Topic: NXT :: descendant of Bitcoin - Updated Information - page 1919. (Read 2761645 times)

I'm a little new to this Java client... How do I shut it down?

Heres my piece of advice for today:

Don't Panic!

NXT is having a problem right now, but it's not a very big problem, if you can step back and look at it objectively.

 EpicThomas showed us how easy it is to release modified client software and exploit it to steal funds, but the NXT community jumped on it pretty quickly and came up with solutions, evidence, a suspect and froze the stolen funds out from the exchanges.  All inside a few hours of the 3rd or 4th theft report coming in.
Have any of the trolls/pessimists ever seen a faster response to a security issue in the crypto/IT world?  

And then everyone affected got compensated.....unbelievable, but true. Salute to gbeirn, u r a hero.

Just to put this into proportion: total stolen was 300 kNXT, which is only 0.03 % of the total supply.
There were approximately 10-20 accounts compromised, which is at most 0.3 % of all NXT accounts.

And we should (almost) thank EpicThomas for making everyone raise their security game, it will now be much harder for an attacker to distribute compromised software again. That attack vector is closed right now. And is not a problem that only affects NXT, btw, all cryptos are vulnerable to this sort of exploit, so watch out for dodgy DOGE wallets in the future.

Time for a Nietsche mis-quote: "Whatever doesn't kill you, only makes u more money"




@EpicThomas:
You and your stolen NXT arent going anywhere. You can't convert it into fiat currency without going thru an exchange or the NXT blockchain.
Someone, sooner or later, will figure out who u are in the real world and come round to your house.
I suggest you take rickyjames up on his offer, give it back, and u can go on with yr life without looking over yr shoulder all day.

https://bitcointalk.org/index.php?topic=345619.13205

Shut down client then restart and wait a few for it to sync.  You might have to do this a couple times if you don't reconnect to the correct chain.  Having more peers in wellKnownPeers will help keep you on correct chain.

It is not a good strategy to put the success or failure of a 100 million usd project in the hands of one person... If nextern can't deliver the client for whatever reason, there is no chance for a mass adoption. And the other projects are also developing. Like the asset exchange for btc announced today.

So clients are holding us hostage

Messages, then Voting. After that we can use VS to decide what next feature to add.

I'm way off.
...
What should I do to get this thing back on track?

@CfB

transparent is underway....so which feature is next on the list?

I have just read the last 50 pages of this topic and wow this is crazy.

First of all yes the client was posted by me and I added some code that would send the secrets to my server.
A week ago there were all the ddos issues and billions created which led to a lot of client updates.
During these updates I noticed a lot of those clients had different hashes which made me wondering how easy it would be to modify the client and get it circulated.
So that is what I did. I quoted the official post made by jean-luc on 31/12 and changed the url. Setting this all up took less then an hour.
The server was only online for about an hour and I decided to shut it down after I had gotten access to about 10 accounts.

Now here is what is odd. Yes I got access to some accounts but not those people here who are claiming they got hacked.
The accounts that I got access to never had more then 1000 nxt in them and I never had the intention of taking it.
To the people who got hacked before 0.4.8 I can say that it was definetly not me who could have stolen your coins.

Normally at this point I was going to post details about how easy it is to steal nxt and how people have to be aware about where they download their client instead if only focussing only on their pass strength.
That point has been made very clear now in an unfortunate way.

To be honest if I had found an account containing a 50 million next I would have probably taken it and diseappeared but that was not the case. I am human after all.

I know there are other modified clients around whether they use the same type of attack I don't know.
Digitalocean has also contacted me that people here have sent complaints and that different IP's have logged in on my account.
Whether someone else had access to my vps, people downloaded a different infected client or someone is playing it smart letting me take the blame I do not know. 

People are angry and ofcourse I can understand that but the only thing I can do is tell my story and hope a correct explanation for these thefts will appear.

What time will you introduce the new ones?

Checking my local copy of the blockchain shows:
{"balance":1701000,"effectiveBalance":1701000,"unconfirmedBalance":1701000}

I think your client might be stuck.  This is my most recent block:


Yours match?

Try this: http://87.230.14.1/nxt/nxt.cgi?action=3000&acc=13480670143410523480

All current API requests will become Legacy API. 2 types of API will be introduced - Low-level API and High-level API.

Come-from-Beyond, can you put a documentation about all API calls together? The API thread is pretty chaotic. Or does someone already have a list somewhere?

I can develop a simple messaging client with PGP encryption. I was thinking about this last night and there may be a way to make account numbers work as asymmetric public keys, I need to research it more though.

How does one send a message? I need details to develop a client.

I agree, but I still think it should be added.