Topic: Terracoin attack caused Bter.com 50BTC loss - page 2. (Read 5329 times)

When you deposit, you just deposit to the exchange wallet; where other deposits happen too. Same happens with withdrawl. So you don't do a point to point transaction between buyer/seller.

The hard-fork really damages a lot except the attacker is happy at the end.
I think terracoin community should thank bter.com for taking most of the damage. Otherwise, TRC value will be dilute more.

Thanks, nice to see some people more concerned on securities and future of cryptocurrencies.

Especially when it take 10 min to any programmer to make some script to check such special activities (big deposit...) We talk as admin of exchangers sometime managing hundreds of USD worth owned by users, also making good money with fees... I wont say more you got my point If admin of an exchange cannot hire some people to monitor 24/24, then exchange should'nt run or users should expect some lost anytime....Or just avoid this exchange.

I completely agree.  Good to know you have the proper safety checks at crypto-trade.  I know Cryptsy also had alerts triggered and disabled accounts.  Your efforts will help keep damage to altcoins to a minimum as the industry continues to mature, and for that I thank you.

-Merc

Letting few minutes more to check more about big deposits.

When you see 120k trc coming if you monitor as you know it is attacked, you usually suspect something...And lock the user for more investigation

Even smaller amount looking enornous compar to usual... Of course as said 24/24 monitoring is needed... Or the TRC trading should be stopped directly before any disaster... I agree on that


I agree while coinotron is a pool, managed by only one operator. Pool also dont earn same fees than exchange and dont push same risk on users. We can understand that coinotron took time to react. An exchange shouln't run if is not 24/24 monitored, my opinion remains the same about this.

None. Coinotron had over 100 confirmed blocked they mined erased by the attacker before they suspended the TRC pool. The difficulty exploit made the attack unstoppable for the most part. In the main thread discussing the attack we were surprised trading was open at all.

here something else I don't understand
during the attack 100 confirmations were a matter of a few minutes... since the blocks were generated with very high frequency... what difference did it make?

Happy that a 24/24 monitoring and immediate update to 100 confirmations deposit with a special checking on each then TRC deposit, helped crypto-trade.com to be safe of such lost.

I guess when you run an exchange and accept small Alt coin you have to expect such problem...and be ready to react immediatly as some hours can cause disaster. If you cannot handle it just don't accept such alt coin, or don't run an exchange taking risk to lost funds of your users. Sorry to be rude but I would be same with myself even worst...

Edit : just noticed that on your website : > Manually confirmed withdrawal

It means you processed the 50 btc manually to then understand your site was like attacked? I dont get it fully

Neotrix, Admin of crypto-trade.com

let me understand how an exchange works...
a guy deposit x coins on his address...
then he sells something to someone else
are the coins really moved to the seller address to the buyer address after the trade?

Right, which is what double spend is all about.

Chain A I sent coins to BTCe. They clear, I sell them for BTC. I withdraw the BTC.

Now I make a new chain B started the block before I sent the coins, and make it longer than chain A so clients switch to it instead. My coins were never sent to BTCe, I still have them, but I also have the BTC I sold them for. BTCe is left without the BTC or the TRC.

I trust BTCe is on the mailing lists of all coins they support, so they always know about mandatory upgrades in advance.

The attacker's deposit disappeared.

the exchange is with no doubt to blame for not stopping the unusual activity on TRC... vircurex did, other raised the confirmation up to 100, bter stood still at 4 confirmations and let massive and unusual trading to take place for more the 24 hrs. I mean when I saw that massive dumping I bought something and I took a huge risk, in fact  everybody was talking about TRC to be screwed up and worth nothing, so to me the dumper could have been just a guy with lots of them just scared to lose his money and wanting out. but that was indeed suspicious to me. since my activity is arbitrage coins I saw the opportunity and even if I thought it was very risky I bought some in order to sell somewhere else at higher price.

NOW, what I want to know here: the coins the bastard sold on BTER have disappeared OR NOT?? cause it doesn't look like to me... the ones I was able to move out of BTER are sitting on my other accounts and have NOT disappeared. so how could BTER affirm the coins have disappeared... the only coins that might have disappeared after block 175k are the ones the bastard couldn't sell which are still sitting on his account...

...unless, and here I prove I don't know how exchanges really works, the buying/selling trades on each exchange aren't really settled until the coins are moved from the buyer to another address. in this case everything that's still on BTER truly disappeared, except the coins that buyers were able to move out of their BTER account.

am I right?

Was this double spend after or before the double spend attacks started? If after, then the exchange is completely to blame for not stopping TRC deposits upon the first double spend hitting the network.

have those coins disappeared or not? I still don't understand.
if I bought some on BTER (which actually I did) and sold them on there or on another exchange, did those who bought from me see the trc disappear after block 175k??? this sounds impossible to me! in fact I was able to move like 18 coins I bought on bter (most likely from the attacker) to another exchange and I still see them! they have not disappeared anywhere. I still own them, as I think any other buyer do.

please explain.. this is fishy.

if BTER says the coins have disappeared when actually they have not, in reimbursing the buyers at the price they bought, they keep the TRC for themselves and do make a profit selling them at current prices. not so much as taking a loss... come on!

please explain!!

thanks

I had lost 8 LTC when my Bter account got hacked sometimes back. I withdrew everything and left it - there are much better exchanges out there.

Good luck though - I do hope you bounce back.

Yeah that's why the dev didn't roll things back to before the attack, because of the valid trades the exchanges had done/etc and they rely on the chain remaining intact as best as possible.

wouldn't have been better to keep those coins as valid, so to let the attacker keep his profits without harming specific people (like bter in this case), at the end of the story he didn't cause any harm apart from an increased inflation and dilution of the coin...which basically it's what central banks do everytime they print new money out of nothing.

what a mess!

This sounds like a serious 51% doublespending attack on bter. Note the original time warp requires 51% attack as a basis.

1st, it wasn't a 51% attack, but a time warp attack.  The fix TRC made to their client (by my understanding) was supposed to invalidate all the time-warped blocks, meaning all the coins this person exploited vanished once the block chain hit the 175000 block.  Therefore, any coins he mined and sent elsewhere should have vanished at block 175000 (which they seem to have from the OP).  The current TRC blockchain is at block 175040 while the old client chain (that someone is still mining) thinks the current blockchain it at 175460.  If you were still using the old client, those coins would still be there.