Alright since there are a couple of you that would rather FUD than do anything constructive, let me try to address some of what you are talking about.
First, the image from Virustotal.com. If you look closely you will see those are results from a file named 98798rerge.exe. This file is not associated with NYCoin and none of the github downloads that are currently published include this executable. I don't know where it comes from nor why you are posting it here.
Concerning the block validation code, reecelander referenced a commit that was old. The actual code that is in the master repo can be found here
https://github.com/NewYorkCoin-NYC/nycoin/blob/master/src/main.cpp#L2699-L2713 // Shortcut checks for almost all early blocks
if(chainActive.Height() < SKIP_VALIDATION_HEIGHT && GetBoolArg("-fastsync", false))
{
const CChainParams& chainParams = Params();
// hit all the checkpoints but skip most of the rest
std::map::const_iterator cpItr = chainParams.Checkpoints().mapCheckpoints.find(chainActive.Height());
// if the current block is not found in the checkpoints list, skip it
if(cpItr == chainParams.Checkpoints().mapCheckpoints.end())
{
return true;
}
}
What this code does is optional, hence the GetBoolArg(). This is part of the fast-sync functionality which allows a user to download the blockchain at a much faster rate from scratch. It does this in part by bypassing the validation checks for every single block that comes in while syncing. Now you may think that this is cause for alarm but if you remember your blockchain basics you will know that if you change anything in one block, you change the entire blockchain. You can find a refresher article here
https://medium.com/coinmonks/blockchain-for-beginners-what-is-blockchain-519db8c6677a, specifically pay attention to the Chaining the Blocks section. So checking against the checkpoints prevents someone from replacing large chunks of the code and if you dig into our code a bit further, you will see we stop the fast sync before the last checkpoint which means even if someone were to replace all the blocks in the fast sync phase, it would fail as soon as it came out. The code changes, which are again optional, do not present a significant additional threat to the blockchain though they are on the surface, a bit less secure. Ideally, you want to check every single block to be sure you have everything proper but we understand some people don't want to wait and for someone to maliciously change the entire blockchain, they would also have to get a majority of the nodes to go along with what they were doing.
Regarding the infected releases, we are not the only crypto community to be affected by github hacks. One of the people who had access to the github had their account compromised without our knowledge and since github doesn't have the same sort of security or restrictions on releases, they were able to replace our releases with executables that were modified using a fairly basic RAT injection program. When another user pointed this out, we immediately pulled the builds from github and published new, clean builds as quickly as possible. Any claim that the NYCoin devs had anything to do with the recent 51% attack or the malware infection is patently false and those that continue to push that narrative are likely part of the same group of people that launched the attacks in the first place.
If you actually want to discuss code changes and development with the NYCoin dev team, please join us on Discord as we don't frequent this forum and only here about this kind of FUD second hand.
https://discord.gg/zTKMrmQWe welcome constructive discussion of the coin and its use case and we kindly ask that those who try to discredit the team or the project to please find something better to do with your time like having a civil conversation with the development team. Again, the dev team does not frequent this forum so if you want to discuss the actual code, come see us on discord.
Thanks,
MrSlosh
