Pages:
Author

Topic: [POLL] Should NXT Rollback the Blockchain after the BTER Hack ? (Read 1785 times)

hero member
Activity: 700
Merit: 520
The qora-nxt-ora-nem-node-illuminati axis will strike again !  Eliminate the Axis of Altcoin Evil !

~CfA~
hero member
Activity: 854
Merit: 1001
Looks like we get a happy ending on this one, guys!

https://nxtblocks.info/#section/accountId/NXT-8WJ7-8A2H-MBYN-3W9K4

We don't need no steeenking rollback!
sr. member
Activity: 310
Merit: 250
In Crypto I trust.
I was leaning towards a rollback but now I'm against it. Nxt shouldn't try to fix the exchange's problem.   It stings that the hacker has a similar amount to an original stakeholder.  At least Nxt has an alternative to exchanges (MGW) unlike many other coins.
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
this was due to a exploit through BTER? or a poor wallet passphrase?

The Bter guy in charge of the servers had used the same password for all the hosting accounts and perhaps more. He was in the midst of installing two-factor authentication, but he hadn't gotten around to the server holding the Nxt at the time of the robbery. There's been a little speculation that it was a sort-of inside job by an ex-employee or associate, but that's just unfounded rumour.

very informative thanks
edit:
and thank to EvilDave also for taking the time to try and lay some facts down for us all.

edit2:
@RawDog
YES i agree !
The thing is when we think about it we will then have a centralized figure deciding who does or does not get to keep their coins in the future.
And in the very nature of crypto's smoke and mirrors and shadowy lies and games we can never really be sure 100% what is happening.
What if this and what if that.. what of BTER lied about ALL of this to NXT devs ?
See what i am saying ?
The only solution is to say sorry too bad suck it up.

Either the hacker gets to keep his stolen coins or NXT is of no use to serious crypto users.
I hope BTER can find some other way to get the coins back from the hacker though..
legendary
Activity: 1596
Merit: 1026
The noes come from people worried that a rollback implies "centralization" and people worried that businesses will shy away from adopting Nxt because of "rollback risk."

That we are even talking about the possibility of rollback PROVES NXT is garbage.  Rollback risk must be eliminated.  Stealing is a fair way of getting coins.  Been that way since robbers were shooting at stage coaches and even before. 

If NXT saves BTER, then exchanges have no incentive to deploy high security.  They'll just use weak passwords and let the robbers into the servers all day.  When they are hit, they'll just run to the devs and plead for help. 

NXT is totally finished if a rollback is done.  NXT is already in serious jeopardy just by their devs admitting there might be circumstance under which they'd be willing to 'rollback' a transaction. 

Now, the next party to claim a transaction was 'unfair' will be asking the devs to do another rollback.  Maybe only one worth $.5 million.  Then, $100,000 transactions being contested will be rolled back.  Then transactions of friends will be rolled back.  Where is the line? 

That ANY transaction CAN be rolled back is a serious flaw in NXT.  NXT is probably very dead after this. 

It must be impossible, no matter how compelling the reason, to roll back a blockchain.

Sell NXT.  That dog is dead.
hero member
Activity: 854
Merit: 1001
Spoetnik, thanks for the poll, bro.

Heres a very brief summary of the situation so far:

BTER was compromised in my early AM, round 12-13 hours ago.
It appears that BTER used a common passphrase for multiple applications within BTER, including wallets.
50 million NXT was lifted, BTER appealed to the NXT community for help.

A full rollback (ie all transactions from the theft onwards reversed) was considered, and rejected.
Because of NXT's Proof of Stake forging architecture, there was also the possiblity (within a short time frame) to carry out a partial rollback, which would in theory only affect the compromised BTER account. Software to carry out this partial rollback was created, and made available so that the commmunity could decide to opt in or out of the partial rollback.

Right now it appears that the NXT community has decided not to implement the rollback in any form.


The funds in question are now here:
http://www.mynxt.info/blockexplorer/details.php?action=ac&ac=1244396688755618309

There was a short negotiation with the thief, but that only resulted in the return of 5 million NXT so far, here are the AMs on the subject:
https://nxtblocks.info/#section/blockexplorer_messages
and search for: NXT-8WJ7-8A2H-MBYN-3W9K4

You can see the whole story.

More info soon....


 
hero member
Activity: 574
Merit: 523
Definitely NO!

it's a business, not a game for kids.

Think about it as if you were told that your last salary have been paid in counterfeit notes which your employer got from some customer who is gone now.

Edit:

this was due to a exploit through BTER? or a poor wallet passphrase?

The Bter guy in charge of the servers had used the same password for all the hosting accounts and perhaps more. He was in the midst of installing two-factor authentication, but he hadn't gotten around to the server holding the Nxt at the time of the robbery. There's been a little speculation that it was a sort-of inside job by an ex-employee or associate, but that's just unfounded rumour.

If this is true then definitely its a bter fail and they have to pay for any loses, not the community.

Edit 2:

Disclaimer: I have no a single NXT.
legendary
Activity: 924
Merit: 1000
some guy just said on the other NXT topic that BTER had used a poor password with no 2fa.

also thanks for voting people.. i am surprised i thought it would be a lot more yes votes.

The noes come from people worried that a rollback implies "centralization" and people worried that businesses will shy away from adopting Nxt because of "rollback risk."

The former is technically inaccurate, as it would be decided by the community of forgers, but the underlying point is a good one. We all know what happened to Socrates.
jr. member
Activity: 59
Merit: 10
some guy just said on the other NXT topic that BTER had used a poor password with no 2fa.

also thanks for voting people.. i am surprised i thought it would be a lot more yes votes.
It's a false dilemma anyway. People can keep using the blockchain they want, they'll just not be able to transact with people that chose otherwise. Essentially, it boils down to choosing to let the thief go, or stop him, and then being locked in with all the other participants that made that same choice.
legendary
Activity: 924
Merit: 1000
this was due to a exploit through BTER? or a poor wallet passphrase?

The Bter guy in charge of the servers had used the same password for all the hosting accounts and perhaps more. He was in the midst of installing two-factor authentication, but he hadn't gotten around to the server holding the Nxt at the time of the robbery. There's been a little speculation that it was a sort-of inside job by an ex-employee or associate, but that's just unfounded rumour.
legendary
Activity: 2492
Merit: 1473
LEALANA Bitcoin Grim Reaper
Vericoin 2.0  Cheesy
sr. member
Activity: 313
Merit: 250
i ♥ coinichiwa
this was due to a exploit through BTER? or a poor wallet passphrase?

Obviously a poor cold wallet setup. Even with a strong passphrase and 2fa you should never keep more coins than you can afford to lose on the same online system.
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
some guy just said on the other NXT topic that BTER had used a poor password with no 2fa.

also thanks for voting people.. i am surprised i thought it would be a lot more yes votes.
sr. member
Activity: 479
Merit: 250
this was due to a exploit through BTER? or a poor wallet passphrase?
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
uhhhhh "learned a lesson"

i have seen plenty of comments but not 1 saying how the fuck this happened in the first place
and what is fucked up is out of all this drama i have not seen one other guy ask once LOL
What does that say about all of you ?  Roll Eyes

gimme the facts or else !  Angry
jr. member
Activity: 59
Merit: 10
i think the truly interesting thing is that the NXT devs were saying they could ROLL BACK ONLY THE STOLEN FUNDS, nothing more.

In other words, no other transactions would be affected by the rollback. So its the perfect rollback, not a complete erasing of all transactions on those blocks. only the bad ones.

I think that makes the choice much more difficult, but i would still choose with not supporting bter's poor security with a rollback. Don't leverage your coins power for an exchange's weakness.

doesn't matter now as bter has invested/sent 110 BTC to the hacker, so now the hunt is on...

I would argue that BTER has definitely learned a lesson and will be changing their practices. Nobody is working harder on securing their website right now than BTER. Plus, if the majority decides to consent, they can get their coins back as well and we don't have a hacker running around with 5% of the money supply that he stole from thousand of people. It's win-win.
sr. member
Activity: 370
Merit: 251
i think the truly interesting thing is that the NXT devs were saying they could ROLL BACK ONLY THE STOLEN FUNDS, nothing more.

In other words, no other transactions would be affected by the rollback. So its the perfect rollback, not a complete erasing of all transactions on those blocks. only the bad ones.

I think that makes the choice much more difficult, but i would still choose with not supporting bter's poor security with a rollback. Don't leverage your coins power for an exchange's weakness.

doesn't matter now as bter has invested/sent 110 BTC to the hacker, so now the hunt is on...
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
Having 5% of the entire coin controlled by a single, unknown hacker is a problem. A much larger problem than erasing a few hours of transactions when that's what the community wants.
What if i don't want it? What if other 5 people that I'm connected don't want it?
The hacker is also part of the community.  Wink
It's not a forum vote, NXT stakeholders make the decision. People who hold NXT and securing the network. How do you still don't understand this?

NXT stakeholders know what happened yet ?
Because unless they have all the facts such as, how this even happened in the first place.. a vote on YES or NO is stupid !
or does it not even matter because your bag holders ?
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
JPC was hacked months ago for some many millions of coins via users (not exchanges) (it was an RPC exploit vulnerable on lots of coins)
and the hacker dumped them all on exchanges tanking the price and it never recovered !
i never asked for a roll back.. i don't think any of us even considered it.
It affected my pocket !
Our coins went from about 81 to 31 over night and stayed there and got worse.
And i took my lumps and moved on..

NXT bag holders should take their lumps..
Giving them (NXT bag holders) special treatment is not smart and will effectively kill your coin. (potential users will always be reminded of this forever)

So NXT guys think about it.. want your coin dead or BTER ?
BTER will have to pay back it's users regardless or vanish off the net..
Meanwhile if you roll back for BTER's sake your shooting yourself in the foot !
hero member
Activity: 739
Merit: 500
Having 5% of the entire coin controlled by a single, unknown hacker is a problem. A much larger problem than erasing a few hours of transactions when that's what the community wants.
What if i don't want it? What if other 5 people that I'm connected don't want it?
The hacker is also part of the community.  Wink
It's not a forum vote, NXT stakeholders make the decision. People who hold NXT and securing the network. How do you still don't understand this?
Pages:
Jump to: