Vertcoin suffers a 51% attack

Summary

Vertcoin, a cryptocurrency that focuses on decentralization, was hit by a 51% attack in October 2018. The attack led to double-spending and the loss of thousands of dollars in assets. The attackers took advantage of the Lyra2REv2 algorithm, which was susceptible to NiceHash-driven attacks due to the availability of hash power for rent. In response to the attack, Vertcoin switched to a new algorithm called Verthash, which aimed to provide better security against similar attacks in the future.

Attackers

The attackers behind the Vertcoin 51% attack were likely sophisticated, as they managed to gain control of more than 51% of the network’s hash rate. Between October and Decemeber 2018, there were multiple distinct events that included double-spends, which might indicate that there were multiple attackers / groups of attackers. It is suspected that the attackers used NiceHash, a hash power marketplace, to rent the necessary hash power to execute the attack, rather than owning and operating the required mining hardware themselves. This suggests that the attackers were well-versed in the cryptocurrency mining landscape and had knowledge of the vulnerabilities present in Vertcoin’s algorithm at the time.

Losses

The exact number of assets lost during the Vertcoin attack is not known, but it is estimated to be around $100,000. The attackers were able to double-spend coins and manipulate the blockchain, leading to financial losses for users and exchanges.

Timeline

  • October 12, 2018: The 51% attack on the Vertcoin network begins. An attacker is mining Vertcoin with a large amount of hashpower, exceeding 50% of the network’s total hashrate.
  • October 25, 2018: The attack continues, with the attackers successfully double-spending coins and causing financial losses for Vertcoin users and exchanges.
  • October 28, 2018: The Vertcoin community becomes more aware of the attack and begins to panic. The price of VTC falls from $0.7 to $0.3 per coin.
  • October 29, 2018: In response to the attack, the Vertcoin team announces plans to switch to a new mining algorithm called Verthash, designed to provide better security against 51% attacks and resist hash power rental services like NiceHash.
  • October 29, 2018: The attack continues, but the attacker is now unable to double-spend coins as easily. By this point, the attacker has successfully double-spent a total of $100,000 worth of coins.
  • December 2, 2018: The attack finally ends, and the Vertcoin network is restored to normal.

Security Failure Causes

  • Vulnerable mining algorithm: Vertcoin’s Lyra2REv2 algorithm was susceptible to NiceHash-driven attacks, as it allowed attackers to rent hash power and easily gain control of the network’s hash rate.
  • Centralization of hash power: The Vertcoin network did not have a sufficient level of decentralization in its hash power distribution, making it easier for attackers to gain control of the majority of the network’s hash rate.
  • Lack of preventive measures: Vertcoin’s network did not implement enough preventive measures to protect against 51% attacks, such as requiring a higher number of confirmations for transactions to be considered valid.
  • Lower network security awareness: The Vertcoin network was not well-funded and may have had less community awareness and developer support. That made it more difficult to implement security measures that would have made it more difficult for attackers to launch a 51% attack.