Topic: NEM (XEM) Official Thread - 100% New Code - Easy To Use APIs - page 226. (Read 2984910 times)

yea, agree with that "not yet solved".
But did not quite accept the strong words against the coin itself  
Despite the few targets of the criticism (..., ...), I've seen that the coin / system is well-working and has some new features, which give some value for it.

But, it is interesting to see, how this case develops...

This "If he sends some XEMs (10000 XEM) to an account of clean coins (90 000 XEM), then it so that after that the account is "dirty". Right?" leads to a discussion loop:
See richlist discussion.

Why is there such a rich list? Why was it created?

yea, I was guessing that ...
Those 100 000 accounts do decrease the usefulness of the tagging/mosaics.

Maybe the tracking cannot be a plain automate, or it must have some intelligence in it.

How fast those 100 000 transactions can be done ?
Possibly not so fast that the "genius plan" is not noticed by the Trackers (software + humans) ?

We don't know whether the so-called hack was

a. an inside job by a Coincheck worker
b. an inside job by a NEM dev (hidden exploit in the code)
c. Coincheck incompetence (didn't use cold storage, multi-sig, etc.)
d. Spectre/Meltdown/Rowhammer attack by a state-level TLA adversary

or a combination of two, three, or all four.  We may never know, as happened with MtGox.

But that's all just a hand-waving distraction from the point of my post.


The real issue here is the incompetent, dishonest, misleading, and 100% self-serving response of the NEM devs.  The NEM system depends on the competency and honesty of the NEM devs.  Right?

The Official NEM response is to tout this fiasco as some kind of great victory for NEM because they wrote a Tattletale Bot that narcs on Bad Coins, as if that "solved" the many issues created.

That approach does not in reality solve anything because the attacker may simply choose to taint the NEM rich list to whatever extent they require to moot the issue of taint.

That approach also emphasizes NEM is centralized and possession/utility of NEM coins is de facto arbitrarily decided by a NEM Central Committee composed of NEM Core and NEM exchange bosses.

That is not how a fungible currency works.  That is not how a permissionless system works.

The response and fake solution of NEM Core is crafted to appease greedy low-information moonchildren who don't understand these issues and induce them to simply buy back their bags of this centralized, non-fungible shitcoin.

most of the 500M is e.g. 450M.

If he sends some XEMs (10000 XEM) to an account of clean coins (90 000 XEM),
then it so that after that the account is "dirty". Right?
It has 10% dirty coins.

well, maybe I'm too optimistic   but somehow I do trust the Devs and becoz have also seen complex sw projects to be implemented, I think that this tracking sw is not impossible. It may need good co-operation between biggest exchanges, but I wish that it would not be the unbeatable issue.

Because the attacker can create 100,000 new addresses. Send 5,000 XEM to each address, but also send 5,000 XEM to each of the top 100 addresses. Now which accounts have most of the 500MM XEM?

What is the most of the 500M? The attacker can split the account in uneven pieces and sell the smaller pieces.
He could also hold an account with coins that are not tagged (clean coins) and send dirty coins it to this account in order to do coin laundry.
I do not see how this can work. It will be a mess.

How many transactions is made in a day?
Isn't it possible to track the paths, to where the 500M is splitted?
And so keep the track of which accounts have the most of the 500M.

What are the reasons, why you see the problem so big that it cannot be broken?

The amount doesn't matter mate. You cannot really 'taint' certain coins without a more systemic risk. The attacker has 500 million XEM. That's a lot. Here's some math for you.

1000 XEM to the top 500 richlist = 500,000 XEM spent.
Total the attacker has = 500,000,000 XEM
% used for this purpose = 500,000/500,000,000*100% = 0.1%

So with just 0.1% of the hacked funds, the top 500 richlist can become 'tainted'. If you automate this, it can be worse, since it will end up tagging most legitimate addresses and therefore make the original tagging useless.

sounds like an old school comment

Wasn't the cause of the hack
a) Coincheck did not use multi-sig and not use real cold storage
or
b) Coincheck had an internal issue.


Either ot those is not depending on NEM system. Right?

Perhaps ...  wasn't there also some kind of deal, when NXTs were stolen from one person's account in 2014 or 2015 ?

When reading the comments and web sites (coincheck has been operating since 2012, Coincheck provides Two-Factor Authentication and Cold Storage),
cannot avoid a thought, whether it was an "accident" or not.

"...automated system will follow the money and tag any account that receives..."
This sounds really ugly

Article about fungibility: https://www.coindesk.com/ensuring-bitcoin-fungibility-in-2017-and-beyond/

Could you tell me why XEM will be adapted to our daily lives? I do not follow this project and I would like to invest in it, but why such an affirmation?

What a novel use of the word "solved."  I wonder if the people who lost their coins feel this is an appropriate usage of the term.

Nice spin job though.  Lots of self-congratulation and hype to distract from the fact that NEM is not fungible (can't even do coinjoin-style mixing hacks?) and centrally controlled.

This fiasco (and especially the response) demonstrates exactly why I wouldn't even touch this dog shit coin with a pooper-scooper and clothespin on my nose to keep the stench out.



LMFAO.  Stupid mondkinder derps get #REKT.  Learn to crypto you greedy noobs.

It isn't the first time that one of the "Nem Team" hacked an exchange.

NEM is one of the few coins which will be adapted i real life for buying and selling.Things could go faster but I still prefer solid and stable progress.

Automated tagging doesn't work. All the attacker needs to do is send some NEM to all the richlist addresses. Please be careful trying to implement something like this. There is a reason cryptos need fungibility.

The NEM/Coincheck teams need to try and get in touch with the hacker and see if they can negotiate something. The attacker will find it hard to sell out with the exchanges closing/blocking transfers.

Update::: Inside Nem twitter

1/ @coincheckjp hack update: NEM is creating an automated tagging system that will be ready in 24-48 hours. This automated system will follow the money and tag any account that receives tainted money. NEM has already shown exchanges how to check if an account has been tagged.

What happens if he sends tainted Nem to the community fund or such though?

2/ So the good news is that the money that was hacked via exchanges can't leave. So please share this info. The largest hack in history was solved for by NEM in a matter of hours. That is the power of the NEM platform and NEM team.

In other words 523 million Nem burned.. unless they catch the hacker and somehow get the funds back.
Perhaps a bounty deal will be done? who knows