ANN: [OPAL] | POS | Secure Messaging |NO ICO | bitsquare.io | cryptopia | Yobit - page 96.

Arux

hero member

Activity: 500

Merit: 500

Quote from: toldy on December 16, 2014, 02:40:02 PM

Here's a scenario that I'm wondering how we're going to address:

1. Bob has an OPAL wallet with 100,000 opal, that is not protected with a passphrase

2. He downloads a malware wallet, which copies his wallet.dat and forwards it to the hacker

3. The hacker empties this wallet and transfers his opal away and dumps the private key for "future use".

4. A roll back occurs

5. Bob now has 100,000 opal back in his wallet again

6. A few seconds later, the hacker empties this wallet again, because he has the private key from step #2

How are we going to circumvent this from occurring.

Quote from: StonerStanley on December 16, 2014, 03:00:26 PM

Quote from: scam_exposer on December 16, 2014, 02:52:17 PM

That does nothing to address the "private keys" issue.

Doing a rollback because of user error is ridiculous and I can't believe people are even contemplating it.

Dude, myself i don't like the situation but better save the users than the pirate.

the pirate own user's private key so toldy is right, a simple rollback is unable to save honest users.
you need to launch new blockchain with new adress, verify the legitimacy of former wallet etc... Megaproject!

Quote from: bassguitarman on December 16, 2014, 03:13:00 PM

We are in touch with the hacker.

If he returns the amount we agreed upon, then the rollback is canceled.

IMO it's a better solution. Negotiate, it's sad but people who failed to secure their wallet must accept a cut of x%

NoobKidOnTheBlock

hero member

Activity: 784

Merit: 500

FLY DONATION ADDRESS IN SIGNATURE

Quote from: etoque on December 16, 2014, 03:25:52 PM

Quote from: scam_exposer on December 16, 2014, 03:24:08 PM

Quote from: StonerStanley on December 16, 2014, 03:00:26 PM

Quote from: scam_exposer on December 16, 2014, 02:52:17 PM

That does nothing to address the "private keys" issue.

Doing a rollback because of user error is ridiculous and I can't believe people are even contemplating it.

Dude, myself i don't like the situation but better save the users than the pirate.

You can't save users from themselves.

Everybody do some error,people will learn about this...

Why are you so pessimist ?

Would the rollback give me my 70000 coins back?

etoque

legendary

Activity: 1988

Merit: 1000

Quote from: scam_exposer on December 16, 2014, 03:24:08 PM

Quote from: StonerStanley on December 16, 2014, 03:00:26 PM

Quote from: scam_exposer on December 16, 2014, 02:52:17 PM

That does nothing to address the "private keys" issue.

Doing a rollback because of user error is ridiculous and I can't believe people are even contemplating it.

Dude, myself i don't like the situation but better save the users than the pirate.

You can't save users from themselves.

Everybody do some error,people will learn about this...

Why are you so pessimist ?

scam_exposer

sr. member

Activity: 252

Merit: 250

Keeping People Honest - Don't Get Scammed

Quote from: StonerStanley on December 16, 2014, 03:00:26 PM

Quote from: scam_exposer on December 16, 2014, 02:52:17 PM

That does nothing to address the "private keys" issue.

Doing a rollback because of user error is ridiculous and I can't believe people are even contemplating it.

Dude, myself i don't like the situation but better save the users than the pirate.

You can't save users from themselves.

RCan06

sr. member

Activity: 325

Merit: 255

Just checking in to say I support OPAL Devs and community, and I will remain here regardless, as will many others

Bass, that is very interesting change of events. I hope it works out as well.

bassguitarman

hero member

Activity: 728

Merit: 500

We are in touch with the hacker.

If he returns the amount we agreed upon, then the rollback is canceled.

StonerStanley

sr. member

Activity: 535

Merit: 267

Quote from: scam_exposer on December 16, 2014, 02:52:17 PM

That does nothing to address the "private keys" issue.

Doing a rollback because of user error is ridiculous and I can't believe people are even contemplating it.

Dude, myself i don't like the situation but better save the users than the pirate.

toldy

full member

Activity: 214

Merit: 100

Quote from: scam_exposer on December 16, 2014, 02:53:24 PM

~~Something like that.. Using bitcointalk forum names to prove identity could help this..~~ I don't know.

The purpose of my post is to spawn discussion on how this can best be achieved. Give it a day for us to discuss this..

scam_exposer

sr. member

Activity: 252

Merit: 250

Keeping People Honest - Don't Get Scammed

Quote from: toldy on December 16, 2014, 02:51:46 PM

Quote from: toldy on December 16, 2014, 02:40:02 PM

Here's a scenario that I'm wondering how we're going to address:

1. Bob has an OPAL wallet with 100,000 opal, that is not protected with a passphrase

2. He downloads a malware wallet, which copies his wallet.dat and forwards it to the hacker

3. The hacker empties this wallet and transfers his opal away and dumps the private key for "future use".

4. A roll back occurs

5. Bob now has 100,000 opal back in his wallet again

6. A few seconds later, the hacker empties this wallet again, because he has the private key from step #2

How are we going to circumvent this from occurring.

I'll give you a possible solution to the scenario:

1. Opal team releases a new wallet, on a new chain, opal v2 with a 2.5 million premine.

2. The Opal v2 wallet has to be encrypted with a passphrase otherwise the wallet doesn't generate any addresses

3. Bob downloads this Opal v2 wallet, creates a passphrase, and generates a new address

4. Bob now gets in touch with the OpalTeam to verify he has keys to the original v1 wallet, and OpalTeam transfers the stolen coins from v1 (from the v2 premine) to his Opal v2 passphrase protected wallet.

Something like that.. Using bitcointalk forum names to prove identity could help this.. I don't know.

scam_exposer

sr. member

Activity: 252

Merit: 250

Keeping People Honest - Don't Get Scammed

Quote from: toldy on December 16, 2014, 02:40:02 PM

Here's a scenario that I'm wondering how we're going to address:

1. Bob has an OPAL wallet with 100,000 opal, that is not protected with a passphrase

2. He downloads a malware wallet, which copies his wallet.dat and forwards it to the hacker

3. The hacker empties this wallet and transfers his opal away and dumps the private key for "future use".

4. A roll back occurs

5. Bob now has 100,000 opal back in his wallet again

6. A few seconds later, the hacker empties this wallet again, because he has the private key from step #2

How are we going to circumvent this from occurring.

You can't.

Quote from: etoque on December 16, 2014, 02:41:26 PM

Everyone was infected need to do a nice clean up before oppening new wallet

That does nothing to address the "private keys" issue.

Doing a rollback because of user error is ridiculous and I can't believe people are even contemplating it.

toldy

full member

Activity: 214

Merit: 100

Quote from: toldy on December 16, 2014, 02:40:02 PM

Here's a scenario that I'm wondering how we're going to address:

1. Bob has an OPAL wallet with 100,000 opal, that is not protected with a passphrase

2. He downloads a malware wallet, which copies his wallet.dat and forwards it to the hacker

3. The hacker empties this wallet and transfers his opal away and dumps the private key for "future use".

4. A roll back occurs

5. Bob now has 100,000 opal back in his wallet again

6. A few seconds later, the hacker empties this wallet again, because he has the private key from step #2

How are we going to circumvent this from occurring.

I'll give you a possible solution to the scenario:

1. Opal team releases a new wallet, on a new chain, opal v2 with a 2.5 million premine.

2. The Opal v2 wallet has to be encrypted with a passphrase otherwise the wallet doesn't generate any addresses

3. Bob downloads this Opal v2 wallet, creates a passphrase, and generates a new address

4. Bob now gets in touch with the OpalTeam to verify he has keys to the original v1 wallet, and OpalTeam transfers the stolen coins from v1 (from the v2 premine) to his Opal v2 passphrase protected wallet.

Something like that.. Using bitcointalk forum names to prove identity could help this.. I don't know.

StonerStanley

sr. member

Activity: 535

Merit: 267

Quote from: Voidlord on December 16, 2014, 01:12:47 PM

Quote from: StonerStanley on December 16, 2014, 12:56:00 PM

Malwares bytes already delete startup key / method, and malware files (otherwise h

"This Backdoor or another affiliated agent may reload itself after a remove"

If you remove the malware it can't reload. If a malware reload is because you do not kill the persistence (here the persistence was "csrss.exe", in the same folder as "windhcp.exe", and detected by malwares byte also)

This malware is not really smart Wink

don't worry.

(combofix is helpful when some of your system files are corrupted, by malwares)

Ok, thanks StonerStanley, So during the corruption, the backdoor/the attacker can't install other malware/exploit ?

if yes my only advice (for corrupted wallets) will be "CHANGE ALL YOUR PASSWORDS".

As i know i didn't see anything able to make a update for load a new version of this malware.
No one file except the malware (wallet executable, not .dat) itself is corrupted/infected. So if you use malwares bytes is ok (i advise you combofix when no one other antivirus is able to repair your problem)

etoque

legendary

Activity: 1988

Merit: 1000

Everyone was infected need to do a nice clean up before oppening new wallet

toldy

full member

Activity: 214

Merit: 100

Here's a scenario that I'm wondering how we're going to address:

1. Bob has an OPAL wallet with 100,000 opal, that is not protected with a passphrase

2. He downloads a malware wallet, which copies his wallet.dat and forwards it to the hacker

3. The hacker empties this wallet and transfers his opal away and dumps the private key for "future use".

4. A roll back occurs

5. Bob now has 100,000 opal back in his wallet again

6. A few seconds later, the hacker empties this wallet again, because he has the private key from step #2

How are we going to circumvent this from occurring.

etoque

legendary

Activity: 1988

Merit: 1000

GOOD

so the faster you do the rollback,the faster we can continu the opal spread mission

Lets growth this coin !

Btw: Other saying it will be kill opal because centralisation. I want to say. Nop. Need to relax a bit and step back. There's nothing happen,look how many people have vote,no more than 150 lol. NXT was something other,VRC too,because it happen when everybody look at it,when they have a kind of massive addoption(still,far more than opal have now)

We have still only one way to go when you have a Super good dev team like this and we are close to #100 on CMC

there's no bug,no fork,no scam , only malicious link has been posted and some basic error happen. Not so dramatic(except for the 17% user) This coin still doing well guys

bitdraw

hero member

Activity: 504

Merit: 500

Quote from: m30188 on December 16, 2014, 02:15:18 PM

If I'm correct, everyone needs to run a new client that's confirming blocks on a new fork. Is that right?

they update the client, make checkpoints everyone uses the new client and its done pretty much...

i think the harder part is managing all the refunds..

m30188

newbie

Activity: 40

Merit: 0

If I'm correct, everyone needs to run a new client that's confirming blocks on a new fork. Is that right?

NoobKidOnTheBlock

hero member

Activity: 784

Merit: 500

FLY DONATION ADDRESS IN SIGNATURE

Quote from: DeckardKain on December 16, 2014, 01:56:25 PM

Quote from: NoobKidOnTheBlock on December 16, 2014, 01:43:06 PM

Quote from: arniebaby on December 16, 2014, 01:17:03 PM

Quote from: OpalTeam on December 16, 2014, 11:33:39 AM

OPAL PRESS RELEASE BLOCK CHAIN ROLLBACK

Since its inception, OPAL has made significant strides to becoming a valuable asset to the cryptocoin community. An ambitious development team backed by a strong community has proven to be and will continue to be a cornerstone in the continued success of OPAL. With that being said, the OPAL team has found that a user made a malicious post within the OPAL ANN thread which included links to a manipulated version of the wallet. This wallet installs a backdoor which steals wallet.dat files from not only the OPAL wallet, but other cryptocoin wallets as well. Additionally, the user posted links to wallet downloads in other Bitcointalk threads. These downloads are also assumed to be malevolent. The hacker has stolen approximately 17% of the total OPAL coin supply, which is enough to attack the block chain. In light of this, a critical decision has been made by the community to roll back the blockchain, thereby eliminating the possibility of such an attack and to prevent further damage. The OPAL team thanks the community for acting promptly and supporting the continuing growth of OPAL.

Please remember to only download wallets from the website www.opal-coin.com or download and complie the source yourself, which is available at https://github.com/OpalCoin/OpalCoin.

If there are any questions or concerns, please contact the OPAL team at [email protected] or on the IRC channel freenode #opalcoin.

The OPAL Team

OK. Decision made. Timescales??

Okay I've downloaded the wallet from the website and it still says zero connections plus all my OPAL right now are on Bittrex but bittrex has OPAL disabled? Does this mean I'm gonna lose my coins? Or will I still have them?

You wont lose any opal. And if you still lose contact opal team. They never let their people fall.

Okay thanks because I downloaded the wallet with exchange that the OPALTEAM posted here and it's not syncing and says that there is 0 connections and then on Bittrex it says OPAL is disabled? So if I wait a bit everything will be fixed and up and running again?

DeckardKain

newbie

Activity: 34

Merit: 0

Quote from: NoobKidOnTheBlock on December 16, 2014, 01:43:06 PM

Quote from: arniebaby on December 16, 2014, 01:17:03 PM

Quote from: OpalTeam on December 16, 2014, 11:33:39 AM

OPAL PRESS RELEASE BLOCK CHAIN ROLLBACK

Since its inception, OPAL has made significant strides to becoming a valuable asset to the cryptocoin community. An ambitious development team backed by a strong community has proven to be and will continue to be a cornerstone in the continued success of OPAL. With that being said, the OPAL team has found that a user made a malicious post within the OPAL ANN thread which included links to a manipulated version of the wallet. This wallet installs a backdoor which steals wallet.dat files from not only the OPAL wallet, but other cryptocoin wallets as well. Additionally, the user posted links to wallet downloads in other Bitcointalk threads. These downloads are also assumed to be malevolent. The hacker has stolen approximately 17% of the total OPAL coin supply, which is enough to attack the block chain. In light of this, a critical decision has been made by the community to roll back the blockchain, thereby eliminating the possibility of such an attack and to prevent further damage. The OPAL team thanks the community for acting promptly and supporting the continuing growth of OPAL.

Please remember to only download wallets from the website www.opal-coin.com or download and complie the source yourself, which is available at https://github.com/OpalCoin/OpalCoin.

If there are any questions or concerns, please contact the OPAL team at [email protected] or on the IRC channel freenode #opalcoin.

The OPAL Team

OK. Decision made. Timescales??

Okay I've downloaded the wallet from the website and it still says zero connections plus all my OPAL right now are on Bittrex but bittrex has OPAL disabled? Does this mean I'm gonna lose my coins? Or will I still have them?

You wont lose any opal. And if you still lose contact opal team. They never let their people fall.

PhilipMorris

sr. member

Activity: 364

Merit: 250

Quote from: NoobKidOnTheBlock on December 16, 2014, 01:43:06 PM

Quote from: arniebaby on December 16, 2014, 01:17:03 PM

Quote from: OpalTeam on December 16, 2014, 11:33:39 AM

OPAL PRESS RELEASE BLOCK CHAIN ROLLBACK

Since its inception, OPAL has made significant strides to becoming a valuable asset to the cryptocoin community. An ambitious development team backed by a strong community has proven to be and will continue to be a cornerstone in the continued success of OPAL. With that being said, the OPAL team has found that a user made a malicious post within the OPAL ANN thread which included links to a manipulated version of the wallet. This wallet installs a backdoor which steals wallet.dat files from not only the OPAL wallet, but other cryptocoin wallets as well. Additionally, the user posted links to wallet downloads in other Bitcointalk threads. These downloads are also assumed to be malevolent. The hacker has stolen approximately 17% of the total OPAL coin supply, which is enough to attack the block chain. In light of this, a critical decision has been made by the community to roll back the blockchain, thereby eliminating the possibility of such an attack and to prevent further damage. The OPAL team thanks the community for acting promptly and supporting the continuing growth of OPAL.

Please remember to only download wallets from the website www.opal-coin.com or download and complie the source yourself, which is available at https://github.com/OpalCoin/OpalCoin.

If there are any questions or concerns, please contact the OPAL team at [email protected] or on the IRC channel freenode #opalcoin.

The OPAL Team

OK. Decision made. Timescales??

Okay I've downloaded the wallet from the website and it still says zero connections plus all my OPAL right now are on Bittrex but bittrex has OPAL disabled? Does this mean I'm gonna lose my coins? Or will I still have them?

Read up, all your questions have been answered.

Topic: ANN: [OPAL] | POS | Secure Messaging |NO ICO | bitsquare.io | cryptopia | Yobit - page 96. (Read 383418 times)