hack attack striking Verge shows how community support can help a brand survive anything.

The Verge (XVG) cryptocurrency has become a remarkable study in community resilience and the power of positive thinking in the face of adverse circumstances. It was struck with an ingenious "time warp" style attack first reported in early April, but which is suspected to have gone undetected for some time before that.

The attack essentially involves tricking the blockchain into dispensing a huge amount of mining-block rewards. This quickly added up to millions of XVG tokens, but against all odds the price bounced right back after a brief dip.

The combination of rising prices and a suddenly massively inflated supply catapulted the coin up the market cap rankings, bringing it around the top 10 at its peak. The Verge community rejoiced at their good fortune.

The attack was supposedly fixed, but was actually just slowed down.

A few weeks later, when Verge revealed its long-awaited and all-around incredibly bizarre advertising partnership with the PornHub website, the attack was still blatantly occurring. At that point, the attack was kind of old news though.

The attack has kept happening on and off since it started, but today took a turn for the more efficient.



How it works

The attack exploits shoddy programming in Verge's characteristic multi-algorithm mining script.

Verge mining uses five different algorithms. Each block cycles through them one by one in a set order. This is intended to create an element of decentralisation-promoting diversity to fight the large mining conglomerates that dominate most other proof-of-work cryptocurrencies and serves as a branding point of difference. But it also complicates things, and like most complexities, it risks opening up security holes. This attack exploits that.

It's an updated variant of the original attack which similarly exploits block timestamps to force the blockchain to spit out new blocks at an extraordinary pace, each of which drops the full miner's block reward into the attacker's wallets.

Essentially attackers apply enough mining power on two consecutive algorithms to pull out two consecutive blocks, loading both with fake timestamps to catch it in a time warp.

ocminer, the user who first discovered and reported the initial attack, explains it well.

"Since the coin compares current time with the latest block's timestamp it thinks "wow, the old block is hella old, I gotta lower difficulty so someone finally gets the chain moving!" and thus lowers the diff[iculty].. the more blocks come, the lower the diff.. at a certain point it's at the minimum but still the manipulated blocks fly in so it will never retarget up again until a "recent" block is mined with correct timestamp."

Difficulty is a system common to all proof-of-work cryptocurrencies, including bitcoin. As the name suggests, it's responsible for adjusting the difficulty of mining new blocks and therefore the rewards dispensed. It's intended to scale up with the application of mining power to prevent a system from dispensing too many rewards when there's too much power or too few rewards to properly incentivise miners.

"Since nothing really was done about the previous attacks (only a band-aid), the attackers now simply use two algo[rithm]s to fork the chain for their own use and are gaining millions," ocminer says. "They simply send one block scrypt (one of the mining algorithms), after that a block lyra2re (another mining algorithm) and so on and all with manipulated timestamps thus lowering diff[iculty] to lowest possible mining several blocks per minute like this."

What the attack looks like

This attack hit Verge from block 2155850 to block 2206272. To see it for yourself, you can simply head to the Verge block explorer and search for a few consecutive blocks in that range. You'll notice that many of them are showing identical timestamps, or that some of the later blocks (higher block numbers) are showing timestamps saying they came before the blocks which follow them.

That's the trickery ocminer describes.

It should have taken weeks for miners to mine all the blocks from 2155850 to 220672, and they should have been proportionally distributed among all miners working the chain. But by catching the blockchain in a time warp, the attackers managed to yank out all the blocks and the rewards in just a few hours.

The attack and its results are quite unmistakable. Verge prices are responding to today's attack, but they're not exactly in freefall, having only trickled down 15% in the last 24 hours. That Verge prices could resist such a blatant ongoing attack so well, even while being hyper-inflated, might be a testament to its developer's crisis management and PR skills.

A case study in brand and crisis management

If you can't outright deny that a problem exists, such as is the case here, then the main thing in a brand crisis is to immediately reassure the public that you're on top of the issue and are handling it.

Verge quickly ticked this box with a reassuring Twitter post. Much like its responses to the previous hacks, it inaccurately downplays the problem by describing it as a common DDoS attack.

The below response from the Verge fan highlights the benefits of building a robust community around a brand. Where possible, it's good to expand this into a sense of tribalism and look for competitors to paint as hostile outsiders.

With these key ingredients, fans can remain properly invested in a project by explaining everything away as "FUD," jealousy or some kind of attack or conspiracy by a hostile entity. Once your supporters believe they're surrounded by enemies and are locked into a "we're being attacked because we're doing something right" mindset, then literally nothing is too egregious for them to defend.

At that point, a brand is really able to depend on its fans to police the brand image. This is important in an age when brands tend to interface with the public through multiple media streams and aren't able to directly control all of them themselves.

A great example of this can be seen on Reddit, which is one of the more important media streams for many cryptocurrencies. With the help of a useful tool called Ceddit, one can explore a version of the site which retains and highlights deleted threads.

This is what the Verge subreddit looks like through the eyes of Ceddit in the wake of the attack.


The ones highlighted in red have been deleted.

Note that it's not as straightforward as simply censoring everything that mentions the attack. As rumours swirl, a lot of Verge buyers would have been flocking to the subreddit looking for some clarification on what just happened.

By deleting any mention whatsoever, you not only risk looking inauthentic but also inadvertently pushing users towards other less-predictable and less-flattering sources of information. Rather than blanket censorship, it should be taken as a valuable opportunity to capture user attention and feed them an appropriate official narrative. In this case, it's a combination of downplaying the attack, looking to the future and providing a suitably sanitised official version of events.

You can't control all the discussion in the space, which is why undying fan loyalty is such an important element. Not only will they police the general discussion in the space, but they'll also independently create their own posts that mirror the official version of events and serve as more data points in the grand tapestry of decision-making.

At a time like this, everyone goes around looking for information on what exactly happened and will come across conflicting stories. By quickly deciding on an official narrative and then pushing it hard across multiple platforms, a brand can shift the discourse towards the official narrative.

The ongoing non-demise of the Verge cryptocurrency is a testament to the importance of grassroots community-level support for any project.


Disclosure: At the time of writing, the author holds ETH, IOTA, ICX, VEN, XLM, BTC and XRB.

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Latest cryptocurrency news

Picture: Shutterstock

Latest crypto guides

Ask an Expert

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms of Use, Disclaimer & Privacy Policy and Privacy & Cookies Policy.
Ask a question
Go to site