A group calling itself Bitpico has bragged about attacking the LN (Lightning Network). The group claims it is stress testing the network and the LN developers responded that they are analyzing and trying to close any attack vectors before the currency is used more.
It is almost a traditional DOS attack where nodes were flooded with false transactions to overwhelm them so no real transactions could get through (similar to a web attack that opens frivolous connections to overwhelm the server).
Inevitably almost all networks go through this and it really is a typical cat and mouse game in any public, permissionless blockchains. It is really an IT security nightmare where no one is authenticated or vetted whatsoever. There is little disincentive for organized and well-funded groups not to attack blockchains if they have enough motivation, and clearly many do.
In all fairness it was just 3 hours, they have corrected the issue and have apologized which is the way to handle it. This won’t make me panic sell my Verge coins.
However, a scam closely followed right into the tweet discussion about this with a fake Verge account scamming users by apologizing for the hack (very ironic).
Because of how well they handled it I have a lot of faith in their team. Lately a lot of blockchains have been attacked and exploited which is only natural. Contrary to popular belief blockchain is not invincible or infallible. Likewise, the people who code the applications and algorithms that run them are only human, so let’s give them a break.
To close this attack vector permanently it looks like a hardfork will be necessary (I generally dislike hardforks but this is a case of necessity). But once again I’ll say it is a flaw in the majority of permissionless blockchains. The client side shouldn’t care about this (just as we don’t care about the backend of our bank we only care about using our money).
I see the value of XVG has plummeted as a result, even though similar issues have happened with Bytecoin and Monero due to a flaw that allowed the creation of extra coins in Cryptonight. I would fathom that a lot, if not most blockchains have been attacked and this has gone undetected and/or unreported. It is likely just a matter of time. This still puzzles me more because I think the Ethereum, parity issue, Bitcoin Gold Scam and what I suspect was a similar issue with Raiblocks didn’t impact the value as much. With that said, this is one more reason I feel PoW is unsustainable and doesn’t help secure networks at all, as even without technical exploits you can still cause damage by having more hashing power than others.
I am not overly concerned about this issue and a big part of that is how the team handles things and it looks like they’ve taken ownership of the problem and have corrected it (something rare in this industry).