The privacy-focused cryptocurrency Verge, is quickly becoming a running joke within the cryptocurrency industry, after repeatedly suffering 51% attacks and having hackers exploit a vulnerability that’s led to millions of dollars in Verge tokens being stolen.

It started back in April, when Verge suffered a small 51% attack that resulted in 250,000 XVG being stolen by hackers. Verge responded by hard-forking their blockchain, however, the 51% attack was repeated just last week when hackers added a second algorithm to exploit the same vulnerability previously used by the attackers.

51% attacks happen when hackers use a malicious code to mine multiple blocks per minute on a blockchain, allowing the attackers to gain majority control over network hashrates and move XVG to their wallets. At the peak of the second attack, the hackers were mining 25 blocks per minute, or roughly 8250 XVG or $950 a minute being stolen by thieves.

Verge downplayed the attack as nothing more than a DDoS attack, but according to reports, over 35 million in XVG tokens, amounting to over $1.7 million dollars, was stolen as a result of the attack.

Today, the prominent BitcoinTalk ocminer user who discovered the last two attacks, is reporting that Verge has yet again suffered a 51% attack. In the BitcoinTalk forum thread titled “Network Attack on XVG / Verge” ocminer says “Yup… attack again.. as already said, simply reducing drift time doesn’t fix it..”

Verge’s blockchain isn’t the only location hackers have targeted. Verge’s twitter account was also compromised this past March in an unrelated attack.

On a more positive note, Verge made news for becoming the first ever cryptocurrency to be accepted by adult entertainment website Pornhub for their premium subscription services. As one Redditor so cheekily said “Maybe they should take a note from Pornhub and learn to plug up the holes on their blockchain.”

Last month, privacy-focused cryptocurrency Verge was the victim of a ’51 percent attack’ an unfortunate scenario (for Verge and its investors) that resulted in roughly 250,000 XVG being stolen. Verge responded with a hard fork, but unfortunately, it appears the vulnerability still persists today despite countermeasures being taken.

According to OCMiner, the bitcointalk.org user who initially discovered the empty blocks – thus alerting the cryptocurrency community to the initial Verge hack back in April the same glitch that was exploited previously was targeted again by hackers, resulting in yet another attack. This time, though, a staggering 35 million XVG tokens were stolen – worth over $1.7 million according to data from CoinMarketCap.

Like the previous 51 percent attack, hackers were able to mine multiple blocks one minute apart from one another, and gain control over the majority network hashrate, compromising the blockchain and resulting in XVG tokens being stolen by the hacker.

In a Reddit post raising awareness of the exploit, user Flenst explains that the new hack simply adds a second algorithm in addition to the one used in the previous attack, to achieve the same dominance over Verge’s blockchain. The Reddit post also claims that the hackers were mining 25 blocks per minute, “resulting in 8250XVG or 950$ per minute” being stolen by the hacker.

Verge took to Twitter to downplay the hack, saying their mining pools were “under dos attack,” causing a delay in block mining – but the community isn’t buying it, even replying to Verge’s tweet with a link to the aforementioned Reddit post outlining the entire attack. Ironically, even Verge’s official Twitter account was hacked back in March in an unrelated attack.

Despite all the bad news lately for Verge, the company revealed a huge partnership with Pornhub last month, with Verge being the official cryptocurrency accepted by the adult content provider for premium subscriptions.

agreement

Embattled cryptocurrency exchange Coincheck may soon be under new management.

The Tokyo-based exchange, now enshrined in infamy following a $530 million hack in January, will reportedly be acquired by Japanese brokerage firm Monex in a deal worth “several billion yen.”

The news was first reported by regional media outlet Nikkei, whose sources said that Monex would likely replace the current management team — who oversaw the exchange at the time of the record-setting theft — and overhaul the cryptocurrency exchange trading platform.

“We are considering the acquisition,” Monex announced in a statement, adding that plans have not been finalized.

Monex stock soared in response to the rumors, closing at 424 JPY after opening at 337 JPY — a single-day gain in excess of 25 percent.

monex
Source: MSN Money

As BlockExplorer reported, Coincheck’s security measures were found in the wake of the hack to be woefully inadequate, which explains why the hackers were able to make off with such a large amount of funds.

The country’s Financial Services Agency (FSA) ordered Coincheck and several other exchanges to enhance their systems to comply with FSA regulations, but some platform operators have found these improvement orders to be more than they can manage.

“The deal with Monex suggests Coincheck deemed it difficult to comply with the regulatory requirements and rebuild its operations without external support,” the Nikkei report said.

At least five Japanese cryptocurrency exchanges have already informed the FSA that they will cease operations, while the agency has reportedly told several others that they must voluntarily shut down or face enforcement action.

Despite the gravity of the hack, Coincheck does not appear to have been insolvent. The company has already begun compensating users who lost funds during the hack, at a rate of approximately 89 JPY per NEM token (XEM). Though somewhat less than market value at the time of the hack, this is more than triple the current NEM price.

Featured Image from Pixabay

The Binance bounty program offers significant upside for information resulting in an arrest, according to an announcement made by one of the world’s largest cryptocurrency exchanges.

Last week, Binance was the target of a hacking attempt that involved the hijacking of API-trading bots that were installed into user’s accounts by hackers who gained access via prior phishing schemes. The bots were used to coordinate a massive selloff of altcoins into Viacoin, pumping its price significantly. Binance themselves weren’t hacked, though, and the company’s risk management system suspended all withdrawals at the first detection of any trading abnormalities, thus halting the hackers in their tracks. Binancereversedd all of the unauthorized trades, and users left the situation unscathed, albeit likely shaken by the close call.

How well Binance was able to block hackers and prevent widespread issues for their users has been commended by the cryptocurrency community. Adding to the positive sentiment around the cryptocurrency exchange, Binance released a statement via Medium announcing a massive campaign offering substantial bounties for information leading to arrests related to any attacks, hacks, or intrusions against Binance.

The announcement begins with a bold statement, pledging to address hacks in the crypto community:

“To ensure a safe crypto community, we can’t simply play defense. We need to actively prevent any instances of hacking before they occur, as well as follow through after-the-fact. Even though the hacking attempt against Binance on March 7th was not successful, it was clear it was a large-scale, organized effort. This needs to be addressed.”

As part of the announcement, the BNB – Binance exchange’s native token – equivalent of $250,000 will be given to the “first person to supply substantial information and evidence that leads to the legal arrest of the hackers, in any jurisdiction.” Interested security-experts can submit information via [email protected], and are also encouraged to go to their local authorities.

Furthermore, Binance announced that the $250,000 bounty is only a tiny portion of a $10,000,000 sum reserved for future bounty allocations to be awarded to those that supply information that leads to an arrest. Binance is taking lead in crypto exchange security efforts, and have even invited other cryptocurrency exchanges to join them in their pledge to stop hackers seeking to separate users from their funds.

Binance’s stand against hackers is yet another reason its customers love the fast-growing cryptocurrency exchange, which saw it’s Q4 revenue jump from $7.5 million in its first three months in operation, to $200 million. If they can continue to keep customer’s funds safe and provide transparency during trying situations, they will continue to grow and dominate the space.

 

British Blockchain Association

A large number of websites, including sites hosted by the United States and United Kingdom governments, have been compromised. The compromised web pages were made to serve cryptocurrency mining scripts. Which use the resources of the visitor’s computer to mine cryptocurrency. In this case maliciously and without consent from the computer’s owners.

Use of accessibility tool BrowseAloud in attack

The pages were compromised due to the use of an accessibility tool known as BrowseAloud. Which augments webpages with extra javascript to allow visually impaired users to browse the page using audio cues. The websites were all compromised due to loading scripts from BrowseAloud’s servers in order to provide text to speech. The attackers needed only to break into BrowseAloud’s servers to compromise all of its customers. The cryptocurrency miner used was the now infamous CoinHive Monero (XMR) web miner. CoinHive is designed to allow content producers a way to be paid for the content they provide. CoinHive has since been used in a large number of website compromises, due to its ease of use and its use of the privacy-focused cryptocurrency Monero. Monero allows attackers to remain extremely anonymous, to the point that others can only guess at the profits gained.

Mitigation of the compromise

This attack can be mitigated rather easily for both content providers and content consumers. Content providers need only verify the hash of the script they are serving. As a modified script will have a differing hash to the expected script. Content consumers can make use either of NoScript plugins in their browsers to block all javascript on web pages, or make use of other plugins such as Ublock Origin. Which if configured correctly will block all requests going to CoinHive’s servers.