Forensic Analysis of the Verge Cryptocurrency Hack
Originally published on: BTCMANAGER
Read the original article
May 24, 2018
In the space of fewer than two months, Verge has suffered two high-profile cryptocurrency hacks.
In April, news broke out that hackers had commandeered the network, successfully compromising the system and earning all the block mining rewards within a specific timeframe. In the aftermath of the hack, the development team created a few patches to the network protocol and carried out a hard fork.
Many XVG enthusiasts would have liked to believe that the worst was over. However, in May, hackers used a slightly modified version of the technique used to hack the blockchain earlier to pull off yet another major heist. To the most crypto enthusiasts, the situation with Verge is a severe problem that needs to be addressed.
it appears some mining pools are under ddos attack, and we are experiencing a delay in our blocks, we are working to resolve this.
— vergecurrency (@vergecurrency) May 22, 2018
The general narrative is that blockchains cannot be hacked. No accounting of blockchain characteristics is ever deemed complete without mentioning the fact that blockchain networks are tamper-proof. The entire premise of the emerging technology’s claim to being able to disrupt the global business process is that it is built on robust security protocols. So, the question that is thrown up when things like the Verge hack happens, is that, are blockchains hack-proof?
Like most other concepts in the nascent industry, a bit of nuance is required to answer the question in a manner that addresses the facts only. The following is an attempt at a thorough examination of the Verge hack of April and May 2018.
In April, a Bitcointalk user by the name of “Ocminer” alerted the crypto community to the activities of a hacker on the Verge blockchain.
Between April 4 and April 6, the hacker was able to gain control of the blockchain, mining transaction blocks at a much faster rate than should have been possible. The hacker gained 1,560 XVG tokens per second while running the exploit, eventually carting away $1 million worth of Verge coins.
Fast forward to more than a month after and Verge was in the news once again, as a hacker gained control of the network using almost the same approach as the April attack.
This time, the hacker mined blocks at a rate of 18,250 XVG tokens per minute. By the time the hacker had stopped, about 35 million XVG tokens had been carted away amounting to $1.8 million at the time of the hack.
Time Malleability Attacks
How did the hacker pull it off? It appears the attackers used – time malleability attacks.
The pioneers of the decentralized technology framework built heavily on the works of Stuart Haber and W. Scott Stornetta regarding how to add timestamping documents. When a transaction block is created, it is given a digital time stamp. Remember that there are many nodes in a blockchain network, each one working independently of the other but all must come to the same conclusion, or at least, a greater majority. This conclusion is called a “consensus.” There is also no hierarchy, so no node has any special dispensation over another node.
While this approach functions theoretically, in practice, some issues emerge. One of them is that all nodes do not operate at the same capacity hence, the ordering of the blocks might not be synchronized throughout the network. Remember, that there must always be one mutually agreed ledger for the network. So, what blockchains do is to specify a time window in which these disputes are resolved. In the case of the Verge blockchain, the time window is two hours. In the absence of such a time window, the network would be bogged down by a lack of consensus every second.
Thus, for a block to be deemed eligible in the network, it must be created within the two-hour window. This became the entry point for the attack, as the hacker created blocks with fake timestamps and inserted them in the blockchain. These counterfeit timestamps showed the blocks to be from a time in the past and because the network error-corrects every two hours, they were admitted into the chain for verification.
However, creating transaction blocks isn’t enough to enable the hacker compromise the system. The attacker still has to commandeer the mining protocol, thereby earning the block reward for the “spoofed transactions.”
Circumventing Mining Difficulty
Apart from creating new coins, mining helps to secure blockchains. As such, the Verge hack appears to be more devastating as it attacks the core of the Verge security apparatus. Going back to the previous explanation of the how blockchains work and the numerous nodes working independently of each other, blockchains have to specify a target block time, i.e., the time interval between the creation of each block.
For Verge, the target block time is 30 seconds. The enforcement of the target block time constraint is what is known as mining. Without mining, nodes would submit blocks to the network willy-nilly. However, to send a valid block, the cryptographic problem contained within must be solved and the solution accepted by a majority of the blockchain.
This difficulty of the cryptographic problem is adjusted based on the rate at which blocks are being mined. When the rate goes up, the difficulty is increased, and vice-versa. So, a blockchain continuously adjusts the mining difficulty to reflect the current state of the network. In the Verge blockchain, an algorithm called “Dark Gravity Wave” is responsible for controlling the mining difficulty.
By creating a flurry of transaction blocks with spoofed timestamps from an earlier time, the difficulty controlling algorithm is tricked into thinking that not enough blocks are being mined because the difficulty setting is too high. Thus, the mining difficulty is drastically reduced.
During the April attack, it was reported that the mining difficulty plunged from 1,393,093.39131 to 0.00024414. As a result, the hacker was able to submit one transaction block every second. Reducing the difficulty level is still not enough to gain control of the system, as everyone on the blockchain should enjoy the decreased mining difficulty. To take over a blockchain, an attacker needs 51 percent of the hashing power, at least in theory. So, how did the hackers do it? The answer lies in the fact that verge uses five different mining algorithms.
Single versus Multiple Algorithms
The standard protocol for most blockchains that employ proof-of-work mining is to use one mining algorithm, usually the SHA-256. Some critics of this system point to the fact it engenders the emergence of centralized mining monopolies which they say is contrary to the philosophy of the blockchain.
Thus, blockchains like Verge use an amalgam of five different algorithms. The consensus within those who support a multi-algorithm mining protocol is that it is immune to ASIC-domination.
For a single algorithm blockchain, an attacker needs 51 percent of the network’s hashing power to successfully hack the blockchain. For a multiple-algorithm blockchain, the attacker only requires half of the hashing power of one algorithm. What this means is that the hacker will just need to commandeer one algorithm.
Due to the way Verge set up multiple algorithms, the difficulty of each algorithm is adjusted independently of the others. The April hacker only needed ten percent of one algorithm which turned out to be Scrypt. The other algorithms are blake2s, X17, Lyra2rev2, and myr-groestl.
At the time of writing this article, details of the May attack are still filtering in, but there is concrete evidence to show that the hacker took control of two algorithms this time around. The difficulty of both the scrypt and lyra2rev2 algorithms were several orders of magnitude lower than other three algorithms.
Why was the hack possible?
Either by human error or the deliberate actions of some individuals, the architecture of the Verge cryptocurrency was poorly designed.
Both hacks followed the same process. First, they created blocks with fake timestamps, forcing the mining difficulty to be drastically reduced. The hackers then took control of one/two of the mining algorithms, essentially printing money.
If there were lessons learned from the first hack, they seem not to have been appropriately implemented. In the aftermath of the first attack, the price of XVG shot up by 30 percent and Verge became an accepted means of payment by Pornhub, the largest porn website on the internet. The coming days will reveal what the future is for Verge.
One thing, however, is sure, some blockchains are not hack-proof. The question now is, which one(s)?