Network Attack on XVG / VERGE - page 81.

ocminer

legendary

Activity: 2688

Merit: 1240

Quote from: Dogedarkdev on April 04, 2018, 06:06:41 PM

Quote from: ocminer on April 04, 2018, 05:59:07 PM

Quote from: Dogedarkdev on April 04, 2018, 05:48:07 PM

we're putting out an update, and it will fix it. that's what we can do. it's the best we can do. no, they did not 13 hours of coins. it was some blocks during a 3 hour period.

something around ~250k coins, and the attack probably cost alot more than that, luckily.

we are glad this was brought to our attention, and we are already working on a sophisticated block verification routine.

Sorry this is not true, the attack started on block 2007365 and ended on block 2010039 = 2674 blocks, okay lets say 2500 blocks...

One Block makes about 1560 coins, so you have 2500 * 1560 = 3.900.000 "extra" coins generated (at least!) ....

I've listed a few of the attackers addresses in the first post.. Just check them, check the balance and if you're curious, just go through all the blocks during that timespan and sum them up.. It's actually easy when you have a blockexplorer database running.. You can do it via SQL query.

not all blocks during that time were mined by them, i checked. it was much less than half from what i saw across the other pools.

Well.. I checked it as well, in fact I've got the logfiles and started working through them but I have other things todo instead of going through logfiles.. From what I see 95% of the blocks during that time went to "them".. And i'm pretty certain about that..

Okay, lets say they STILL don't have ALL of the blocks (which is wrong), there were STILL almost 3000 blocks generated during a very short time, so over 3.900.000 coins (at least) were extra-generated... Where did they go ? I don't see those blocks on the "big" pools...

Dogedarkdev

legendary

Activity: 1708

Merit: 1009

$XVG - The Standard in Crypto as a Currency!

Quote from: ocminer on April 04, 2018, 05:59:07 PM

Quote from: Dogedarkdev on April 04, 2018, 05:48:07 PM

we're putting out an update, and it will fix it. that's what we can do. it's the best we can do. no, they did not 13 hours of coins. it was some blocks during a 3 hour period.

something around ~250k coins, and the attack probably cost alot more than that, luckily.

we are glad this was brought to our attention, and we are already working on a sophisticated block verification routine.

Sorry this is not true, the attack started on block 2007365 and ended on block 2010039 = 2674 blocks, okay lets say 2500 blocks...

One Block makes about 1560 coins, so you have 2500 * 1560 = 3.900.000 "extra" coins generated (at least!) ....

I've listed a few of the attackers addresses in the first post.. Just check them, check the balance and if you're curious, just go through all the blocks during that timespan and sum them up.. It's actually easy when you have a blockexplorer database running.. You can do it via SQL query.

not all blocks during that time were mined by them, i checked. it was much less than half from what i saw across the other pools.

edit: although it is still vulnerable until tmrw, most blocks are being found by valid pools.

Dogedarkdev

legendary

Activity: 1708

Merit: 1009

$XVG - The Standard in Crypto as a Currency!

Quote from: bluejeanballa on April 04, 2018, 06:02:10 PM

Quote from: Dogedarkdev on April 04, 2018, 05:48:07 PM

we're putting out an update, and it will fix it. that's what we can do. it's the best we can do. no, they did not 13 hours of coins. it was some blocks during a 3 hour period.

something around ~250k coins, and the attack probably cost alot more than that, luckily.

we are glad this was brought to our attention, and we are already working on a sophisticated block verification routine.

Looking at the block explorer some of the new blocks are still out of order according to the time stamps. Doesn't that suggest the exploit is still being used? I'm just having a hard time trying to figure out why you believe it only happened for 3 hours. What's to stop the exploit from being used for the rest of the night, therefore stealing more than 250k coins?

nothing, until we release the updated wallets. the way i see it, is this attack has a cost, and will end when we push the update. you aren't invested in verge though, so why are you so concerned?

bluejeanballa

newbie

Activity: 6

Merit: 0

Quote from: Dogedarkdev on April 04, 2018, 05:48:07 PM

we're putting out an update, and it will fix it. that's what we can do. it's the best we can do. no, they did not 13 hours of coins. it was some blocks during a 3 hour period.

something around ~250k coins, and the attack probably cost alot more than that, luckily.

we are glad this was brought to our attention, and we are already working on a sophisticated block verification routine.

Looking at the block explorer some of the new blocks are still out of order according to the time stamps. Doesn't that suggest the exploit is still being used? I'm just having a hard time trying to figure out why you believe it only happened for 3 hours. What's to stop the exploit from being used for the rest of the night, therefore stealing more than 250k coins?

LinuxDude

newbie

Activity: 8

Merit: 0

Quote from: ChekaZ on April 04, 2018, 05:10:26 PM

Quote from: bluejeanballa on April 04, 2018, 05:08:31 PM

Quote from: Dogedarkdev on April 04, 2018, 04:50:06 PM

Quote from: aciddude on April 04, 2018, 04:39:03 PM

Quote from: ocminer on April 04, 2018, 03:30:29 PM

Quote from: aciddude on April 04, 2018, 03:28:51 PM

Quote from: ocminer on April 04, 2018, 03:13:44 PM

Quote from: ocminer on April 04, 2018, 02:40:18 PM

Quote from: Dogedarkdev on April 04, 2018, 02:06:39 PM

Quote from: defaced on April 04, 2018, 01:58:33 PM

nice a new version of the famed timewarp attack.. very interesting.

yep.. we pushed a quick fix and most pools have already updated.. we're already working on a whole new block verification process.

we're kinda glad this happened and that it wasn't as bad as it could have been.

Hmm, you guys are aware that the "fix" you pushed actually IS a hardfork ? So your blockchain snapshot is not valid anymore, the wallet's won't sync up from scratch anymore and the current chain is simply not usable anymore with that new "fix" ?

Your change simply disagrees with the attackers blocks, the first block I see from the attacker was 2007365 - so the wallets will stop syncing there and simply not progress any further.

I remember your first forking dramas when trying to fork into Tor which failed 2 times IIRC.

You should immediately refrain from that "fix" and set a proper fork-height (at least 48h) and the chain up until the fork block MUST accept blocks with the old timestamps and blocks after that fork block then only with the new timestamp.

bumping this for awareness

how can we verify the hardfork ?

just download an updated wallet which includes the "fix" - then download the blockchain snapshot and try to sync up to the latest block...it will get stuck at 2007364

Confirmed. client stalls at block 2007364

yeah we removed that, and we're doing a full fork update with extra block verifications. will be ready by tmrw =]

So are you saying the exploit can be used for the rest of the day with no repercussions?

Sounds great! Cheesy

- That screams for exploit and rollback afterwards.

Downloaded latest Wallet, installed blockchain files from 4/3/18 and I got past block 2007364 and it's still syncing for me.

ocminer

legendary

Activity: 2688

Merit: 1240

Quote from: Dogedarkdev on April 04, 2018, 05:48:07 PM

we're putting out an update, and it will fix it. that's what we can do. it's the best we can do. no, they did not 13 hours of coins. it was some blocks during a 3 hour period.

something around ~250k coins, and the attack probably cost alot more than that, luckily.

we are glad this was brought to our attention, and we are already working on a sophisticated block verification routine.

Sorry this is not true, the attack started on block 2007365 and ended on block 2010039 = 2674 blocks, okay lets say 2500 blocks...

One Block makes about 1560 coins, so you have 2500 * 1560 = 3.900.000 "extra" coins generated (at least!) ....

I've listed a few of the attackers addresses in the first post.. Just check them, check the balance and if you're curious, just go through all the blocks during that timespan and sum them up.. It's actually easy when you have a blockexplorer database running.. You can do it via SQL query.

Dogedarkdev

legendary

Activity: 1708

Merit: 1009

$XVG - The Standard in Crypto as a Currency!

Quote from: stronghandsdeeppockets on April 04, 2018, 05:49:53 PM

Quote from: Dogedarkdev on April 04, 2018, 05:48:07 PM

we're putting out an update, and it will fix it. that's what we can do. it's the best we can do. no, they did not 13 hours of coins. it was some blocks during a 3 hour period.

something around ~250k coins, and the attack probably cost alot more than that, luckily.

we are glad this was brought to our attention, and we are already working on a sophisticated block verification routine.

tell your vergin moderators to stop censoring this. Both on Reddit and on Telegram. Pathetic.

its already been addressed in both places. we don't need it spammed everywhere, thanks.

BillionDollarMan

member

Activity: 210

Merit: 10

Quote from: BlackPrapor on April 04, 2018, 05:31:54 PM

Quote from: Tarlatata on April 04, 2018, 05:23:12 PM

Quote from: bluejeanballa on April 04, 2018, 05:08:31 PM

So are you saying the exploit can be used for the rest of the day with no repercussions?

It does show the serious of the coin doesn't it ?

...

***

A good man walk by a bank and notice someone fleeing with a bag of money.

He tells the guards, the manager and people in the bank that the vault in open and that anyone can steal from it.

"Why are you spreading lie, you scumbag!" do people scream at him.

After a few hours, the manager comes and openly tell people it was a good thing and that they will close the vault tomorrow and that meanwhile, it'll stay open, unguarded and unmonitored for people to keep stealing from it.

****

Yup, that's how things are done when you are one of the Verge executive.

Are you implying that Verge execs are somehow connected to the hack?

He may not be but I am convinced with the timing. Just after the recent begging for donation and partnership hype related pump then something like this gives pretty good excuse not to deliver on promise. Anyway you can continue with XVG moon propaganda, it doesn't harm cryptoworld like other scams such as XRP.

stronghandsdeeppockets

member

Activity: 266

Merit: 27

Quote from: Dogedarkdev on April 04, 2018, 05:48:07 PM

we're putting out an update, and it will fix it. that's what we can do. it's the best we can do. no, they did not 13 hours of coins. it was some blocks during a 3 hour period.

something around ~250k coins, and the attack probably cost alot more than that, luckily.

we are glad this was brought to our attention, and we are already working on a sophisticated block verification routine.

tell your vergin moderators to stop censoring this. Both on Reddit and on Telegram. Pathetic.

Dogedarkdev

legendary

Activity: 1708

Merit: 1009

$XVG - The Standard in Crypto as a Currency!

we're putting out an update, and it will fix it. that's what we can do. it's the best we can do. no, they did not 13 hours of coins. it was some blocks during a 3 hour period.

something around ~250k coins, and the attack probably cost alot more than that, luckily.

we are glad this was brought to our attention, and we are already working on a sophisticated block verification routine.

Tarlatata

jr. member

Activity: 102

Merit: 2

Quote from: BlackPrapor on April 04, 2018, 05:31:54 PM

Quote from: Tarlatata on April 04, 2018, 05:23:12 PM

Quote from: bluejeanballa on April 04, 2018, 05:08:31 PM

So are you saying the exploit can be used for the rest of the day with no repercussions?

It does show the serious of the coin doesn't it ?

...

***

A good man walk by a bank and notice someone fleeing with a bag of money.

He tells the guards, the manager and people in the bank that the vault in open and that anyone can steal from it.

"Why are you spreading lie, you scumbag!" do people scream at him.

After a few hours, the manager comes and openly tell people it was a good thing and that they will close the vault tomorrow and that meanwhile, it'll stay open, unguarded and unmonitored for people to keep stealing from it.

****

Yup, that's how things are done when you are one of the Verge executive.

Are you implying that Verge execs are somehow connected to the hack?

Not at all, I'm simply implying that letting the blockchain open to further attack, which allow some to keep stealing money from everyone who owns XVG, would be seen as helping those thieves if done in a real, legistlated financial environment.

It also shows the lack of serious of from a team which coin sees 300 millions$ daily volume. How can you people trust the coin? I know I don't.

Gongolo

full member

Activity: 374

Merit: 101

That's why I usually trust suprnova.
Really good job.

yubit

hero member

Activity: 796

Merit: 529

Looks like the same attacker made attack on Karbo and other cryptonote-based coins a day ago.
And Karbo team also made a hardfork.

BlackPrapor

hero member

Activity: 628

Merit: 504

Quote from: Tarlatata on April 04, 2018, 05:23:12 PM

Quote from: bluejeanballa on April 04, 2018, 05:08:31 PM

So are you saying the exploit can be used for the rest of the day with no repercussions?

It does show the serious of the coin doesn't it ?

...

***

A good man walk by a bank and notice someone fleeing with a bag of money.

He tells the guards, the manager and people in the bank that the vault in open and that anyone can steal from it.

"Why are you spreading lie, you scumbag!" do people scream at him.

After a few hours, the manager comes and openly tell people it was a good thing and that they will close the vault tomorrow and that meanwhile, it'll stay open, unguarded and unmonitored for people to keep stealing from it.

****

Yup, that's how things are done when you are one of the Verge executive.

Are you implying that Verge execs are somehow connected to the hack?

Tarlatata

jr. member

Activity: 102

Merit: 2

Quote from: bluejeanballa on April 04, 2018, 05:08:31 PM

So are you saying the exploit can be used for the rest of the day with no repercussions?

It does show the serious of the coin doesn't it ?

...

***

A good man walk by a bank and notice someone fleeing with a bag of money.

He tells the guards, the manager and people in the bank that the vault in open and that anyone can steal from it.

"Why are you spreading lie, you scumbag!" do people scream at him.

After a few hours, the manager comes and openly tell people it was a good thing and that they will close the vault tomorrow and that meanwhile, it'll stay open, unguarded and unmonitored for people to keep stealing from it.

****

Yup, that's how things are done when you are one of the Verge executive.

stronghandsdeeppockets

member

Activity: 266

Merit: 27

Quote from: ninjaboon on April 04, 2018, 05:13:35 PM

Just saw this news from my dev. It did not affect the price of XVG that stands at 901 sats.

Censorship. People get banned on Telegram, I personally got banned on their subreddit after my thread got 30 upvotes. Yeah, no shit the price didn't crash, people are denied this piece of information!

https://www.reddit.com/r/vergecurrency/comments/89tbyp/xvg_still_being_exploited_after_fix_by_dev_check/

ChekaZ

legendary

Activity: 1884

Merit: 1005

Quote from: ?? on ??

the attacker just modify the code of his ccminer, only
very clever, very simple, very efficent
about 500'000 XVG to 1'000'000 XVG in a day all validated and confirmed
i'm impressed, shitt

More like 134M verge per day.

ninjaboon

legendary

Activity: 2128

Merit: 1002

Just saw this news from my dev. It did not affect the price of XVG that stands at 901 sats.

ChekaZ

legendary

Activity: 1884

Merit: 1005

Quote from: bluejeanballa on April 04, 2018, 05:08:31 PM

Quote from: Dogedarkdev on April 04, 2018, 04:50:06 PM

Quote from: aciddude on April 04, 2018, 04:39:03 PM

Quote from: ocminer on April 04, 2018, 03:30:29 PM

Quote from: aciddude on April 04, 2018, 03:28:51 PM

Quote from: ocminer on April 04, 2018, 03:13:44 PM

Quote from: ocminer on April 04, 2018, 02:40:18 PM

Quote from: Dogedarkdev on April 04, 2018, 02:06:39 PM

Quote from: defaced on April 04, 2018, 01:58:33 PM

nice a new version of the famed timewarp attack.. very interesting.

yep.. we pushed a quick fix and most pools have already updated.. we're already working on a whole new block verification process.

we're kinda glad this happened and that it wasn't as bad as it could have been.

Hmm, you guys are aware that the "fix" you pushed actually IS a hardfork ? So your blockchain snapshot is not valid anymore, the wallet's won't sync up from scratch anymore and the current chain is simply not usable anymore with that new "fix" ?

Your change simply disagrees with the attackers blocks, the first block I see from the attacker was 2007365 - so the wallets will stop syncing there and simply not progress any further.

I remember your first forking dramas when trying to fork into Tor which failed 2 times IIRC.

You should immediately refrain from that "fix" and set a proper fork-height (at least 48h) and the chain up until the fork block MUST accept blocks with the old timestamps and blocks after that fork block then only with the new timestamp.

bumping this for awareness

how can we verify the hardfork ?

just download an updated wallet which includes the "fix" - then download the blockchain snapshot and try to sync up to the latest block...it will get stuck at 2007364

Confirmed. client stalls at block 2007364

yeah we removed that, and we're doing a full fork update with extra block verifications. will be ready by tmrw =]

So are you saying the exploit can be used for the rest of the day with no repercussions?

Sounds great! Cheesy

- That screams for exploit and rollback afterwards.

bluejeanballa

newbie

Activity: 6

Merit: 0

Quote from: Dogedarkdev on April 04, 2018, 04:50:06 PM

Quote from: aciddude on April 04, 2018, 04:39:03 PM

Quote from: ocminer on April 04, 2018, 03:30:29 PM

Quote from: aciddude on April 04, 2018, 03:28:51 PM

Quote from: ocminer on April 04, 2018, 03:13:44 PM

Quote from: ocminer on April 04, 2018, 02:40:18 PM

Quote from: Dogedarkdev on April 04, 2018, 02:06:39 PM

Quote from: defaced on April 04, 2018, 01:58:33 PM

nice a new version of the famed timewarp attack.. very interesting.

yep.. we pushed a quick fix and most pools have already updated.. we're already working on a whole new block verification process.

we're kinda glad this happened and that it wasn't as bad as it could have been.

Hmm, you guys are aware that the "fix" you pushed actually IS a hardfork ? So your blockchain snapshot is not valid anymore, the wallet's won't sync up from scratch anymore and the current chain is simply not usable anymore with that new "fix" ?

Your change simply disagrees with the attackers blocks, the first block I see from the attacker was 2007365 - so the wallets will stop syncing there and simply not progress any further.

I remember your first forking dramas when trying to fork into Tor which failed 2 times IIRC.

You should immediately refrain from that "fix" and set a proper fork-height (at least 48h) and the chain up until the fork block MUST accept blocks with the old timestamps and blocks after that fork block then only with the new timestamp.

bumping this for awareness

how can we verify the hardfork ?

just download an updated wallet which includes the "fix" - then download the blockchain snapshot and try to sync up to the latest block...it will get stuck at 2007364

Confirmed. client stalls at block 2007364

yeah we removed that, and we're doing a full fork update with extra block verifications. will be ready by tmrw =]

So are you saying the exploit can be used for the rest of the day with no repercussions?

Topic: Network Attack on XVG / VERGE - page 81. (Read 29513 times)