VERDICT —OUT OF SCOPE
Root cause is infrastructure (DNS / cloud / database / third-party API) compromise, not on-chain contract logic. Pre-deployment source review would not surface this; coverage lives in cloud-security + supply-chain audit, separate discipline.
▰ METHOD
INFRASTRUCTURE
INFRASTRUCTURE
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
The Verge network was attacked by 51% for the first time. According to Bitcointalk forum user ocminer, a malicious miner can use forged timestamps to mine blocks, thereby tricking the network into thinking that the new block was mined one hour ago, so that when the next mined block is immediately added to the network, it also added to the blockchain. This allowed the attacker to mine one block per second, which is said to have mined 250,000 XVG. Attack method (per SlowMist): 51% attack. Reported loss: 250,000 XVG.
Primary source
https://www.freebuf.com/column/169210.html ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Verge
- bug_class
- infrastructure
- date_occurred
- 2018-04-04
- loss_usd
- —
- source_id
- sm:verge::2018-04-04
Related — same bug class· infrastructure