Cyber Incident Victim: Vertcoin

In late 2018, Vertcoin (VTC), a proof-of-work cryptocurrency designed to resist mining centralization, suffered a 51% attack involving four distinct incidents, with the latest ongoing as of the reporting period. Attackers rented substantial ASIC hash power to commandeer over 50% of the network’s mining capacity, enabling control of the blockchain. This majority control allowed the malicious actors to execute 22 deep chain reorganizations, including 15 instances of double spending. The largest reorganization exceeded 300 blocks in depth, destabilizing the network’s transaction history. Security expert Mark Nesbitt, a Coinbase engineer, identified the attack and estimated losses surpassing $100,000 from stolen funds. The attackers exploited the ability to create alternative blockchain versions, invalidating legitimate transactions while spending the same coins twice—once on the main chain and once on their manipulated chain.

The incident exposed vulnerabilities in altcoin exchanges, which lacked robust safeguards against such attacks. Attackers deposited VTC onto exchanges, traded it for other assets, withdrew those assets, and then reversed the original deposits via chain reorganizations, leaving exchanges with unrecoverable losses. Nesbitt highlighted similar prior attacks on Bitcoin Gold (BTG), Verge (XVG), and MonaCoin (MONA), which led to delistings from major trading platforms. He urged exchanges to prioritize security measures, particularly for proof-of-work cryptocurrencies susceptible to hash rate manipulation. The Vertcoin attack underscored systemic risks in smaller blockchain networks where concentrated hash power could be feasibly acquired through rental markets, compromising decentralization assurances. No specific remediation actions by Vertcoin’s developers or affected exchanges were detailed in the report.