The notorious 51-percent attack: it’s the major fault in cryptocurrency protocols but it’s rarely seen, especially among the most popular cryptocurrencies.
Yet, in the past couple months, the exploit – whereby a single miner (or group of miners) takes control of over half of the network’s total computing power and can then bend the protocol’s rules in their favor – has been seen twice. And on the same blockchain.
Indeed, verge, a privacy-oriented cryptocurrency recently propelled into the limelight by a partnership with popular adult entertainment site Pornhub, suffered two hacks perpetrated through 51-percent attacks that saw the attackers absconding with millions of dollars-worth of its native cryptocurrency, XVG.
During the first attack in April (only a couple of weeks before the Pornhub partnership), the hacker was able to get away with 250,000 XVG. And during the latest in mid-May, an attacker was able to exploit $1.7 million-worth of the cryptocurrency from the protocol.
According to researchers, the exploits are a product of simple changes to the underlying code which cryptocurrency protocols are typically built on and the challenges of being able to predict what unintended consequences will arise from those changes.
Sure, verge developers were only trying to design a better cryptocurrency for payments, but by tweaking small parameters, such as the length of time a block can be valid, the group has opened its blockchain up to attacks.
“Getting incentives right and keeping them right is hard,” Imperial College London assistant professor and Liquidity Network founder Arthur Gervais said.
That is blockchains are built on very precariously stacked incentives whereby all stakeholders work together toward a common goal so as to remove the chance that one entity takes full control.
“Things obviously don’t look good,” said Daniel Goldman, the CTO of cryptocurrency analysis site The Abacus who’s been tracking the attacks. “The issues that initially slipped into the codebase were a result of pure carelessness — incorporating code from other open-source software without understanding its implications.”
“I hate to say it, but if I had to summarize: the attacker is doing better due diligence than the developers. I’d try to poach him if I were them.”
And since veteran blockchain developers, including litecoin creator Charlie Lee and monero lead developer Riccardo Spagni, have long argued the kinds of adjustments the platform made have obvious downsides, such naysayers – who have been readily attacked by a group of enthusiasts calling themselves the “Verge Army” – are feeling vindicated.
“So many important lessons to be learned from this,” Fidelity investment research analyst Nic Carter tweeted, summing up the general state of verge’s development.
Representatives from the verge developer team did not respond to a request for comment from CoinDesk.
One of those lessons is that there are reasons why the window of time that a transaction can be valid is limited quite strictly.
For instance, whereas bitcoin transactions are only valid for about 10 minutes before they’re verified in a block, verge developers extended that window to two hours. And because there is some information asymmetry in blockchain systems since nodes are spread out across the globe, the attacker was able “spoof” timestamps tied to blocks without some noticing, according to the widely-circulated post by Goldman.
But it wasn’t just that; another piece of the attacks was verge’s difficulty algorithm.
Verge uses the algorithm “Dark Gravity Wave” to automatically adjust how fast miners find blocks. In verge, this happens every two hours; compared to bitcoin which adjusts every two weeks, verge’s algorithm is quite fast.
The spoofed timestamps paired with this fast-adjusting algorithm led to the problem of “tragically confusing the protocol’s mining adjustment algorithm,” as Goldman put it.
Or said another way, the attacker cleverly mined blocks with fake timestamps, forcing the cryptocurrency’s difficulty to adjust down more quickly – making it easier for the attacker to mine even more XVG.
When the first attack happened, verge developers quickly released a patch, stopping the attacker from printing more money. Yet, with the attack last month, it seems the patch only went so far and the attacker found another way to execute the same hack, displaying how difficult it can be to architect a distributed system that isn’t vulnerable to attacks.
And according to Goldman, the issues for verge are likely not over.
“An attack clearly was – and maybe still is – being attempted. So far, however, the would-be attacker hasn’t managed to overtake the network,” Goldman told CoinDesk.
But he continued:
“As it stands now, two of the three (in my opinion) fundamental sources of vulnerabilities have been mitigated at best, and one remains completely unfixed.”
While no XVG were stolen directly from users, miners on the network aren’t supposed to be able to bend the rules like this, effectively printing money for one individual in a short period of time.
As such, verge developers are actively working on improving the code. After a period of little communication from verge’s developers, CryptoRekt, the pseudonymous author of the verge “blackpaper” took to Reddit on May 31, saying, that all of the verge team would “never intentionally do anything to besmirch or hurt this project.”
He added that the project’s developer have been working on new code for “several weeks” to “solidify our currency against any future attacks.”
Yet, Goldman believes there’s another problem. Unlike many of the cryptocurrency projects out there today, which rely on open-source code, verge’s codebase is being constructed in private and so will not get peer-reviewed by the community of blockchain experts that could help the team find vulnerabilities.
“Since incorporating code without responsibly vetting it was the thing that led to all this, this should make the vergefam nervous,” he tweeted.
But so far, much of the verge community remains supportive of the developer team and the cryptocurrency’s mission.
Pseudonymous verge user Crypto Dog went as far as to claim that “there is no need to panic,” contending that verge’s success will continue no matter what. And CryptoRekt chose to see it as a learning experience, one that would help verge “build a bigger and better project.”
Still, this attack looks poorly, not only on verge itself, but also on organizations that have partnered with the verge team, Pornhub included. Especially since Pornhub’s vice president Corey Price stated verge was chosen as a payment method for the site in a “very deliberate selection process” to preserve the financial privacy of their customers.
As such, some developers believe this episode will bring about a heightened sense of responsibility for many organizations to more effectively analyze a blockchain before adopting it.
“I wouldn’t be surprised by more scrutiny in the near future, both leading to more attacks and to investors more accurately rating the value proposition of smaller altcoin projects,” BitGo engineer Mark Erhardt said, adding:
“The absence of an attack is not proof that a system is safe. Quite a few altcoin projects appear to be taking unsafe shortcuts. It’s just that nobody has bothered to exploit these systemic flaws or weaknesses, yet.”
As such, verge might be the first in a long line of future exploits.
While 51-percent attacks have typically been viewed as hard to execute, Liquidity Network’s Gervais argued that new data appears to show that it’s easier than many previously thought. He pointed to a new web app, 51crypto, which tracks how profitable it is to execute a 51-percent attack on various blockchains.
The gist of the statistics is, the smaller the blockchain, the easier it is to overtake it and bend the rules, which is why developers need to be particularly careful in how they architect their systems.
Because “if an attack makes more economic sense over honest behavior, the attackers will be there,” Gervais concluded.