Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 1479. (Read 4670972 times)
September 04, 2014, 06:40:56 PM
XMR is the future.
September 04, 2014, 06:38:15 PM
How many blocks have your servers found since the attack, relative to an average of what they normally find?
The usually count +/-, nothing unusual
If he was confident in finding the next block, assuming he did, that would have been a strong candidate for the purpose of the attack - who wouldn't want to know they could mine blocks on demand? He could deliver whole clusters of a Merkle tree. But not sure that has happened here if you don't have any spikes in blocks.
edit
Atrides, I'm afraid you seem to be ground zero at the moment.
Its been a while since I've been on your pool, but can you tell when the miner linked to these blocks started and possibly finished on your pool?
September 04, 2014, 06:34:27 PM
There just has to be a financial motive for this. only thing makes sense
I agree. What about using foreknowledge of this to trade (assuming people will panic).
Forks cause exchanges to freeze up. That would be too risky.
Maybe you think you are going to just kill the coin outright or close to it. If you can manage to arrange a short, you don't relay care about exchanges. You short, it goes to zero, you make money.
rpitilla has been selling OTC options. Any unusual put orders?
September 04, 2014, 06:31:31 PM
Or it wasn't (directly) economically motivated to attack an exchange, perhaps to simply attack the coin directly (especially if they underestimated us and didn't think we could fix it).
But we are still just guessing.
This is what I was just going to say. If a few are pissed enough I could imagine they would do it just for that purpose.
At any rate great job to the devs and all who were involved helping out by spreading the word to exchanges etc. It was really great seeing the devs working hard to fix it & communities reaching out to assist.
September 04, 2014, 06:29:50 PM
How many blocks have your servers found since the attack, relative to an average of what they normally find?
The usually count +/-, nothing unusual
But found another interesting thing.
They are some hidden pool with ca. 7-9 Mhs (easy to find, just network-hashrate - all known pool speeds)
And daily difficulty waves depends on this hidden pool.
What now? Today wave is broken (see diff-picture on my pool) and all pools found more blocks this time )))
I think hidden pool on the wrong chain.
September 04, 2014, 06:29:43 PM
There just has to be a financial motive for this. only thing makes sense
I agree. What about using foreknowledge of this to trade (assuming people will panic).
rpitilla did say something about what he described as unusual trading that day. i don't know the details.
He stated this:
Wouldn't it be best to let weak hands dump and long term believers buy at discounted prices than artificially holding the price up?
With price-discovery in the markets, the definition of "artificial" is vague. In one sense, the decline from 510 to 400 and below was "artificial" (if we assume it was, at least partly, a product of preknowledge of the coming attack and speculation that it would further hurt the price). In the other sense, the essence of markets is that all knowledge is taken into account, information is not perfect, and seldom even the best informed players have access to many information that some of the others have, in turn.
If we discount the last week downturn altogether, the price should be much higher by now. The attack failed - it could not damage the confidence towards XMR, it exposed the old scammers more, and proved how capable the devteam is. "Rolling back" the preparation of the attack from price history would lift us to 600 by tomorrow.
But if the market collectively decides that a selloff is in order, we might find ourselves at 300 instead. That some buyers openly like XMR at 400, is no more artificial than others vowing in the trollbox that they will sell every one of theirs, at whatever price they can get once the trading starts. Depending who will prevail, buying at 400 may be the last opportunity to buy at 400, or the last opportunity to sell at 400. Most likely, given the meager actual effect of the attack, it won't be neither, and anyone making decisions based on what others have already done, is just impoverishing himself as a result.
I have a largish number of XMR and BTC in the exchange, ready to react. But my reaction will be to buy if the price goes down, and sell if it goes up. This is my way of making slow and steady profit. Others have their way, and without panickers, my income would be significantly lower.
September 04, 2014, 06:29:29 PM
There just has to be a financial motive for this. only thing makes sense
I agree. What about using foreknowledge of this to trade (assuming people will panic).
Forks cause exchanges to freeze up. That would be too risky.
September 04, 2014, 06:28:14 PM
There just has to be a financial motive for this. only thing makes sense
I agree. What about using foreknowledge of this to trade (assuming people will panic).
rpitilla did say something about what he described as unusual trading that day. i don't know the details.
September 04, 2014, 06:26:43 PM
There just has to be a financial motive for this. only thing makes sense
I agree. What about using foreknowledge of this to trade (assuming people will panic).
September 04, 2014, 06:25:48 PM
W h a t a g r o s s i r o n y that the most legitimate and economic initial distribution of any cryptocoin existing (and therefore the most potential #2 coin in the months and years to come) happens to be a coin with an unbelievably messy codebase, intentionally made scammy, buggy, unoptimized, crippled and obfuscated by the (B)CN scamdevs.
XMR is not the most legitimate and economic initial distribution of any cryptocoin existing. There are other people(myself included) who have gone to great lengths to attempt to create the fairest possible initial distribution for a cryptocurrency.
Hah, contradiction already in the second line. Sorry to say but your logic has been going down since last year.
There have been other currencies that have been launched with no premine, no instamine, no IPO, with development entirely funded by donations. And that didn't have a crippled hash function at launch.
Monero has had a relatively fair launch. But to make a claim as grand as you just did is quite strong. There are many other positive aspects of Monero that are based in fact and can be proudly trumped instead. One of which is the solid dev team that takes an honest approach to communication and doesn't sugar coat the issues. This is rare and exceptional in my opinion.
edit: attempt and succeed btw.
I've reed some of your posts, but I'll click on the ignore link for some time in order to filter non-useful posts - nothing personal. I could miss a lot while most of this thread posts are ignored users, but at least It'll take me reasonable time to read this thread. Anyone - feel free to update me in PM if you have a life changing event to share - I have some too.
September 04, 2014, 06:23:46 PM
The scope of this attack clearly makes it an organized effort. While it is possible that some lone guy is figuring out the flaw and how to take advantage of it, the fact we are needing more than one skillset and resources more indicates a team is involved.
Theoretically if you guys didnt notice the strange stuff on the blockchain and polo went on a fork, could they have just made many small withdraws over a week and drained the polo acct? The timeframe and resources required for this doesnt seem like some statment attack to cause a fork and go "ha ha", but where financial gain is involved.
If so, the list if suspects as being involved in this would be polo accts that were involved in accumulating recently (which I remember seeing talked about) and probably these were also trying to do the double spend while on the fork.
So, maybe the attack was against polo?
James
Theoretically if you guys didnt notice the strange stuff on the blockchain and polo went on a fork, could they have just made many small withdraws over a week and drained the polo acct? The timeframe and resources required for this doesnt seem like some statment attack to cause a fork and go "ha ha", but where financial gain is involved.
If so, the list if suspects as being involved in this would be polo accts that were involved in accumulating recently (which I remember seeing talked about) and probably these were also trying to do the double spend while on the fork.
So, maybe the attack was against polo?
James
Nope - bear in mind that basically without any action from us the "bad" fork died after 35 minutes. It still exists, it's just stuck at block 202647 and won't proceed. This would have happened even if we hadn't noticed it, so there's little they could have done to have any long-lived attack.
They clearly really understand the codebase
This indicates they wrote it or they have studied it extensively, I cant see anyone just randomly finding this and making elaborate attack.
Is there some "cascade" issue that having this fork could trigger?
Like dominos, the fork is the first and that makes an opening for another edge case?
It just seems like 100x more effort for just making a temporary fork. Any chance that a many blocks could have been mined consecutively without actually mining due to this fork, directly or indirectly.
There just has to be a financial motive for this. only thing makes sense
James
I think its possible it didn't quite work right. As you point out it was elaborate and had a lot of parts. Maybe it malfunctioned a bit. That would fit with the stealthiness that doesn't really serve any other purpose other than to exploit something once it kicked in.
Or it wasn't (directly) economically motivated to attack an exchange, perhaps to simply attack the coin directly (especially if they underestimated us and didn't think we could fix it).
But we are still just guessing.
As for the fork it is completely dead. We will put in a checkpoint on the valid fork so no chance of ever bringing that one back to life.
As for other bugs/exploits, as I said a page or two back, we can never rule that out. All we can do is work to improve the code.
September 04, 2014, 06:21:04 PM
The scope of this attack clearly makes it an organized effort. While it is possible that some lone guy is figuring out the flaw and how to take advantage of it, the fact we are needing more than one skillset and resources more indicates a team is involved.
Theoretically if you guys didnt notice the strange stuff on the blockchain and polo went on a fork, could they have just made many small withdraws over a week and drained the polo acct? The timeframe and resources required for this doesnt seem like some statment attack to cause a fork and go "ha ha", but where financial gain is involved.
If so, the list if suspects as being involved in this would be polo accts that were involved in accumulating recently (which I remember seeing talked about) and probably these were also trying to do the double spend while on the fork.
So, maybe the attack was against polo?
James
Theoretically if you guys didnt notice the strange stuff on the blockchain and polo went on a fork, could they have just made many small withdraws over a week and drained the polo acct? The timeframe and resources required for this doesnt seem like some statment attack to cause a fork and go "ha ha", but where financial gain is involved.
If so, the list if suspects as being involved in this would be polo accts that were involved in accumulating recently (which I remember seeing talked about) and probably these were also trying to do the double spend while on the fork.
So, maybe the attack was against polo?
James
Nope - bear in mind that basically without any action from us the "bad" fork died after 35 minutes. It still exists, it's just stuck at block 202647 and won't proceed. This would have happened even if we hadn't noticed it, so there's little they could have done to have any long-lived attack.
They clearly really understand the codebase
This indicates they wrote it or they have studied it extensively, I cant see anyone just randomly finding this and making elaborate attack.
Is there some "cascade" issue that having this fork could trigger?
Like dominos, the fork is the first and that makes an opening for another edge case?
It just seems like 100x more effort for just making a temporary fork. Any chance that a many blocks could have been mined consecutively without actually mining due to this fork, directly or indirectly.
There just has to be a financial motive for this. only thing makes sense
James
September 04, 2014, 06:20:38 PM
So, I have also researched this fork from pool side.
I think the attacker doesn't need so much power because they used power from existing pools.
I have found that 202614 on both forks were found by my servers:
Erebor1: (height,difficulty,bhash,timesec)
Moria:
And time difference is ca. 15 minutes, so therefore forks happens before. After that Erebor1 was on wrong chain some time.
But how he has organized bad TX's I don't known. And who found blocks 202612?
I think the attacker doesn't need so much power because they used power from existing pools.
I have found that 202614 on both forks were found by my servers:
Erebor1: (height,difficulty,bhash,timesec)
Code:
202614,1237676319,'ed4eea6109a1b662cf4a3bb372ed4bdee588160b0ac371c2ad78c5e603b8f2ac',1409805725
Moria:
Code:
202614,1237676319,'c29e3dc37d8da3e72e506e31a213a58771b24450144305bcba9e70fa4d6ea6fb',1409804768
And time difference is ca. 15 minutes, so therefore forks happens before. After that Erebor1 was on wrong chain some time.
But how he has organized bad TX's I don't known. And who found blocks 202612?
How many blocks have your servers found since the attack, relative to an average of what they normally find?
September 04, 2014, 06:19:38 PM
Forking a coin is so stupid Lol. Why would anyone would waste their own money just to fork a coin? Makes no sense...but this is cryptoland, where people waste their entire life savings on stupid shit.
September 04, 2014, 06:12:54 PM
The scope of this attack clearly makes it an organized effort. While it is possible that some lone guy is figuring out the flaw and how to take advantage of it, the fact we are needing more than one skillset and resources more indicates a team is involved.
Theoretically if you guys didnt notice the strange stuff on the blockchain and polo went on a fork, could they have just made many small withdraws over a week and drained the polo acct? The timeframe and resources required for this doesnt seem like some statment attack to cause a fork and go "ha ha", but where financial gain is involved.
If so, the list if suspects as being involved in this would be polo accts that were involved in accumulating recently (which I remember seeing talked about) and probably these were also trying to do the double spend while on the fork.
So, maybe the attack was against polo?
James
Theoretically if you guys didnt notice the strange stuff on the blockchain and polo went on a fork, could they have just made many small withdraws over a week and drained the polo acct? The timeframe and resources required for this doesnt seem like some statment attack to cause a fork and go "ha ha", but where financial gain is involved.
If so, the list if suspects as being involved in this would be polo accts that were involved in accumulating recently (which I remember seeing talked about) and probably these were also trying to do the double spend while on the fork.
So, maybe the attack was against polo?
James
Nope - bear in mind that basically without any action from us the "bad" fork died after 35 minutes. It still exists, it's just stuck at block 202647 and won't proceed. This would have happened even if we hadn't noticed it, so there's little they could have done to have any long-lived attack.
September 04, 2014, 06:05:12 PM
So how did the attacker know both how to exploit AND have enough firepower to submit consecutive blocks?
Must be some mighty sophisticated malicious agents.
Must be some mighty sophisticated malicious agents.
If I'm reading tacotime's analysis correctly, it's not clear that the *attacker* would have had to solve the second block(s) after finding the first one. To wit:
If half the network accepted the block with TX_1 and TX_2 (block A, accepted by set 1), and the other half had accepted TX_3 and TX_4 (block B, accepted by set 2),
then couldn't the attacker simply generate the corresponding *transactions*, and let some other miner(s) generate blocks that contained them? The fork happened as soon as the nodes in the network had accepted conflicting sets of transactions. Block A would not be accepted by nodes in set 2, because they had a double-spend and so those nodes would keep trying to mine their own block. Those nodes in set 2 would only include TX_3 and TX_4 in a block they tried to mine, because TX_1 and TX_2 are invalid.
Correct.
edit: Though I will note that these tx had non-standard fees of 0.000000000001, which no mining node on the network would have included using any version of the reference code, so the attacker did for some reason mine the second block on both forks (to what end I'm not sure, maybe just to impress us).
Theoretically if you guys didnt notice the strange stuff on the blockchain and polo went on a fork, could they have just made many small withdraws over a week and drained the polo acct? The timeframe and resources required for this doesnt seem like some statment attack to cause a fork and go "ha ha", but where financial gain is involved.
If so, the list if suspects as being involved in this would be polo accts that were involved in accumulating recently (which I remember seeing talked about) and probably these were also trying to do the double spend while on the fork.
So, maybe the attack was against polo?
James
September 04, 2014, 06:03:23 PM
I cannot create an account.
The website is stuck at:
https://poloniex.com/signup_validate.php
Am I under personal attack or something?
The website is stuck at:
https://poloniex.com/signup_validate.php
Am I under personal attack or something?
I remember when i registred on Poloniex everything also worked so slow, like it will never load. But then i realized it is only their home page such, when you move to exchange tab is was and it is all fine.
September 04, 2014, 05:55:30 PM
And who found blocks 202612?
We had assumed they mined themselves but with your revelation one must ask the question of whether they somehow used a pool. We're investigating.
September 04, 2014, 05:52:40 PM
Congratulations to Monero devs and community and well done! I guess aside from all the stress, you've made a really great step forward today.
September 04, 2014, 05:43:14 PM
Really glad to see this statement. Based on the code I have seen, the only way to be 100% safe is to rewrite the critical functions in modern code, with clear variables and functions, and well documented with comments. The current core code is indeed horrible. That predates Monero of course. Current devs are doing the best they can with what they have inherited, but in the end the only way to really be safe is to rewrite the major pieces. That happened with BTC over the years as well.
Further we will be restructuring, refactoring, and/or replacing some of the code in order to further increase its robustness and trustworthiness (removing obfuscation for example).
Further we will be restructuring, refactoring, and/or replacing some of the code in order to further increase its robustness and trustworthiness (removing obfuscation for example).
Jump to: