Vertcoin, an ASIC-resistant Proof-of-Work cryptocurrency, has suffered consecutive 51% attacks in recent weeks, resulting in the theft of around $100,000 worth of VTC tokens. Security expert Mark Nesbitt revealed that four separate attacks, the latest of which occurred just days ago, resulted in 22 “deep chain reorganizations” and 15 counts of double spend, which added up to the six-figure amount of stolen tokens. While this doesn’t mark a loss for investors, it nevertheless brings into question yet again the security of blockchain systems and the proof-of-work mechanism.
51% attacks aren’t new in the crypto community. Verge was attacked twice in the space of two months earlier this year, with MonaCoin and Bitcoin Gold also falling victim in 2018. 51% attacks are performed on Proof-of-Work blockchains when an individual entity acquires a minimum 51% of the network’s hashing (mining) power to control what is broadcast via the consensus mechanism. By doing so, they can manipulate the blockchain, preventing other transactions from gaining confirmations and other miners from mining valid blocks.
Double spend is a secondary attack that can follow a successful breach of a blockchain, as happened with Vertcoin. Here, coins can be sent to an address on the blockchain, after which the network is moved to a different copy of the blockchain by broadcasting a version where the coins, apparently, were never spent. This way the consensus mechanism can be tricked and a record of the transaction will not exist on the ‘new’ blockchain. The Vertcoin attackers did this 15 times, making off with the $100,000 worth of tokens without anyone noticing until it was too late.
Exchanges to be Targeted
Nesbitt doesn’t mince his words when it comes to future attacks, saying exchanges are the most vulnerable entities, and that coins that receive repeated attacks may be delisted:
…exchanges make an ideal target for this type of attack. As long as exchanges are willing to provide customers with assets in response to the deposit of a reversible currency, there’s no reason for attackers to stop this behavior. Expect to see more of these attacks. Exchanges that support these assets will continue to suffer losses, with the ultimate result that exchanges will be forced to delist these assets.