Bryant Nielson | August 8, 2023
In April 2018, the Verge blockchain fell victim to a damaging 51% attack. Within hours, threat actors took over Verge’s proof-of-work consensus mechanism and successfully double spent coins, stealing an estimated $1.7 million worth of XVG. This case study will examine how Verge’s consensus was compromised and key lessons learned for bolstering the security of blockchain consensus algorithms.
Verge relied on five mining algorithms for its proof-of-work – Scrypt, X17, Lyra2rev2, myr-groestl and blake2s. This was intended to promote egalitarian access to mining. However, the hybrid approach had a fatal flaw. Rather than requiring miners to distribute hash power evenly across all five algorithms, Verge allowed any single algorithm to meet the hash rate threshold for confirming blocks.
Attackers exploited this by heavily targeting just the Scrypt algorithm, renting mining rigs to acquire over 50% control of Scrypt hash rate. This gave them de facto control of the overall network consensus. The attack proceeded in blocks occurring between block heights 1,560,000 and 1,560,720.
With majority control, the attackers were able to double spend transactions. They first sent XVG to exchanges and swapped for Bitcoin. After exchanges confirmed the deposits, the attackers then forked the Verge chain to erase the transactions. This rolled back the blockchain before the XVG deposits as if they never happened. But the stolen Bitcoin were retained.
Beyond proving vulnerabilities in Verge’s implementation, the attack holds broader lessons for blockchain consensus security. Relying on just one or two mining algorithms centralizes control in the hands of those able to amass hash rate. Multi-algorithm mining should require distribution to preventtakeover by an algorithm subset.
The importance of mining power distribution also applies to PoW networks like Bitcoin and Ethereum. Dominance of mining pools like AntPool must be monitored for over-centralization risks.
For PoS consensus, sufficient staking decentralization and continuous randomization in validator selection prevent takeover by mega-stakers. Frequent random shuffles of validators disrupt any attempt to collude.
Finally, swift response to attacks-in-progress can mitigate losses by identifying the malicious fork and coordinating exchanges to increase confirmations or freeze potentially double-spent deposits before clearing.
By studying past consensus failures like Verge, blockchain architects can design systems resilient to 51% and double spend exploits from day one. With vigilance and an emphasis on true decentralization, both PoW and PoS platforms can confidently grow while keeping community assets secure.