Hacker mines up to $1 million in Verge after exploiting major bug
Due to several bugs in the XVG code, you can exploit this feature by mining blocks with a spoofed timestamp. When you submit a mined block, as a malicious miner or pool, you simply set a false timestamp to this block one hour ago and XVG will then “think” the last block mined on that algorithm was one hour ago. Your next block, the subsequent block, will then have the correct time.
And since it’s already an hour ago – at least that is what the network thinks – it will allow this block to be added to the main chain as well.
Source: sophos.com