The Verge Re-Org Attempt: Aftermath
So what exactly went down?
Some person or persons, shadow mined Verge creating a longer sidechain, hoping to take over the existing one. They did this by getting some hash power to nodes hosting the fake chain.
At this time, the community began to worry and safeguards were activated resulting in disabled services(exchanges, 3rd party wallets, etc). Thanks to CC and Maxius, who sounded the alarm.
After a boost of hash power to nodes hosting the malicious chain was turned on, regular nodes started accepting the ‘new malicious chain’ as the correct order of things. A re-org was attempted, but ultimately stopped due to miners halting their service.
At this point, even miners started asking us, what we were going to do about it, and so we worked with one particularly helpful miner to push out an updated QT wallet, which would ignore the fake chain, and return to the pre-attack chain.
After we tweeted this out, we started asking our community to download an updated QT wallet with a hardcoded checkpoint.
Meanwhile, within our community, we channeled users to turn on QT wallets with the correct chain info, and actively ban the nodes from the wrong chain, to prevent it from propagating to nodes that weren’t upgraded.
Many thanks to the community members like Swen, the people from dutch-mining, Brockmeister, Desolator, Manuel and the rest of the community for spending most of the last 2 days awake. Helping to coordinate a counter-takeover.
Your funds are safe, and we are working on a permanent fix to prevent this from occurring again.
Meanwhile, you can go look at the coin explorer to see that everything is where it belongs. https://verge-blockchain.info/
The more technical explanation of what happened is found here.
A malicious element used the open-source/open-access Verge Currency code to create a secret side-chain. By reducing the difficulty of the mining, they were able to create what seemed like 6 months of new transactions.
Since Verge is a distributed currency, each full wallet is its own Node, they were able to use hashing power to push forward nodes with the wrong chain, causing the verge explorer to go down & making it seem like the chain had rolled back 6 months. Due to the sudden increase of network power, every Verge explorer automatically connected to the empty chain.
This new situation caused many transactions to show as pending (since the blockchain no longer had previous transaction id’s) due to the new chain having empty blocks.
At this point most exchanges and miners had halted their activity to prevent transactions from going on the wrong chain.
Some exchanges continued trading as they trade on off-chain trading, which is regulated by each exchange.
Once the team determined where the malicious chain began, we proceeded to push an earlier update with a a checkpoint to block out the malicious chain.
This is when we asked our community to download the new wallet.
Retaking our chain
Digital currencies are as strong as the network they run on. In plain English this means, the more people running the chain, the stronger it is.
To solve this attack, we encouraged everyone in our social media channels, to download and run the new wallet, and block all nodes connecting to the earlier one. Slowly isolating the bad chain.
This and cooperation with the largest group of verge miners made it possible to push our chain past the previous one.
As soon as this happened, the Verge Explorers, Miners and Exchanges were all able to connect to the correct chain again and account balances and pending transactions have been restored as if nothing happened.
A combination of factors made this attempted attack possible, but the strength of the XVG community and its blockchain overcame the attackers.
To prevent this again, we are working on a more permanent corrections.
Meanwhile, help the chain, download a QT wallet, and mine some Verge.