Vertcoin, a crypto project that aims to keep mining power decentralized, has suffered its second 51-percent attack in a year.
The incident saw 603 genuine blocks on the Vertcoin main blockchain replaced with 553 blocks written by the attacker, according to the project’s lead maintainer, James Lovejoy, in a GitHub notice.
Occurring on Sunday, Dec. 1, the blockchain reorganization caused five “double spends” to the value of 125 vertcoin (VTC) worth approximately $29. “Each of the double-spent outputs are coinbase outputs owned by the attacker and it is unknown to whom the coins were originally sent before being swept to an attacker address after the reorg,” Lovejoy said.
Put simply, a 51-percent attack can occur when an entity (or entities) gains over half of the hashing power of a blockchain network, bringing the ability to rewrite the blocks making up the “chain.”
Almost exactly a year ago to the day, Vertcoin saw another 51-percent attack that caused multiple reorgs and was estimated by Coinbase to have cost users over $100,000. After that attack, Vertcoin – which aims to block powerful mining chips called ASICs from the network to keep mining more community based and affordable – switched its proof-of-work algorithm to one called Lyra2REv3.
The latest attack had been seen coming. Lovejoy explained:
"On Nov 30th 2019, a Vertcoin miner noticed a large upswing in hashrate rental prices for Lyra2REv3 on Nicehash. This was combined with workers connected to Nicehash's stratum server being sent work for unknown (non-public) Vertcoin blocks. I contacted Bittrex, Vertcoin's most prominent exchange, to recommend they disable the Vertcoin wallet on their platform once it became clear an attack was in progress, which they subsequently did."
The developer continued to say there’s “strong evidence” that the attack was carried out by harnessing leased hashrate from Nicehash.
“The attack was originally discovered by inspecting the work being sent from Nicehash’s stratum servers, which were sending work for non-public blocks,” he said.
Why Vertcoin was attacked again is unclear. Lovejoy said it would not have been profitable based on miners’ block rewards alone. He suggested Bittrex may have been target, but the exchange disabling its Vertcoin wallet may have prevented more double spends.
An alternative option is that thefts via double spending was not the plan and the attack may have been “a proof of concept or sabotage attack.”