Network Attack on XVG / VERGE - page 16.

Dogedarkdev

legendary

Activity: 1708

Merit: 1009

$XVG - The Standard in Crypto as a Currency!

Quote from: StefanRvO on May 29, 2018, 03:26:53 PM

Since the chain trust is only based on the length of the chain and not cumulated work, wouldn't it be quite easy to perform a double spend with much less than 51% hashrate?

On the original chain, send e.g. 10M XVG to an exchange.

While you wait for confirmations, start mining an alternative chain where you step down the difficulty by fakeing the timestamps. This should still be possible even though the maximum drift is changed to 10 minutes, it will just be somewhat slower. In this chain you include a transaction which invalidates your original transaction. Even if you only have e.g. 5% hashpower, your chain should eventually get longer than the original chain as it has much lower difficulty.

After you have converted the XVG to BTC on the exchange, you submit your privately mined chain to the network, and as it is longer than the original chain, it will cause the nodes to reorganize to your chain. Am I missing anything or would this be completly possible?
This would also make it possible to perform the attack with extremly limited ressources as you don't really have to compete with the honest miners.

that wouldn't work because the invalidation would also be accepted.

CHIEF56

jr. member

Activity: 126

Merit: 2

Quote from: StefanRvO on May 29, 2018, 03:26:53 PM

Since the chain trust is only based on the length of the chain and not cumulated work, wouldn't it be quite easy to perform a double spend with much less than 51% hashrate?

On the original chain, send e.g. 10M XVG to an exchange.

While you wait for confirmations, start mining an alternative chain where you step down the difficulty by fakeing the timestamps. This should still be possible even though the maximum drift is changed to 10 minutes, it will just be somewhat slower. In this chain you include a transaction which invalidates your original transaction. Even if you only have e.g. 5% hashpower, your chain should eventually get longer than the original chain as it has much lower difficulty.

After you have converted the XVG to BTC on the exchange, you submit your privately mined chain to the network, and as it is longer than the original chain, it will cause the nodes to reorganize to your chain. Am I missing anything or would this be completly possible?
This would also make it possible to perform the attack with extremly limited ressources as you don't really have to compete with the honest miners.

There are addresses with unexplained negative balances which show more xvg being debited than credited. Not sure if related, but is still unexplained.

StefanRvO

newbie

Activity: 6

Merit: 0

Since the chain trust is only based on the length of the chain and not cumulated work, wouldn't it be quite easy to perform a double spend with much less than 51% hashrate?

On the original chain, send e.g. 10M XVG to an exchange.

While you wait for confirmations, start mining an alternative chain where you step down the difficulty by fakeing the timestamps. This should still be possible even though the maximum drift is changed to 10 minutes, it will just be somewhat slower. In this chain you include a transaction which invalidates your original transaction. Even if you only have e.g. 5% hashpower, your chain should eventually get longer than the original chain as it has much lower difficulty.

After you have converted the XVG to BTC on the exchange, you submit your privately mined chain to the network, and as it is longer than the original chain, it will cause the nodes to reorganize to your chain. Am I missing anything or would this be completly possible?
This would also make it possible to perform the attack with extremly limited ressources as you don't really have to compete with the honest miners.

CHIEF56

jr. member

Activity: 126

Merit: 2

Quote from: ocminer on May 29, 2018, 03:06:35 PM

Those unusual jumps are actually one part of the attack, the other part is tx spam which slows down most of tthe daemons and the third part is replacing parts of the blockchain with own blocks and thus causing orphans on most pools.

It's okay currently.

Does the transaction spam explain the sort of "phantom transactions" seen that appear on some copies of the chain (and confirmed as valid!), but are discarded as bad on other copies of the chain?

ocminer

legendary

Activity: 2688

Merit: 1240

DZack

newbie

Activity: 3

Merit: 0

TheNewAnon135246

legendary

Activity: 2198

Merit: 1989

฿uy ฿itcoin

CHIEF56

jr. member

Activity: 126

Merit: 2

Quote from: Dogedarkdev on May 29, 2018, 01:14:08 PM

that patch did take 3 days and did not come from another coin. it was from over a month ago.

ok man, sure. And some advice for you:

You may want to calm your Discord buddies and official Verge Moderator who is threatening to murder people, including OCMiner.

Patelkaran.8798

newbie

Activity: 42

Merit: 0

DZack

newbie

Activity: 3

Merit: 0

ktru19

jr. member

Activity: 181

Merit: 1

if u dont like FUD leave bitcointalk lol itll never stop doesnt matter which coin

Patelkaran.8798

newbie

Activity: 42

Merit: 0

Quote from: RzeroD on May 29, 2018, 01:59:37 PM

Quote from: Patelkaran.8798 on May 29, 2018, 01:58:04 PM

Quote from: RzeroD on May 29, 2018, 01:52:30 PM

Guys leave personal attacks and attacks on coins or go to Twitter.
Many users only want information about this and they will have to read pages and pages of personal attacks and various nonsense.

Just relax.

Thank you. Cant stand verge dev being trolled constantly. Its simple as f, if peeps dont like Verge then just leave it. But still they continue their sponsored FUD.

2 attacks are sponsored FUD? ¬¬

Lol. Thought so anways, I am talking abt current Situation.

RzeroD

full member

Activity: 272

Merit: 107

Paranoid In Chief

Quote from: Patelkaran.8798 on May 29, 2018, 01:58:04 PM

Quote from: RzeroD on May 29, 2018, 01:52:30 PM

Guys leave personal attacks and attacks on coins or go to Twitter.
Many users only want information about this and they will have to read pages and pages of personal attacks and various nonsense.

Just relax.

Thank you. Cant stand verge dev being trolled constantly. Its simple as f, if peeps dont like Verge then just leave it. But still they continue their sponsored FUD.

2 attacks are sponsored FUD? ¬¬

Patelkaran.8798

newbie

Activity: 42

Merit: 0

Quote from: RzeroD on May 29, 2018, 01:52:30 PM

Guys leave personal attacks and attacks on coins or go to Twitter.
Many users only want information about this and they will have to read pages and pages of personal attacks and various nonsense.

Just relax.

Thank you. Cant stand verge dev being trolled constantly. Its simple as f, if peeps dont like Verge then just leave it. But still they continue their sponsored FUD.

RzeroD

full member

Activity: 272

Merit: 107

Paranoid In Chief

Guys leave personal attacks and attacks on coins or go to Twitter.
Many users only want information about this and they will have to read pages and pages of personal attacks and various nonsense.

Just relax.

Patelkaran.8798

newbie

Activity: 42

Merit: 0

Quote from: boxalex on May 29, 2018, 01:28:09 PM

This topic now has some entertainment level now as well. Some kind of tragic-comedy.

Some paid purchased XVG forum clowns crying all day and night FUD, what a joke, lol.

Purchased? Oh wait.. you are talking abt yourself. We have been in the community for long enough kid. Till Now you havent even presented single proof refuting our claims. Even pool admin averted FUD. Seems like you are in love with Verge dev hence keep going offtopic and yet still continue this conversation.
Sorry to break your heart dude but he aint gay.

forestpump

newbie

Activity: 10

Merit: 0

Quote from: siege3967 on May 29, 2018, 01:31:43 PM

Quote from: forestpump on May 29, 2018, 01:14:42 PM

Quote from: siege3967 on May 29, 2018, 01:05:51 PM

Quote from: forestpump on May 29, 2018, 01:03:20 PM

Quote from: siege3967 on May 29, 2018, 01:01:46 PM

Quote from: Dogedarkdev on May 29, 2018, 12:57:35 PM

Quote from: TheNewAnon135246 on May 29, 2018, 12:35:57 PM

Quote from: Dogedarkdev on May 29, 2018, 12:33:00 PM

Quote from: TheNewAnon135246 on May 29, 2018, 12:31:40 PM

I never said that Denarius came up with stealth addresses, I am just showing that your code is a copy/paste from their Github. We all know Wraith is promoted as something it is not. Care to explain the other commits?

verge is a fork of peercoin, obviously. (was, after the new rebase to bitcoin we've been working on)

and the stealth.cpp file came from shadowcoin, not denarius. denarius removed the SDC copyright from their header in that file. ours retains the shadowcoin copyright.

You're avoiding what I addressed. During the first hack you claimed that you were working on a patch and yet you just copied it from a different coin (which didn't work). The second patch is a copy from the Shield Github and you're slandering them by saying that they copied it.

our first patch did work: https://github.com/vergecurrency/VERGE/commit/80c81aef63272231fc39c2af4b8db9f3f2e9d328

the attack then changed. since they were using blocks from ~2 hours previous (on a different chain) now that we fixed the drift again, which we meant to do previously, obviously, it seems to be preventing the attack from occurring, as we havent seen any successful attacks of the last 24 hours. we've been working on a whole new rebase for a few weeks now, and im confident it will be far more hardened against any mining exploitation.

First patch did not work. They just stopped exploiting the chain. Also, it was known that your "fix" was not even a real fix and this was pointed out to you several times. It was known as soon as you applied the "patch" that it wasn't going to be enough simply because of how the attack was carried out. Don't bs saying it wasn't the same attack. Literally was, with just a small change.

Heart surgery is the same as eye surgery, with a small change Wink

Do you even know the technicalities behind the attack? Please stop, you're giving away how stupid you are.

Sure I am Mr. "they are the same, but with a small change"

You obviously have no technical knowledge. Typical Verge hodler.

Sure you typical VergeFUD. Keep the pointless FUD going! helps me get more Verge.

siege3967

jr. member

Activity: 42

Merit: 1

Quote from: forestpump on May 29, 2018, 01:14:42 PM

Quote from: siege3967 on May 29, 2018, 01:05:51 PM

Quote from: forestpump on May 29, 2018, 01:03:20 PM

Quote from: siege3967 on May 29, 2018, 01:01:46 PM

Quote from: Dogedarkdev on May 29, 2018, 12:57:35 PM

Quote from: TheNewAnon135246 on May 29, 2018, 12:35:57 PM

Quote from: Dogedarkdev on May 29, 2018, 12:33:00 PM

Quote from: TheNewAnon135246 on May 29, 2018, 12:31:40 PM

I never said that Denarius came up with stealth addresses, I am just showing that your code is a copy/paste from their Github. We all know Wraith is promoted as something it is not. Care to explain the other commits?

verge is a fork of peercoin, obviously. (was, after the new rebase to bitcoin we've been working on)

and the stealth.cpp file came from shadowcoin, not denarius. denarius removed the SDC copyright from their header in that file. ours retains the shadowcoin copyright.

You're avoiding what I addressed. During the first hack you claimed that you were working on a patch and yet you just copied it from a different coin (which didn't work). The second patch is a copy from the Shield Github and you're slandering them by saying that they copied it.

our first patch did work: https://github.com/vergecurrency/VERGE/commit/80c81aef63272231fc39c2af4b8db9f3f2e9d328

the attack then changed. since they were using blocks from ~2 hours previous (on a different chain) now that we fixed the drift again, which we meant to do previously, obviously, it seems to be preventing the attack from occurring, as we havent seen any successful attacks of the last 24 hours. we've been working on a whole new rebase for a few weeks now, and im confident it will be far more hardened against any mining exploitation.

First patch did not work. They just stopped exploiting the chain. Also, it was known that your "fix" was not even a real fix and this was pointed out to you several times. It was known as soon as you applied the "patch" that it wasn't going to be enough simply because of how the attack was carried out. Don't bs saying it wasn't the same attack. Literally was, with just a small change.

Heart surgery is the same as eye surgery, with a small change Wink

Do you even know the technicalities behind the attack? Please stop, you're giving away how stupid you are.

Sure I am Mr. "they are the same, but with a small change"

You obviously have no technical knowledge. Typical Verge hodler.

siege3967

jr. member

Activity: 42

Merit: 1

Quote from: Patelkaran.8798 on May 29, 2018, 01:17:09 PM

Quote from: siege3967 on May 29, 2018, 01:03:49 PM

Quote from: Patelkaran.8798 on May 29, 2018, 12:59:14 PM

Quote from: siege3967 on May 29, 2018, 12:51:33 PM

Quote from: Patelkaran.8798 on May 29, 2018, 12:43:20 PM

Quote from: siege3967 on May 29, 2018, 12:37:12 PM

Quote from: Dogedarkdev on May 29, 2018, 12:33:00 PM

Quote from: TheNewAnon135246 on May 29, 2018, 12:31:40 PM

I never said that Denarius came up with stealth addresses, I am just showing that your code is a copy/paste from their Github. We all know Wraith is promoted as something it is not. Care to explain the other commits?

verge is a fork of peercoin, obviously. (was, after the new rebase to bitcoin we've been working on)

and the stealth.cpp file came from shadowcoin, not denarius. denarius removed the SDC copyright from their header in that file. ours retains the shadowcoin copyright.

How much do you want to bet that your new codebase will be copied from shield who were planning to shift to .16 before you? I can't wait to see the timestamps on the GitHub commits. I'm sure yours will be after theirs and you'll just lie saying they copied you.

So you are saying that one can copy a private codebase? Wow seems like something new. I thought one cant copy private codebase bcoz thats what they have announced. Just like Verge, Verge is gonna make impossible to copy the code from now on so no one can copy code and then blame that verge has copied their fixes or commits.

If it's going to be a private codebase, it's not open source and there's basically no point holding either of those coins anymore. So much for "community" coin. I'm sure shield is not going to have a private codebase. Not sure about XVG because their wallets and miners are going to be closed source. HUGE red flag.

Well, if like you said, Verge Miners and Wallets are gonna be closed source then its upto People to stay invested or not. Let them decide. I dont think Verge dev has finalized to this decision BUT If Verge dev by chance finalizes this decision of being closed source then IMO its even better so certain aspects of code is hidden to prevent code copying and exploits.
Also accordind to your Argument, you should close your bank account as well bcoz you dont know a thing abt their software being closed source. HUGE RED FLAG !!

The whole point is we're trying to be different than banks. Also, comparing code to a bank account is the most retarded anology. I'm not telling him to post his private keys online. Only trust the code. This is an unregulated space, there's no fallback option. Thus, open source code is imperative.

you are being subjective.
One can avoid major problem by keeping certain parts of your code private.
Anyways like i said in my comments, Verge is still exploring all possible options. Also i would like to thank Shield XSH Devleopers for mentioning Verge Developers in their Repository.

The whole point of crypto is to be your own bank and that involves knowing the software you're dealing with or at least having it verified by other users in the community. Open source is required for that.

siege3967

jr. member

Activity: 42

Merit: 1

Quote from: Dogedarkdev on May 29, 2018, 01:14:08 PM

Quote from: TheNewAnon135246 on May 29, 2018, 01:08:54 PM

Quote from: Dogedarkdev on May 29, 2018, 12:57:35 PM

Quote from: TheNewAnon135246 on May 29, 2018, 12:35:57 PM

Quote from: Dogedarkdev on May 29, 2018, 12:33:00 PM

Quote from: TheNewAnon135246 on May 29, 2018, 12:31:40 PM

I never said that Denarius came up with stealth addresses, I am just showing that your code is a copy/paste from their Github. We all know Wraith is promoted as something it is not. Care to explain the other commits?

verge is a fork of peercoin, obviously. (was, after the new rebase to bitcoin we've been working on)

and the stealth.cpp file came from shadowcoin, not denarius. denarius removed the SDC copyright from their header in that file. ours retains the shadowcoin copyright.

You're avoiding what I addressed. During the first hack you claimed that you were working on a patch and yet you just copied it from a different coin (which didn't work). The second patch is a copy from the Shield Github and you're slandering them by saying that they copied it.

our first patch did work: https://github.com/vergecurrency/VERGE/commit/80c81aef63272231fc39c2af4b8db9f3f2e9d328

the attack then changed. since they were using blocks from ~2 hours previous (on a different chain) now that we fixed the drift again, which we meant to do previously, obviously, it seems to be preventing the attack from occurring, as we havent seen any successful attacks of the last 24 hours. we've been working on a whole new rebase for a few weeks now, and im confident it will be far more hardened against any mining exploitation.

You're still avoiding the fact that you simply copied it from a different project without admitting it. The comment section says enough: https://github.com/vergecurrency/VERGE/commit/a3dd53f40aaedd28bd4d0fc720f034492f7ded81

Instead of admitting that you're copy/pasting code you are giving Verge supporters the impression that you actually know what you're doing and acting cocky:

Don't get me wrong, I'm not here to see you fail. All I am saying is that it is extremely disrespectful to accuse other projects of copying your code and/or not giving other projects credit when you're using their fixes. Looking forward to seeing the new XVG codebase!

that patch did take 3 days and did not come from another coin. it was from over a month ago.

We can see the code was copy-pasted from the shield GitHub. They had the code out on 7th April. We're not blind.

Topic: Network Attack on XVG / VERGE - page 16. (Read 29521 times)