Thanks for the update and great job wemineltc !
Quoting the thread on litecoin.org :
Things are getting back to normal on our pool. The recent rumors of supposed problems on the Litecoin network we believe were actually
multiple clever attacks on pool servers, there was no instability in the Litecoin network itself. Thanks to help from the Litecoin core devs, especially pooler of litecoinpool.org,
we have found and fixed a share verification vulnerability in the pool server stratum implementation.
The affected code is found here:
Code: [Select]
def diff_to_target(self, difficulty):
'''Converts difficulty to target'''
diff1 = 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000
return diff1 / difficulty
https://github.com/viperaus/stratum-mining/blob/master/lib/template_registry.py#L145We don’t use this specific build but we had similar code for this part of the template_registry code.
We found new users as of a few days ago that had been using this exploit to cheat the pool and to steal coins from the legitimate miners. We have taken appropriate steps to stop this from happening again. We are attempting to inform all Litecoin pools of the exploit as we believe many pools who work off the same base code may be affected.
Suspected fake miners were clocking at up to150MH/s for 3-4 days. We suspect more cheaters were involved over the past 3-4 days which could have been at least partially to blame for the pools bad luck.
During deployment of the fix, we logged changes in valid hash rates.
The biggest detected confirmed cheater was Cryptopower who went from 30MH/s to 1MH/s (someone who also tried to bash our pool in forums), the payout address for this account is LYVLrqSQyrDYN1QqQz2icbsF1rbihSAEmK - they stopped mining altogether about 3 hours after all their shares were being rejected. There are other accounts who we suspect may have been cheating, but without knowing for 100% sure, it would be dangerous and unfair to publish their information in case they are actually innocent. We are continuing to analyze the logs to identify accounts that may have been involved.
If we get more info we will post in the news asap. You will notice things have gone back to normal after sorting this out.