Pages:
Author

Topic: Cheap way to attack blockchain - page 4. (Read 28257 times)

member
Activity: 60
Merit: 10
November 08, 2015, 12:18:00 AM
#74
Worse case scenerio: Buffer Overflow->Code Execution in poorly coded clients.

This is a specific DoS attack vector that has nothing to do with buffer overflows.

The worse case scenario is that no transactions are confirmed for a while until centralized mining intervenes.
sr. member
Activity: 318
Merit: 260
November 07, 2015, 07:33:28 PM
#73
Looks like the attacker has successfully launched another attack.  This time using the address 3EgSUauJG5N27AUfQwiUfjAhHe6y9AKdVs corresponding to the script:

Code:
OP_IF 0x42412fb4 OP_15 OP_CHECKMULTISIG OP_ENDIF OP_1

This time the attacker managed to successfully fill the 20,000 sigOp limit for block #382053, where 1245x15 = 18675 are fake sigOps arising from the attack transactions.  This meant that no more transactions (legitimate or otherwise) could be included in the block, leading to an underfull block of ~288KB (of which ~68KB are the attack txs).  Note that the network is currently running at capacity, with 1MB or 750KB blocks the norm.

The new attack was limited to a single block.  Also the attacker used a low fee rate of ~18sat/byte.  A higher fee rate would have made the attack for effective (but more expensive).

Worse case scenerio: Buffer Overflow->Code Execution in poorly coded clients. I doubt this person would have the skill to do that espesiaclly since it requires brute forcing with weak hashes for shellcode which is next to impossible unless you have super-computers like a gov...

dos will just cause repo commits fixing the handler routines within 72 hours on popular clients..

EDIT: BTC Blockchain and core-implementation have a huge attack surface and design spec. I bet most wallets and miners don't even bounds check and have strict spec handling without error handling.
legendary
Activity: 1260
Merit: 1019
November 05, 2015, 03:50:23 PM
#72
Be good.
It is not possible for humans alive creatures to be good for everyone.
Wolves can not be good for rabbits.
newbie
Activity: 42
Merit: 0
November 05, 2015, 03:40:31 PM
#71
we can never be secure anywhere. will just depend on luck and other firms that offer cyber security to protect us from scams..Haha. especially from you guys who understand the language of programming. Be good.
member
Activity: 60
Merit: 10
November 04, 2015, 08:21:44 PM
#70
Looks like the attacker has successfully launched another attack.  This time using the address 3EgSUauJG5N27AUfQwiUfjAhHe6y9AKdVs corresponding to the script:

Code:
OP_IF 0x42412fb4 OP_15 OP_CHECKMULTISIG OP_ENDIF OP_1

This time the attacker managed to successfully fill the 20,000 sigOp limit for block #382053, where 1245x15 = 18675 are fake sigOps arising from the attack transactions.  This meant that no more transactions (legitimate or otherwise) could be included in the block, leading to an underfull block of ~288KB (of which ~68KB are the attack txs).  Note that the network is currently running at capacity, with 1MB or 750KB blocks the norm.

The new attack was limited to a single block.  Also the attacker used a low fee rate of ~18sat/byte.  A higher fee rate would have made the attack for effective (but more expensive).
sr. member
Activity: 318
Merit: 260
November 04, 2015, 12:47:46 AM
#69
Be thankful people are doing free security research.. The more they achieve the harder BTC is to hack because it leads to mitigations and patches even if they are blackhat..

Even a really complex algorithmic attack on the block-chain will reveal design flaws that can be fixed and someone will bankrupt a lot of tumblers trying to convert stolen coins.. There are probably companies and criminal groups all over the world with talented people looking for this right now; probably mostly in Russia and China..
legendary
Activity: 1232
Merit: 1030
give me your cryptos
November 03, 2015, 11:47:56 PM
#68
What do people have against bitcoin? It's a revolutionary new currency, and people are trying to use it to hurt other bitcoiners.

You're advertising a service to ruin the experience for other bitcoiners, on the official forum where all the bitcoiners come.

Am I missing something?
full member
Activity: 182
Merit: 100
November 01, 2015, 07:26:23 PM
#67
Blockchain have been providing some best wallet services for bitcoins. They're famous for their features, security and privacy, but now some cheap hackers Have tried some typical tricks for hacking the blockchain system. What they used were some fake proxy servers for gaining access to the wallets. They have been successful a few times. But, no longer now as blockchain made their system more secure and strong.
That is just not the right blockchain. Please stop confusing blockchain.info for that actual Bitcoin Blockchain. They are two different things. We are talking about the bitcoin blockchain here, and how to spam and perform a DoS attack against full nodes which download the entire blockchain. Also, please read the thread before posting, we don't want your spam here.
legendary
Activity: 1260
Merit: 1019
November 01, 2015, 02:37:27 AM
#66
It appears that someone launched a limited form of this attack

http://www.youtube.com/watch?v=0QtKDlZ7FKE
member
Activity: 60
Merit: 10
October 31, 2015, 06:57:42 PM
#65
It appears that someone launched a limited form of this attack using the address 3G83ox5zw7D6eySoSMCervh9cbhMXdA5t9.  The address corresponds to the script:

Code:
OP_IF
   0x451e75af
   OP_15
   OP_CHECKMULTISIG
OP_ENDIF
OP_1

The script is spent by push 0 in the sigScript.

The attacker only generated 960 such outputs, which corresponds to 14400 sigOps, which is not enough even to fill a block.  Furthermore the fee rate for the transactions was not very high (37sat/byte), meaning that most normal traffic would be unaffected anyway.  So overall this attack had no affect.  Maybe this was a test?
full member
Activity: 182
Merit: 100
October 19, 2015, 05:42:13 PM
#64
I'm looking at the transaction referenced in the OP: https://blockchain.info/tx/6766e75d6166a0a14bd814921d0f903285e15779e648d7ec52a4f7c0868ec07d and I noticed that the input scripts don't seem to verify with the output script of their referenced outpoints. Can someone explain how this is considered valid?
sr. member
Activity: 435
Merit: 250
October 10, 2015, 10:04:59 AM
#63
So its dead[1] already?
[1] look at the date http://www.coindesk.com/blacklist-debate-ok-meddle-bitcoins-code/
Nobody cares.
Nobody even know that one pool today does not process transactions to/from some set of addresses.



It was debate, thats i.

Bc is digital cash, cash is free to move.

Wh btc blaclists then i go full prO LTC

LTC is the same as BTC.
if bitcoin ever goes with blacklisting (i dont think or hope so) LTC will be next shortly after

Then we move to nxt and next Smiley
sr. member
Activity: 252
Merit: 251
October 10, 2015, 05:00:22 AM
#62
So its dead[1] already?
[1] look at the date http://www.coindesk.com/blacklist-debate-ok-meddle-bitcoins-code/
Nobody cares.
Nobody even know that one pool today does not process transactions to/from some set of addresses.



It was debate, thats i.

Bc is digital cash, cash is free to move.

Wh btc blaclists then i go full prO LTC

LTC is the same as BTC.
if bitcoin ever goes with blacklisting (i dont think or hope so) LTC will be next shortly after
sr. member
Activity: 435
Merit: 250
October 10, 2015, 04:58:22 AM
#61
So its dead[1] already?
[1] look at the date http://www.coindesk.com/blacklist-debate-ok-meddle-bitcoins-code/
Nobody cares.
Nobody even know that one pool today does not process transactions to/from some set of addresses.



It was debate, thats i.

Bc is digital cash, cash is free to move.

Wh btc blaclists then i go full prO LTC
legendary
Activity: 1260
Merit: 1019
October 09, 2015, 07:00:38 AM
#60
So its dead[1] already?
[1] look at the date http://www.coindesk.com/blacklist-debate-ok-meddle-bitcoins-code/
Nobody cares.
Nobody even know that one pool today does not process transactions to/from some set of addresses.

copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
October 09, 2015, 06:44:52 AM
#59
The day bitcoin starts blacklisting will be the end of it

So its dead[1] already?

[1] look at the date http://www.coindesk.com/blacklist-debate-ok-meddle-bitcoins-code/
legendary
Activity: 1260
Merit: 1019
October 08, 2015, 11:04:26 PM
#58
If I were the OP if I wanted to steal somebody's Bitcoins I would look into learning more about programming and networking.
Why can not you do it whether you are not the OP?
sr. member
Activity: 448
Merit: 251
October 08, 2015, 05:07:52 PM
#57
If I were the OP if I wanted to steal somebody's Bitcoins I would look into learning more about programming and networking. Then, you could write a script to steal somebody's private keys. Otherwise There may not be a lot of exploits in the network. People try and get nowhere.
legendary
Activity: 1260
Merit: 1019
October 08, 2015, 03:24:39 PM
#56
The day bitcoin starts blacklisting will be the end of it
Not so sure.
The main thesis is "Nobody cares".
What would you do if most of major pools blacklist an address and publish a note that address belongs to a killer?
You will do nothing. You even will not ask a proof for this statement.
sr. member
Activity: 435
Merit: 250
October 08, 2015, 03:14:46 PM
#55
The day bitcoin starts blacklisting will be the end of it
Pages:
Jump to: