If you haven’t heard yet, the Verge protocol was compromised recently (once again) approximately two days ago.
What makes this even more alarming is that this is the exact same issue that compromised the chain in the beginning of April.
I wrote about this issue in this article here:
It was in this thread here on bitcointalk, posted by user ‘ocminer’, whom says he was running a mining pool on Verge at the time, where the issue was exposed in full. But it wasn’t done so for the purposes of making Verge look bad, but to prompt an expedited response to actually fix the problem (surprise: That didn’t happen and probably still won’t)
The Issue in a Nutshell:
Here’s how the Verge mining consensus algorithm is designed:
So, it’s not hard to see why their mining consensus algorithm is what ultimately led to their downfall. However, that’s not all. Take a look at this:
Someone coordinating an attack like what you see with $XVG along with an ASIC miner for Scrypt (same mining algo as LTC for reference; & the one that was used to ultimately exploit the chain) would be able to easily mine consecutive blocks in a row by spoofing the order at which blocks were placed on the chain.
The same structure by which $DGB (Digibyte) used to (or still does — I don’t know, not keeping track) works by.
What makes it ultimately insecure is the fact that the re-targeting algorithm is different for each algorithm on the protocol. So, via the exploitation/compromise of one of those algorithms (Scrypt) in this case, is what led to the consecutive block creation by whoever had exploited the chain in the first place on both April 4th and May 22nd.
I won’t go into too much detail recapping these events, but one thing that’s worth noting, which the anything crypto article (cited above), points out, is the fact that $DGB Digibyte had already encountered this issue and provided a fix for it:
As you can guess, this was not implemented on $XVG for some reason (incompetence of the devs more than likely at this point), and thus they have remained susceptible to these attacks.
What is even more astounding is that, even after the initial news of the attack on the chain, there was NO decrease in the total price of $XVG.
The price did indeed go up though.
To reiterate that caption, “I captured screenshot above within the article that I posted on April 5th.”
This was a quote within the bitcointalk thread by Ocminer that was started on April 4th.
This is the calculation that I came up with myself based on the information that I had researched myself:
What I found out just a week later definitely concerned me greatly:
18.6 million Verge was reportedly sent from a wallet on April 13th that was owned by the Verge team directly to Binance (the exchange).
I calculated that approximately 18.5 million Verge were acquired by whatever entity compromised the Verge chain in my article that was posted on April 5th.
These numbers are damn near the same, which would make this one hell of a coincidence.
The common rebuttal to this pair of statements would be: “Isn’t there a chance that someone did the same calculations that you did on April 4th/5th and also figured out that about 18.6 million Verge coins were stolen and simply published this Reddit post later to spread ‘FUD’ and fool people like you into thinking that this is due to the nefarious activities of the dev team?”
That’s a great question, to be frank and one that I asked myself because it’s always good to consider all possibilities before moving forward with any assumptions, accusations or inferences.
So, let’s start digging here.
I found another post by a Reddit user in the community that asked the same question:
The amount that he is claiming was sent from the wallet is lower than what the previous user reported because the other alleged amounts had not been sent yet at that point in time.
There, we receive a wallet address, which is: DLv25ww5CipJngsKMYemBTBWH14CUpucxX (we’ll get back to this)
On this thread, it appears that someone affiliated with Verge issues a response. Here’s a copy of that response below:
This appears to validate the idea that the transaction observed was legitimate and that the team was more than aware of it.
Of course, as noted in the first Reddit thread that I had posted, the idea that this was a “payment” to Ledger or used for integration on Ledger (keep in mind, this was approximately $1.8 million in USD value going by Verge’s market price on April 13th, 2018) was and still is (to my knowledge) the explanation given by the team for this transfer of funds from their wallet.
This prompted the community to question Fred de Villamil (the VP of Engineering at Ledger) on whether he knew for sure if Verge was associated with the team.
As you can see above, he answered in the negative.
Here is a screenshot of his Twitter page with his confirmed credentials:
I went through to LedgerHQ’s Twitter:
Notice when it states, “Service status status.ledger.fr”
So, we know they own the ledger.fr domain.
It’s there that I confirmed Fred’s status with the company. He’s legitimate, which means that his statements should be considered legitimate as well.
Ironically, what added the most legitimacy to all of these claims was Sunerok’s eventual response on Reddit.
The quote in that Reddit post, “edit: here you can see they said we DID contact them, and DID receive a quote” with the Twitter link merely takes us to the original tweet from Fred that I posted above.
Sunerok/Dogecoindark (lead developer) also stated this on the same thread:
This statement is even more interesting in light of the fact that Ledger no longer charges for integration as stated in a tweet by the VP of Engineering, Fred:
This is the greater context that the above tweet was made in:
So, why would Verge’s lead developer and other reps claim that money was being transferred for the purposes of paying Ledger if we KNOW that they do NOT have a relationship with Ledger at ALL and that Ledger does not even charge for integration?
The craziest thing here is that everything I wrote above is corroborated with a LOT of evidence.
Why David Gokhshtein Can Not Be Trusted:
If you are unfamiliar with him, he is a major part of the Verge community (or he at least shills very hard for them) and has perpetuated many of the lies that have resulted in people losing an absurd amount of money investing in $XVG.
Here is a picture of his actual Twitter profile:
As you can see (and he frequently brags about), he appears to have a substantial amount of influence in the community.
Unfortunately, it appears that he has only wielded it for bad and that has come in the form of disinformation, twisting the narrative and outright obfuscating facts/attempting to discredit any and everyone that presents any type of evidence of major instability/problems within Verge’s actions and core structure.
The Saga of David Gokhshtein
Despite everything that I posted above (and a direct confirmation from the VP of Ledger himself), David has taken to Twitter to post what could be politely called “misleading” tweets like this one:
We now know the above statements are completely bullshit at this point.
That doesn’t stop David though, and with the entire community screaming “FUD” to any and all facts that are presented and backing up his twisted narrative of how things are, why would it?
Just days later, David decides to willfully mislead investors into buying at the proverbial ‘top’ of $XVG, right before the announcement:
If you noticed, his tweet said, “Watch for the announcement and #FOMO begins”
If you look at the chart above, it appears that the dumping had already begun. Perhaps this was in anticipation of the announcement. Perhaps it was due to an inside release of the information beforehand.
Either way, this was both an imprudent, unwise and perhaps disingenuous piece of investment advice that David gave the community.
That didn’t stop him from issuing this statement an hour and a half later (after the price had dumped substantially from that point)
Sadly, those that bought in on David’s recommendation have YET to see their money return to them:
Despite David’s most desperate efforts to pump the price back up:
Here is yet another winner in David’s portfolio:
I won’t even get into that in this article.
The amount of trust that any logical and rational investor should have in $XVG, its developers and the leaders of its community should be sitting at around ‘0’ at this point in time.
There has been absolutely no transparency in their behavior, actions, standards, or any other bar/measure of conduct.
What is most troubling is:
- 18.6 million Verge were estimated to be stolen on April 4th-5th.
- 18.5 million Verge were transferred from a wallet that Verge owns directly too Binance a week and a half later.
- The excuse given was that the payment was needed for ‘Ledger Wallets’, which is demonstrably false.
- The same hack/vulnerability that the devs claimed to have fixed at that point in time, was exploited yet again just 2–3 days prior to me writing this.
- The actual fix for this issue exists, yet apparently has not been pursued for some reason.
All of this evidence begs the question of whether or not this is an inside job at this point.
Given the price deficit and the cheesy model of using overhyped partnership announcements to boost the price of the currency, it seems as though $XVG is running out of options and the 80%+ price decrease since it’s ATH indicates as much as well.
For all those that are still holding $XVG, my only questioning remaining is:
When will you finally sell?
Disclaimer for this article: This is not investment advice, I do not own any $XVG, nor have I ever and do not plan on doing so in the near future. No one/entity/company/corporation paid me crypto/dollars/assets/favors or any other liquifiable asset/currency to write this article and I am neither profiting directly or indirectly from its curation. This article was not written under duress/pressure/threat/extortion or other unfavorable condition either. I also do not possess any coins from a direct or indirect competitor of $XVG and have no tied interest to the success/failure of this project.