Cyber Incident Victim: Verge Cryptocurrency
Date:
Apr 2018
Location:
—
Summary
An unknown attacker exploited a vulnerability in the Verge cryptocurrency network to generate coins at an abnormally high rate of 1,560 per second, accumulating approximately 15.6 million coins during a three-hour period. This incident, initially mistaken for a 51% attack, specifically targeted certain blocks and caused the cryptocurrency's exchange rate to drop by 7-8%. The development team responded by preparing a hard-fork to address the exploit and revert the blockchain to a pre-attack state to invalidate the fraudulently mined assets.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around April 4, 2018, an unidentified attacker exploited a vulnerability in the Verge cryptocurrency network’s code to mine XVG coins at an abnormally high rate, effectively generating funds without legitimate computational effort. The exploit enabled the attacker to mine approximately 1,560 Verge coins per second, equivalent to $78 per second at the time, over a concentrated three-hour period. This rapid mining activity led to the creation of roughly 15.6 million coins, valued at approximately $780,000. Initial observations by users suggested a potential 51% attack, where an entity gains majority control of a blockchain’s mining power, raising concerns about fund theft or transaction manipulation. The Verge development team later clarified that the incident did not constitute a 51% attack but instead stemmed from a code-level bug that allowed abnormal mining speeds during specific block intervals. The exploit’s execution coincided with a measurable decline in Verge’s exchange rate, which dropped by 7-8% following public awareness of the incident.
The Verge development team responded by initiating preparations for a hard fork—a permanent divergence in the blockchain—to address the vulnerability and invalidate the fraudulently mined coins. This corrective measure involved reverting the blockchain to a state prior to the attack, effectively erasing the attacker’s illegitimate gains from the ledger. The team did not publicly disclose technical specifics of the bug or engage with external requests for comment during the immediate aftermath. User-led investigations tracked the attacker’s wallet activity, confirming the scale of mining and the associated financial impact. The incident underscored operational risks within the Verge network, though no direct theft of user funds or broader network compromise beyond the mining exploit was reported. Market reactions reflected investor concerns, with the exchange rate decline persisting in the short term following the attack’s disclosure.