It happened again - and this time, even worse than the last.
This time the hackers managed to funnel 35 million XVG to themselves (worth $1.7 million) - last time was only 250,000 XVG.
The hack was pointed out by the same Bitcointalk user ''ocminer'' who pointed out the first one - he says the hackers are using a slightly updated version of the same old exploit, which was never fully fixed...
"Since nothing really was done about the previous attacks (only a band-aid), the attackers now simply use two algos to fork the chain for their own use and are gaining millions:
Both algos, scrypt and lyra2re can be rented easily for a few bucks at nicehash, they simply send one block scrypt, after that a block lyra2re and so on and all with manipulated timestamps thus lowering diff to lowest possible mining several blocks per minute like this".
The most disturbing part in my opinion - Verge isn't even acknowledging what happened - they're lying to their followers by labeling this a "DDOS" attack (which is a simple way to bring down servers by overloading them with requests). Nothing about this even resembles a DDOS attack. Yet Verge still tweeted the following:
"it appears some mining pools are under ddos attack, and we are experiencing a delay in our blocks, we are working to resolve this."
No further update from Verge has been provided since this tweet 24hrs ago.
A tip for the folks at Verge - handle a hack with honesty. The only thing that can make it worse, is lying about what happened. People would much rather know you found the problem, understand it, and are fixing it.
-------
This time the hackers managed to funnel 35 million XVG to themselves (worth $1.7 million) - last time was only 250,000 XVG.
The hack was pointed out by the same Bitcointalk user ''ocminer'' who pointed out the first one - he says the hackers are using a slightly updated version of the same old exploit, which was never fully fixed...
"Since nothing really was done about the previous attacks (only a band-aid), the attackers now simply use two algos to fork the chain for their own use and are gaining millions:
Both algos, scrypt and lyra2re can be rented easily for a few bucks at nicehash, they simply send one block scrypt, after that a block lyra2re and so on and all with manipulated timestamps thus lowering diff to lowest possible mining several blocks per minute like this".
The most disturbing part in my opinion - Verge isn't even acknowledging what happened - they're lying to their followers by labeling this a "DDOS" attack (which is a simple way to bring down servers by overloading them with requests). Nothing about this even resembles a DDOS attack. Yet Verge still tweeted the following:
"it appears some mining pools are under ddos attack, and we are experiencing a delay in our blocks, we are working to resolve this."
No further update from Verge has been provided since this tweet 24hrs ago.
A tip for the folks at Verge - handle a hack with honesty. The only thing that can make it worse, is lying about what happened. People would much rather know you found the problem, understand it, and are fixing it.
Author: Adam Lee
Asia News Desk