Topic: [ANN][XCN] Cryptonite - NEW Thread | 1st mini-blockchain coin | Bounties! - page 97. (Read 215666 times)

Most updates are made on this thread, Twitter, Slack, etc. I never really update the website except for the download page. I might just remove that page and a few others actually. I'm just very busy with several other projects which is why I'm not around much and why Pallas handles most Cryptonite stuff these days.

Why is there no update on your website under Project Developer News since 2014 ?!

Most of the hacked funds should be locked now, but a little part of them got into circulation and we can't do anything about them, because we would risk harming honest users.
The final effect is a higher current supply: about 260M more, but it depends if the hacker will move those funds and if part of them got locked on the exchanges; probably accessible surplus is less.

Great work, bitfreak and pallas for fixing this!
I think this is all part of the maturing process for the coin. We all know what we're up to and the end goal should be a stable, usable currency for the general public.

Sad too though, because we all also want to profit from the effort we all put into this coin in the long run. And this might scare off other people for the moment.
Nevertheless, let's remember why we're all here: XCN has a unique set of features that makes it stand out. And that technology is still there, even better now.

Let's move forward and decide on how to deal with the unwanted coins that are now circulating the system. Are they any harm?

effect of the new chinese regulation.
we will just move to another exchange.
you can already use novaexchange or you can wait for bittrex and/or poloniex (or any other that will come).

Ok guys now the main pool and many exchanges have updated to the new version I feel it's safe to release more information about exactly what happened.

Unfortunately it looks like btc38 is going to remove XCN based on that announcement. Btc38 were the ones who first realized something was wrong because they had a suspiciously high number of XCN in their exchange wallet. They notified us there was something wrong a few days ago and I coded up a blockchain analyzer to look for anything suspicious. I discovered that an attacker found a way to create transactions with outputs larger than the inputs, allowing the attacker to essentially create free coins. The first example of the attack can be seen in this block: http://xcn-explorer.selektion21.de/?b=1007085

They were able to generate a negative fee value because of an integer overflow bug, making it possible to have outputs larger than the input value. Obviously there were checks for integer overflows in place but some integers which should have been unsigned were left signed in the worst place possible, either intentionally or by simple mistake, by the original dev. It looks like the attacker spent most of the smaller outputs and left the massive outputs alone, the latest version should block those massive balances but I calculated they were able to get away with around 260 million XCN from the smaller outputs.

We gave btc38 and other exchanges a list of the addresses used by the attacker so they may have been able to freeze some of the attackers funds, based on my analysis it doesn't seem like there's a whole lot of transactions stemming off from the bad transactions. I also want to make it clear this bug has nothing to do with the mini-blockchain technology, the bug in the code was pretty obvious and quite easy to fix just by making some signed integers unsigned. Look at the latest changes on pallas's github to see exactly what we did to prevent this happening again.

In a few days I will release the source code for an XCN blockchain analyzer that I made to find the issue, it should also be useful for building an explorer that works efficiently. I will also release the javascript code I wrote some time ago for creating raw transactions and signing them, which I used to make sure our fix worked and should also be useful for creating a web wallet. Hopefully we can move past this even without too much issue, I was hoping our quick fix would be enough for btc38 not to drop XCN but I cannot blame them for being spooked by this, especially with the new laws in China.

The following is a list of blocks where the exploit was detected:

1007085, 1009490, 1035837, 1044220, 1052967, 1073572, 1103770, 1119219, 1139944, 1171685, 1188258, 1232798, 1246249, 1255968, 1271558, 1274983, 1278864, 1279894, 1281781, 1284716, 1286093, 1288597, 1290084, 1291824, 1294633, 1297819, 1298379, 1300671, 1302547, 1320111, 1320830, 1322596, 1323220, 1350726, 1360510, 1363161, 1364581, 1366301, 1366351, 1367675, 1369704, 1371786, 1373205, 1375144, 1377644

service staff 小丹: Hello! I'm sorry to have kept you waiting, this a few money can get a new integral reward money TAG, RIC, Riemann currency QRK quark currency, world coin WDC, makar currency MEC, ingots COINS YBC, kryptonite currency XCN, little money more than PPC and the earth EAC, energy currency HLB currencies will stop at 12 noon on September 21, trade, system will reserve currency time 7 days, on September 28, please will you digital assets held by the extract to the personal wallet or other platforms. We later will have partial stop trading of other currencies, estimated around October 31 all stop, details please check the announcement, http://www.btc38.com/news/2017/9/15477.htmlThank you for your support and wish you a happy life.
(09-21 10:28) about this ticket, you feel: good | ordinary | bad

 

Pallas..
something about the windows wallet:

1) it would be nice to be able to select the number of currency decimals to show. 10 digits for decimals makes no sense..

2) settings-options-wallet.. i see  "Expert"  at the bottom of the window but its not clickeable.  

Yobit:

https://yobit.net/en/addcoin/


Let's donate to pallas btc address and buy premium for 0.1 btc.
Worth a try.

I don't know how this chinese thing will end up, but I can say we are in contact with bittrex and poloniex to have the coin listed there. Unfortunately they are both very busy, at least that's what they use to say.

the withdrawals are working and thats a very positive sign!!
i think they wont accept deposits until they update the site and figure out the new regulations regarding RMB

so what btc38 is saying is "CNY bye bye"  


thanks for the new wallet Pallas, updating now!

No, the deposit button says "please understand announcement" which you can find here http://www.btc38.com/news/2017/9/15418.html saying they will close all trading, means they won't allow deposit, only withdraw so people get their coins back and then will suspend it.

Why is this coin not listed on YoBit? It's not so hard to get there, you need to look at the future and focus on other exchanges. Even dev thinks this coin will live because of Chineese investors like before, but understand that it won't be possible anymore due to this suspension.

Correct me if I'm wrong.

I don't think so: btc38 updated their wallet and opened withdrawals.
I think they will open deposits soon.

btc38 say:  xcn  bye bye

XCN Cryptonite URGENT Wallet update

Due to the recent discovery of a security hole in the wallet code, we kindly request everyone to update their XCN wallet urgently.

Please find the sources here, as usual:

https://github.com/pallas1/Cryptonite

Windows binaries here:

http://cryptonite.info/?page=download

Further details will be posted as soon as possible.

Quickly updating your wallet will help making the network safe. Thank you for your understanding.

The Cryptonite developers (Bitfreak and Pallas).

Yes! And why not to go beyond 3000 sat, is not imposible. Bought more coins, just in case.

I wouldn't be so sure. "Stop deposit, please understand the announcement!" is the current message. Looks like withdrawal is possible, though I have no coins there to try. Still missing a couple of hundred dollars worth of coins that were sent to them while their wallet was down as well.

Since it went up to over 3000 SAT in june, I see no reason why it can't easily reach 1000 SAT in the near future ;-)

Indeed, this I love on the coin, its unique features. Don't worry guys, this coin will reach 1000 sats in the future, just hold your coins.

New message no btc38: "In the maintenance of monetary function..." instead of "There is a BUG in the wallet", that signals that they started working on wallet restoration, good signal!