Pages:
Author

Topic: The TRUTH about Darkcoin: ZERO Anonymity, EASY DOS attacks, & Amateur code base! (Read 9018 times)

legendary
Activity: 1750
Merit: 1036
Facts are more efficient than fud
Thanks to the leveraged shorts now offered by Poloniex, not even otoh can prop up the price.   Smiley

Too bad DASH volume in Poloniex is so low that you can't short any meaningful amount without suffering huge financial losses in the process. And why would any privacy aware person surrender himself to Poloniex and its KYC policies in the first place.

Only if your sh*tcoin can't get listed anywhere else, and even when it does, no one will touch it with a ten foot poll Wink

I don't get this concern--unless you are trying to hide the buying or selling of Monero, this doesn't break your privacy. You can still spend it privately, so what's the concern? Your are certainly capable of using shapeshift or an exchange that doesn't follow KYC if laundering funds is your objective (not that I'm condoning that behavior).
sr. member
Activity: 392
Merit: 255
Thanks to the leveraged shorts now offered by Poloniex, not even otoh can prop up the price.   Smiley

Too bad DASH volume in Poloniex is so low that you can't short any meaningful amount without suffering huge financial losses in the process. And why would any privacy aware person surrender himself to Poloniex and its KYC policies in the first place.

Only if your sh*tcoin can't get listed anywhere else, and even when it does, no one will touch it with a ten foot poll Wink
hero member
Activity: 966
Merit: 1003
Thanks to the leveraged shorts now offered by Poloniex, not even otoh can prop up the price.   Smiley

Too bad DASH volume in Poloniex is so low that you can't short any meaningful amount without suffering huge financial losses in the process. And why would any privacy aware person surrender himself to Poloniex and its KYC policies in the first place.
legendary
Activity: 2156
Merit: 1072
Crypto is the separation of Power and State.
Darkcoin/DASH hit 0.0249 today....what did the other 'anonymous' crypto currencies today?

Darkcoin/DASH continues to grow because it is the only genuine privacy-centric digital currency in the marketplace that actually works and has not been exploited.

DASH Last Price?  0.0124   Grin

The rebranding pump was just a blow-off top and an opportunity for THE DARKCOIN FOUNDATION INC to dump more of its massive insta-mine on you true-believing cargo cult losers.

Thanks to the leveraged shorts now offered by Poloniex, not even otoh can prop up the price.   Smiley
legendary
Activity: 1722
Merit: 1217

Masternode gaming was identified as a risk in a security review and a lot of strengthening against this was done.


Quick hand me another eye patch, shes sprung another leak cap'n.


sr. member
Activity: 294
Merit: 250
wow darkcoin stole another coin name dash, took that name DASH and had a instamine. wow but i love it
legendary
Activity: 1190
Merit: 1002
Pecvniate obedivnt omnia.
blah blah blah, i'm just shitty that i chose to invest my time and money  into worthless alt coins that offer absolutely nothing to the market place and have not increased in price since creation.  But now i've bashed Darkcoin too much and it's too late and hard on my ego to stop so i'll continue to offer pathetic arguments hoping that by some freak chance Darkcoin will plummet and i can go back to my poor excuse for a crypto currency.

Hey icebreaker, i just fixed your post and wrote what you actually meant to say.  Maybe your words got a bit muddled as you typed?!

oh, incase anyone missed it, Darkcoin/DASH hit 0.0249 today....what did the other 'anonymous' crypto currencies today?

Darkcoin/DASH continues to grow because it is the only genuine privacy-centric digital currency in the marketplace that actually works and has not been exploited.
Lies.
hero member
Activity: 535
Merit: 502
blah blah blah, i'm just shitty that i chose to invest my time and money  into worthless alt coins that offer absolutely nothing to the market place and have not increased in price since creation.  But now i've bashed Darkcoin too much and it's too late and hard on my ego to stop so i'll continue to offer pathetic arguments hoping that by some freak chance Darkcoin will plummet and i can go back to my poor excuse for a crypto currency.

Hey icebreaker, i just fixed your post and wrote what you actually meant to say.  Maybe your words got a bit muddled as you typed?!

oh, incase anyone missed it, Darkcoin/DASH hit 0.0249 today....what did the other 'anonymous' crypto currencies today?

Darkcoin/DASH continues to grow because it is the only genuine privacy-centric digital currency in the marketplace that actually works and has not been exploited.
legendary
Activity: 2156
Merit: 1072
Crypto is the separation of Power and State.
Darkcoin is such a shitty fake-anon coin and blatantly illegal HYIP scheme.

No wonder they want desperately to steal Dash's name for their rebrand.
hero member
Activity: 672
Merit: 500
sr. member
Activity: 294
Merit: 250
I'd also like everyone to know the truth about the best scam ever made.

truth is out there. this cryptoshit is scam haven 101.
sr. member
Activity: 336
Merit: 252
I'd also like everyone to know the truth about the best scam ever made.
legendary
Activity: 2730
Merit: 1068
Juicin' crypto
hero member
Activity: 966
Merit: 1003
Yes, I agree - obviously a coin should be tolerant even to illegal attacks.

OP's original claim that "Darkcoin is prone to several cost-less DOS attacks that can destroy the whole network" is not true though. I don't know if it was true back when the claim was made, but I know that after OP was posted the dev team went bug hunting and fixed several bugs that could've been used to stall some of the functionality or game the masternode payments to benefit a dishonest masternode. When developing new technology problems are bound to happen, and that has been priced in as we can remember from the fork issues and the subsequent price drop last summer. Nevertheless, it was a good thing that the OP was posted back then as it motivated the team to set developing new features aside for a moment and go through the codebase and clean out all bugs they could find.

No, you're misunderstanding what a DDoS attack is. DDoS attacks are tangential to the software running on the server.

I can DDoS a server that has every port closed off to the outside world; the minute I send enough multi-packet traffic bound for that IP that the server / router / bordergate / network appliance has to reassemble packets I'm going to cause devastating congestion, forcing the datacenter to block packets bound for that IP at their upstream data provider.

This has nothing to do with the very excellent Bitcoin software or any cryptocurrency cloned from it, it is merely the nature of IP traffic routing. No amount of "bug fixing" in the software can prevent these attacks since the attack doesn't even require the software to be running.

He said DOS, not DDoS. When he said DOS, he meant stuff like agreeing to participate in mixing, and then stalling the process by not signing, and so on. Bugs that allowed that sort of DOS attacks were fixed.

Wrt DDoS however, I posted this earlier:

do you really think so? If someone wanted to destroy darkcoin's anonymity to say, catch someone whos engaging in illegal activity, then they(law enforcement) would probably have no issue ddosing all the masternodes, and what makes it even easier is that all the masternode's ip's are in the open.

Problem for trying to deanonymize DRK by ddos'ing is that the coins are pre-anonymized before they can be used.

So people will have anonymous coins in their wallet, and someone starts the attack and manages to take out every masternode except their own. People will send their anonymous coins to purchase whatever, and the attacker will be none the wiser as the coins and transactions are already anonymous. At that point people would notice the number of masternodes dropping from > 2000 to 20 for example, and realize what's going on, and wouldn't try to anonymize their standard coins. I've suggested earlier that the wallet would automatically detect this and prevent the user from mixing their coins while the attack is going on, and I believe it's a feature that will come at some point. So, the outcome would be that someone has just spent a lot of time and resources for no gain.

And there are plans to hide the masternode IPs so you can't find them and DDoS them (this will also help the masternode owners stay anonymous if they so prefer) - the development is still going on. What we have now doesn't mean it's what we'll have in a year or two. The fact that Darkcoin is not fully complete and perfected yet is priced in by the markets, otherwise it would have 10x to 100x the market cap it has now. Wink
legendary
Activity: 1722
Merit: 1002
Decentralize Everything

The third option that you're missing is: continuously attack Darkcoin masternodes in order to increase the profit of my masternode. Malice doesn't need to come from law enforcement, nor does it have to care about the longevity of the network.

Masternode gaming was identified as a risk in a security review and a lot of strengthening against this was done.

However, its virtually impossible to attack the masternode network to increase payments to your node.  Thats just not how payment selection works.
donator
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
do you really think so? If someone wanted to destroy darkcoin's anonymity to say, catch someone whos engaging in illegal activity, then they(law enforcement) would probably have no issue ddosing all the masternodes, and what makes it even easier is that all the masternode's ip's are in the open.

There are currently too many barriers for this kind of attack to even make sense. Even governments have spending oversight (lax as it is)
I'd like to see the agent in charge try to explain expenditure in the 10 million range , just to catch one or three traders of 50k worth of DRK.  

A better way to phrase my point

If this attack were this easy. Would you rather....

1. Attack bitcoin nodes and double spend for profit

2. Attack darkcoin nodes to unmask masked transactions

I've already pointed out that 1. is nonsensical and not possible, and 2. makes the assumption that deobfuscation is the aim.

The third option that you're missing is: continuously attack Darkcoin masternodes in order to increase the profit of my masternode. Malice doesn't need to come from law enforcement, nor does it have to care about the longevity of the network.
donator
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
Yes, I agree - obviously a coin should be tolerant even to illegal attacks.

OP's original claim that "Darkcoin is prone to several cost-less DOS attacks that can destroy the whole network" is not true though. I don't know if it was true back when the claim was made, but I know that after OP was posted the dev team went bug hunting and fixed several bugs that could've been used to stall some of the functionality or game the masternode payments to benefit a dishonest masternode. When developing new technology problems are bound to happen, and that has been priced in as we can remember from the fork issues and the subsequent price drop last summer. Nevertheless, it was a good thing that the OP was posted back then as it motivated the team to set developing new features aside for a moment and go through the codebase and clean out all bugs they could find.

No, you're misunderstanding what a DDoS attack is. DDoS attacks are tangential to the software running on the server.

I can DDoS a server that has every port closed off to the outside world; the minute I send enough multi-packet traffic bound for that IP that the server / router / bordergate / network appliance has to reassemble packets I'm going to cause devastating congestion, forcing the datacenter to block packets bound for that IP at their upstream data provider.

This has nothing to do with the very excellent Bitcoin software or any cryptocurrency cloned from it, it is merely the nature of IP traffic routing. No amount of "bug fixing" in the software can prevent these attacks since the attack doesn't even require the software to be running.
donator
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
The problem I see with this is.

Say there are 1,240 master nodes on the network. Lets say they are each feeding off a 1Gb pipe

In order to take out 1,240 masternodes you would need at least 1,240Gbps sustained ddos attack. Pretty hard to pull off

You would also have to own a few masternodes to pull off the attack. Therefore making an sizeable investment. And then attempting to destory the value of that investment

Your essentially saying the bitcoin network is just as vulnerable. If thats the case you could ddos 1,240 pools and gain 51% hashing power. Its just not as easy as your making it seem I dont think

You are incorrect for several reasons.

Firstly, when a server is DDoS'd the reaction of the data centre is almost always to block all data destined for the server's IP at the upstream data provider. Normally this is done on a BGP level. The thing with these BGP requests is that they cannot happen on a minute-by-minute basis, because massive routing changes are potentially dangerous and normally go through a change control process. Typically speaking, a dedicated server would be blackholed upstream on a BGP-level for ~4 hours. A VPS maybe longer by virtue of how cheap it is.

Thus if a sustained attack of 10 minutes is required to shut down a server for 4 hours, how much simultaneous bandwidth is required to kill your proverbial 1 240 masternodes? Well, basically it means you have to attack ~52 servers simultaneously. Now bear in mind that there are plenty of VPS and dedicated hosts that have 100mbps limits, I'd hazard less than 40% have 1gbps on tap, and fewer still with unmetered ports. In the VPS space especially bandwidth is shared between all guests on the host machine, so the actual available bandwidth is far from promised. Thus we can't take your 1gbps theoretical as being valid for all but a handful of masternodes. But let's be generous and pretend that 50% have unmetered 1gbps ports, and 50% have unmetered 100mbps ports, which means the total bandwidth required to knock the 52 servers off the grid is 28.6gbps.

Assuming you're Joe Scriptkiddie and don't have access to a botnet, how much would it cost to launch such an attack? Well I used Str3ssed (one of the many so-called "booter" or "stresser", basically a DDoS-on-demand service pretending to be a network stress tester) to price it out. With their 250gbps of "stresser" capacity a 28.6gbps requirement is trivial. So if we just wanted to attack the network once we'd need to use their "1 Month Ultimate" package, which allows us to attack 1 target at a time for a total of 60 minutes within the month (of course you can change targets and start/stop attacks whenever you want, it's just a total of 60 minutes in the month). Because of that restriction we have to attack 207 masternodes simultaneously for 10 minutes, and then switch to the next group of 207 masternodes, and so on for an hour. After an hour we will have knocked the masternode network offline at least for the following 3 hours, some for even longer. The total cost of doing this once-off attack would be 207 x $50 = $10 350. Not cheap, but certainly not out of reach.

The larger problem is that an attacker only slightly more sophisticated or enabled than Joe Scriptkiddie can pull off a sustained attack without spending a cent. SNMP amplification attacks, for instance, are no longer uncommon. Since SNMP provides a ~650x amplification, it means that a savvy attacker can turn a 1gbps VPS into a 650gbps DDoS device.

Literally the only reason that ludicrous amateur cryptography like this survives is because of the vast technical incompetence of many altcoin proponents. The time will come when someone more proficient sees an opportunity to short a coin or stands to benefit from a downturn, and they will decimate the house-of-cards infrastructure that has been built up.

Oh and your last point is, unfortunately, also not true: if you DDoS all the pools difficulty would not retarget quickly enough for you to have 51% of the hashing power, as the majority of miners have a fallback, sometimes to private pools etc. Also, things like p2pool and solo miners make an attack like this unreliable.
legendary
Activity: 1722
Merit: 1002
Decentralize Everything
Just a quick note on the usage of AWS for masternodes.  AWS accounts for less than half of masternode hosting now.  The community started to branch out some months ago.
legendary
Activity: 1064
Merit: 1002
I normally stay well clear of these debates, for obvious reasons, but I do get frustrated when I see well-articulated responses from people who are clearly intelligent advocating this obviously broken architecture, mostly through much hand-waving and placating each other.

Masternodes have to be available and connected to in real time in order to be used. Mixing is based entirely on their availability. Thus, in order to control a substantial number of masternodes one merely has to own a handful, and make the rest of the masternode network unreachable.

For even a script-kiddie-level attacker these techniques and funds are easily found.

Need to render 1100 masternodes unreachable? No problem - SNMP amplification attacks will let you use a handful of boxes to amplify the bandwidth under your control. When a datacenter sees a clear flood of traffic for a particular IP address at the datacenter their response is always automatic and the same - their upstream data provider blackholes that IP address at the upstream bordergate. This means that you can use SNMP or DNS amplification attacks to render a dedicated machine (never mind a VPS) inoperable and unreachable to the outside world.

The most critical take away for you today is that this problem is unsolvable at the userland level. In other words, no matter how much dev worship there is there isn't a magical line of code that can be written that can prevent amplification attacks from devices and servers that are unrelated to and unconnected to the Darkcoin network. It is something that cannot be controlled or influenced.

The solution would literally be for Darkcoin to scrap masternodes and go back to the proverbial drawing board to find an architecture that uses passive blockchain mixing or similar, but I suspect it is too late and there are too many stubborn heads for that.

The problem I see with this is.

Say there are 1,240 master nodes on the network. Lets say they are each feeding off a 1Gb pipe

In order to take out 1,240 masternodes you would need at least 1,240Gbps sustained ddos attack. Pretty hard to pull off

You would also have to own a few masternodes to pull off the attack. Therefore making an sizeable investment. And then attempting to destory the value of that investment

Your essentially saying the bitcoin network is just as vulnerable. If thats the case you could ddos 1,240 pools and gain 51% hashing power. Its just not as easy as your making it seem I dont think

do you really think so? If someone wanted to destroy darkcoin's anonymity to say, catch someone whos engaging in illegal activity, then they(law enforcement) would probably have no issue ddosing all the masternodes, and what makes it even easier is that all the masternode's ip's are in the open.

There are currently too many barriers for this kind of attack to even make sense. Even governments have spending oversight (lax as it is)
I'd like to see the agent in charge try to explain expenditure in the 10 million range , just to catch one or three traders of 50k worth of DRK.  

A better way to phrase my point

If this attack were this easy. Would you rather....

1. Attack bitcoin nodes and double spend for profit

2. Attack darkcoin nodes to unmask masked transactions
Pages:
Jump to: