Verge, a privacy-oriented cryptocurrency recently propelled into the limelight by a partnership with popular adult entertainment site Pornhub, suffered two hacks perpetrated through 51-percent attacks that saw the attackers absconding with millions of dollars-worth of its native cryptocurrency, XVG.
First, the embarrassing part – a privacy coin that opened itself up to an easy and executable attack that got away with millions in its currency calls into question the ‘privacy’ portion of its brand.
Second, the fact that a second (and third) attack took place made it look like Verge’s dev team was unaware of the ongoing vulnerabilities, or somehow in on it (a theory that continues to float around out there).
During the first attack in April (only a couple of weeks before the Pornhub partnership), the hacker was able to get away with 250,000 XVG. And during the latest in mid-May, an attacker was able to exploit $1.7 million-worth of the cryptocurrency from the protocol.
Verge developers were only trying to design a better cryptocurrency for payments, but by tweaking small parameters, such as the length of time a block can be valid, the group has opened its blockchain up to attacks.
“Things obviously don’t look good,” said Daniel Goldman, the CTO of cryptocurrency analysis site The Abacus who’s been tracking the attacks. “The issues that initially slipped into the codebase were a result of pure carelessness — incorporating code from other open-source software without understanding its implications.”
Goldman added: “I hate to say it, but if I had to summarize: the attacker is doing better due diligence than the developers. I’d try to poach him if I were them.”
A telling quote to say the least, by a guy in the know. If your own team can’t stop a hack that occurred in the near exact same way it did just a couple weeks before – you need a new team.
And maybe that is what Verge is attempting to do with a couple of ‘damage control’ measures? Take a quick look:
And a long and impassioned plea from one of Verge’s originalists on Medium describing the difficulty the hacks have caused; even calling into question whether or not insiders were executing them and profiting from the stolen funds. Wow.
All of this adds us to several different levels of damage control. No matter what they deny, claim, or spin for PR purposes, Verge has a serious problem on their hands.
We know for an undeniable fact that they’ve had to have serious conversations with nearly all of their retail partners regarding the stability of their currency and brand. The hacks scared the shit out of MindGeek. We spoke to three sources inside MindGeek specifically about the hacks and they were justifiably worried.
From a PR standpoint any shine that was temporarily reflecting off of the brand after the MindGeek announcement was blunted by the hack issues. And the press spent significantly more time covering the hacks (and the clear incompetence of their dev team) and the amount of money that was ultimately stolen.
All of it called into question the direction and competence of Verge leadership. Thus, new monitoring processes were announced, medium posts by ‘founding members’, and more press to deny that there were ever any real vulnerabilities.
And all of it adversely affected $XVG’s market cap and position as a budding top ten market cap coin. That seems like a pipe dream at this point.
The question now is, where does #VergeFam go from here? Should they hire some core developers that were right and quick to identify the hacks and call out the incompetence inside Verge? That sounds like a good start. And wrap it in a tidy press release? Maybe.
We do not expect medium posts and Twitter attacks are going to make a bit of difference in securing the stability of Verge’s network. Yet, that seems to be their modus operandi when faced with adversity.
Be better Verge. Your partners and stakeholders deserve it.