Network Attack on XVG / VERGE

[StefanRvO]

Since the chain trust is only based on the length of the chain and not cumulated work, wouldn't it be quite easy to perform a double spend with much less than 51% hashrate?

On the original chain, send e.g. 10M XVG to an exchange.

While you wait for confirmations, start mining an alternative chain where you step down the difficulty by fakeing the timestamps. This should still be possible even though the maximum drift is changed to 10 minutes, it will just be somewhat slower. In this chain you include a transaction which invalidates your original transaction. Even if you only have e.g. 5% hashpower, your chain should eventually get longer than the original chain as it has much lower difficulty.

After you have converted the XVG to BTC on the exchange, you submit your privately mined chain to the network, and as it is longer than the original chain, it will cause the nodes to reorganize to your chain. Am I missing anything or would this be completly possible?
This would also make it possible to perform the attack with extremly limited ressources as you don't really have to compete with the honest miners.

[CHIEF56]

Since the chain trust is only based on the length of the chain and not cumulated work, wouldn't it be quite easy to perform a double spend with much less than 51% hashrate?

On the original chain, send e.g. 10M XVG to an exchange.

While you wait for confirmations, start mining an alternative chain where you step down the difficulty by fakeing the timestamps. This should still be possible even though the maximum drift is changed to 10 minutes, it will just be somewhat slower. In this chain you include a transaction which invalidates your original transaction. Even if you only have e.g. 5% hashpower, your chain should eventually get longer than the original chain as it has much lower difficulty.

After you have converted the XVG to BTC on the exchange, you submit your privately mined chain to the network, and as it is longer than the original chain, it will cause the nodes to reorganize to your chain. Am I missing anything or would this be completly possible?
This would also make it possible to perform the attack with extremly limited ressources as you don't really have to compete with the honest miners.

There are addresses with unexplained negative balances which show more xvg being debited than credited. Not sure if related, but is still unexplained.

[Dogedarkdev]

Since the chain trust is only based on the length of the chain and not cumulated work, wouldn't it be quite easy to perform a double spend with much less than 51% hashrate?

On the original chain, send e.g. 10M XVG to an exchange.

While you wait for confirmations, start mining an alternative chain where you step down the difficulty by fakeing the timestamps. This should still be possible even though the maximum drift is changed to 10 minutes, it will just be somewhat slower. In this chain you include a transaction which invalidates your original transaction. Even if you only have e.g. 5% hashpower, your chain should eventually get longer than the original chain as it has much lower difficulty.

After you have converted the XVG to BTC on the exchange, you submit your privately mined chain to the network, and as it is longer than the original chain, it will cause the nodes to reorganize to your chain. Am I missing anything or would this be completly possible?
This would also make it possible to perform the attack with extremly limited ressources as you don't really have to compete with the honest miners.

that wouldn't work because the invalidation would also be accepted.

[CHIEF56]

>>now that we fixed the drift again,

Fixed the drift again? When was the first time? Because the 1st patch had nothing to do with drift time IIRC

[Dogedarkdev]

Those unusual jumps are actually one part of the attack, the other part is tx spam which slows down most of tthe daemons and the third part is replacing parts of the blockchain with own blocks and thus causing orphans on most pools.

It's okay currently.

Does the transaction spam explain the sort of "phantom transactions" seen that appear on some copies of the chain (and confirmed as valid!), but are discarded as bad on other copies of the chain?

some block explorers databases dont account for orphans. the most reliable are the yiimp based ones, like http://poolovich.pro/explorer/XVG or https://umine.org/explorer/XVG

we've also made a site for tracking the blockchain status and difficulties here: https://vergecurrency.network

[Dogedarkdev]

>>now that we fixed the drift again,

Fixed the drift again? When was the first time? Because the 1st patch had nothing to do with drift time IIRC

you do realize instead of posting that, you could have just checked. this commit should have stayed, it would have prevented the last attack, which was 1 week ago today.

https://github.com/vergecurrency/VERGE/commit/b6c380727ebe285538b9e5ac330176d9e8983f87

450 seconds would have worked in preventing timestamp spoofed blocks.

[CHIEF56]

>>now that we fixed the drift again,

Fixed the drift again? When was the first time? Because the 1st patch had nothing to do with drift time IIRC

you do realize instead of posting that, you could have just checked. this commit should have stayed, it would have prevented the last attack, which was 1 week ago today.

https://github.com/vergecurrency/VERGE/commit/b6c380727ebe285538b9e5ac330176d9e8983f87

450 seconds would have worked in preventing timestamp spoofed blocks.

I'm asking for clarification since you said "we fixed the drift again", but really you only fixed it one time.

[StefanRvO]

Since the chain trust is only based on the length of the chain and not cumulated work, wouldn't it be quite easy to perform a double spend with much less than 51% hashrate?

On the original chain, send e.g. 10M XVG to an exchange.

While you wait for confirmations, start mining an alternative chain where you step down the difficulty by fakeing the timestamps. This should still be possible even though the maximum drift is changed to 10 minutes, it will just be somewhat slower. In this chain you include a transaction which invalidates your original transaction. Even if you only have e.g. 5% hashpower, your chain should eventually get longer than the original chain as it has much lower difficulty.

After you have converted the XVG to BTC on the exchange, you submit your privately mined chain to the network, and as it is longer than the original chain, it will cause the nodes to reorganize to your chain. Am I missing anything or would this be completly possible?
This would also make it possible to perform the attack with extremly limited ressources as you don't really have to compete with the honest miners.

that wouldn't work because the invalidation would also be accepted.

Could you expand on what you mean by the invalidation would also be accepted?

If you on your private chain sends the coins to yourself instead of the exchange, you will still own the coins when the network reorgs to your chain after you brodcasts your blocks.

[gericil]

>>now that we fixed the drift again,

Fixed the drift again? When was the first time? Because the 1st patch had nothing to do with drift time IIRC

you do realize instead of posting that, you could have just checked. this commit should have stayed, it would have prevented the last attack, which was 1 week ago today.

https://github.com/vergecurrency/VERGE/commit/b6c380727ebe285538b9e5ac330176d9e8983f87

450 seconds would have worked in preventing timestamp spoofed blocks.

Wrong! That commit split your network and made the verge chain stall lol.

"this commit should have stayed" is bs, you were forced to remove it because it didn't work. https://github.com/vergecurrency/VERGE/issues/679

[boxalex]

just as a side note, verge lyra algo difficulty is again at the bottom.... just as a notice if nobody saw allready

[trzl]

bitcointalk never fails to amuse me       this entire thread has gone to shit,  similar to the entire alt-cryptocurrency section of these forums... just LOL

sorry boys & girls this whole thing has been blown way out of proportion in what seems like a big mess of fud, trolls and people that are upset they never got enough coins the past year or two while the price was down lol

network is working fine atm and I even updated my vpn and ph sub's  along with buying some hot sauce with this coin...   yup it's ded... plz sell it all  hahahaha!



      -CC66

I joined this site just to call you out. 4 years of lurking and your post is what it took to get me to join lmao.

I'm not invested in this XVG drama whatsoever since i could care less about privacy coins (privacy is an added feature that I could care less about since I'm not a shady fuck), but all it took was me looking at your recent post history to determine that you're clearly heavily invested in XVG and to call you out on it.

While this 3rd attack seems to be FUD, the premise of this thread still warrants its existence. And that's the fact that XVG was subject to attack when it this thread was created, and then again just a week ago.

This is simply inexcusable. Even if other cryptocurrencies are (or were) subject to attacks, the response on behalf of the Verge developer and the Verge community has been nothing but disgusting to watch from the sidelines.

One look at their Discord and Telegram and that's all it took to tell me that it was full of a bunch of strange people with "edgy" high school humor and who treat the crypto space as such. "Us vs them" mentality, yet somehow expect for the rest of the crypto space to somehow band with them for the sake of crypto's future and adoption....

This space will do just fine without this coin. Porn won't be the reason for mass crpyto adoption anyway.

And this is why the general community dislikes Verge... The constant deflection and lack of transparency.

A decent amount of this thread is full of deflection from the issues that were presented. And that seems to be the general theme behind Verge. Hide and deflect. If Telegram and Discord are any indication of the state of Verge's community (one who loves to use semantic jargon to go off on tangents and deflect with high school humor), then it simply can't survive.

The free market is a ruthless beast. Yes, it is what helped XVG gain traction during the last bull run (McAfee shill, which was huge exposure) and during the leadup to the Mindgeek announcement, however it's also going to be what takes it down. At the end of the day, no one is pointing a gun to anthers head to buy or sell a coin... Greed is...

Laissez faire. Let's see what this new codebase does for Verge and how the development team goes about releasing the next update, and we'll see from there.  

[siege3967]

Since the chain trust is only based on the length of the chain and not cumulated work, wouldn't it be quite easy to perform a double spend with much less than 51% hashrate?

On the original chain, send e.g. 10M XVG to an exchange.

While you wait for confirmations, start mining an alternative chain where you step down the difficulty by fakeing the timestamps. This should still be possible even though the maximum drift is changed to 10 minutes, it will just be somewhat slower. In this chain you include a transaction which invalidates your original transaction. Even if you only have e.g. 5% hashpower, your chain should eventually get longer than the original chain as it has much lower difficulty.

After you have converted the XVG to BTC on the exchange, you submit your privately mined chain to the network, and as it is longer than the original chain, it will cause the nodes to reorganize to your chain. Am I missing anything or would this be completly possible?
This would also make it possible to perform the attack with extremly limited ressources as you don't really have to compete with the honest miners.

that wouldn't work because the invalidation would also be accepted.

There are accounts with negative balances in them. Care to explain that?

[siege3967]

bitcointalk never fails to amuse me       this entire thread has gone to shit,  similar to the entire alt-cryptocurrency section of these forums... just LOL

sorry boys & girls this whole thing has been blown way out of proportion in what seems like a big mess of fud, trolls and people that are upset they never got enough coins the past year or two while the price was down lol

network is working fine atm and I even updated my vpn and ph sub's  along with buying some hot sauce with this coin...   yup it's ded... plz sell it all  hahahaha!



      -CC66

I joined this site just to call you out. 4 years of lurking and your post is what it took to get me to join lmao.

I'm not invested in this XVG drama whatsoever since i could care less about privacy coins (privacy is an added feature that I could care less about since I'm not a shady fuck), but all it took was me looking at your recent post history to determine that you're clearly heavily invested in XVG and to call you out on it.

While this 3rd attack seems to be FUD, the premise of this thread still warrants its existence. And that's the fact that XVG was subject to attack when it this thread was created, and then again just a week ago.

This is simply inexcusable. Even if other cryptocurrencies are (or were) subject to attacks, the response on behalf of the Verge developer and the Verge community has been nothing but disgusting to watch from the sidelines.

One look at their Discord and Telegram and that's all it took to tell me that it was full of a bunch of strange people with "edgy" high school humor and who treat the crypto space as such. "Us vs them" mentality, yet somehow expect for the rest of the crypto space to somehow band with them for the sake of crypto's future and adoption....

This space will do just fine without this coin. Porn won't be the reason for mass crpyto adoption anyway.

And this is why the general community dislikes Verge... The constant deflection and lack of transparency.

A decent amount of this thread is full of deflection from the issues that were presented. And that seems to be the general theme behind Verge. Hide and deflect. If Telegram and Discord are any indication of the state of Verge's community (one who loves to use semantic jargon to go off on tangents and deflect with high school humor), then it simply can't survive.

The free market is a ruthless beast. Yes, it is what helped XVG gain traction during the last bull run (McAfee shill, which was huge exposure) and during the leadup to the Mindgeek announcement, however it's also going to be what takes it down. At the end of the day, no one is pointing a gun to anthers head to buy or buy or sell a coin... Greed is...

Laissez faire. Let's see what this new codebase does for Verge and how the development team goes about releasing the next update, and we'll see from there.  

He's a verge moderator on the telegram group what do you expect?

[DaveyJones]

I'm not invested in this XVG drama whatsoever since i could care less about privacy coins (privacy is an added feature that I could care less about since I'm not a shady fuck)...

I wonder when people will stop giving the "i got nothing to hide" reasoning. Privacy is important in this modern all-seeing world more than ever

[siege3967]

This topic now has some entertainment level now as well. Some kind of tragic-comedy.

Some paid purchased XVG forum clowns crying all day and night FUD, what a joke, lol.

Purchased? Oh wait.. you are talking abt yourself. We have been in the community for long enough kid. Till Now you havent even presented single proof refuting our claims. Even pool admin averted FUD. Seems like you are in love with Verge dev hence keep going offtopic and yet still continue this conversation.
Sorry to break your heart dude but he aint gay.

Wow you're not very smart are you? You completely misunderstood what the Antpool admin was talking about 😂

[Hueristic]

Spin Doctors are on the scene.

https://bitcointalk.org/index.php?topic=4228221.0

[gericil]

I'm not invested in this XVG drama whatsoever since i could care less about privacy coins (privacy is an added feature that I could care less about since I'm not a shady fuck)...

I wonder when people will stop giving the "i got nothing to hide" reasoning. Privacy is important in this modern all-seeing world more than ever

Funnily enough, verge cannot be considered even remotely private: https://hackernoon.com/why-verge-is-a-scam-and-fails-to-offer-real-privacy-6fbcab232fb5?gi=5280a5cd24f7

[siege3967]

Would any verge supporter like to explain this? Negative balance: https://verge-blockchain.info/address/D7sbycsrSQpj6AjfjsHPb54fvEzN6JH3fp

[boxalex]

Since the chain trust is only based on the length of the chain and not cumulated work, wouldn't it be quite easy to perform a double spend with much less than 51% hashrate?

On the original chain, send e.g. 10M XVG to an exchange.

While you wait for confirmations, start mining an alternative chain where you step down the difficulty by fakeing the timestamps. This should still be possible even though the maximum drift is changed to 10 minutes, it will just be somewhat slower. In this chain you include a transaction which invalidates your original transaction. Even if you only have e.g. 5% hashpower, your chain should eventually get longer than the original chain as it has much lower difficulty.

After you have converted the XVG to BTC on the exchange, you submit your privately mined chain to the network, and as it is longer than the original chain, it will cause the nodes to reorganize to your chain. Am I missing anything or would this be completly possible?
This would also make it possible to perform the attack with extremly limited ressources as you don't really have to compete with the honest miners.

that wouldn't work because the invalidation would also be accepted.

Could you expand on what you mean by the invalidation would also be accepted?

If you on your private chain sends the coins to yourself instead of the exchange, you will still own the coins when the network reorgs to your chain after you brodcasts your blocks.

pumping up an important post that wasn't answered or discussed yet and in my opinion deserves some attention!! (quoted posts!)

Additionally, at about 22.24 (Verge explorer time) the difficulty again went to down to 400 on the lyra algo.
And recoved exactly 15 minutes later.
Not sure if right now the difficutly is again falling as i can't see yet how long this difficulty downtrend will last.
Just in case someone wants to investigate it further.

[Slemicek]

Btw. hopefully for xvg Michael won't speak much in SEC about his past xvg team membership and for example how Wraith was created.