How to get free Bitcoin by exploiting a DASH InstantX

[FryMaple]

Step 1:

• Get 4 computers running dash with the full blockchain downloaded.
• 2 of the computers should have the same wallet file, with the funds you intend to double spend.

Step 2:

• This is where it will cost you some money. The dash hashrate is currently < 100GH/s. You'll have to spend enough money to have over 50% of that. There are currently about 13.5GH/s for X11 available on betarigs, and some on leaserig. Renting all of them for 24 hours would be a good start. You could pool your money with friends and purchase enough hashing power, the payoff would be worth it.
• Once you have enough hash power, connect 3 of your computers together (one that has funds in it, and the other two) and begin mining. The last one, with the duplicate wallet file, should be connected to the main network.

Step 3:

• Since you have over 50% of the network hashrate, you will eventually mine a few blocks ahead of the main dash network.
• When you are even just 3 blocks ahead, send all of your funds from your computer connected to the main dash network using InstantX. It will be confirmed after only 1 block on the dash main network. I recommend sending it to something like shapeshift.io, as they will immediately send you an equivalent BTC amount.

Step 4:

• Since InstantX confirms after only 1 block, it would be much easier to attack than coins that require many blocks for a transaction. This is what makes it so dangerous. Immediately connect your other computer with the duplicate wallet file to the main network. Voila! The network found a longer chain, and will use it instead. You never sent those Dash!

What to get out of this:

The network will ALWAYS use the LONGEST chain and conform to it. Any conflicting tx's or blocks in the SHORTER chain will be DISCARDED.

This is why confirming a transaction after 1 proof of work confirmation is so dangerous. There is no way to know that the masternode is on the longest chain! If another, longer chain is found, it will immediately switch to it and invalidate any conflicts.

This attack could, of course, be carried out on any Proof of Work network. However, that is why requiring a decent number of confirmations is so important. It would be much more difficult to mine 20 blocks ahead of the dash network than 2 or 3.

[1714047230]

1714047230

[1714047230]

1714047230

[1714047230]

1714047230

[1714047230]

1714047230

[sirslayer]

really?? and you actually have done this??

[MisO69]

So when the longer chain is accepted by the network as the proper chain, do the dash coins in the shapeshift.io wallet just disappear?

[FryMaple]

So when the longer chain is accepted by the network as the proper chain, do the dash coins in the shapeshift.io wallet just disappear?

When shapeshifts' node encounters a node with a longer chain, all conflicts will be invalidated automatically. So yes.

If you want to try it yourself, set up two nodes and connect them to each other but not the main network and begin mining. Since you don't have a huge hashrate, you won't be mining as many blocks as quickly as the main network. Send coins from one node to the other. Connect to the main network and watch the transaction be erased.

[GTO911]

Lol, lets pool together and fork this scam

[Prosperityforall]

Step 1:

• Get 4 computers running dash with the full blockchain downloaded.
• 2 of the computers should have the same wallet file, with the funds you intend to double spend.

Step 2:

• This is where it will cost you some money. The dash hashrate is currently < 100GH/s. You'll have to spend enough money to have over 50% of that. There are currently about 13.5GH/s for X11 available on betarigs, and some on leaserig. Renting all of them for 24 hours would be a good start. You could pool your money with friends and purchase enough hashing power, the payoff would be worth it.
• Once you have enough hash power, connect 3 of your computers together (one that has funds in it, and the other two) and begin mining. The last one, with the duplicate wallet file, should be connected to the main network.

Step 3:

• Since you have over 50% of the network hashrate, you will eventually mine a few blocks ahead of the main dash network.
• When you are even just 3 blocks ahead, send all of your funds from your computer connected to the main dash network using InstantX. It will be confirmed after only 1 block on the dash main network. I recommend sending it to something like shapeshift.io, as they will immediately send you an equivalent BTC amount.

Step 4:

• Since InstantX confirms after only 1 block, it would be much easier to attack than coins that require many blocks for a transaction. This is what makes it so dangerous. Immediately connect your other computer with the duplicate wallet file to the main network. Voila! The network found a longer chain, and will use it instead. You never sent those Dash!

What to get out of this:

The network will ALWAYS use the LONGEST chain and conform to it. Any conflicting tx's or blocks in the SHORTER chain will be DISCARDED.

This is why confirming a transaction after 1 proof of work confirmation is so dangerous. There is no way to know that the masternode is on the longest chain! If another, longer chain is found, it will immediately switch to it and invalidate any conflicts.

This attack could, of course, be carried out on any Proof of Work network. However, that is why requiring a decent number of confirmations is so important. It would be much more difficult to mine 20 blocks ahead of the dash network than 2 or 3.

So Dash's Instantx is just one big scam then. Dash is a complete joke.

[FryMaple]

My point is that it is EXTREMELY dangerous to only require 1 block confirmations on a coin. There is no "official" blockchain in any coin. The longest chain is always accepted as the valid one. If a transaction is locked and spent in 1 confirm, then a node encounters a chain 1 block longer without these funds being spent (or being sent to someone else, e.g. double spent), then it will accept that one as the valid chain.

[generalizethis]

Step 1:

• Get 4 computers running dash with the full blockchain downloaded.
• 2 of the computers should have the same wallet file, with the funds you intend to double spend.

Step 2:

• This is where it will cost you some money. The dash hashrate is currently < 100GH/s. You'll have to spend enough money to have over 50% of that. There are currently about 13.5GH/s for X11 available on betarigs, and some on leaserig. Renting all of them for 24 hours would be a good start. You could pool your money with friends and purchase enough hashing power, the payoff would be worth it.
• Once you have enough hash power, connect 3 of your computers together (one that has funds in it, and the other two) and begin mining. The last one, with the duplicate wallet file, should be connected to the main network.

Step 3:

• Since you have over 50% of the network hashrate, you will eventually mine a few blocks ahead of the main dash network.
• When you are even just 3 blocks ahead, send all of your funds from your computer connected to the main dash network using InstantX. It will be confirmed after only 1 block on the dash main network. I recommend sending it to something like shapeshift.io, as they will immediately send you an equivalent BTC amount.

Step 4:

• Since InstantX confirms after only 1 block, it would be much easier to attack than coins that require many blocks for a transaction. This is what makes it so dangerous. Immediately connect your other computer with the duplicate wallet file to the main network. Voila! The network found a longer chain, and will use it instead. You never sent those Dash!

What to get out of this:

The network will ALWAYS use the LONGEST chain and conform to it. Any conflicting tx's or blocks in the SHORTER chain will be DISCARDED.

This is why confirming a transaction after 1 proof of work confirmation is so dangerous. There is no way to know that the masternode is on the longest chain! If another, longer chain is found, it will immediately switch to it and invalidate any conflicts.

This attack could, of course, be carried out on any Proof of Work network. However, that is why requiring a decent number of confirmations is so important. It would be much more difficult to mine 20 blocks ahead of the dash network than 2 or 3.

So Dash's Instantx is just one big scam then. Dash is a complete joke.

Instamining x-coin and calling it an accident was the joke. Renaming it Dark and claiming it's anonymous without mathematical proof was the stand-up routine. Stealing a dev, renaming the coin again, and then claiming instant transactions without mentioning the security concerns is going on a world comedy tour with an HBO "live on Broadway" special as the finally. Thanks for all the laughs Evan, we'll miss you.

[bitpop]

Lol shitcoin gonna shitcoin

[oblox]

I'm still not seeing where over half the hashing power is available to rent to perform a 51%.

[bitpop]

I'm still not seeing where over half the hashing power is available to rent to perform a 51%.

Slightly increasing the rate will get people selling their hashing

[oblox]

I'm still not seeing where over half the hashing power is available to rent to perform a 51%.

Slightly increasing the rate will get people selling their hashing

You could make the argument that would always be the case for any coin's security. If an attacker is willing to "pay up" in terms of premium to rent hash, then it's just a matter of finding the threshold requirement that entices enough miners to rent out their rigs (better for them because they are making the premium over straight up mining and better for you because you are accumulating hash). I'm still not buying the practicality of renting that much hash, although the logistics behind taking advantage of the 1 POW requirement seem plausible at first glance.

[bitpop]

I'm still not seeing where over half the hashing power is available to rent to perform a 51%.

Slightly increasing the rate will get people selling their hashing

You could make the argument that would always be the case for any coin's security. If an attacker is willing to "pay up" in terms of premium to rent hash, then it's just a matter of finding the threshold requirement that entices enough miners to rent out their rigs (better for them because they are making the premium over straight up mining and better for you because you are accumulating hash). I'm still not buying the practicality of renting that much hash, although the logistics behind taking advantage of the 1 POW requirement seem plausible at first glance.

No one can afford bitcoins hash, if they could they'd be building their own farm which has always been speculated about, x11 uses gpu which is easier to buy

[tokyoghetto]

would be nice if the alt-coin community could pool funds together to launch this type of attack.

In the name of science of course.

[oblox]

I'm still not seeing where over half the hashing power is available to rent to perform a 51%.

Slightly increasing the rate will get people selling their hashing

You could make the argument that would always be the case for any coin's security. If an attacker is willing to "pay up" in terms of premium to rent hash, then it's just a matter of finding the threshold requirement that entices enough miners to rent out their rigs (better for them because they are making the premium over straight up mining and better for you because you are accumulating hash). I'm still not buying the practicality of renting that much hash, although the logistics behind taking advantage of the 1 POW requirement seem plausible at first glance.

No one can afford bitcoins hash, if they could they'd be building their own farm which has always been speculated about, x11 uses gpu which is easier to buy

Wrong. Banks (and other financial institutions), governments, billionaires (single or colluding millionaires) for example all could if they desired to (not saying they ever would, but that's an entirely different topic). The whole argument against the practical side of performing a 51% attack are the resources that get expended in doing so would do better contributing to the network in a positive means vs trying to double spend in x window of time. Even going back to Dash, you're still in a position where you need to find a service willing to exchange what would be a substantial amount of BTC or other valuable good/service (given the amount of BTC needed to rent all that hash) to justify attempting an attack in the first place. Now, if you are attacking without regard to profit, again, that's different. As it relates directly to Shapeshift, looks to be less than 5 BTC worth at a given exchange rate--hardly worthy of renting all that hash.

...and yes, it's always going to be easier to attack coins that have fractions of the network size BTC has (that's a given).

[toknormal]

Whatever the merits of this hypothetical attack, it's a problem I'd rather have than not have and it's one that all other cryptocurrencies wish they had.

The only reason they don't have it is because they're stuck with mono-functional networks where everything's got to be the worst-of-all-worlds kludge compromise.

 • Bitcoin can't do scaleability so it has to do bloat instead cos all it has to work with is blocksize.

 • Cryptonote can't do fungibility so it has to do invisibility instead, thereby condemning itself to a future of low confidence, scams, heists and subversion cos the blockchain's no longer publicly auditable.

 • And nobody can do fast confirmations so they have to do low blocktimes instead thereby ending up with loads of orphaned blocks.

The obvious answer to all these problems is decentralised functional diversification while keeping everything at a high level of redundancy.

[GTO911]

Where are the Darkcoin/Dash sheep now? No dumb justifications?

[coinmaster222]

I know where this topic is going lol but you would have to own 51% of the staking coins in an attack on a POS coin like CRAVE.Very unlikely.For the likes of Bitcoin it is now virtually impossible to perform a 51 attack a Government could not do it never mind some individuals

[hussar]

I know where this topic is going lol but you would have to own 51% of the staking coins in an attack on a POS coin like CRAVE.Very unlikely.For the likes of Bitcoin it is now virtually impossible to perform a 51 attack a Government could not do it never mind some individuals

CRAVE dev already acknowledged this https://bitcointalk.org/index.php?topic=997356.msg11113415#msg11113415

[jasemoney]

OK!
so who ends up with the money, obviously you broadcast 2 transactions. would first payment to your 4th wallet end up being included in a block in the the future since its out there in other mempools, what about the 2nd over to "shapeshift"
when do broadcast transactions get tossed out of the mempool, when theyre included in a block?

We deal with mini-forks all day long in POS coins, orphans etc. you can respend on a pos coin after 1 confirm. I havent seen an army of pitchforks lifted against this. wouldnt it cause the same issue?