Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 1396. (Read 4670630 times)

Correct on checkpointing as regular (but temporary mitigation). I would kindly request that the dev team release binaries as well, to ensure that the checkpoints are further distributed. Presumably, exchanges & pools will take the checkpoints from source at regular intervals, but compiling is not accessible to the average user.

From what I understand, the dev team is working on additional preventive measures, aiming for a more permanent solution to this type of attack. This experience should also highlight the importance of a healthy (read: strong/fast) Monero mining network. An open source AMD miner is perhaps one important measure in this regard.

Reminder: There's still an open bounty to this effect, and Wolf0 has generously posted some partial code towards this goal, so someone taking up the task, will not need to start from scratch.
https://bitcointalksearch.org/topic/bounty-for-open-sourced-xmrcryptonight-gpu-miner-bounties-thread-656841

PS: Please edit/remove text when quoting the troll(s), as this partly defeats the ignore function. Better options are:



^{Edit: Credits due to the community members who came up with these creative responses. Thank you!}

You're almost correct. By checkpointing daily for a bit (till he/she/it loses interest and it realises that it is both unethical and incompetent) we prevent it from being able to produce a non-checkpointed chain of any length.

It can literally become a war of attrition; however if the defence is in the process of developing a permanent fix then time is on the side of the defence. I compiled bitmonerod 4x over the last 24 hours on different computers.  

OK, I'm thoroughly confused. But I do know that if XMR survives this thorough thrashing, it will rise like a Pheonix. I commend those who would protect the ring signatures from the time warp.

Unless I am missing something obvious, doing so delays the attack and makes it considerably worse.
You want the attack to come as quickly as possible. The longer it is prolonged, the greater the effect.

His agenda may be to simply buy low and sell high. Anyone with asymmetric information can profit by manipulating the market. Another possibility is that he was paid (or manipulated) by the Bytecoin/CryptoNote scammers to harm XMR relative to the other CN coins. A twist on that scenario is that, at some point the B/CN scammers will realize (or have already realized) that it is better to join XMR than to fight it. Perhaps this was their way to board the train on advantageous terms. Note that none of this would require any actual flaw in XMR; it could all be smoke and mirrors. If so, then the scammers adroitly exploited TFM/AM to amplify the FUD. I doubt he would wittingly participate in such a scheme. He has apparently helped to identify and characterize some possible vulnerabilities in all the CN coins, though the significance of his findings has not yet been dispassionately analyzed. Whatever comes of TFM's discoveries, I doubt BCX truly had grounds to believe XMR to be flawed, until TFM surprisingly seconded the claim and then went on to doggedly pursue BCX's red herring. TFM is a brilliant and imaginative guy who stumbled into a pre-planned hoax, assumed that there must be something to BCX's claims, and then devoted himself to analyzing XMR's anonymity. That he didn't come up with anything resembling BCX's initial claim is reassuring, but not surprising. I am impressed with the XMR devs and community.

Any everyday, people would need to download a new wallet? Of course, you could make it so that the wallet ignores any blockchains that reorganise more than X blocks maybe? However, in this case - i'm not even sure if that is the issue here.

So if, by BCX's admission, it takes a couple of days for the timewarp symptoms to occur (presumably while building up the attacking chain), a viable mitigation strategy may be to checkpoint daily. This then results in him having to continually restart the attack before it builds up a long enough chain to go anywhere. Could do it at a random point each day to keep it unpredictable. If I understand the situation correctly.

It also appears less and less likely to me that BCX has a viable private-key compromising attack.

In a temewarp attack the attacking chain has to be built up first in private over a period of time. It is then released in the visible portion of the attack. Every time a checkpoint is added this process of building the attacking chain has to be restarted from scratch again, effectively delaying the visible portion of the attack.

Edit: Complacency while the attacking chain is being built, the non visible portion of the attack, becomrs the biggest enemy of the defence. This quote summarizes this very well.

1 - spread fud
2 - buy XMR
3 - pretend to attack
4 - buy XMR
5 - say that the flaw has been fixed by devs
6 - sell XMR
7 - repeat on an other coin
8 - ??

so now we are kept in captivity?

I still cannot see bcxs agenda

If it is just 4MH/s, then is it easier for BCX to attack BCN or BBY to prove his point?

The network hash rate is 20MH/s. How much does BCX need to accomplish the TimeWarp attack?

It certainly means he is currently threatening us. I guess in a sense that is itself an attack.

If its a timewarp attack, and has just begun... I presume he first has to catch up with the current blockchain with his own private mining pool? Ultimately, I thought checkpoints made that pointless.. so Im not sure what his attack is.

BCX says a time warp will show its effects after a few days, does this mean he is currently attacking us?

Can we still use the old daemon/wallet?

We have recommended and requested that exchanges freeze external transactions at this time due to a serious credible threat of an attack against the Monero blockchain.

We will update further as soon as possible.

Hi,

I think it would be useful to state the current version number in the thread title instead of the generic "mandatory update".

It's a small detail but enhances user experience

Important update (source code only)

If you are operating a pool or other important service, or if you are solo mining, and you compile your own node, please pull master from github and upgrade ASAP. Likewise if you have AWS images, please rebuild them with the new version. Additional precautionary checkpoints have been added to protect more of the existing blockchain.

Our recommendation and request is for exchanges is to remain frozen for external Monero transactions (trading is fine). If you are still running a node, please update it.

https://github.com/monero-project/bitmonero

The only evidence of anomalous activity is what was reported by fluffypony. Nevertheless malicious activity may occur that is not visible until the moment of the attack.

The update is an important precaution.

Updated binaries will follow shortly.

Further measures will be taken as necessary.