He send the coins to gox, trades them for USD and buys other coins back. Or uses a coin mixing service. Or trades them for virgin coin. Or spends them with someone who doesn't care that they're dealing with a dick.
Pecunia non olet.
Topic: [0Th]Ozcoin Pooled Mining |DGM 1%|Stratum+VarDiff port 80|NEW CN mining| - page 38. (Read 398185 times)
April 19, 2013, 08:38:45 AM
He send the coins to gox, trades them for USD and buys other coins back. Or uses a coin mixing service. Or trades them for virgin coin. Or spends them with someone who doesn't care that they're dealing with a dick.
Pecunia non olet.
April 19, 2013, 08:35:44 AM
I'm going to explain this like you where 5 years old:
I, my son, his children, will _personally_ track 16cDeEFn6sraUEJrDCt2Yg3r7j2oazSYEd for all eternity, no matter how many addresses the value is being sent to.
The value originating in 16cDeEFn6sraUEJrDCt2Yg3r7j2oazSYEd is for all future marked in our collective consciousness as stolen money.
Nothing else matters, I could create a service where you can store stolen addresses, but that is COMPLETELY IRRELEVANT.
NO ONE will EVER take money from 16cDeEFn6sraUEJrDCt2Yg3r7j2oazSYEd, period.
Case closed.
I, my son, his children, will _personally_ track 16cDeEFn6sraUEJrDCt2Yg3r7j2oazSYEd for all eternity, no matter how many addresses the value is being sent to.
The value originating in 16cDeEFn6sraUEJrDCt2Yg3r7j2oazSYEd is for all future marked in our collective consciousness as stolen money.
Nothing else matters, I could create a service where you can store stolen addresses, but that is COMPLETELY IRRELEVANT.
NO ONE will EVER take money from 16cDeEFn6sraUEJrDCt2Yg3r7j2oazSYEd, period.
Case closed.
April 19, 2013, 08:23:35 AM
@rupy:
That would definitely kill the anonymity aspect.
Who are you to blacklist any address?
Law enforcement? No.
Bitcoin Administration? Also, no.
So this feature can't be added, because it would let them asses in, blacklisting any publicly available adress from forum posts, "donate here please" and whatever.
Would be a nice feature, but the only responsible person to blacklist any adress is the owner of it, and the only use to blacklist is when the wallet.dat gets lost/stolen, as to prevent someone spend the moniez.
But then you do not have any information to prove you're the responsible person.
And also, you can't track where these btc's go. That's the way the system is defined. You may be able to see the target adress, but that's an anon value also, so no Name/whatever behind it, at least as long the receiving person doesn't decide to reveal its adress in a googleable way.
Only possible option would be to enforce a new version of any btc related software that allows pool operators to blacklist such transactions/adresses and basically not process them, either as target or source of any transaction.
But there is the devil of "law enforcement person".
Do you trust any and all pool operators to not blacklist some adresses just because "they're fuckers let's kill them"?
I personally don't. Graet and some others are maybe "angels" ("faith in humanity restored" and the like), but i bet there are some bad dudes out there...
And you'll only need one to kill the whole system.
That would definitely kill the anonymity aspect.
Who are you to blacklist any address?
Law enforcement? No.
Bitcoin Administration? Also, no.
So this feature can't be added, because it would let them asses in, blacklisting any publicly available adress from forum posts, "donate here please" and whatever.
Would be a nice feature, but the only responsible person to blacklist any adress is the owner of it, and the only use to blacklist is when the wallet.dat gets lost/stolen, as to prevent someone spend the moniez.
But then you do not have any information to prove you're the responsible person.
And also, you can't track where these btc's go. That's the way the system is defined. You may be able to see the target adress, but that's an anon value also, so no Name/whatever behind it, at least as long the receiving person doesn't decide to reveal its adress in a googleable way.
Only possible option would be to enforce a new version of any btc related software that allows pool operators to blacklist such transactions/adresses and basically not process them, either as target or source of any transaction.
But there is the devil of "law enforcement person".
Do you trust any and all pool operators to not blacklist some adresses just because "they're fuckers let's kill them"?
I personally don't. Graet and some others are maybe "angels" ("faith in humanity restored" and the like), but i bet there are some bad dudes out there...
And you'll only need one to kill the whole system.
April 19, 2013, 08:16:39 AM
This is interesting: I just realized, the theif can't spend this money for ANYTHING at ANY point in time!
That address will be tracked by a hundred people for all future, I'm writing a system for this NOW.
Basically, he has BTC but as soon as he spends them, he will get caught!
Edit: Can someone point me to threads about this fact OR prove me wrong!
YOU CANNOT STEAL BITCOINS!
That address will be tracked by a hundred people for all future, I'm writing a system for this NOW.
Basically, he has BTC but as soon as he spends them, he will get caught!
Edit: Can someone point me to threads about this fact OR prove me wrong!
YOU CANNOT STEAL BITCOINS!
Rupy come on, you've been here since 2011 and you don't know about PPS or how stolen coins can't be tracked? All the thief has to do is collect the coins, use a mixing service or even an exchange and they'll never be tracked again.
I wonder if the developers are making any headway into blacklisting addresses or would that defeat the anonymity of BTC?
The problem is simply that someone is then given the power to decide what addresses are black listed.
Who should be given power to control BTC? No one.
It's even worse when you consider what it means for the average person.
If I have 10BTC stolen can I then go to this 'power' and ask them to blacklist the target address?
Of course not - since we then have the issue of who is right and who is wrong - that again someone will be given the power to decide.
So basically it becomes a power to be used either for those with a lot of BTC and well known, or those who are also considered 'powerful' in the BTC world.
It's called give central control of BTC to a few people - which is of course a very bad thing.
April 19, 2013, 08:15:00 AM
I did not receive your payment , and payment records on the web has been paid . Please give me a reasonable explanation .sir 
Read the previous chain of post's here!!!!!
Starting with this one
https://bitcointalksearch.org/topic/m.1883478
April 19, 2013, 08:14:05 AM
This is interesting: I just realized, the theif can't spend this money for ANYTHING at ANY point in time!
That address will be tracked by a hundred people for all future, I'm writing a system for this NOW.
Basically, he has BTC but as soon as he spends them, he will get caught!
Edit: Can someone point me to threads about this fact OR prove me wrong!
YOU CANNOT STEAL BITCOINS!
That address will be tracked by a hundred people for all future, I'm writing a system for this NOW.
Basically, he has BTC but as soon as he spends them, he will get caught!
Edit: Can someone point me to threads about this fact OR prove me wrong!
YOU CANNOT STEAL BITCOINS!
Rupy come on, you've been here since 2011 and you don't know about PPS or how stolen coins can't be tracked? All the thief has to do is collect the coins, use a mixing service or even an exchange and they'll never be tracked again.
I wonder if the developers are making any headway into blacklisting addresses or would that defeat the anonymity of BTC?
Or you could drop the wallet.dat into an online wallet service.
What good will blacklisting addresses do? Anyone can create as many addresses as they want?
April 19, 2013, 08:13:51 AM
I did not receive your payment , and payment records on the web has been paid . Please give me a reasonable explanation .sir
April 19, 2013, 08:07:52 AM
This is interesting: I just realized, the theif can't spend this money for ANYTHING at ANY point in time!
That address will be tracked by a hundred people for all future, I'm writing a system for this NOW.
Basically, he has BTC but as soon as he spends them, he will get caught!
Edit: Can someone point me to threads about this fact OR prove me wrong!
YOU CANNOT STEAL BITCOINS!
That address will be tracked by a hundred people for all future, I'm writing a system for this NOW.
Basically, he has BTC but as soon as he spends them, he will get caught!
Edit: Can someone point me to threads about this fact OR prove me wrong!
YOU CANNOT STEAL BITCOINS!
Rupy come on, you've been here since 2011 and you don't know about PPS or how stolen coins can't be tracked? All the thief has to do is collect the coins, use a mixing service or even an exchange and they'll never be tracked again.
I wonder if the developers are making any headway into blacklisting addresses or would that defeat the anonymity of BTC?
April 19, 2013, 08:06:51 AM
This is interesting: I just realized, the theif can't spend this money for ANYTHING at ANY point in time!
That address will be tracked by a hundred people for all future, I'm writing a system for this NOW.
Basically, he has BTC but as soon as he spends them, he will get caught!
Edit: Can someone point me to threads about this fact OR prove me wrong!
YOU CANNOT STEAL BITCOINS!
That address will be tracked by a hundred people for all future, I'm writing a system for this NOW.
Basically, he has BTC but as soon as he spends them, he will get caught!
Edit: Can someone point me to threads about this fact OR prove me wrong!
YOU CANNOT STEAL BITCOINS!
He send the coins to gox, trades them for USD and buys other coins back. Or uses a coin mixing service. Or trades them for virgin coin. Or spends them with someone who doesn't care that they're dealing with a dick.
April 19, 2013, 08:02:23 AM
This is interesting: I just realized, the theif can't spend this money for ANYTHING at ANY point in time!
That address will be tracked by a hundred people for all future, I'm writing a system for this NOW.
Basically, he has BTC but as soon as he spends them, he will get caught!
Edit: Can someone point me to threads about this fact OR prove me wrong!
YOU CANNOT STEAL BITCOINS!
That address will be tracked by a hundred people for all future, I'm writing a system for this NOW.
Basically, he has BTC but as soon as he spends them, he will get caught!
Edit: Can someone point me to threads about this fact OR prove me wrong!
YOU CANNOT STEAL BITCOINS!
April 19, 2013, 07:54:00 AM
We have isolated the method used to change the code on our side.
All payout/bitcoind control access has been removed from the public facing systems and is now operating on a private internal network with SQL.
We have implemented a pre-check system that will run prior to all payouts to stop this last incident from happening.
As mentioned before I take full responsibility for what has happened, and will be covering it personally.
I have already funded the loss again, and for what I hope to be a very short period, payouts have been throttled as an extra precaution.
Some people have shared concerns about other sites I work with. I can assure everyone that Ozcoin is separately coded and managed.
While this was indeed a great and frustrating loss, it's not a first for pools and thankfully by far one of the smallest still.
As always, I will keep everyone informed as updates become available.
Best wishes
Graet
All payout/bitcoind control access has been removed from the public facing systems and is now operating on a private internal network with SQL.
We have implemented a pre-check system that will run prior to all payouts to stop this last incident from happening.
As mentioned before I take full responsibility for what has happened, and will be covering it personally.
I have already funded the loss again, and for what I hope to be a very short period, payouts have been throttled as an extra precaution.
Some people have shared concerns about other sites I work with. I can assure everyone that Ozcoin is separately coded and managed.
While this was indeed a great and frustrating loss, it's not a first for pools and thankfully by far one of the smallest still.
As always, I will keep everyone informed as updates become available.
Best wishes
Graet
I hope you are taking proper SQL injection precautions. I'm really sorry that this happened to you and I will be delaying any payments indefinitely, I don't need them right now, but it seems that you do. And I really have to thank you for being honorable in the face of such challenges. It restores my faith in humanity.
April 19, 2013, 07:34:01 AM
Wow, just wow. I think this is a new first. It's one thing to keep money that a pool mistakenly sent you. It's another to steal 1kBTC from miners! 
April 19, 2013, 07:24:34 AM
Oh shi*, we're fucked.
BTCGuild takes over, all Pools are being DDOSed, MTRed closes door, ozco hacked to steal payouts.
The System itself has gotten attention of too much people, now some try to get our money out, then destroy it.
And the loss of ~1600BTC, jesus, Graet deserves a gold medal for taking this as a lesson and continue working.
Most would have killed someone responsible for this.
Why 1600 BTC? Great reported about 934 BTC theft.BTCGuild takes over, all Pools are being DDOSed, MTRed closes door, ozco hacked to steal payouts.
The System itself has gotten attention of too much people, now some try to get our money out, then destroy it.
And the loss of ~1600BTC, jesus, Graet deserves a gold medal for taking this as a lesson and continue working.
Most would have killed someone responsible for this.
He is talking about the theft plus the previous loss of 700 odd BTC from PPS issues that Graet also funded out of his pocket.
April 19, 2013, 07:16:48 AM
Oh shi*, we're fucked.
BTCGuild takes over, all Pools are being DDOSed, MTRed closes door, ozco hacked to steal payouts.
The System itself has gotten attention of too much people, now some try to get our money out, then destroy it.
And the loss of ~1600BTC, jesus, Graet deserves a gold medal for taking this as a lesson and continue working.
Most would have killed someone responsible for this.
Why 1600 BTC? Great reported about 934 BTC theft. BTCGuild takes over, all Pools are being DDOSed, MTRed closes door, ozco hacked to steal payouts.
The System itself has gotten attention of too much people, now some try to get our money out, then destroy it.
And the loss of ~1600BTC, jesus, Graet deserves a gold medal for taking this as a lesson and continue working.
Most would have killed someone responsible for this.
April 19, 2013, 06:23:37 AM
I don't know how bitcoind's default behavior is, but can't you try to re-spend all the 0-confirms (and add a fee to the new transaction)?
If the hacked transactions has a very low priority (or isn't added the the mempool), because they don't have a fee (why would the hacker not even pay a fking fee?), then you might be able to "steal" some of them back
EDIT: When I wrote this, less than 50 BTC was confirmed. Now all of them is confirmed, so it is too late.
If the hacked transactions has a very low priority (or isn't added the the mempool), because they don't have a fee (why would the hacker not even pay a fking fee?), then you might be able to "steal" some of them back
EDIT: When I wrote this, less than 50 BTC was confirmed. Now all of them is confirmed, so it is too late.
April 19, 2013, 05:45:22 AM
Oh geez, I was already wondering why I got the mail "ozco.in Automatic Payout Notification", but didn't receive the payment and didn't see it on the blockchain.
I'm on the list for "-8.75307302".
I'm really feel bad for Graet, and I could very well understand this would make him sick
.
He tries to do his best, and then all this sh*t is happening.
I'm with you Graet, i'm with you; I keep supporting you and your pool (even though what you now going through).
I'm on the list for "-8.75307302".
I'm really feel bad for Graet, and I could very well understand this would make him sick
.He tries to do his best, and then all this sh*t is happening.
I'm with you Graet, i'm with you; I keep supporting you and your pool (even though what you now going through).
April 19, 2013, 05:14:19 AM
is it possible to push through a much higher fee transaction and get it accepted before one of the fraudulent ones, thereby invalidating the whole chain?
As far as the bitcoin network is concerned, they are not fraudulent.That is the nature of BTCs. Once they are sent, they are sent.
Any mechanic which could 'pull back' the BTC sent as a result of this successful attack would be a demonstration that the bitcoin concept itself is fatally flawed. Resulting in a collapse in value of bitcoin itself.
--
My condolences, Graet.
-- edit - changed "hack" to "successful attack"
April 19, 2013, 05:13:31 AM
I guess the script already sent transactions out,
but not all are accepted (included in the blocks they create) by the solo miners and pools.
but not all are accepted (included in the blocks they create) by the solo miners and pools.
That seems about right. The amount is still increasing on that address as more blocks are mined..
It looks like most of those are 0conf unconfirmed payouts finally making it through the backlog.
It looks like most of them are 0 fee...is it possible to push through a much higher fee transaction and get it accepted before one of the fraudulent ones, thereby invalidating the whole chain? Forgive my relative ignorance on this matter.
Like the SD 0conf exploit?
April 19, 2013, 05:08:08 AM
I guess the script already sent transactions out,
but not all are accepted (included in the blocks they create) by the solo miners and pools.
but not all are accepted (included in the blocks they create) by the solo miners and pools.
That seems about right. The amount is still increasing on that address as more blocks are mined..
It looks like most of those are 0conf unconfirmed payouts finally making it through the backlog.
It looks like most of them are 0 fee...is it possible to push through a much higher fee transaction and get it accepted before one of the fraudulent ones, thereby invalidating the whole chain? Forgive my relative ignorance on this matter.
April 19, 2013, 05:05:11 AM
Oh shi*, we're fucked.
BTCGuild takes over, all Pools are being DDOSed, MTRed closes door, ozco hacked to steal payouts.
The System itself has gotten attention of too much people, now some try to get our money out, then destroy it.
And the loss of ~1600BTC, jesus, Graet deserves a gold medal for taking this as a lesson and continue working.
Most would have killed someone responsible for this.
BTCGuild takes over, all Pools are being DDOSed, MTRed closes door, ozco hacked to steal payouts.
The System itself has gotten attention of too much people, now some try to get our money out, then destroy it.
And the loss of ~1600BTC, jesus, Graet deserves a gold medal for taking this as a lesson and continue working.
Most would have killed someone responsible for this.
As Bitcoin becomes more popular our security practices are going to have to improve. It's not just DDoS attacks. Cross site scripting, SQL injection, and network security are an issue too. Locking down access to your services to the local network will help and is easy to implement. Check all uploads, set their permissions, and try to make them as inaccessible as possible. Every form needs it's POST checked for SQL injection before form inputs get sent to the database.
This is not just advice for Ozcoin.
Good luck! My Avalons are still pointed at Ozcoin!
Jump to: