Author

Topic: Is it possible to fake the BTC blockchain? (Read 528 times)

sr. member
Activity: 1204
Merit: 270
Hire Bitcointalk Camp. Manager @ r7promotions.com
December 23, 2020, 11:38:28 PM
#45
In the world of internet hackers can easily fake everything they can easily create blogs of different sites although different organizations try to create blogs like their official sites there are many differences between these blogs. If you follow the sites in the right way you can consider them if you see the logo of the fake site BTC blockchain can be forged but not completely.
newbie
Activity: 1
Merit: 0
December 23, 2020, 06:37:24 PM
#44
We regularly update our blog publication with resources that can be used as inspiration for content.

Blog articles can be published anywhere on the internet and publicly accessible. Articles can be written in any language, but please check with us to make sure your language will qualify for a bounty.

Examples of recommended publications on reputable outlets, such as Bitcoinist, or in any other media relevant to Cryptocurrency. Your blog or Medium site works, too, however you must also follow that post up by distributing it on Reddit.

Writers should familiarize themselves with the official white papers to ensure an accurate depiction of MyIdentityCoin.
sr. member
Activity: 697
Merit: 272
Slimcoin - the Proof of Donation inventors!
November 12, 2019, 01:08:52 AM
#43
There is no way that this example will happened because there's no person in the world that will transact BTC without internet connection and will rely on the seller internet connection. This is an absurd example...
False

...this topic must be closed since it's already received too many replies.
True, this topic has been already answered.
The answer is that it would be technically possible, but it would not worth it as the cost would be too high.


Please before posting read the first 2 pages of discussion, there are all answers there.
hero member
Activity: 2716
Merit: 698
Dimon69
November 11, 2019, 10:45:29 PM
#42
No it is nt possible to fake any btc  or blockchain transaction all the transactions are listed in blockchain website we can access all transactions
Based on the scenario given it might not possible, its either it will not be sent or retain in that account or simply be late in transaction since there is no way to have a fake blockchain unless the host will give his address to be sent to him. Beside crypto users are aware of scammers now that's why they do face to face transactions maybe as well they know they will have transaction why not load his self a data Internet on their place.
TGD
hero member
Activity: 1288
Merit: 620
Wen Rolex?
November 11, 2019, 10:44:11 PM
#41
That is quite technical but for general point of view, I think we cannot fake blockchain only if transaction are done according to its usual process.
What you site in your example is some kind of negligence on the person transacting and we know that if we are transacting a big amount of BTC , we will have to make sure that we will not fall for any kind of trick to steal our money.

Agreed. He is trying to point out if the scammer try to show the blockchain of a fork BTC. There is no way faking blockchain since it's transparent ledger and it's design to solve this kind of situation.
There is no way that this example will happened because there's no person in the world that will transact BTC without internet connection and will rely on the seller internet connection.
This is an absurd example and this topic must be closed since it's already received too many replies.
hero member
Activity: 2716
Merit: 904
November 11, 2019, 10:36:42 PM
#40
That is quite technical but for general point of view, I think we cannot fake blockchain only if transaction are done according to its usual process.
What you site in your example is some kind of negligence on the person transacting and we know that if we are transacting a big amount of BTC , we will have to make sure that we will not fall for any kind of trick to steal our money.
member
Activity: 448
Merit: 10
November 11, 2019, 10:27:59 PM
#39
No it is nt possible to fake any btc  or blockchain transaction all the transactions are listed in blockchain website we can access all transactions
hero member
Activity: 952
Merit: 513
November 11, 2019, 09:18:34 PM
#38
He doesn't have mobile internet connection, so he asks his host to connect to his host's wi-fi.
His host, that we assume for the sake of our inquiry wants to scam his guest, connects him to a fake internet in which the real BTC blockchain was forked in order to fake a transaction that in really will never happen.
I'm not sure how this would work. Is he going to connect the guest to an internet network that he is able to manipulate data from it? I mean, this could be possible, similar to how countries block certain sites, I am sure smart hackers are going to be able to also manipulate things on someone's phone when they try and access the internet (eg, making things show up, after they use the internet).

So once the first guy will go back home he'll see that his payment has disappeared.
Is this situation technically possible?
You could be able to another address show up in place of an actual address possibly, but this hacker would need to be incredibly skilled.
sr. member
Activity: 697
Merit: 272
Slimcoin - the Proof of Donation inventors!
November 11, 2019, 01:48:47 PM
#37

This is an interesting one.
It looks like it can be done but I don't know exactly how.
 I guess traders should be careful of "fake internet" then or even avoid exchanging Bitcoin via public Wi-Fi or other people's internet.

 Imagine if this is done on a large scale by a powerful entity.

TBH from this discussion it seems like it can't be done or at least the cost of doing it would be much higher than just buying the BTCs 
Ucy
sr. member
Activity: 2674
Merit: 403
Compare rates on different exchanges & swap.
November 11, 2019, 10:01:05 AM
#36
It's a bit of time I'm asking myself this question.
Let's imagine the following situation:
A guy visits another guy to receive a payment in BTC.
He doesn't have mobile internet connection, so he asks his host to connect to his host's wi-fi.
His host, that we assume for the sake of our inquiry wants to scam his guest, connects him to a fake internet in which the real BTC blockchain was forked in order to fake a transaction that in really will never happen.
So once the first guy will go back home he'll see that his payment has disappeared.
Is this situation technically possible?

This is an interesting one.
It looks like it can be done but I don't know exactly how.
 I guess traders should be careful of "fake internet" then or even avoid exchanging Bitcoin via public Wi-Fi or other people's internet.

 Imagine if this is done on a large scale by a powerful entity.
sr. member
Activity: 697
Merit: 272
Slimcoin - the Proof of Donation inventors!
November 11, 2019, 09:14:04 AM
#35
Not all innovations are welcome development
Seems like you haven't read what we were speaking about here.
jr. member
Activity: 209
Merit: 1
November 09, 2019, 04:40:13 PM
#34
It's a bit of time I'm asking myself this question.
Let's imagine the following situation:
A guy visits another guy to receive a payment in BTC.
He doesn't have mobile internet connection, so he asks his host to connect to his host's wi-fi.
His host, that we assume for the sake of our inquiry wants to scam his guest, connects him to a fake internet in which the real BTC blockchain was forked in order to fake a transaction that in really will never happen.
So once the first guy will go back home he'll see that his payment has disappeared.
Is this situation technically possible?
This is an eye opener mate, must persons are just looking for your idea, they have all it takes to make things work.
Just tell them what you think, and they will make it a reality!

I hope something like this will not happen in years to come.
It will really have a negative effects on cryptocurrencies In general.

Not all innovations are welcome development
copper member
Activity: 1050
Merit: 294
November 09, 2019, 10:12:25 AM
#33
As far as I know, the receiver cant get tricked assuming:

  • The receiver has had his bitcoin address ready(probably pre-copied address to his notes app, or a screenshotted QR code)


Even if the bitcoin address is pre-copied the host can generate fake transaction on "fake blockchain" on which visitor is connected.

  • The receiver is viewing his bitcoin address through a reputable and untampered app(Mycelium, Electrum, etc)

Yes, if he is using a reputable app he can't be fooled by a fake transaction as it will not appear on his app.
hero member
Activity: 1890
Merit: 831
November 09, 2019, 08:48:05 AM
#32
Technically everything is quite possible , one thing that you learn in cyber security is that you are not supposed to actually let anyone connect you with a wifi or Bluetooth and send something in your mobile , you should understand that everything that we see right now can fall anytime ... Everything does have one or more negative sides therefore we don't know how one can do it but we do know it's possible.
sr. member
Activity: 2086
Merit: 283
Vave.com - Crypto Casino
November 09, 2019, 03:34:22 AM
#31
It's a bit of time I'm asking myself this question.
Let's imagine the following situation:
A guy visits another guy to receive a payment in BTC.
He doesn't have mobile internet connection, so he asks his host to connect to his host's wi-fi.
His host, that we assume for the sake of our inquiry wants to scam his guest, connects him to a fake internet in which the real BTC blockchain was forked in order to fake a transaction that in really will never happen.
So once the first guy will go back home he'll see that his payment has disappeared.
Is this situation technically possible?

I don't think they can fool people like that because the bitcoin blockchain has so many blocks that each transaction requires block verification, it's impossible to manipulate or send fake bitcoin, unless they use third party applications or sites that cannot be reached by the blockchain technology created by the recipient to be sent via a fake application.
sr. member
Activity: 697
Merit: 272
Slimcoin - the Proof of Donation inventors!
November 09, 2019, 02:57:25 AM
#30
anyway. much cheaper attack to achieve if user is just using a lite wallet cellphone app. which would usually be the case for most meet up stuff

From what @pooya87 above has said about Electrum, for instance, seems it's not that easy to fake a blockchain with the lite wallet either:
SPV wallets
in this case it still is impossible to fool the receiver. although it depends on the wallet but a decent one (like Electrum) would download the block headers, verify their proof of work and could also use merkle root to make sure the "server" it is connected to is not lying about transactions and their state. and since everything is protected by an still strong hash algorithm and the proof of work, the design is fraud proof.
in this scenario the only thing that a malicious server can do is to show a confirmed transaction as unconfirmed. the opposite is impossible.
legendary
Activity: 4410
Merit: 4788
November 08, 2019, 06:01:13 PM
#29
anyway. much cheaper attack to achieve if user is just using a lite wallet cellphone app. which would usually be the case for most meet up stuff
legendary
Activity: 4410
Merit: 4788
November 08, 2019, 05:38:44 PM
#28
Is it possible for a 99% consensus 'SCAM' to possibly be the real "BTC" blockchain?
if victims node was downloaded to be a vrsion that the attacker hintd at, thus victims nod had ruls accepting attackers funky non btc rules.. then yes
but if victims node was recent proper btc node it would just regect the blocks from attacker

alt of people think a mining pool can just create a block that magics new coins or is 100mb and if 99% of people receive the block then it becomes accepts.. no
first the ndoes have to have a rule to not check balances to allow magic coins to be accepted. and then a rule to allow a 100mb block
and then majority of nodes if they pass the funky rules then need to follow a chain of blockhashes that the pool has produced by out pacing other pools..(tripl hard as it involves not only hash power but users havng the re-codd clinets to accept )


in most cases in just a current form '51% attack' a pool cant make mega blocks or make new coins appear from nothing.. al they can do is choose which valid rule following transactions to include or exclude

EG a transaction that follows ral btc rules. but where the attacker has only broadcast the tx to his attacker pool on the privat network thus only shows as confirmed in the forked private chain. but not even registered on the real btc chain.
thus when user gets home and syncs to the true btc chain. he ends up seeing his transaction is not confirmed as it was not broadcast and included on the real public btc chain

in short. people worry too much that pools can change the rules without needing consensus of chaning the code client run.. but all a pool can do is change th transaction lists in blocks
hero member
Activity: 666
Merit: 516
Fuck BlackRock
November 08, 2019, 04:22:56 PM
#27
Is it possible for a 99% consensus 'SCAM' to possibly be the real "BTC" blockchain?
sr. member
Activity: 697
Merit: 272
Slimcoin - the Proof of Donation inventors!
November 08, 2019, 03:52:41 PM
#26
running scenarios through my head.
if your running a full node that has not been synced you are more at risk than one that synced.
but take that with a grain of salt

lets simplify it without the techni detail
imagine your node was synced recent enough to knows it needs blocks of ~50exa hashes performed to get a block
the attacker only has 50petahash(1000 asics($200k equipment))
what would take the public ntwork 2 weks to make 2016 blocks
and would take attacker 38 years to produce 2016 blocks to even gt to a point to start reducing the difficulty

imagine your node was last synced in 2014 enough to knows it needs blocks of ~a few petahashs  performed to get a block
the attacker only has 50petahash(1000 asics($200k equipment))
the attacker could easily convince your node his privat fork has good reliable chainwork to make your node build upon blocks after the blockheight your node requests that you dont have.

so in short if an attacker wants to do something your full node needs to be very outdated in sync to b a cheap attack.
or the attacker needs to invest more to be able to do a for attack the more rcent the re-sync is required

so again not possible. but just low chance for more experienced users that sync regular
noobs that are fresh and totally unsynced(never used a full node before thus have no sync to fork/orphan) an attack can be cheap, very cheap as the only data the noob would b getting is the private forks version

I'm thinking about the real world use scenario. That's why when someone has said here that the naive user could be scammed and there is nothing to do I don't feel quite satisfied with it.
But still I'm considering that if someone takes his laptop to go to someone to get paid he'd sync his blockchain before especially if he lives in a place where the internet is not that quick. So he'd sync before just to avoid waiting both him and the payer during the transaction (which by itself may take up to one hour).
So my receiver is not a complete noob as he accepts BTC as payment, but he lives in a very remote, poor place somewhere in the world, where the scammers are very active and technology doesn't work always as it should be.
In any case he has his a recent blockchain downloaded, so as per your explanation the attack can't be performed.
legendary
Activity: 4410
Merit: 4788
November 08, 2019, 03:29:08 PM
#25
running scenarios through my head.
if your running a full node that has not been synced you are more at risk than one that synced.
but take that with a grain of salt

lets simplify it without the techni detail
imagine your node was synced recent enough to knows it needs blocks of ~50exa hashes performed to get a block
the attacker only has 50petahash(1000 asics($200k equipment))
what would take the public ntwork 2 weks to make 2016 blocks
and would take attacker 38 years to produce 2016 blocks to even gt to a point to start reducing the difficulty

imagine your node was last synced in 2014 enough to knows it needs blocks of ~a few petahashs  performed to get a block
the attacker only has 50petahash(1000 asics($200k equipment))
the attacker could easily convince your node his privat fork has good reliable chainwork to make your node build upon blocks after the blockheight your node requests that you dont have.

so in short if an attacker wants to do something your full node needs to be very outdated in sync to b a cheap attack.
or the attacker needs to invest more to be able to do a for attack the more rcent the re-sync is required

so again not possible. but just low chance for more experienced users that sync regular
noobs that are fresh and totally unsynced(never used a full node before thus have no sync to fork/orphan) an attack can be cheap, very cheap as the only data the noob would b getting is the private forks version
sr. member
Activity: 697
Merit: 272
Slimcoin - the Proof of Donation inventors!
November 08, 2019, 11:31:44 AM
#24
I think I've got my answers and I'm satisfied.
Thank you guys!  Smiley
jr. member
Activity: 65
Merit: 1
November 08, 2019, 09:08:04 AM
#23
It's a bit of time I'm asking myself this question.
Let's imagine the following situation:
A guy visits another guy to receive a payment in BTC.
He doesn't have mobile internet connection, so he asks his host to connect to his host's wi-fi.
His host, that we assume for the sake of our inquiry wants to scam his guest, connects him to a fake internet in which the real BTC blockchain was forked in order to fake a transaction that in really will never happen.
So once the first guy will go back home he'll see that his payment has disappeared.
Is this situation technically possible?

I think it’s possible to deceive a person using online crypto wallets. However, what you are asking about is excluded, it is checked very easily and "fake Internet" will not be able to help scammers to fake the BTC blockchain
legendary
Activity: 3472
Merit: 10611
November 08, 2019, 09:04:40 AM
#22
what you are asking will always come down to HOW the received is checking the status of the transaction he receives.
people already explained the case where receive runs a full node i want to address two other things that were mentioned here.

SPV wallets
in this case it still is impossible to fool the receiver. although it depends on the wallet but a decent one (like Electrum) would download the block headers, verify their proof of work and could also use merkle root to make sure the "server" it is connected to is not lying about transactions and their state. and since everything is protected by an still strong hash algorithm and the proof of work, the design is fraud proof.
in this scenario the only thing that a malicious server can do is to show a confirmed transaction as unconfirmed. the opposite is impossible. for example if the malicious server shows an unconfirmed transaction as confirmed then it also has to provide a merkle root from the block that it claims contains this and since it can't, this attack becomes impossible. (the same arguments about having hash power and mining the block is true here too).

web wallets and block explorers
in this case it is also impossible to fool the receiver. in order to fool the receiver (eg. show an unconfirmed tx or a tx that  doesn't even exist) as confirmed the attacker has to perform a Man In the Middle attack. even if you are using his WIFI you are still communicating over an encrypted channel. the only way this is possible is if either the web wallet/block explorer was NOT using SSL encryption or if the attacker can inject a malicious certificate authority into receiver's device and then pull the MITM attack easily.
legendary
Activity: 3472
Merit: 4801
November 08, 2019, 08:52:29 AM
#21
This post is a kind of work in progress, as much info I get that make me change my mind as much the "rules" are changed. I'm not after imposing my opinion, just to see whether there is an issue or not. So I "changed my rules" because of the previous post. But thank you for many valid points explained.

If you are trying to find out if there are ways that gullible people can be scammed, history tells us that the answer is always YES.

If you are trying to determine if a savvy user taking the proper precautions can be scammed, the answer is: Maybe.  It depends on motivations, risk tolerance and awareness, and many other factors.

If you are trying to determine if Bitcoin-Qt itself has a fatal flaw that someone could take advantage of, the answer is: Yes.  Bitcoin-Qt assumes a "rational actor".  If someone (or a group of people) is willing to spend huge amounts of money to turn another person (or group of people) into victims, without gaining any monetary benefit for themselves, then a it would technically be possible to acquire more hashpower than the rest of the world combined and create havoc with anyone they want to.

Seems like performing this kind of attack against a lite wallet is much easier, right?

Performing an attack that takes advantage of the victim's trust is always possible. It doesn't matter what form that trust takes.  Using a Bitcoin-Qt that is provided to you by the attacker is a form of trust. Accepting an unconfirmed transaction is a form of trust. Accepting a single confirmation on a BTC transaction valued at $200,000.00 is a form of trust. Using a light wallet is a form of trust.  Using a hosted wallet is a form of trust.  Using a block explorer is a form of trust. Using paypal is a form of trust. Using paper checks from a bank is a form of trust.

Choose your favorite form of trust, assign it to the potential victim, and yes, it will be possible to take advantage of that trust.
sr. member
Activity: 697
Merit: 272
Slimcoin - the Proof of Donation inventors!
November 08, 2019, 08:29:42 AM
#20
well..
most people dont carry around a desktop computer when wanting to use remote/someone elses internet. so usually people are checking via a smart phone by default when they go visit someones house. so chances that the victim is using a lite wallet being very very high without attacker even having to try
Agreed.  Smiley

. . . So should the attacker be certain his victim only uses a lite wallet he can invite his victim to his home to receive the payment? . . .

You are changing the rules here.  You said that you were thinking about Bitcoin-Qt BECAUSE it is usually perceived as a better solution than any light wallet.  Now you are saying that the victim is going to use a worse solution?

This post is a kind of work in progress, as much info I get that make me change my mind as much the "rules" are changed. I'm not after imposing my opinion, just to see whether there is an issue or not. So I "changed my rules" because of the previous post. But thank you for many valid points explained.

And another thought. What if the attacker performs the same attack without inviting his victim to a physical place, just by knowing the victims IP and isolating from him the right net and offering only connections to the fake nodes?

Place has nothing to do with the attack you are trying to describe.  The point of your described attack is simply that the victim is isolated from other Bitcoin nodes and is forced to communicate with nodes that the attack controls.  There may be MANY different ways to accomplish this, but in the end it isn't likely to be a profitable attack unless you have a VERY VERY gullible victim.

That's right. It's nothing to do with the place, what I described in OP is only a specific case of a more general kind of attack. But putting the attack into contest of receiving a visitor gives the attacker the possibility to receive something "after he paid" and then disappear or just wash his hands as the victim has actually seen his BTC on his wallet, while in Internet it's more difficult.

Seems like performing this kind of attack against a lite wallet is much easier, right?
legendary
Activity: 3472
Merit: 4801
November 08, 2019, 08:07:47 AM
#19
. . . I was thinking about the receiver that is using bitcoin-qt wallet . . .

. . . the full wallet is usually perceived as a better solution than any light wallet, in terms of security . . .

In terms of Bitcoin-Qt wallet, this attack would be VERY expensive.  The attacker would need to have control of nearly as much bitcoin block hashing power as the rest of the world combined if they wanted to provide blocks at a reasonable rate of about one every 10 minutes.  They *might* be able to get away with about one-sixth of the world's hash power if they knew for sure that their vicitim was only going to wait for 1 confirmation but...

1) The average time for the attacker to create a valid forked block will be an hour (some blocks will take even longer).
2) One sixth of the world's hashpower is still very expensive.
3) The more value you are exchanging, the more confirmations you should wait for, and the more suspicious you should be of unusual circumstances
4) It is going to take nearly an hour to get that 1 confirmation which is a lot of time for the victim to become suspicious and decide to check on things.
5) All that hashpower could have earned real bitcoins by mining on the real blockchain (approximately 12.5 bitcoins per hour).  So, unless the attack is for more than 12.5 bitcoins or is driven by pure vengeance (And not a profit motive), the attacker probably could have earned a lot more money by simply mining instead of attacking.
6) If the attack IS for more than 12.5 BTC... See #3


. . . So should the attacker be certain his victim only uses a lite wallet he can invite his victim to his home to receive the payment? . . .

You are changing the rules here.  You said that you were thinking about Bitcoin-Qt BECAUSE it is usually perceived as a better solution than any light wallet.  Now you are saying that the victim is going to use a worse solution?

If the user is willing to use any system the requires some amount of trust (Lite wallet, hosted wallet, blockchain explorer, paypal, credit card, paper check from a bank account, etc), then it will always be possible to take advantage of that trust with enough effort. The more trust that is needed the easier it will be to take advantage of that trust.

And would it be possible for the attacker to fake the hashpower? As he has all the nodes he can modify the bitcoind in order to drop the difficulty and to mine with a CPU, but to communicate to "blockchain" the hashpower multiplied by let say 10whatever?

No.  Bitcoin-Qt doesn't care how much hash power you have.  It just cares if you were able to provide a valid hash. On average it requires a LOT of attempts before you stumble across a valid hash.  If you don't actually have enough hash power, then it is going to take you a very long time to try enough attempts to stumble across a valid hash.  At the current difficulty, it requires generating (on average) approximately 46,800,000,000,000,000,000,000 hashes before stumbling on a valid hash. Without a lot of hashpower, it is going to take a long time to generate that many hashes.

It isn't going to be enough to "modify the bitcoind".  The attacker doesn't get to choose the valid difficulty.  The victim's Bitcoin-Qt calculates the difficulty itself (it does not trust the difficulty that it hears from other nodes).  It does this by looking at the amount of time it took to calculate the previous 2,016 blocks (approximately 2 weeks of blocks), and the difficulty that those blocks were calculated at. The attacker would need to modify the victim's Bitcoin-Qt if he wanted to change the difficulty value that the victim's software would accept.

There is no hashpower "communicated to the blockchain".  There is only a hash that is either valid (below the current difficulty threshold) or isn't valid (is above the current difficulty threshold).  Since the victim's Bitcoin-Qt gets to set that difficulty threshold itself, either the attacker generated enough hashes to stumble across blocks with a low enough hash, or they didn't generate enough and haven't yet found blocks with a low enough hash.

And another thought. What if the attacker performs the same attack without inviting his victim to a physical place, just by knowing the victims IP and isolating from him the right net and offering only connections to the fake nodes?

Place has nothing to do with the attack you are trying to describe.  The point of your described attack is simply that the victim is isolated from other Bitcoin nodes and is forced to communicate with nodes that the attack controls.  There may be MANY different ways to accomplish this, but in the end it isn't likely to be a profitable attack unless you have a VERY VERY gullible victim.
legendary
Activity: 3542
Merit: 1352
Cashback 15%
November 08, 2019, 08:07:35 AM
#18
Possible if the buyer is not really that into bitcoin just yet since the seller could give him a link to a pre-fabricated app displaying wrong information and feed/supply the wrong information. The only real way to avoid this is to not use the seller’s hotspot connection. Go to a public place wherein wifi is available and could not easily tampered, let seller scan your address’ QR code and pay him/her. Personally I don’t really connect to a public network I don’t trust but when it comes to such need, I go to Starbucks or anywhere else where wifi is free and use their connection.
legendary
Activity: 4410
Merit: 4788
November 08, 2019, 07:57:06 AM
#17
where it is definetly possible and practical to do. is the lite wallets that dont involve validating blocks at client/user level where the lite wallet only gets UTXO data which can easily be faked on a closed internet
So should the attacker be certain his victim only uses a lite wallet he can invite his victim to his home to receive the payment?

??should an attacker be certain his victim only uses a lit wallet??

well..
most people dont carry around a desktop computer when wanting to use remote/someone elses internet. so usually people are checking via a smart phone by default when they go visit someones house. so chances that the victim is using a lite wallet being very very high without attacker even having to try

..
secondly. if someone is a noob and doing their first step into bitcoin as an introduction, an attacker can sway the noob whwich lite wallet to download.
"EG to save you learning all the technobabble just download wallet XXX which is user friendly" most nobs would do it without thinking

thirdly and a good defense for victim. if iin your scenario of meeting up with an attacker. the victim has a face, location and other details which authorities can use to catch the attacker. this isnt as much the case in remote private exchanges

this topic doesnt mean that its super easy for an attacker to do it.. like advertising to scammers a get rich quick and easy.. but its just stating its not impossible to achieve and people should atleast be wary

its like debit card cloning. in quiet village/small towns that dont have much police patrols and where ATM's are scarce. the population usually end up using the limited atm's more. and its stuff like that which card cloner love. secluded location to give them time to insert the card skimmer without being spotted and knowing the footflow(usage) of atm will be high due to lack of competing atm's
hense people should be wary when using an ATM

its like getting a random phone call from an accented voice saying they are technical support and that you have a virus and need to download their software.. just be wary..

even of chances of being scammed seem low. doesnt man saying something is impossible to happen should be said, nor should it be said to not be aware of the potential risk even if chances are low
sr. member
Activity: 1274
Merit: 278
November 08, 2019, 07:54:13 AM
#16
In the first place, people don't even need to go to the other party's place just to make a payment. Bitcoin blockchain works in a way that everywhere you are, as long as you have an internet connection, you can transfer funds to another account.

Though, faking the BTC blockchain will not be possible. There are articles that state that blockchain can be hacked: https://www.technologyreview.com/s/612974/once-hailed-as-unhackable-blockchains-are-now-getting-hacked/. But in this case, it is not BTC blockchain. What they did to compromise the blockchain is to to have a huge hash power authority.

In terms of bitcoin, these hashing power is distributed that makes it strong enough to be invulnerable to hacking.
sr. member
Activity: 697
Merit: 272
Slimcoin - the Proof of Donation inventors!
November 08, 2019, 06:29:12 AM
#15
however. its complicated as the block will have to pass the difficulty threshold to pass one of the security checks. (blockhash needs to have certain amount of 0000's .. which means alot of hashpower to achieve such. meaning its expensive to achieve

so yes its possible. but not cheap.

And would it be possible for the attacker to fake the hashpower? As he has all the nodes he can modify the bitcoind in order to drop the difficulty and to mine with a CPU, but to communicate to "blockchain" the hashpower multiplied by let say 10whatever?

And another thought. What if the attacker performs the same attack without inviting his victim to a physical place, just by knowing the victims IP and isolating from him the right net and offering only connections to the fake nodes?  

where it is definetly possible and practical to do. is the lite wallets that dont involve validating blocks at client/user level where the lite wallet only gets UTXO data which can easily be faked on a closed internet
So should the attacker be certain his victim only uses a lite wallet he can invite his victim to his home to receive the payment?

And again I'd like to make it clear what is the purpose of this question. People are often ask and speak about wide BTC adoption here. But should this issue exist it can be the cause of many scams in the places like Africa, for instance, where many people have a mobile phone and also a free internet connection, but only... enabled to use Facebook and Whatsapp. So with a high degree of probability the sender's home wi-fi would be used in the above described transaction.
The BTC blockchain is becoming more and more heavy, so more and more people are switching to lite wallets. I don't know whether a 10% of people are using a full wallet anymore. Does it mean that this kind of attack is something to consider?
sr. member
Activity: 1820
Merit: 436
November 08, 2019, 05:34:31 AM
#14
It's a bit of time I'm asking myself this question.
Let's imagine the following situation:
A guy visits another guy to receive a payment in BTC.
He doesn't have a mobile internet connection, so he asks his host to connect to his host's wi-fi.
His host, that we assume for the sake of our inquiry wants to scam his guest, connects him to a fake internet in which the real BTC blockchain was forked in order to fake a transaction that in really will never happen.
So once the first guy will go back home he'll see that his payment has disappeared.
Is this situation technically possible?
I this it is possible to do but the guy will notice it eventually of course and you just make it appear that he has received the transaction or make it appear like a legit transaction in the blockchain but not really a hack or sending a fake bitcoin, I think your going to need to crack the code of the bitcoin to fake a transaction but the method you just says is just making it appear a transaction was made but it was not. By the way transaction in the blockchain could sometimes cancel it happened to be sometimes due to traffic.
sr. member
Activity: 697
Merit: 272
Slimcoin - the Proof of Donation inventors!
November 08, 2019, 04:25:29 AM
#13
since you are talking about a full node, this attack is impossible. your node will detect invalid blocks. with an SPV wallet, the attack is theoretically possible but extremely unlikely because it requires mining blocks at the current difficulty level.
Thank you very much you've reminded me about the difficulty! :-)

where it is definetly possible and practical to do. is the lite wallets that dont involve validating blocks at client/user level where the lite wallet only gets UTXO data which can easily be faked on a closed internet
So should the attacker be certain his victim only uses a lite wallet he can invite his victim to his home to receive the payment?

And again I'd like to make it clear what is the purpose of this question. People are often ask and speak about wide BTC adoption here. But should this issue exist it can be the cause of many scams in the places like Africa, for instance, where many people have a mobile phone and also a free internet connection, but only... enabled to use Facebook and Whatsapp. So with a high degree of probability the sender's home wi-fi would be used in the above described transaction.
legendary
Activity: 4410
Merit: 4788
November 08, 2019, 04:19:44 AM
#12


So, the receiver's bitcoin-qt wallet syncing the 'forked blockchain' through the sender's wifi? I'm really not sure, but I don't think that's really possible. But if it is indeed possible, I assume that it would be very difficult to pull off, and the sender probably needs to do some stuff to the receiver's wallet for this to work. But again, I'm not sure.

Very interesting question nonetheless. Let's wait for other replies.

it is possible
take normal internet. your fullnode can select any node. and have many connections to avoid the risk of a dodgy node sending a dodgy block(thats one of the points/security features). but if the internet is a closed internet where the only available nodes are that of a dodgy block maker. then yes the only block your node gets will be a dodgy block.

however. its complicated as the block will have to pass the difficulty threshold to pass one of the security checks. (blockhash needs to have certain amount of 0000's .. which means alot of hashpower to achieve such. meaning its expensive to achieve

so yes its possible. but not cheap.
.....

where it is definetly possible and practical to do. is the lite wallets that dont involve validating blocks at client/user level where the lite wallet only gets UTXO data which can easily be faked on a closed internet
legendary
Activity: 1652
Merit: 1483
November 08, 2019, 04:09:30 AM
#11
As far as I know, the receiver cant get tricked assuming:

  • The receiver has had his bitcoin address ready(probably pre-copied address to his notes app, or a screenshotted QR code)
  • The receiver is viewing his bitcoin address through a reputable and untampered app(Mycelium, Electrum, etc)

a sybil attack is theoretically possible. if the sender sets up lots of malicious nodes (or electrum servers), the receiver might connect to them and become separated from the honest network. this opens them up to double spending, de-anonymization, and DOS attacks.
https://en.bitcoin.it/wiki/Weaknesses#Sybil_attack

I was thinking about the receiver that is using bitcoin-qt wallet.
So if he connects to the forked BTC blockchain he'll download wrong blocks then the sender will send him BTC, a valid transaction on the forked blockchain, and then the receiver will go home, connect to the right blockchain and see the transaction has never occurred.

the attack is theoretically possible but extremely unlikely because it requires mining blocks at the current difficulty level.
sr. member
Activity: 697
Merit: 272
Slimcoin - the Proof of Donation inventors!
November 08, 2019, 04:01:20 AM
#10
Yes, there a chance to generates bitcoin transactions into the bitcoin network for hours and stays unconfirmed before it disappears.

You can use powerful PXbitcoin Transaction Builder

This software generates bitcoin traction and it will stay unconfirmed in the blockchain network for up to a few hours. that you can use to trick anyone.

Now you understand about way all exchanges or any other services providers to set the 6 bitcoin network confirmation needs.
 

I see your point, but I'm afraid it's a bit different.
I'm imagining people tricked into downloading a forked blockchain, so the transaction would have the regular 6 confirmations there.
legendary
Activity: 1424
Merit: 1008
November 08, 2019, 03:58:57 AM
#9
Yes, there a chance to generates bitcoin transactions into the bitcoin network for hours and stays unconfirmed before it disappears.

You can use powerful PXbitcoin Transaction Builder

This software generates bitcoin traction and it will stay unconfirmed in the blockchain network for up to a few hours. that you can use to trick anyone.

Now you understand about way all exchanges or any other services providers to set the 6 bitcoin network confirmation needs.




 
sr. member
Activity: 697
Merit: 272
Slimcoin - the Proof of Donation inventors!
November 08, 2019, 03:53:50 AM
#8
If he has a full wallet, it may work, but that would mean the buyer comes with his laptop (why would he do that if all he needs for checking is a browser which he already have on the smartphone?)
This it the detail I was missing in my description. Of course he has to come with his laptop or with his mobile wallet that doesn't have internet connection.

I meant that people don't really have full wallet on smartphone. On smartphone they'll have a SPV.

True, I edited my above post in the mean time :-)

And of course he doesn't have to check any other thing than his own full wallet.

Well, Blockchain.com can be faked even easier, after all, but as I said, he will have to know what (websites, servers, ...) to fake, there are too many options.
The scammer goes usually by probability. I think at least 90% of the users don't double-check transactions they are seeing on their full wallets.
And the long run the scammer could create a bunch of fake resources where their victims could double-check their transactions as well.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
November 08, 2019, 03:51:42 AM
#7
If he has a full wallet, it may work, but that would mean the buyer comes with his laptop (why would he do that if all he needs for checking is a browser which he already have on the smartphone?)
This it the detail I was missing in my description. Of course he has to come with his laptop or with his mobile wallet that doesn't have internet connection.

I meant that people don't really have full wallet on smartphone. On smartphone they'll have a SPV.

And of course he doesn't have to check any other thing than his own full wallet.

Well, Blockchain.com can be faked even easier, after all, but as I said, he will have to know what (websites, servers, ...) to fake, there are too many options.
sr. member
Activity: 697
Merit: 272
Slimcoin - the Proof of Donation inventors!
November 08, 2019, 03:49:33 AM
#6
If he has a full wallet, it may work, but that would mean the buyer comes with his laptop (why would he do that if all he needs for checking is a browser which he already have on the smartphone?)
This it the detail I was missing in my description. Of course he has to come with his laptop.
And of course he doesn't have to check any other thing than his own full wallet.

I'm thinking about this situation in context of the wide BTC adoption. There are places in the world where people don't have that much internet access and where they may consider more sure seeing their BTC on their own laptop. And by the way the full wallet is usually perceived as a better solution than any light wallet, in terms of security.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
November 08, 2019, 03:44:21 AM
#5
Is this situation technically possible?

The buyer has to check the transaction. It depends a lot on how he does that. I would check a reputable blockchain explorer.

Let's say that the buyer checks in his own wallet.
If he has a full wallet, it may work, but that would mean the buyer comes with his laptop (why would he do that if all he needs for checking is a browser which he already have on the smartphone?)
If he has a SPV (Electrum, Mycelium), I think that there's a possibility he can have a corresponding (fake) server in his own network. But he will have to know what wallet to expect (to prepare the corresponding server), he will have to have his own custom DNS...

Overall I think that, although possible, it's not viable.
The seller has to know too much info about the buyer to have everything right. And quite some skills to get the buyer into that certain situation. And nowadays people just use the mobile data, there are far too many warnings to avoid using 3rd party WiFi.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
November 08, 2019, 03:41:45 AM
#4


So, the receiver's bitcoin-qt wallet syncing the 'forked blockchain' through the sender's wifi? I'm really not sure, but I don't think that's really possible (apparently, it is). But if it is indeed possible, I assume that it would be very difficult to pull off, and the sender probably needs to do some stuff to the receiver's wallet for this to work. But again, I'm not sure.

Very interesting question nonetheless. Let's wait for other replies.
sr. member
Activity: 697
Merit: 272
Slimcoin - the Proof of Donation inventors!
November 08, 2019, 03:33:55 AM
#3
As far as I know, the receiver cant get tricked assuming:

  • The receiver has had his bitcoin address ready(probably pre-copied address to his notes app, or a screenshotted QR code)
  • The receiver is viewing his bitcoin address through a reputable and untampered app(Mycelium, Electrum, etc)

Not sure how a 'fake blockchain' can affect the receiver's mobile app, unless the sender asks the receiver to download a wallet of this 'fake blockchain'. And take note that the receiver can verify through block explorers if he actually received the funds in the first place.

In the top of my head, the only way the sender could tricked the receiver is probably through a double spend, or through a phishing site redirection through the wifi's DNS settings if the receiver is going to use a web wallet through a browser(and not a wallet app).

Correct me if I'm wrong of course.

I was thinking about the receiver that is using bitcoin-qt wallet.
So if he connects to the forked BTC blockchain he'll download wrong blocks then the sender will send him BTC, a valid transaction on the forked blockchain, and then the receiver will go home, connect to the right blockchain and see the transaction has never occurred.
This is of course not possible with Electrum, but is it possible with bitcoin-qt wallet, assuming the receiver doesn't check on any other source his transaction when he is still at his host's home?
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
November 08, 2019, 03:24:33 AM
#2
As far as I know, the receiver cant get tricked assuming:

  • The receiver has had his bitcoin address ready(probably pre-copied address to his notes app, or a screenshotted QR code)
  • The receiver is viewing his bitcoin address through a reputable and untampered app(Mycelium, Electrum, etc)

Not sure how a 'fake blockchain' can affect the receiver's mobile app, unless the sender asks the receiver to download a wallet of this 'fake blockchain'. And take note that the receiver can verify through block explorers if he actually received the funds in the first place.

In the top of my head, the only way the sender could tricked the receiver is probably through a double spend, or through a phishing site redirection through the wifi's DNS settings if the receiver is going to use a web wallet through a browser(and not a wallet app).

Correct me if I'm wrong of course.
sr. member
Activity: 697
Merit: 272
Slimcoin - the Proof of Donation inventors!
November 08, 2019, 02:59:48 AM
#1
It's a bit of time I'm asking myself this question.
Let's imagine the following situation:
A guy visits another guy to receive a payment in BTC.
He doesn't have mobile internet connection, so he asks his host to connect to his host's wi-fi.
His host, that we assume for the sake of our inquiry wants to scam his guest, connects him to a fake internet in which the real BTC blockchain was forked in order to fake a transaction that in really will never happen.
So once the first guy will go back home he'll see that his payment has disappeared.
Is this situation technically possible?
Jump to: