Privacy-centric cryptocurrency Verge (XVG) has adopted an emergency hard fork to address a bug that allowed a malicious miner to exploit the network’s mining algorithm for a seven-figure payday.
The attack appears to have first been discovered by BitcoinTalk user ocminer — the operator of altcoin mining pool Suprnova — who posted a thread on the forum alleging that an attacker was exploiting a bug in the Verge code that allowed miners to set false timestamps on blocks, tricking the network into adding them to the main chain.
According to ocminer, the attack persisted for more than 13 hours on Wednesday before being resumed again on Thursday. The attacker appears to have made off with more than 20 million XVG, worth more than $1.1 million at the present exchange rate. Verge’s developers, meanwhile, claim that it only lasted three hours.