Cheap way to attack blockchain - page 4.

basil00

member

Activity: 60

Merit: 10

Quote from: DuddlyDoRight on November 07, 2015, 08:33:28 PM

Worse case scenerio: Buffer Overflow->Code Execution in poorly coded clients.

This is a specific DoS attack vector that has nothing to do with buffer overflows.

The worse case scenario is that no transactions are confirmed for a while until centralized mining intervenes.

DuddlyDoRight

sr. member

Activity: 318

Merit: 260

Quote from: basil00 on November 04, 2015, 09:21:44 PM

Looks like the attacker has successfully launched another attack. This time using the address 3EgSUauJG5N27AUfQwiUfjAhHe6y9AKdVs corresponding to the script:

Code:

OP_IF 0x42412fb4 OP_15 OP_CHECKMULTISIG OP_ENDIF OP_1

This time the attacker managed to successfully fill the 20,000 sigOp limit for block #382053, where 1245x15 = 18675 are fake sigOps arising from the attack transactions. This meant that no more transactions (legitimate or otherwise) could be included in the block, leading to an underfull block of ~288KB (of which ~68KB are the attack txs). Note that the network is currently running at capacity, with 1MB or 750KB blocks the norm.

The new attack was limited to a single block. Also the attacker used a low fee rate of ~18sat/byte. A higher fee rate would have made the attack for effective (but more expensive).

Worse case scenerio: Buffer Overflow->Code Execution in poorly coded clients. I doubt this person would have the skill to do that espesiaclly since it requires brute forcing with weak hashes for shellcode which is next to impossible unless you have super-computers like a gov...

dos will just cause repo commits fixing the handler routines within 72 hours on popular clients..

EDIT: BTC Blockchain and core-implementation have a huge attack surface and design spec. I bet most wallets and miners don't even bounds check and have strict spec handling without error handling.

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: erickimani on November 05, 2015, 04:40:31 PM

Be good.

It is not possible for ~~humans~~ alive creatures to be good for everyone.
Wolves can not be good for rabbits.

erickimani

newbie

Activity: 42

Merit: 0

we can never be secure anywhere. will just depend on luck and other firms that offer cyber security to protect us from scams..Haha. especially from you guys who understand the language of programming. Be good.

basil00

member

Activity: 60

Merit: 10

Looks like the attacker has successfully launched another attack. This time using the address 3EgSUauJG5N27AUfQwiUfjAhHe6y9AKdVs corresponding to the script:

Code:

OP_IF 0x42412fb4 OP_15 OP_CHECKMULTISIG OP_ENDIF OP_1

This time the attacker managed to successfully fill the 20,000 sigOp limit for block #382053, where 1245x15 = 18675 are fake sigOps arising from the attack transactions. This meant that no more transactions (legitimate or otherwise) could be included in the block, leading to an underfull block of ~288KB (of which ~68KB are the attack txs). Note that the network is currently running at capacity, with 1MB or 750KB blocks the norm.

The new attack was limited to a single block. Also the attacker used a low fee rate of ~18sat/byte. A higher fee rate would have made the attack for effective (but more expensive).

DuddlyDoRight

sr. member

Activity: 318

Merit: 260

Be thankful people are doing free security research.. The more they achieve the harder BTC is to hack because it leads to mitigations and patches even if they are blackhat..

Even a really complex algorithmic attack on the block-chain will reveal design flaws that can be fixed and someone will bankrupt a lot of tumblers trying to convert stolen coins.. There are probably companies and criminal groups all over the world with talented people looking for this right now; probably mostly in Russia and China..

Decoded

legendary

Activity: 1232

Merit: 1030

give me your cryptos

What do people have against bitcoin? It's a revolutionary new currency, and people are trying to use it to hurt other bitcoiners.

You're advertising a service to ruin the experience for other bitcoiners, on the official forum where all the bitcoiners come.

Am I missing something?

Bifta

full member

Activity: 182

Merit: 100

Quote from: ?? on ??

Blockchain have been providing some best wallet services for bitcoins. They're famous for their features, security and privacy, but now some cheap hackers Have tried some typical tricks for hacking the blockchain system. What they used were some fake proxy servers for gaining access to the wallets. They have been successful a few times. But, no longer now as blockchain made their system more secure and strong.

That is just not the right blockchain. Please stop confusing blockchain.info for that actual Bitcoin Blockchain. They are two different things. We are talking about the bitcoin blockchain here, and how to spam and perform a DoS attack against full nodes which download the entire blockchain. Also, please read the thread before posting, we don't want your spam here.

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: basil00 on October 31, 2015, 07:57:42 PM

It appears that someone launched a limited form of this attack

http://www.youtube.com/watch?v=0QtKDlZ7FKE

basil00

member

Activity: 60

Merit: 10

It appears that someone launched a limited form of this attack using the address 3G83ox5zw7D6eySoSMCervh9cbhMXdA5t9. The address corresponds to the script:

Code:

OP_IF
   0x451e75af
   OP_15
   OP_CHECKMULTISIG
OP_ENDIF
OP_1

The script is spent by push 0 in the sigScript.

The attacker only generated 960 such outputs, which corresponds to 14400 sigOps, which is not enough even to fill a block. Furthermore the fee rate for the transactions was not very high (37sat/byte), meaning that most normal traffic would be unaffected anyway. So overall this attack had no affect. Maybe this was a test?

Bifta

full member

Activity: 182

Merit: 100

I'm looking at the transaction referenced in the OP: https://blockchain.info/tx/6766e75d6166a0a14bd814921d0f903285e15779e648d7ec52a4f7c0868ec07d and I noticed that the input scripts don't seem to verify with the output script of their referenced outpoints. Can someone explain how this is considered valid?

Zombier0

sr. member

Activity: 435

Merit: 250

Quote from: onemorexmr on October 10, 2015, 06:00:22 AM

Quote from: Zombier0 on October 10, 2015, 05:58:22 AM

Quote from: amaclin on October 09, 2015, 08:00:38 AM

Quote from: shorena on October 09, 2015, 07:44:52 AM

So its dead[1] already?
[1] look at the date http://www.coindesk.com/blacklist-debate-ok-meddle-bitcoins-code/

Nobody cares.
Nobody even know that one pool today does not process transactions to/from some set of addresses.

It was debate, thats i.

Bc is digital cash, cash is free to move.

Wh btc blaclists then i go full prO LTC

LTC is the same as BTC.
if bitcoin ever goes with blacklisting (i dont think or hope so) LTC will be next shortly after

Then we move to nxt and next

onemorexmr

sr. member

Activity: 252

Merit: 250

Quote from: Zombier0 on October 10, 2015, 05:58:22 AM

Quote from: amaclin on October 09, 2015, 08:00:38 AM

Quote from: shorena on October 09, 2015, 07:44:52 AM

So its dead[1] already?
[1] look at the date http://www.coindesk.com/blacklist-debate-ok-meddle-bitcoins-code/

Nobody cares.
Nobody even know that one pool today does not process transactions to/from some set of addresses.

It was debate, thats i.

Bc is digital cash, cash is free to move.

Wh btc blaclists then i go full prO LTC

LTC is the same as BTC.
if bitcoin ever goes with blacklisting (i dont think or hope so) LTC will be next shortly after

Zombier0

sr. member

Activity: 435

Merit: 250

Quote from: amaclin on October 09, 2015, 08:00:38 AM

Quote from: shorena on October 09, 2015, 07:44:52 AM

So its dead[1] already?
[1] look at the date http://www.coindesk.com/blacklist-debate-ok-meddle-bitcoins-code/

Nobody cares.
Nobody even know that one pool today does not process transactions to/from some set of addresses.

It was debate, thats i.

Bc is digital cash, cash is free to move.

Wh btc blaclists then i go full prO LTC

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: shorena on October 09, 2015, 07:44:52 AM

So its dead[1] already?
[1] look at the date http://www.coindesk.com/blacklist-debate-ok-meddle-bitcoins-code/

Nobody cares.
Nobody even know that one pool today does not process transactions to/from some set of addresses.

shorena

copper member

Activity: 1498

Merit: 1499

No I dont escrow anymore.

Quote from: Zombier0 on October 08, 2015, 04:14:46 PM

The day bitcoin starts blacklisting will be the end of it

So its dead[1] already?

[1] look at the date http://www.coindesk.com/blacklist-debate-ok-meddle-bitcoins-code/

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: tommorisonwebdesign on October 08, 2015, 06:07:52 PM

If I were the OP if I wanted to steal somebody's Bitcoins I would look into learning more about programming and networking.

Why can not you do it whether you are not the OP?

tommorisonwebdesign

sr. member

Activity: 448

Merit: 250

If I were the OP if I wanted to steal somebody's Bitcoins I would look into learning more about programming and networking. Then, you could write a script to steal somebody's private keys. Otherwise There may not be a lot of exploits in the network. People try and get nowhere.

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: Zombier0 on October 08, 2015, 04:14:46 PM

The day bitcoin starts blacklisting will be the end of it

Not so sure.
The main thesis is "Nobody cares".
What would you do if most of major pools blacklist an address and publish a note that address belongs to a killer?
You will do nothing. You even will not ask a proof for this statement.

Zombier0

sr. member

Activity: 435

Merit: 250

The day bitcoin starts blacklisting will be the end of it

Topic: Cheap way to attack blockchain - page 4. (Read 28206 times)