Topic: Network Attack on XVG / VERGE - page 69. (Read 29513 times)

It's really pity that the Suprnova pools will stay closed. When I had a look onto my miner and saw that there was something terrible wrong, I found a message at the official Verge Twitter account, that there WAS a little problem what is fixed now. I could see it on my machine: It was NOT fixed. So it was very appreciated when the Suprnova pool went down and gave a link to the explanation what is going on (this thread). At this point Verge devs had many hours time to inform the exchanges and other pools to suspend trading to get time for a nice solution. But they just let it go. That is not acceptable.

Now even the wallets still are out of sync. Is there any ETA out already, when they get updated?

Nice try. Thx to ocminer for his work. It`s better to mine anything else then mine nothing and get such support from devs.

this will work for now, until our new block verification rewrite is added. im well aware that dgb and myr use a different codebase.

we dont need that commit, we are just rolling forward. technically this person did not break any rules of the source code, and it would cause a huge headache for the exchanges since the coins have already moved (likely were sold)

the 1st step would be to stop your pool, and notify miners that its stopped for now. 2nd would be to contact us. 3rd, let us get something ready to fix it instead of invite the entire forum population to join in the attack. after your initial post the rate of blocks increased 10x. you say you want to end the drama, but never in my life have i seen more drama from a single person. you even quoted me in your OP with something i never said lol

I get why you're pissed off and I'm a total noob here, but I gotta say that I think they need you ocminer.

WE need people like you running the pools and keeping an eye on things for the rest of us. In this quickly evolving space we need a lot more than straight up profit-takers. We need people who give a shit about doing this thing right.

I hope you change your mind about XVG. I'd use your pool at double the fee exactly because you care about more than profits.

Alright, next thing you will say is that 51%'ing bitcoin would be illegal or that it would be hacking, stay ignorant.

Full support and respect for ocminer. You did what you had. Over vise it was open gate for illegal mining.

Looks like ocminr have much more knowledge in this meter compare to dev...sad they are so arrogant and don't see point.

You don't understand blockchains or code

Code is all that matters, if it's possible to do it is implied that it's within the rules, this is a non argument.

Thanks ocminer for letting us know what's actually going on & offering your help (only to get spat on...).

when the attacker stopped attacking the on verge blockchain, they can start attack again later, i have the same statement with VenMinet this is a bad time for Verge developer, this issue can make investor selling their Verge asset and make the market price going down.

You think it'd be surprising that even whilst there is millions of XVG coins being instamined, XVG continues to go up in price. But it's not really.. most of the value in XVG doesn't even exist in the coin itself. People who are trading and making this market happen really don't care about XVG. They just care about XVG's value versus it's trading pairs. And as long as the volume continues to go through the roof, the technical troubles of the coin don't even matter.

Hell, if someone sold 15M XVG right now at market price it would drop the price from 850 satoshi to 775 satoshi which wouldn't even drop it past the 24hr low. Most of the time if you had a shitload of easily mined coins you couldn't just dump them all at market price, but in this case hey no worries.

Technical development stuff of a coin basically doesn't matter. It doesn't matter how good your development is, or what features your crypto has, what matters is that someone wants to trade it. Coins like DNR are really showing this right now; taking a constant downtrend vs BTC whilst constantly releasing new updates & functionality - e.g. recently release masternodes, 50% of the total supply is locked in masternodes yet the BTC price is down 50% from the price at MN release, how does that work? They don't have a giant marketing machine driving hype so nobody wants to trade it.

XVG development team might have no clue what they're doing, but their marketing department (which is at this point basically provided by interested holders I'm guessing) is on it. Wraith protocol? Huge pump - what was wraith protocol technically? Stealth addressing code lifted directly from shadowcoin source. Loads of coins have this exact feature and it's just called stealth addressing. Does it matter that wraith protocol isn't actually protocol? Hell no, it sounded cool so people wanted to buy it, so the price went up. Honesty and transparency is basically useless in this market right now, if you're upfront and just want your coin functionality to do the talking, you're not gonna go anywhere, which is a shame.

Anyway, this attack will continue until the new chain parameters are implemented across the majority of nodes in the network - that is, this will require a hard fork to a new chain with new parameters. And that cannot happen one node at a time, it must happen at a specific point (usually a block height) and all nodes need to be running the new code at this point; at which time the network will 'cleanly' hard fork to the new code. It's also possible to implement some invalidation of the coins generated in this hack however that generally should be done specifically - and since the attack will still be available up until this fork and you need time to get everyone updated beforehand, it's not going to be easy done.

Updating thousands of nodes doesn't happen over night. However if you can ensure all the exchanges and pools are updated, then you basically force anyone using the old version to update since in order to send their XVG to an exchange they're gonna need the new version.

This is so so so wrong...

Can you please link to the line of code which says blocks can be instamined or created in <1 second  as per the "consensus rules"

They are neither hackers nor thieves, nor was the creation of coins illegal, in fact it was done with accordance to the consensus rules of the chain, otherwise it would be impossible to do.
You can't have decentralized pros without its cons.

It has usually been pretty fast in the past. That's why I assumed it wasn't good yet. I've looked at the oldest one and it's up to 119 confirmations so I'll know in a little bit if it's good.

Okay guys, as the shit keep hitting the fan harder and harder here I need to take a few steps to actually end that drama for me:

Suprnova will not reopen any of it's XVG/Verge pools for mining whatsoever. You can mine it freely on any different pool if you like. Withdrawals are possible of course.

The background is that the "fix" promoted by the devs simply won't fix the problem. It will just make the timeframe smaller in which the blocks can be mined / spoofed and the attack
will still work, just be a bit slower.

Also the over 20 Million XVG which were instamined by the attacker won't be blacklisted, reverted, filtered or rolled-back in anyway according to the verge-dev, so in my opinion you all (the miners and investors) got betrayed about that 20 M coins .. For some it might be only a few coins, for some it might be a lot.. For some this might all be drama for them, I see you there of course..

Just to clarify a few last things:

1. The fix won't fix it. The problem is not alone the drifttime, but also the algo variance. You have to make sure that not X blocks get mined on one algo.
    Myriad and digibyte had the same issues - they fixed it.

    Here's a possible fix for the issues: https://github.com/digibyte/digibyte/pull/15

    Please DON'T just merge the code like you see it in that commit, you need to actually find the right places in your code and merge it. It's a slightly different codebase, so it won't work
    with just copy & paste, you actually have to understand and rewrite it to fit to your needs.


2. It's possible to blacklist certain addresses within the blockchain. So if you know on which addresses hacked funds reside, you can simply "blacklist" them directly in the codebase of the coin.
    For example you know that the attacker has used address "123abc123acb123abc" as the root for his hacked funds. You can now - at anytime - update your wallet code and just say
    "orphan all transactions with the root address "123abc123acb123abc". So even if the hacker moves the funds NOW or in one year, it won't happen as you've blacklisted the originating address.
    This was done previously also, not on myriad but on another coin - I can also find that commit for you.


3. I was getting blamed for "judging" too early and posting this info publicly on bitcointalk. I've mixed feelings about this.. Yes, I could have spoken silently to the devs at first and tell them "hey,
    something weird is going on on your blockchain" - however in the same time my miners were asking why the pool wasn't finding blocks and I already saw the first tweets about "skimming" and    
    stuff.. So.. What to do ? Keep the info about the hacker silent with the devs and wait 3-4 days for a (non-working) fix and get my reputation killed totally or just go for a public post about it
    and shutdown the pools ? I know, it's a difficult decision and my decision might have been wrong, but hey, I'm neither the attacker nor am I the guy responsible for the coin..  Also I was a bit
    astonished that I was actually the first to report the problem.. I was expecting devs watch their coin closely and come up with fixes upfront.. or at least know about what happend.

    In my opinion the optimal handling for this problem probably would have been something like this:

   1. Contact pools and exchanges to shutdown mining and trading
   1a. Tweet/Inform miners about the problem and tell them it's been worked on but takes it's time.
   2. Talk about possible problems and mitigation practices with devs/exchanges and pools.. Create a "conference room" for this for example and invite all necessary people there.
   3. Find a resolution, roll back the chain or at least filter the malicious coins (as someone as a (big) advantage here which he shouldn't, or?? So some others have a big disadvantage, or not ?)
   4. Go back online with the resolution and back to mining.



Least but not last here's a chatlog from a few moments ago, sorry for posting the drama but I just can't let it stand like it is at the moment.. If you don't want to read drama, just skip the part:
And yes, I might be a bit upset there as well, sorry, next time I'll be more precise and "nice"


...
[16:08:43]     yes i put it in both branches
[16:10:11]    ed__ (319465d0@gateway/web/freenode/ip) joined the channel
[16:12:43]     hmm no filtering/rollback of the attackers coins ?
[16:12:55]     thats over 20 mills for him...
[16:13:08]     we dont do rollbacks.
[16:13:16]     we roll forward
[16:13:17]  <@Epsylon3>   i imagine the mess :p
[16:13:31]  <@Epsylon3>   the only this you can do is tracking the coins
[16:13:38]     ocminer, would have been great if you contacted someone from our team. by you putting this on bitcointalk, you invited a ton of other people to attack as well.
[16:13:39]  <@Epsylon3>   talking with exchanges
[16:14:01]     also your quote The vergeDEV @ Discord says "everything is okay - there's nothing to fix"..
[16:14:03]     thats bullshit.
[16:14:05]     i never said that
[16:14:15]     why are you quoting me saying something i never said?
[16:14:18]     -.-
[16:14:25]     i already talked to bittrex and binance, theyre updated
[16:14:55]     you just don't understand what this is all about
[16:16:02]     how so?
[16:16:14]     i do understand. we are having blocks injected with spoofed timestamps.
[16:16:20]  <@Epsylon3>   what the amount mined per day ?
[16:16:22]  <@Epsylon3>   is*
[16:16:24]     and i never said "everything is okay - there's nothing to fix"
[16:16:46]  <@Epsylon3>   i need to add a script command for that :p
[16:16:54]     also your commit won't fix it
[16:16:57]     but ..
[16:17:12]     go ahead and "move forward"
[16:17:14]     ~4mill/day
[16:17:17]  <@Epsylon3>   XVG: current block_time set in the db 0mn35 (35 sec)
[16:17:18]  <@Epsylon3>   XVG: avg time for the last 2048 blocks = 0mn13 (13 sec)
[16:17:18]  <@Epsylon3>   XVG: avg time for the last 1024 blocks = 0mn31 (31 sec)
[16:17:35]  <@Epsylon3>   my script dont go so far :p
[16:17:51]     12000 * 1560 = 18.7 mills already
[16:17:53]  <@Epsylon3>   XVG need 20x that :p
[16:18:30]     yeah it wasnt that bad until ocminer posted it on bitcointalk, and then everyone and their mother joined in.
[16:18:51]     and also misquoted me completely
[16:19:00]     lol, now you're blaming me for an attack on your blockchain ? srsly ?
[16:19:07]     did i blame you?
[16:19:09]  <@Epsylon3>   2026860 now... 2000000 was 2018-04-01 17:39:37
[16:19:11]     i said the attack wasnt as bad
[16:19:14]     [16:18:30]      yeah it wasnt that bad until ocminer posted it on bitcointalk, and then everyone and their mother joined in.
[16:19:15]     it was worse after
[16:19:20]  <@Epsylon3>   3 days..
[16:19:25]  <@Epsylon3>   4
[16:19:27]     yes that is correct. congrats, you got a quote correct
[16:20:03]  <@Epsylon3>   so yep, maybe not 12000 blocks
[16:20:14]  <@Epsylon3>   i may create a script to check :p
[16:20:49]  <@Epsylon3>   Height:    2010000
[16:20:49]  <@Epsylon3>   Time:    2018-04-04 14:22:01
[16:21:03]  <@Epsylon3>   after first hack so
[16:21:31]  <@Epsylon3>   will do the script, i like right numbers
[16:26:22]     listen.. kid... you have a absolutely trashy shitcoin pumped in heaven through that tweet from john mcafee back in that day.. you probably made a lof of money by that idiot tweeting xvg to the moon.. you should have used the chance and invested some of that money and invest it into a decent dev team, as seriously, and everyone knows that, you have not the slightest idea of coding whatsoever... If you've had done that, you could have patched your
[16:26:22]      super-old codebase already to a super-recent codebase like myriad or digibyte and wallets would't have memory leaks all over, wouldn't take >30 mins until they startup and also those two drama's with the earlier tor hardforks wouldn't have happen. I'm not the guy who "keeps bullshit silent" - when I see something is happening, I report it - immediately and from my POV your users/miners have been betrayed by over 20 M coins which were injected
[16:26:22]      maliciously into the blockchain... This is not a kiddo script hack and my post didn't change anyhting but just revealing what is happening at the moment (as you didn't notice yourself until I came into your hostile discord) and it's not a bad thing to post that publicly. You know see me as your enemy or whatever - I don't care, if you want to continue with your coin, go ahead, surely without me, but this should be your utmost last warning - think
[16:26:22]      about yourself, think about how you make decisions and maybe come down a bit from your emperor throne and get help from professionals if you can't handle it alone... You'll see what happens after your HF - nothing, guaranteed, because you don't fix the root cause of this.
[16:26:27]    vergeDEV (~sunerok@unaffiliated/sunerok) left IRC (Ping timeout: 240 seconds)
[16:26:50]     And Epsylon3 ... you
[16:27:04]  <@Epsylon3>   i slept
[16:27:09]  <@Epsylon3>   :p
[16:27:22]     Hi, sorry I come back late
[16:27:23]     're not much better than him.. only looking for the profits here.. .your miners also lost a lof of coins during the network was stalled and the 15k blocks mined...
[16:27:34]     I am running unimining where there is XVG
[16:27:36]  <@Epsylon3>   you are wrong
[16:27:38]     (on blake2s)
[16:27:39]     if you'd be honest, you'd shutdown the pool and let him fix his shit up
[16:27:41]  <@Epsylon3>   i stopped the pool the whole day
[16:28:02]  <@Epsylon3>   and answered everyone why
[16:28:08]     it's up and running already, without any fix for the malicious coins
[16:28:10]  <@Epsylon3>   lot of spam
[16:28:16]  <@Epsylon3>   took the whole day
[16:28:37]  <@Epsylon3>   i pasted the fix i made this morning
[16:28:38]     sorry I will read what you said few minutes ago, I am late but I'll shut the pool if coin dev say so then I can explain to my miners that I follow coin dev orders
[16:28:52]     when a coin explodes randomly and coin dev don't care then I delist it
[16:28:58]  <@Epsylon3>   which is the commit, with proper knowledge and amount of seconds
[16:29:04]     but XVG risk is high for Uni so I may delist it
[16:29:07]     that fix from him is just bullshit, it changes nothing, just the timespan of which they do the attacks.. .they will be slowed down a bit, but that's all

....



This will be my last dealing with XVG. I don't like to get cheated and blamed. As a miner myself I care for what I mine and I care for others as well - you can take it or leave it.

Rest assured there will be lots of pools you can still mine on, no problem at all will occur.


Also Congratulations to the Hacker - you've chosen the right coin for your hack (which was invented in 2014 btw:)) - don't buy too many Lambos with your > 20M Verge... so what.. About 1 Million $ now ?

You need to wait until you have 140 confirmations; which you don't have yet-- that's why you haven't been paid.

I would say no. I have been mining on the yiimp pool for over an hour and have 0 confirmed blocks.

Yeah what would top off the show is if the exploited "coins" got sent to a burn address.
It's better that this was seen sooner than later or slowly over a long period without such noise may have done more damage or could have already been doing damage for awhile.

When you're a public figure, people will talk.  
When you make boneheaded mistakes in your code AND deny/don't fix it and leave the community hanging after they just put together 75M xvg for your island??   People will talk.  
Oh and I just watched your announcement video... what a joke.   Thanks for offering the market space zero credibility.

How do you know who is involved and who isn't?   Do you have a list of wallets and forum ids?   Are you going off what people say on forums?    
Because you know... people lie.  

I mean you told the community this was fixed yesterday.
  
Just stop trying to make yourself look better, we don't give a shit about your ego.  Fix this coin which has nearly A BILLION DOLLARS OF PEOPLES MONEY in it.