The bitcoin Verge was once again under attack. Attack, very similar to April, lasted several hours, during which it has stolen 35 million XVG (over $1.78 million at the time of publication).

Ocminer, administrator mining pool Supernova, reported an attack on the forum Bitcointalk.org (he also wrote about the April incident). This time was used the same exploit, but the damage was much higher. Last month Ocminer explained how the code flaws allow Verge to commit such attack:

Usually for a successful mining XVG each subsequent block must have a different algorithm, for example scrypt, then x17, then lyra, etc. subject to a few bugs in the code XVG you can use this function for hashing blocks with fake time stamp. When you send namelennym a block (as a malicious miner or pool) with a false timestamp (e.g., with a lag of one hour), XVG “thinks” about the last block as namiseom on this algorithm, an hour ago. Your next unit will have the right time that will allow you to add in the main chain unit, which was allegedly an hour ago — at least so will think network.Thus, the attacker could have mined thousands of blocks in just a few seconds and earn millions XVG for a very short period of time.

In response to a previous attack Verge spent hardwork, but even then on Reddit the opinion was expressed that he did not eliminate the vulnerability (which seems to be confirmed and new attack).

At the time of publication, the representatives of the Verge, did not confirm the extent or nature of the attack and attributed it to a DDos against some mining pools XVG.

Source