Cryptocurrencies have a flaw: the 51% attack.
This attack is the possibility for a miner or a group of miners, to succeed to take more than half of the total computing power of the network.
This allows them to impose a new protocol that leans in their favor.
This kind of feat is supposed to be extremely rare, especially for the main cryptocurrencies.
Yet in the past two months, this feat has been performed twice on the same Blockchain.
This is the virtual currency Verge, (which has recently been talking about her about her partnership with the adult site, Pornhub.)
Verge has suffered two attacks to 51% and the attackers have pocketed millions of dollars.
During the first attack, in April, the hacker managed to steal 250000 XVG.
Then, in May, $ 1.7 million was pocketed by another attacker
How were these attacks made possible?
According to the experts, it was enough to simply modify the protocol code, on which most crypto currencies are built. Because lately, the developers of Verge had adjusted some small parameters of the currency to make it more efficient for payments.
But these adjustments made the Blockchain vulnerable to attack.
For example, Daniel Goldman, technical director of the cryptocurrency analysis website The Abacus, said:
“Things do not look good. The problems that initially slipped into the code were the result of pure negligence on the software without understanding its implications. “
He also added with some humor: “I hate to say it, but if I had to sum it up: the attacker is doing a lot of due diligence than the developers, I would try to get him off if I were them.”
Moreover, for some time, Charlie Lee, creator of Litecoin and Riccardo Spagni, had warned the developers against these adjustments, saying that they would allow attacks against Cryptocurrency.
Lessons to learn
There is no doubt that lessons must be learned from these attacks, not just for the Verge team.
Among them, the problem of the time of validation of the transactions: there are reasons necessary so that this time is limited in a strict way.
Indeed, while for Bitcoin the validation time of a transaction is 10 minutes, it has been extended to 2 hours for Verge.
According to Goldman, this could allow the attacker to “spoof” block-related timestamps.
But that does not seem to be the only reason for the failure.
Attacks could also be possible because of Verge’s algorithm.
Indeed, Verge’s algorithm, the “Dark Gravity Wave” is quite fast compared to Bitcoin. Verge’s algorithm adjusts the speed at which miners find blocks every two hours, while it takes 2 weeks for Bitcoin .
Goldman explains that “The usurped timestamps associated with this fast-adjustment algorithm have led to the problem of” tragic confusion of the protocol’s mining-tuning algorithm. “
In other words, the attacker mined blocks with false timestamps, which allowed him to extract much more XVG.
Still, after the first attacks the developers of Verge had released a fix. But since the second attack it seems that this fix was not enough.
Will the Verge attacks continue?
Verge developers are actively working to improve the code.
Because although no user has been robbed of his XVG, minors are not supposed to be able to print as many pieces in such a short time.
For Goldman, two out of three vulnerability issues have been mitigated, but the third has not yet been resolved.
On May 31, a message from Verge’s developers was released stating that the team was working to “solidify our currency against any future attack.”
Yet, Goldman says there is another problem: crypto currency was not created on open source code.
So the Blockchain community of experts will not be able to help the team find flaws in the system.
Does Verge have a future?
Despite all the issues raised by Goldman, some say there is no need to panic. On the contrary, these experiences will undoubtedly make it possible to build a better project, think some.
But it’s obvious that it will push companies like Pornhub to more effectively select a Blockchain before adopting it.
Moreover, according to BitGo’s engineer, Mark Erhardt, “the lack of attack is not proof that a system is safe: a number of Altcoins projects seem to be taking insecure shortcuts, but almost no ‘took the trouble to exploit these systemic flaws or weaknesses.’
Are the attacks against Verge the first of a long series?
So far, 51% attacks were considered very difficult to execute.
With Verge, it seems like it’s easier than you thought.
Thus, there is a new application named “51 Crypto”, which indicates the blockchains for which it would be profitable to execute a 51% attack.
In conclusion, it can be said that the smaller a Blockchain, the more vulnerable it will be.
Developers to be particularly careful when designing their system.