The qora-nxt-ora-nem-node-illuminati axis will strike again ! Eliminate the Axis of Altcoin Evil !
~CfA~
Topic: [POLL] Should NXT Rollback the Blockchain after the BTER Hack ? (Read 1741 times)
August 17, 2014, 10:49:07 AM
Looks like we get a happy ending on this one, guys!
https://nxtblocks.info/#section/accountId/NXT-8WJ7-8A2H-MBYN-3W9K4
We don't need no steeenking rollback!
https://nxtblocks.info/#section/accountId/NXT-8WJ7-8A2H-MBYN-3W9K4
We don't need no steeenking rollback!
August 16, 2014, 01:07:57 AM
I was leaning towards a rollback but now I'm against it. Nxt shouldn't try to fix the exchange's problem. It stings that the hacker has a similar amount to an original stakeholder. At least Nxt has an alternative to exchanges (MGW) unlike many other coins.
August 15, 2014, 10:18:16 PM
this was due to a exploit through BTER? or a poor wallet passphrase?
The Bter guy in charge of the servers had used the same password for all the hosting accounts and perhaps more. He was in the midst of installing two-factor authentication, but he hadn't gotten around to the server holding the Nxt at the time of the robbery. There's been a little speculation that it was a sort-of inside job by an ex-employee or associate, but that's just unfounded rumour.
very informative thanks
edit:
and thank to EvilDave also for taking the time to try and lay some facts down for us all.
edit2:
@RawDog
YES i agree !
The thing is when we think about it we will then have a centralized figure deciding who does or does not get to keep their coins in the future.
And in the very nature of crypto's smoke and mirrors and shadowy lies and games we can never really be sure 100% what is happening.
What if this and what if that.. what of BTER lied about ALL of this to NXT devs ?
See what i am saying ?
The only solution is to say sorry too bad suck it up.
Either the hacker gets to keep his stolen coins or NXT is of no use to serious crypto users.
I hope BTER can find some other way to get the coins back from the hacker though..
August 15, 2014, 02:36:09 PM
The noes come from people worried that a rollback implies "centralization" and people worried that businesses will shy away from adopting Nxt because of "rollback risk."
That we are even talking about the possibility of rollback PROVES NXT is garbage. Rollback risk must be eliminated. Stealing is a fair way of getting coins. Been that way since robbers were shooting at stage coaches and even before.
If NXT saves BTER, then exchanges have no incentive to deploy high security. They'll just use weak passwords and let the robbers into the servers all day. When they are hit, they'll just run to the devs and plead for help.
NXT is totally finished if a rollback is done. NXT is already in serious jeopardy just by their devs admitting there might be circumstance under which they'd be willing to 'rollback' a transaction.
Now, the next party to claim a transaction was 'unfair' will be asking the devs to do another rollback. Maybe only one worth $.5 million. Then, $100,000 transactions being contested will be rolled back. Then transactions of friends will be rolled back. Where is the line?
That ANY transaction CAN be rolled back is a serious flaw in NXT. NXT is probably very dead after this.
It must be impossible, no matter how compelling the reason, to roll back a blockchain.
Sell NXT. That dog is dead.
August 15, 2014, 02:26:35 PM
Spoetnik, thanks for the poll, bro.
Heres a very brief summary of the situation so far:
BTER was compromised in my early AM, round 12-13 hours ago.
It appears that BTER used a common passphrase for multiple applications within BTER, including wallets.
50 million NXT was lifted, BTER appealed to the NXT community for help.
A full rollback (ie all transactions from the theft onwards reversed) was considered, and rejected.
Because of NXT's Proof of Stake forging architecture, there was also the possiblity (within a short time frame) to carry out a partial rollback, which would in theory only affect the compromised BTER account. Software to carry out this partial rollback was created, and made available so that the commmunity could decide to opt in or out of the partial rollback.
Right now it appears that the NXT community has decided not to implement the rollback in any form.
The funds in question are now here:
http://www.mynxt.info/blockexplorer/details.php?action=ac&ac=1244396688755618309
There was a short negotiation with the thief, but that only resulted in the return of 5 million NXT so far, here are the AMs on the subject:
https://nxtblocks.info/#section/blockexplorer_messages
and search for: NXT-8WJ7-8A2H-MBYN-3W9K4
You can see the whole story.
More info soon....
Heres a very brief summary of the situation so far:
BTER was compromised in my early AM, round 12-13 hours ago.
It appears that BTER used a common passphrase for multiple applications within BTER, including wallets.
50 million NXT was lifted, BTER appealed to the NXT community for help.
A full rollback (ie all transactions from the theft onwards reversed) was considered, and rejected.
Because of NXT's Proof of Stake forging architecture, there was also the possiblity (within a short time frame) to carry out a partial rollback, which would in theory only affect the compromised BTER account. Software to carry out this partial rollback was created, and made available so that the commmunity could decide to opt in or out of the partial rollback.
Right now it appears that the NXT community has decided not to implement the rollback in any form.
The funds in question are now here:
http://www.mynxt.info/blockexplorer/details.php?action=ac&ac=1244396688755618309
There was a short negotiation with the thief, but that only resulted in the return of 5 million NXT so far, here are the AMs on the subject:
https://nxtblocks.info/#section/blockexplorer_messages
and search for: NXT-8WJ7-8A2H-MBYN-3W9K4
You can see the whole story.
More info soon....
August 15, 2014, 02:08:40 PM
Definitely NO!
it's a business, not a game for kids.
Think about it as if you were told that your last salary have been paid in counterfeit notes which your employer got from some customer who is gone now.
Edit:
The Bter guy in charge of the servers had used the same password for all the hosting accounts and perhaps more. He was in the midst of installing two-factor authentication, but he hadn't gotten around to the server holding the Nxt at the time of the robbery. There's been a little speculation that it was a sort-of inside job by an ex-employee or associate, but that's just unfounded rumour.
If this is true then definitely its a bter fail and they have to pay for any loses, not the community.
Edit 2:
Disclaimer: I have no a single NXT.
it's a business, not a game for kids.
Think about it as if you were told that your last salary have been paid in counterfeit notes which your employer got from some customer who is gone now.
Edit:
this was due to a exploit through BTER? or a poor wallet passphrase?
The Bter guy in charge of the servers had used the same password for all the hosting accounts and perhaps more. He was in the midst of installing two-factor authentication, but he hadn't gotten around to the server holding the Nxt at the time of the robbery. There's been a little speculation that it was a sort-of inside job by an ex-employee or associate, but that's just unfounded rumour.
If this is true then definitely its a bter fail and they have to pay for any loses, not the community.
Edit 2:
Disclaimer: I have no a single NXT.
August 15, 2014, 02:06:35 PM
some guy just said on the other NXT topic that BTER had used a poor password with no 2fa.
also thanks for voting people.. i am surprised i thought it would be a lot more yes votes.
also thanks for voting people.. i am surprised i thought it would be a lot more yes votes.
The noes come from people worried that a rollback implies "centralization" and people worried that businesses will shy away from adopting Nxt because of "rollback risk."
The former is technically inaccurate, as it would be decided by the community of forgers, but the underlying point is a good one. We all know what happened to Socrates.
August 15, 2014, 02:04:18 PM
some guy just said on the other NXT topic that BTER had used a poor password with no 2fa.
also thanks for voting people.. i am surprised i thought it would be a lot more yes votes.
It's a false dilemma anyway. People can keep using the blockchain they want, they'll just not be able to transact with people that chose otherwise. Essentially, it boils down to choosing to let the thief go, or stop him, and then being locked in with all the other participants that made that same choice. also thanks for voting people.. i am surprised i thought it would be a lot more yes votes.
August 15, 2014, 02:04:11 PM
this was due to a exploit through BTER? or a poor wallet passphrase?
The Bter guy in charge of the servers had used the same password for all the hosting accounts and perhaps more. He was in the midst of installing two-factor authentication, but he hadn't gotten around to the server holding the Nxt at the time of the robbery. There's been a little speculation that it was a sort-of inside job by an ex-employee or associate, but that's just unfounded rumour.
August 15, 2014, 01:51:41 PM
Vericoin 2.0 
August 15, 2014, 01:42:40 PM
this was due to a exploit through BTER? or a poor wallet passphrase?
Obviously a poor cold wallet setup. Even with a strong passphrase and 2fa you should never keep more coins than you can afford to lose on the same online system.
August 15, 2014, 01:20:02 PM
some guy just said on the other NXT topic that BTER had used a poor password with no 2fa.
also thanks for voting people.. i am surprised i thought it would be a lot more yes votes.
also thanks for voting people.. i am surprised i thought it would be a lot more yes votes.
August 15, 2014, 12:59:42 PM
this was due to a exploit through BTER? or a poor wallet passphrase?
August 15, 2014, 12:54:21 PM
uhhhhh "learned a lesson"
i have seen plenty of comments but not 1 saying how the fuck this happened in the first place
and what is fucked up is out of all this drama i have not seen one other guy ask once LOL
What does that say about all of you ?
gimme the facts or else !
i have seen plenty of comments but not 1 saying how the fuck this happened in the first place
and what is fucked up is out of all this drama i have not seen one other guy ask once LOL
What does that say about all of you ?
gimme the facts or else !
August 15, 2014, 12:45:03 PM
i think the truly interesting thing is that the NXT devs were saying they could ROLL BACK ONLY THE STOLEN FUNDS, nothing more.
In other words, no other transactions would be affected by the rollback. So its the perfect rollback, not a complete erasing of all transactions on those blocks. only the bad ones.
I think that makes the choice much more difficult, but i would still choose with not supporting bter's poor security with a rollback. Don't leverage your coins power for an exchange's weakness.
doesn't matter now as bter has invested/sent 110 BTC to the hacker, so now the hunt is on...
In other words, no other transactions would be affected by the rollback. So its the perfect rollback, not a complete erasing of all transactions on those blocks. only the bad ones.
I think that makes the choice much more difficult, but i would still choose with not supporting bter's poor security with a rollback. Don't leverage your coins power for an exchange's weakness.
doesn't matter now as bter has invested/sent 110 BTC to the hacker, so now the hunt is on...
I would argue that BTER has definitely learned a lesson and will be changing their practices. Nobody is working harder on securing their website right now than BTER. Plus, if the majority decides to consent, they can get their coins back as well and we don't have a hacker running around with 5% of the money supply that he stole from thousand of people. It's win-win.
August 15, 2014, 12:41:41 PM
i think the truly interesting thing is that the NXT devs were saying they could ROLL BACK ONLY THE STOLEN FUNDS, nothing more.
In other words, no other transactions would be affected by the rollback. So its the perfect rollback, not a complete erasing of all transactions on those blocks. only the bad ones.
I think that makes the choice much more difficult, but i would still choose with not supporting bter's poor security with a rollback. Don't leverage your coins power for an exchange's weakness.
doesn't matter now as bter has invested/sent 110 BTC to the hacker, so now the hunt is on...
In other words, no other transactions would be affected by the rollback. So its the perfect rollback, not a complete erasing of all transactions on those blocks. only the bad ones.
I think that makes the choice much more difficult, but i would still choose with not supporting bter's poor security with a rollback. Don't leverage your coins power for an exchange's weakness.
doesn't matter now as bter has invested/sent 110 BTC to the hacker, so now the hunt is on...
August 15, 2014, 12:03:24 PM
Having 5% of the entire coin controlled by a single, unknown hacker is a problem. A much larger problem than erasing a few hours of transactions when that's what the community wants.
What if i don't want it? What if other 5 people that I'm connected don't want it?The hacker is also part of the community.
NXT stakeholders know what happened yet ?
Because unless they have all the facts such as, how this even happened in the first place.. a vote on YES or NO is stupid !
or does it not even matter because your bag holders ?
JPC was hacked months ago for some many millions of coins via users (not exchanges) (it was an RPC exploit vulnerable on lots of coins)
and the hacker dumped them all on exchanges tanking the price and it never recovered !
i never asked for a roll back.. i don't think any of us even considered it.
It affected my pocket !
Our coins went from about 81 to 31 over night and stayed there and got worse.
And i took my lumps and moved on..
NXT bag holders should take their lumps..
Giving them (NXT bag holders) special treatment is not smart and will effectively kill your coin. (potential users will always be reminded of this forever)
So NXT guys think about it.. want your coin dead or BTER ?
BTER will have to pay back it's users regardless or vanish off the net..
Meanwhile if you roll back for BTER's sake your shooting yourself in the foot !
and the hacker dumped them all on exchanges tanking the price and it never recovered !
i never asked for a roll back.. i don't think any of us even considered it.
It affected my pocket !
Our coins went from about 81 to 31 over night and stayed there and got worse.
And i took my lumps and moved on..
NXT bag holders should take their lumps..
Giving them (NXT bag holders) special treatment is not smart and will effectively kill your coin. (potential users will always be reminded of this forever)
So NXT guys think about it.. want your coin dead or BTER ?
BTER will have to pay back it's users regardless or vanish off the net..
Meanwhile if you roll back for BTER's sake your shooting yourself in the foot !
Having 5% of the entire coin controlled by a single, unknown hacker is a problem. A much larger problem than erasing a few hours of transactions when that's what the community wants.
What if i don't want it? What if other 5 people that I'm connected don't want it?The hacker is also part of the community.
Jump to: