Network Attack on XVG / VERGE

[MiCoSa]

I will set my bet on Verge saying: "It's an exlorer bug, everything is ok, we just have the most buggy explorer ever;"  

I'll set mine on: "difficulty goes up and down"

Dude just tell me one thing, are you getting payed to trash verge?i mean i understand and respect the fact you dont like verge but you are litereally posting about verge every single hour, we got your point you dont like verge, move on dude you are just being abnoxious and pathetic at this point.

this is not about 'not liking', this is a about a buggy shitcoin with an inept team buzzing around top30 on CMC, where it does not belong.

of course, this still goes to show how immatire the market in many respects still is, with clueless lunch money speculators jumping every hype train out there, and the fallout of butthurt gamblers is always sort of fun to watch (cryptsy anyone?)- but it does tarnish crypto as a whole, which is one of the reasons why guys like CHIEF56 keep on hammering down the message: XVG is broken software.
besides, for an engineer, re-engineering techincal failures is a professional challenge, which is fun!
attacking the messenger and pretending the problem would go away if that pesky bearer of bad news would go away is really infantile.

like when a car company sells cars with brakes that don't work - seems you would not understand this, because braking is for ... douchebags, right Mr. Cool?

@vitaminas: Leave them here. They are making fools of themselves with every single post and dont even recognize it. In my opinion it is not only pathetic, it is even more pathological. One of these guys is mining XVG with his Baikal X10's but anyway he is spreading FUD every single day in this thread... And the best thing about that, there are other coins, that are more profitable to mine with the Baikal X10 than XVG... It is ridiculous... He tries everything to saw off the branch on which he sits... A case of heavy masochism i think... But the problem is, you cant convince such people, as they are completely resistant regarding facts... They have their own "truth" and they will never accept any other arguments, but their own arguments...

@l8orre: So if i understand you right, you are the one that decides which coin belongs to the Top30 and which does not? I always thought the market will decide that, and the market seems to think XVG belongs there. But sorry if i was wrong with that. I just did not know, that you decide that...
You should realize, that your opinion is obviously not the opinion of the major part of cryptoinvestors... This should be reason enough for you to think about that opinion again, dont you think? What makes you believe, that your opinion is right and the one of the major part of cryptoinvestors is wrong? Most time, if the majority's opinion is different from the one of a few guys, the majority is right. Not always, but most time...
If you think XVG does not belong to the Top30, what do you think about bitcoin? What is bitcoin? Well, it is not even kind of decentralized, it is slow, it is an ecological disaster, and it is technological antiquated... Thats our number one! It's sink or swim! And if you dont like the way the cryptomarket is working, feel free to leave it... Noone will miss you...

[1714153189]

1714153189

[1714153189]

1714153189

[1714153189]

1714153189

[1714153189]

1714153189

[MiCoSa]

I will set my bet on Verge saying: "It's an exlorer bug, everything is ok, we just have the most buggy explorer ever;"  

I'll set mine on: "difficulty goes up and down"

Dude just tell me one thing, are you getting payed to trash verge?i mean i understand and respect the fact you dont like verge but you are litereally posting about verge every single hour, we got your point you dont like verge, move on dude you are just being abnoxious and pathetic at this point.

You do realize this thread is specifically for the network attack on verge, and CHIEF56 is researching and posting info related to the attacks or possibly another attack? How is that pathetic? Please go elsewhere if you don't like this thread.

Did anyone of you guys ever think about the fact, that the attacker is still trying to attack verge again, but it does not work anymore? This means, that the last patch did solve the problem obviously. This means the Verge blockchain is succesfully defending against the attacks right now. Usually this is a reason to congratulate, but it seems you guys prefer to spread fud and hate...
And a completely new codebase will come soon.

[CHIEF56]

>>Did anyone of you guys ever think about the fact, that the attacker is still trying to attack verge again, but it does not work anymore? This means, that the last patch did solve the problem obviously.

If you are unable to see or understand with your own eyes and brain that the network is currently under a (successful) attack, then I don't know what else to tell ya.

[l8orre]

@l8orre: So if i understand you right, you are the one that decides which coin belongs to the Top30 and which does not? I always thought the market will decide that, and the market seems to think XVG belongs there. But sorry if i was wrong with that. I just did not know, that you decide that...
You should realize, that your opinion is obviously not the opinion of the major part of cryptoinvestors... This should be reason enough for you to think about that opinion again, dont you think? What makes you believe, that your opinion is right and the one of the major part of cryptoinvestors is wrong? Most time, if the majority's opinion is different from the one of a few guys, the majority is right. Not always, but most time...
If you think XVG does not belong to the Top30, what do you think about bitcoin? What is bitcoin? Well, it is not even kind of decentralized, it is slow, it is an ecological disaster, and it is technological antiquated... Thats our number one! It's sink or swim! And if you dont like the way the cryptomarket is working, feel free to leave it... Noone will miss you...

hahaha .. exactly my point!

you have misunderstood my argument, so let me explain: of course it is not me to decide about the value of XVG, it is the market - which goes to show how immature this market is, because XVG is broken software, and only reckless and immature fools will cling to that illusion that (after missing BTC and so many other successful boats that have sailed already in the cryptosphere) - they will be able to catch a ride with $XVG.

which they won't, because $XVG is broken software.

but you are right about one thing: it is indeed opinions we are talking about here, so if you don't care about mine, please don't bother

on the other hand, saying that $XVG does not belong into the top30 is backed by the argument that having a shitty assed, broken piece of software does tarnish the reputation of crypto as a whole, because it will come down sooner or later, which I think is a pretty damn good argument.

or what do you think about the fact that some entity seems to have arbitrary access counterfeit $XVG?
and what does that mean for the value of $XVG?

mind you, I do not have much skin in this game, $XVG is one of the last $hitcoins with much visibility -DogeCoin RaceCars, yay, those were the days in early 2014   and it won't seriously affect crypto - wicked outright ripoffs like Bitconnect and Onecoin and such were much worse, and they went away too- I am just here because I appreciate what guys like ocminer and CHIEF56 et al are doing

[MiCoSa]

>>Did anyone of you guys ever think about the fact, that the attacker is still trying to attack verge again, but it does not work anymore? This means, that the last patch did solve the problem obviously.

If you are unable to see or understand with your own eyes and brain that the network is currently under a (successful) attack, then I don't know what else to tell ya.

You are the only one, who can see that, maybe you have a special talent...

[MiCoSa]

@l8orre: So if i understand you right, you are the one that decides which coin belongs to the Top30 and which does not? I always thought the market will decide that, and the market seems to think XVG belongs there. But sorry if i was wrong with that. I just did not know, that you decide that...
You should realize, that your opinion is obviously not the opinion of the major part of cryptoinvestors... This should be reason enough for you to think about that opinion again, dont you think? What makes you believe, that your opinion is right and the one of the major part of cryptoinvestors is wrong? Most time, if the majority's opinion is different from the one of a few guys, the majority is right. Not always, but most time...
If you think XVG does not belong to the Top30, what do you think about bitcoin? What is bitcoin? Well, it is not even kind of decentralized, it is slow, it is an ecological disaster, and it is technological antiquated... Thats our number one! It's sink or swim! And if you dont like the way the cryptomarket is working, feel free to leave it... Noone will miss you...

hahaha .. exactly my point!

you have misunderstood my argument, so let me explain: of course it is not me to decide about the value of XVG, it is the market - which goes to show how immature this market is, because XVG is broken software, and only reckless and immature fools will cling to that illusion that (after missing BTC and so many other successful boats that have sailed already in the cryptosphere) - they will be able to catch a ride with $XVG.

which they won't, because $XVG is broken software.

but you are right about one thing: it is indeed opinions we are talking about here, so if you don't care about mine, please don't bother

on the other hand, saying that $XVG does not belong into the top30 is backed by the argument that having a shitty assed, broken piece of software does tarnish the reputation of crypto as a whole, because it will come down sooner or later, which I think is a pretty damn good argument.

or what do you think about the fact that some entity seems to have arbitrary access counterfeit $XVG?
and what does that mean for the value of $XVG?

mind you, I do not have much skin in this game, $XVG is one of the last $hitcoins with much visibility -DogeCoin RaceCars, yay, those were the days in early 2014   and it won't seriously affect crypto - wicked outright ripoffs like Bitconnect and Onecoin and such were much worse, and they went away too- I am just here because I appreciate what guys like ocminer and CHIEF56 et al are doing

Ok, beside the fact, that you did not answer even one of my questions, i could read in this post now, that you are senior software engineer, right? 99.99% of the cryptoinvestors have the opinion XVG is not broken software, but it is a reliable project worth to invest in it. You have another opinion... And again, maybe you should think again about that (most likely wrong) opinion. It is easy to say, my opinion is the only right opinion, and the whole market is immature, i am the only one who knows what's going on, without any proof of that.

"that some entity seems to have" = FUD

Please let me repeat the question i would really like to get an answer from you:

Bitcoin:

• not really decentralized
• extremely slow
• ecological disaster
• technological antiquated

If you look at these facts (and these are real facts), there is only one possible conclusion: Bitcoin is shitcoin...

What do you think about that?

[CHIEF56]

Justin - A few questions for you, as I've finally had a moment to review the Verge XVG code

1. After the Hard Fork in Jan of this year, for what I guess was a code update to help support "stealth transactions" --> (ref: https://twitter.com/vergecurrency/status/954914199188180992) . . .

. . . I notice a modification to 'checkpoints.cpp' in order to update the check-point map

Code:

static MapCheckpoints mapCheckpoints =

https://github.com/vergecurrency/VERGE/commit/2cae3f9a49c805815861c2d91d777e1881fbed3d

Code:

 	( 1000000, uint256("0x000000000049eaba3d6c29d9f45bc2a944b46eec005e2b038f1ee924f2f9c029"))
 	( 1100000, uint256("0xc766387a2e0cd6af995ea432518614824fe313e988598ea8b26f58efb99ebcdc"))
 	( 1145029, uint256("0x04def2ba205c1e5f4b33873bc9e5b0a54311370e823686aeb4d5aab0bf021899"))
+	( 1824425, uint256("0x2f30b9c1d6e624c4a01f1309df5149ce32f77da4e71418429dc8ae50ee527a0f")) //first after stealth fork!
         ;

OK, fine. But... I don't quite understand why? I didn't think it was utilized in strictly PoW.. Furthermore, I fail to find the required updates in 'kernel.cpp' to set new values for "modifierchecksum" ~> 0x0e00670bu

Code:

// Hard checkpoints of stake modifiers to ensure they are deterministic
static std::map<int, unsigned int> mapStakeModifierCheckpoints =
    boost::assign::map_list_of
    (     0, 0x0e00670bu )
    ;

https://github.com/vergecurrency/VERGE/commit/5bd3c1d189740a81daf36b46aa8d29706efe6962
https://raw.githubusercontent.com/vergecurrency/VERGE/5bd3c1d189740a81daf36b46aa8d29706efe6962/src/kernel.cpp

Why even take the time to set these in 'checkpoints.cpp' ? ? ? ?

Code:

        (     0,  hashGenesisBlockOfficial)
        (  15000, uint256("0x000000000265c5f4683b169a68cb3cac89287c8b5df94e17b09ef19ac718026b"))
        (  30000, uint256("0x0000000003dddf9e84b1246e9a0bd7ceb2672998294e8c823d5ef288fa3781f4"))
	(  45000, uint256("0x000000000321d6be8ffe446a9183f7605e40f523436479b713762346ae65a3bd"))
	(  60000, uint256("0x00000000122a8a1dbdc9d2ab530facf3fefa2e7cee0393f628921cae3c60483f"))
	(  75000, uint256("0x0000000016e3bb233f2196d532e8e7831ad19c9235e833309d10faf14b7902af"))
	(  90000, uint256("0x0000000010f470ed5eda53dc12707e34297e75b7bd91f5e5ac9fb72050112e57"))
	(  100000, uint256("0x000000000400a93131a94ad193c63faafeb8dfcc0c7d0e6f1c9c2614cb2823eb"))
	(  150000, uint256("0x0000000000548f44babc055557c5870b15d1401bb0de72fb6a6c19d6c5f36d10"))
	(  200000, uint256("0x000000000010dd127bfe9f6b8c36080c45bcd352151aa0d2a4c79c9eba1e05b6"))
	(  219912, uint256("0x00000000010751365b77b28dc6af3c33e6c620e45a166c659a2056dc7cb3af0a"))
	(  222222, uint256("0x00000000003c92cf2938d35cf4006fc21a251d82456780cafb43ab908eef9aff"))
	(  244219, uint256("0x000000000139613d26f7436ecc568feb566c22d9a664359e53f0d0a542d5bdba"))
	(  400000, uint256("0x0000000001d45af6613024ad5668bfa4909ac63e2b29c28042013d77a216830d"))
	(  500000, uint256("0x0000000003700a4e9d81a67036d7647361086527e985cdf764648c5e61d07303"))
	(  600000, uint256("0x30fa1eab961c99f6222f9925a27136c34ea27182c92e4f8c48ea3a90c7c2eb25"))
	(  700000, uint256("0x3e4f3319706870bb149d1a976202c2a5e973384d181a600e7be59cbab5b63132"))
	(  800000, uint256("0xf6b5f222bcc2f4e2439ccf6050d4ea3e9517c3752c3247302f039822ac9cc870"))
	(  900000, uint256("0xc4d8b4079da888985854eda0200fb57045c2c70b29f10e98543f7c4076129e91"))
	( 1000000, uint256("0x000000000049eaba3d6c29d9f45bc2a944b46eec005e2b038f1ee924f2f9c029"))
	( 1100000, uint256("0xc766387a2e0cd6af995ea432518614824fe313e988598ea8b26f58efb99ebcdc"))
	( 1145029, uint256("0x04def2ba205c1e5f4b33873bc9e5b0a54311370e823686aeb4d5aab0bf021899"))
	( 1824425, uint256("0x2f30b9c1d6e624c4a01f1309df5149ce32f77da4e71418429dc8ae50ee527a0f")) //first after stealth fork!
        ;

It is obvious the function wasn't working since all values for "modifierchecksum" have been null up to and including after block height 1824426 (stealth fork!)

./Verged getblock 9ea785d1ad5120a868c31bceb64d85dc5bb5322c562d6c16e4eb9cbcccaaa5d9

Code:

{
    "hash": "9ea785d1ad5120a868c31bceb64d85dc5bb5322c562d6c16e4eb9cbcccaaa5d9",
    "confirmations": 416933,
    "size": 8352,
    "height": 1824426,
    "version": 6148,
    "algo_id": 1,
    "algo": "x17",
    "mined_hash": "000000000008c9ef2811faf71d0f00d81cd211e4f0cbe1d05222b0d47266d2c9",
    "merkleroot": "d24bd78946f99924d7c0cdc744cecd3c7ee355e72799c978b09c62b0844b2fb2",
    "mint": 1561.103643,
    "time": "2018-01-24 06:35:12 +0300",
    "nonce": 3674376384,
    "bits": "1b0b4b9f",
    "difficulty": 5801.92198634,
    "previousblockhash": "2f30b9c1d6e624c4a01f1309df5149ce32f77da4e71418429dc8ae50ee527a0f",
    "nextblockhash": "d3b1da781cc22f763d297b53ae7535327362f4b5566017b8d922b095f1844268",
    "flags": "proof-of-work",
    "proofhash": "9ea785d1ad5120a868c31bceb64d85dc5bb5322c562d6c16e4eb9cbcccaaa5d9",
    "entropybit": 1,
    "modifier": "b96c8a9e6de606fe",
    "modifierchecksum": "00000000",
    "tx": [
        "4fa82df4d3d86a1438188bbe8c26a93af0459982d3b6b42eac630a9093b9f3e3",
        "0c475e2ee48c05c0bf41f69b727e7e1a15e4d9703fdbf1ebd9bdcc5531ceedbf",
        "4e23cdebf263b5b160193dc21d60b3d5843d64513117f7496c121e5371690fef"
    ],
    "signature": "3045022100bf3e436c13d263afbb4224b206b8662bf5c3b4a1e4de62f40d9dbaf9337cec07022041ee9840d12ca02986d90acb6f4b7829f6fcf3b850f411cafe8609ad54dd64e1"
}

But now, almost magically, blocks are being created with 'modifierchecksum' values :

Code:

{
    "hash": "623e3b1a2dac219a28d87e9e76bf822b32bb1630e6e1d0a5c44ba69cbd94914a",
    "confirmations": 80,
    "size": 12167,
    "height": 2241282,
    "version": 8196,
    "algo_id": 3,
    "algo": "blake",
    "mined_hash": "000000000000001a00041a64810ef6c836806c49c97248e5a15ba4e1bb6e9d6b",
    "merkleroot": "062d766b9cb30b7262e29a3b522e5ea6d9a8e6cfd18bef4ae18859410467aa4b",
    "mint": 737.610371,
    "time": "2018-06-05 11:16:30 +0300",
    "nonce": 519219971,
    "bits": "1a01e3f8",
    "difficulty": 8874336.9484083,
    "previousblockhash": "8276001838e3b812b1bdcd5e7734c0879423a527935ed185a1e951c16a13105d",
    "nextblockhash": "00000000000116efdb4b93f3b1b2b90474e6d5d379ba935fc4d4c025362794a3",
    "flags": "proof-of-work",
    "proofhash": "623e3b1a2dac219a28d87e9e76bf822b32bb1630e6e1d0a5c44ba69cbd94914a",
    "entropybit": 0,
    "modifier": "f0a172acea44beeb",
    "modifierchecksum": "2096c68e",
    "tx": [
        "800cbbcef8dd2fdbe48ccf4bb6ddc1166f4002182f646a2d90f31f0e3e6bcf30",
        "b8ae1ddb44652ad91b7dbbfc597fed852e618fbf025a1ce47f69460ea0935931",
        "d498b5d659cba9bf7348a4ff11b4c87c5cc5f95abd4092ef8ccc6221d26524f0"
    ],
    "signature": "3045022100cd831439151f28aa633f14ad759976da5711fbc5415fba57c4320865d2f68462022056695c35f32179749db5628b3f93466f1aa53df38717b74a2183a1ff18729f94"
}

So now, it seems like there are several different chains being built, ex:

https://verge-blockchain.info/api/getblock?hash=623e3b1a2dac219a28d87e9e76bf822b32bb1630e6e1d0a5c44ba69cbd94914a

  "modifier": "f0a172acea44beeb",
"modifierchecksum": "665d180b",


http://poolovich.pro/explorer/XVG?hash=623e3b1a2dac219a28d87e9e76bf822b32bb1630e6e1d0a5c44ba69cbd94914a

   "modifier": "f0a172acea44beeb",
"modifierchecksum": "2096c68e",


Hmmm... Strange looking diff. But, is the Version # supposed to be different with each block?  ;/

http://poolovich.pro/explorer/XVG?height=2241661


Blockhash:   0000000000009ebeee9a14fbed9ab59615b8dc5fce980c409efeb6772bb1a38a
Confirmations:   67
Height:   2241661
Time:   2018-06-05 14:49:33 (1528199373)
Difficulty:   69632
Bits:   1b00f0f0
Nonce:   3133120713
Version:   804
Size:   278 bytes
Flags:   proof-of-work
Previous Hash:   5777d7190cf591fb111a238a1673fb991c1b37eb81f863e0cc28444452769bb7
Next Hash:   830686cc6b47e56405ea7b5a1472638f246105b9f86c97836dccb8704bbcb0e6
Merkle Root:   a0e8812d5c9621e3f9d51c14fdec40f03def18bee60db45ec1a92f90c2d37e5a
Transactions:   1


http://poolovich.pro/explorer/XVG?height=2241662

Blockhash:   830686cc6b47e56405ea7b5a1472638f246105b9f86c97836dccb8704bbcb0e6
Confirmations:   530
Height:   2241662
Time:   2018-06-05 14:49:34 (1528199374)
Difficulty:   22390.15415413
Bits:   1b02ed4d
Nonce:   1889940574
Version:   5004
Size:   284 bytes
Flags:   proof-of-work
Previous Hash:   0000000000009ebeee9a14fbed9ab59615b8dc5fce980c409efeb6772bb1a38a
Next Hash:   23a9fb393b3507977fb8f191cff87acf93541b86200840c22b0ae7174801793b
Merkle Root:   10c2a8122636306b2a50ddce6fdc56104d1159394f809d8b1209a3e1cd508803
Transactions:   1




This, combined with other problem, seems like quite a mess that could have been avoided  ;/


Edit: Consolidate posts


-C

[boxalex]

reference: 
Verge's Blockchain Attacks Are Worth a Sober Second Look
https://www.coindesk.com/verges-blockchain-attacks-are-worth-a-sober-second-look/

The notorious 51-percent attack: it's the major fault in cryptocurrency protocols but it's rarely seen, especially among the most popular cryptocurrencies.

Yet, in the past couple months, the exploit – whereby a single miner (or group of miners) takes control of over half of the network's total computing power and can then bend the protocol's rules in their favor – has been seen twice. And on the same blockchain.

Indeed, verge, a privacy-oriented cryptocurrency recently propelled into the limelight by a partnership with popular adult entertainment site Pornhub, suffered two hacks perpetrated through 51-percent attacks that saw the attackers absconding with millions of dollars-worth of its native cryptocurrency, XVG.

During the first attack in April (only a couple of weeks before the Pornhub partnership), the hacker was able to get away with 250,000 XVG. And during the latest in mid-May, an attacker was able to exploit $1.7 million-worth of the cryptocurrency from the protocol.

According to researchers, the exploits are a product of simple changes to the underlying code which cryptocurrency protocols are typically built on and the challenges of being able to predict what unintended consequences will arise from those changes.

Sure, verge developers were only trying to design a better cryptocurrency for payments, but by tweaking small parameters, such as the length of time a block can be valid, the group has opened its blockchain up to attacks.

"Getting incentives right and keeping them right is hard," Imperial College London assistant professor and Liquidity Network founder Arthur Gervais said.

That is blockchains are built on very precariously stacked incentives whereby all stakeholders work together toward a common goal so as to remove the chance that one entity takes full control.

"Things obviously don't look good," said Daniel Goldman, the CTO of cryptocurrency analysis site The Abacus who's been tracking the attacks. "The issues that initially slipped into the codebase were a result of pure carelessness — incorporating code from other open-source software without understanding its implications."

Goldman added:

"I hate to say it, but if I had to summarize: the attacker is doing better due diligence than the developers. I'd try to poach him if I were them."

And since veteran blockchain developers, including litecoin creator Charlie Lee and monero lead developer Riccardo Spagni, have long argued the kinds of adjustments the platform made have obvious downsides, such naysayers – who have been readily attacked by a group of enthusiasts calling themselves the "Verge Army" – are feeling vindicated.

"So many important lessons to be learned from this," Fidelity investment research analyst Nic Carter tweeted, summing up the general state of verge's development.

Representatives from the verge developer team did not respond to a request for comment from CoinDesk.

The problem
One of those lessons is that there are reasons why the window of time that a transaction can be valid is limited quite strictly.

For instance, whereas bitcoin transactions are only valid for about 10 minutes before they're verified in a block, verge developers extended that window to two hours. And because there is some information asymmetry in blockchain systems since nodes are spread out across the globe, the attacker was able "spoof" timestamps tied to blocks without some noticing, according to the widely-circulated post by Goldman.

But it wasn't just that; another piece of the attacks was verge's difficulty algorithm.

Verge uses the algorithm "Dark Gravity Wave" to automatically adjust how fast miners find blocks. In verge, this happens every two hours; compared to bitcoin which adjusts every two weeks, verge's algorithm is quite fast.

The spoofed timestamps paired with this fast-adjusting algorithm led to the problem of "tragically confusing the protocol's mining adjustment algorithm," as Goldman put it.

Or said another way, the attacker cleverly mined blocks with fake timestamps, forcing the cryptocurrency's difficulty to adjust down more quickly – making it easier for the attacker to mine even more XVG.

When the first attack happened, verge developers quickly released a patch, stopping the attacker from printing more money. Yet, with the attack last month, it seems the patch only went so far and the attacker found another way to execute the same hack, displaying how difficult it can be to architect a distributed system that isn't vulnerable to attacks.

Continuing attacks
And according to Goldman, the issues for verge are likely not over.

"An attack clearly was – and maybe still is – being attempted. So far, however, the would-be attacker hasn't managed to overtake the network," Goldman told CoinDesk.

But he continued:

"As it stands now, two of the three (in my opinion) fundamental sources of vulnerabilities have been mitigated at best, and one remains completely unfixed."

While no XVG were stolen directly from users, miners on the network aren't supposed to be able to bend the rules like this, effectively printing money for one individual in a short period of time.

As such, verge developers are actively working on improving the code. After a period of little communication from verge's developers, CryptoRekt, the pseudonymous author of the verge "blackpaper" took to Reddit on May 31, saying, that all of the verge team would "never intentionally do anything to besmirch or hurt this project."

He added that the project's developer have been working on new code for "several weeks" to "solidify our currency against any future attacks."

Yet, Goldman believes there's another problem. Unlike many of the cryptocurrency projects out there today, which rely on open-source code, verge's codebase is being constructed in private and so will not get peer-reviewed by the community of blockchain experts that could help the team find vulnerabilities.

"Since incorporating code without responsibly vetting it was the thing that led to all this, this should make the vergefam nervous," he tweeted.

Verge's future?
But so far, much of the verge community remains supportive of the developer team and the cryptocurrency's mission.

Pseudonymous verge user Crypto Dog went as far as to claim that "there is no need to panic," contending that verge's success will continue no matter what. And CryptoRekt chose to see it as a learning experience, one that would help verge "build a bigger and better project."

Still, this attack looks poorly, not only on verge itself, but also on organizations that have partnered with the verge team, Pornhub included. Especially since Pornhub's vice president Corey Price stated verge was chosen as a payment method for the site in a "very deliberate selection process" to preserve the financial privacy of their customers.

As such, some developers believe this episode will bring about a heightened sense of responsibility for many organizations to more effectively analyze a blockchain before adopting it.

"I wouldn't be surprised by more scrutiny in the near future, both leading to more attacks and to investors more accurately rating the value proposition of smaller altcoin projects," BitGo engineer Mark Erhardt said, adding:

"The absence of an attack is not proof that a system is safe. Quite a few altcoin projects appear to be taking unsafe shortcuts. It's just that nobody has bothered to exploit these systemic flaws or weaknesses, yet."

As such, verge might be the first in a long line of future exploits.

While 51-percent attacks have typically been viewed as hard to execute, Liquidity Network's Gervais argued that new data appears to show that it's easier than many previously thought. He pointed to a new web app, 51crypto, which tracks how profitable it is to execute a 51-percent attack on various blockchains.

The gist of the statistics is, the smaller the blockchain, the easier it is to overtake it and bend the rules, which is why developers need to be particularly careful in how they architect their systems.

Because "if an attack makes more economic sense over honest behavior, the attackers will be there," Gervais concluded.

[CHIEF56]

Hmmm... Strange looking diff. But, is the Version # supposed to be different with each block?  ;/

http://poolovich.pro/explorer/XVG?height=2241661


Blockhash:   0000000000009ebeee9a14fbed9ab59615b8dc5fce980c409efeb6772bb1a38a
Confirmations:   67
Height:   2241661
Time:   2018-06-05 14:49:33 (1528199373)
Difficulty:   69632
Bits:   1b00f0f0
Nonce:   3133120713
Version:   804
Size:   278 bytes
Flags:   proof-of-work
Previous Hash:   5777d7190cf591fb111a238a1673fb991c1b37eb81f863e0cc28444452769bb7
Next Hash:   830686cc6b47e56405ea7b5a1472638f246105b9f86c97836dccb8704bbcb0e6
Merkle Root:   a0e8812d5c9621e3f9d51c14fdec40f03def18bee60db45ec1a92f90c2d37e5a
Transactions:   1


http://poolovich.pro/explorer/XVG?height=2241662

Blockhash:   830686cc6b47e56405ea7b5a1472638f246105b9f86c97836dccb8704bbcb0e6
Confirmations:   530
Height:   2241662
Time:   2018-06-05 14:49:34 (1528199374)
Difficulty:   22390.15415413
Bits:   1b02ed4d
Nonce:   1889940574
Version:   5004
Size:   284 bytes
Flags:   proof-of-work
Previous Hash:   0000000000009ebeee9a14fbed9ab59615b8dc5fce980c409efeb6772bb1a38a
Next Hash:   23a9fb393b3507977fb8f191cff87acf93541b86200840c22b0ae7174801793b
Merkle Root:   10c2a8122636306b2a50ddce6fdc56104d1159394f809d8b1209a3e1cd508803
Transactions:   1

[Hueristic]

...

Goldman added:

"I hate to say it, but if I had to summarize: the attacker is doing better due diligence than the developers. I'd try to poach him if I were them."...

Is this guy reading my posts?

[RzeroD]

Ok, beside the fact, that you did not answer even one of my questions, i could read in this post now, that you are senior software engineer, right? 99.99% of the cryptoinvestors have the opinion XVG is not broken software, but it is a reliable project worth to invest in it. You have another opinion... And again, maybe you should think again about that (most likely wrong) opinion. It is easy to say, my opinion is the only right opinion, and the whole market is immature, i am the only one who knows what's going on, without any proof of that.

"that some entity seems to have" = FUD

Please let me repeat the question i would really like to get an answer from you:

Bitcoin:

• not really decentralized
• extremely slow
• ecological disaster
• technological antiquated

If you look at these facts (and these are real facts), there is only one possible conclusion: Bitcoin is shitcoin...

What do you think about that?

Bitcoin is so old and so shitcoin that Verge's dev team will use it as a codebase to update Verge's one.
Yeah, tell me more.

[MiCoSa]

Ok, beside the fact, that you did not answer even one of my questions, i could read in this post now, that you are senior software engineer, right? 99.99% of the cryptoinvestors have the opinion XVG is not broken software, but it is a reliable project worth to invest in it. You have another opinion... And again, maybe you should think again about that (most likely wrong) opinion. It is easy to say, my opinion is the only right opinion, and the whole market is immature, i am the only one who knows what's going on, without any proof of that.

"that some entity seems to have" = FUD

Please let me repeat the question i would really like to get an answer from you:

Bitcoin:

• not really decentralized
• extremely slow
• ecological disaster
• technological antiquated

If you look at these facts (and these are real facts), there is only one possible conclusion: Bitcoin is shitcoin...

What do you think about that?

Bitcoin is so old and so shitcoin that Verge's dev team will use it as a codebase to update Verge's one.
Yeah, tell me more.

Yeah, the next highly inteligent boy comes around... You did not even understand one point of what i am trying to show... I give it up, guys. Keep on spreading your bullshit in this thread... Thanks god, noone takes you for serious... Make fools of yourself... i dont care anymore... tilting at windmills... Nothing is stronger than stupidness...

[RzeroD]

Ok, beside the fact, that you did not answer even one of my questions, i could read in this post now, that you are senior software engineer, right? 99.99% of the cryptoinvestors have the opinion XVG is not broken software, but it is a reliable project worth to invest in it. You have another opinion... And again, maybe you should think again about that (most likely wrong) opinion. It is easy to say, my opinion is the only right opinion, and the whole market is immature, i am the only one who knows what's going on, without any proof of that.

"that some entity seems to have" = FUD

Please let me repeat the question i would really like to get an answer from you:

Bitcoin:

• not really decentralized
• extremely slow
• ecological disaster
• technological antiquated

If you look at these facts (and these are real facts), there is only one possible conclusion: Bitcoin is shitcoin...

What do you think about that?

Bitcoin is so old and so shitcoin that Verge's dev team will use it as a codebase to update Verge's one.
Yeah, tell me more.

Yeah, the next highly inteligent boy comes around... You did not even understand one point of what i am trying to show... I give it up, guys. Keep on spreading your bullshit in this thread... Thanks god, noone takes you for serious... Make fools of yourself... i dont care anymore... tilting at windmills... Nothing is stronger than stupidness...

Your point has obvious flaws, so it doesn't deserve an answer.

This thread is to talk about Verge's attacks and the state of its blockchain.
If you want to talk about something else, I suggest you create your own thread.

[Slemicek]

@l8orre: So if i understand you right, you are the one that decides which coin belongs to the Top30 and which does not? I always thought the market will decide that, and the market seems to think XVG belongs there. But sorry if i was wrong with that. I just did not know, that you decide that...
You should realize, that your opinion is obviously not the opinion of the major part of cryptoinvestors... This should be reason enough for you to think about that opinion again, dont you think? What makes you believe, that your opinion is right and the one of the major part of cryptoinvestors is wrong? Most time, if the majority's opinion is different from the one of a few guys, the majority is right. Not always, but most time...
If you think XVG does not belong to the Top30, what do you think about bitcoin? What is bitcoin? Well, it is not even kind of decentralized, it is slow, it is an ecological disaster, and it is technological antiquated... Thats our number one! It's sink or swim! And if you dont like the way the cryptomarket is working, feel free to leave it... Noone will miss you...

hahaha .. exactly my point!

you have misunderstood my argument, so let me explain: of course it is not me to decide about the value of XVG, it is the market - which goes to show how immature this market is, because XVG is broken software, and only reckless and immature fools will cling to that illusion that (after missing BTC and so many other successful boats that have sailed already in the cryptosphere) - they will be able to catch a ride with $XVG.

which they won't, because $XVG is broken software.

but you are right about one thing: it is indeed opinions we are talking about here, so if you don't care about mine, please don't bother

on the other hand, saying that $XVG does not belong into the top30 is backed by the argument that having a shitty assed, broken piece of software does tarnish the reputation of crypto as a whole, because it will come down sooner or later, which I think is a pretty damn good argument.

or what do you think about the fact that some entity seems to have arbitrary access counterfeit $XVG?
and what does that mean for the value of $XVG?

mind you, I do not have much skin in this game, $XVG is one of the last $hitcoins with much visibility -DogeCoin RaceCars, yay, those were the days in early 2014   and it won't seriously affect crypto - wicked outright ripoffs like Bitconnect and Onecoin and such were much worse, and they went away too- I am just here because I appreciate what guys like ocminer and CHIEF56 et al are doing

Ok, beside the fact, that you did not answer even one of my questions, i could read in this post now, that you are senior software engineer, right? 99.99% of the cryptoinvestors have the opinion XVG is not broken software, but it is a reliable project worth to invest in it. You have another opinion... And again, maybe you should think again about that (most likely wrong) opinion. It is easy to say, my opinion is the only right opinion, and the whole market is immature, i am the only one who knows what's going on, without any proof of that.

"that some entity seems to have" = FUD

Please let me repeat the question i would really like to get an answer from you:

Bitcoin:

• not really decentralized
• extremely slow
• ecological disaster
• technological antiquated

[st]

If you look at these facts (and these are real facts), there is only one possible conclusion: Bitcoin is shitcoin...

What do you think about that?

Whaaaat ? 

[boxalex]

Noticed another strange thing ....... If someone wants to check .... It's from right now.

[jorj_pay_UZ]

I dare to predict that in the near future again attack a network. It is worth the coin to show a little growth (I still do not understand what she does in the top 50, her place somewhere in the ninth hundred)and again break the network. Are there hamsters still among us?

[ttookk]

(…)

99.99% of the cryptoinvestors have the opinion XVG is not broken software, but it is a reliable project worth to invest in it.

(…)

Whaaaat ?  

Honestly, I think 99.99% of "cryptoinvestors" don't give a fuck about whether or not a coin is broken, because they are well aware that this is a game of pure speculation and greater fools. They would literally trade entries in a google spreadsheet, if there was a chance of it making them any money.

Before Verge switched to multialgo, the network was under attack, with a miner throwing huge amounts of hashpower on it, driving the difficulty up, then removing it, effectively stalling the blockchain for ages. This was the reason for the switch in the first place.

What happened was that exchanges stayed little sandboxes, because funds weren't moved in or out. This limited liquidity kept the price quite high, actually, especially for a coin which was under attack.

[CHIEF56]

What happened was that exchanges stayed little sandboxes, because funds weren't moved in or out. This limited liquidity kept the price quite high, actually, especially for a coin which was under attack.

Yeah, pretty much what is happening right now.

[CHIEF56]

Noticed another strange thing ....... If someone wants to check .... It's from right now.

Yeah, it's a DDoS... it has been going on for awhile - not sure how long . Likely existed previously, but may have been introduced or amplified/made worse after mucking around w/ the block submissions and drift time.

How are they performing it exactly? It would be easier to see if I had a node setup, but don't. But, there are probably several known methods that could be used. Notice the connections completely drop to 0 at the same time as the difficulty levels.. The honest nodes on the network are being isolated/cut-off.. Notice all the complaints of people saying their Electrum wallets won't sync? Maybe not because anyone complaining of it on a forum or wherever has their post removed, or is given an intentionally wrong answer as to why their wallets won't sync-up. Don't even get me started on the QT Wallet.

Either way, it's not good and I'm not sure what (realistically) should or can be done at this point. One thing is for certain, I don't see any urgency whatsoever from the Dev team to address this.

[ktru19]

Noticed another strange thing ....... If someone wants to check .... It's from right now.

Yeah, it's a DDoS... it has been going on for awhile - not sure how long . Likely existed previously, but may have been introduced or amplified/made worse after mucking around w/ the block submissions and drift time.

How are they performing it exactly? It would be easier to see if I had a node setup, but don't. But, there are probably several known methods that could be used. Notice the connections completely drop to 0 at the same time as the difficulty levels.. The honest nodes on the network are being isolated/cut-off.. Notice all the complaints of people saying their Electrum wallets won't sync? Maybe not because anyone complaining of it on a forum or wherever has their post removed, or is given an intentionally wrong answer as to why their wallets won't sync-up. Don't even get me started on the QT Wallet.

Either way, it's not good and I'm not sure what (realistically) should or can be done at this point. One thing is for certain, I don't see any urgency whatsoever from the Dev team to address this.

yes i noticed my wallet takes ages to sync nowadays 30mins-1hr to get a connection that doesnt hold for long
have asked discord wallet help but have not got a decent reply other than change servers (which i have already tried before asking), read wallet faq (which should have been read before starting wallet anyways) or wait (the only answer that seems to work) seems many are having same issue as per discord chat seems to have no answer why its happenening, only other time i seem to have had this issue was after the first attack while they were fixing issue, so im assuming they are working on something currently (just a guess)