Bitcoin Forum

Bitcoin => Bitcoin Technical Support => Topic started by: Kumic on September 09, 2017, 12:32:54 PM



Title: Hackers attacking again, pools are down, how to protect?
Post by: Kumic on September 09, 2017, 12:32:54 PM
As we sometimes sit comfortably in front of our screens with some awareness that we could get robbed and lose our precious coins one day, we often forget how dangerous actually, that might be. We have heard of many attacks before, where millions of dollars are lost and just lately pools like yiimp, hashbag and many others didn't resist to brutal hackers attacks.
This, once again puts out the same question again, how safe we are? Could this happen again? What kind of measures need to be brought to stop this, when we know that banks exist now for several hundred years and still getting robbed?
It's not just money fiat or crypto are lost, somebody is giving his best and put a lot of work to bring cryptocurrency, pool or some kind of new technology to life.

What is your opinion, what can be done?


Title: Re: Hackers attacking again, pools are down, how to protect?
Post by: karmakeddon on September 09, 2017, 12:42:00 PM
There is nothing we can really do. Whenever something good comes up in this world, someone will always take the other path and try to ruin it. That's life. One cannot exist without the other.


Title: Re: Hackers attacking again, pools are down, how to protect?
Post by: TravelMug on September 09, 2017, 12:51:23 PM
As we sometimes sit comfortably in front of our screens with some awareness that we could get robbed and lose our precious coins one day, we often forget how dangerous actually, that might be. We have heard of many attacks before, where millions of dollars are lost and just lately pools like yiimp, hashbag and many others didn't resist to brutal hackers attacks.
This, once again puts out the same question again, how safe we are? Could this happen again? What kind of measures need to be brought to stop this, when we know that banks exist now for several hundred years and still getting robbed?
It's not just money fiat or crypto are lost, somebody is giving his best and put a lot of work to bring cryptocurrency, pool or some kind of new technology to life.

What is your opinion, what can be done?


Good question though. I think we are really at their hands because hackers are very good at exploiting things from unsuspecting victims. As for me, I always update my laptop since I'm using Windows and we all know how vulnerable it is. Also used a good anti-virus. I also don't let others used my laptop anymore, I don't download any torrents from it and not to click any link especially from your email if you don't know that originator of it. Used 2FA as well. But again, those hackers will always find a way to stole bitcoins or whatever coins it is.


Title: Re: Hackers attacking again, pools are down, how to protect?
Post by: gbBit on September 09, 2017, 01:09:28 PM
This is a very complex situation but like most things in life it's not really new just a new way of it being done.  If security of your hard earnt coins is a concern then take a look at the regulations which are in place for banks which hold fiat currencies and follow some of them.  It will cost you more, but it will make you more safe.  The cheapest thing to do is diversify your pools, wallet and keep a low profile.  If you just want to keep a lot hashing power on one pool then I recommend you move your earnt coins to a wallet quickly and don't keep more than you're willing to loose on the pool.  If you're worried about your wallets then I think there's been thousands of post about how to keep them safe, but my best advise is to again keep a low profile and diversify.  I'm sure there's some hackers out there watching which wallet have to most coins inside and they'll attack the bigger wallets before the smaller one.


Title: Re: Hackers attacking again, pools are down, how to protect?
Post by: Rahar02 on September 09, 2017, 01:18:48 PM
Do you know it's not easy to brute force pools, blockchain or wallet to take bitcoin?
I admit, it's not an easy task to protect the nodes if we don't know how it works, but I don't think it is so easy to hack a wallet, moreover a pool. Bitcoin transaction is irreversible but not fully anonymous, it can be traced and hackers should be find a way to cash out which is not easy to do it. In the end, they will get caught even though it takes years waiting for the thieves trying to move bitcoin.
If I may say, to protect bitcoin nodes is a duty for everyone who understands programming, especially for core developers.


Title: Re: Hackers attacking again, pools are down, how to protect?
Post by: jackg on September 09, 2017, 01:31:27 PM
Do you know it's not easy to brute force pools, blockchain or wallet to take bitcoin?
I admit, it's not an easy task to protect the nodes if we don't know how it works, but I don't think it is so easy to hack a wallet, moreover a pool. Bitcoin transaction is irreversible but not fully anonymous, it can be traced and hackers should be find a way to cash out which is not easy to do it. In the end, they will get caught even though it takes years waiting for the thieves trying to move bitcoin.
If I may say, to protect bitcoin nodes is a duty for everyone who understands programming, especially for core developers.

Generally, if you're going to mine bitcoin./store high values (10BTC+) it's recommended that you don't host a node that has access to that address. Most mining sites will move coins immediately or will use an offline/tor connected wallet.
You can configure nodes to mine to a foreign address or produce a script that makes nodes able to immediately send block rewards to another address (these scripts may also be hacked or the reward address in the node can be changed if not constantly monitored).


Title: Re: Hackers attacking again, pools are down, how to protect?
Post by: Rahar02 on September 09, 2017, 01:58:14 PM
Generally, if you're going to mine bitcoin./store high values (10BTC+) it's recommended that you don't host a node that has access to that address. Most mining sites will move coins immediately or will use an offline/tor connected wallet.
You can configure nodes to mine to a foreign address or produce a script that makes nodes able to immediately send block rewards to another address (these scripts may also be hacked or the reward address in the node can be changed if not constantly monitored).

I'm not an expert in this nodes field, but I don't think bitcoin could be hacked through blockchain if someone send bitcoin to another address.
What do you mean with:
host a node that has access to that address? Is this refers to 'only miner'/mining activities?
- configure nodes to mine a foreign address or produce a script? Foreign address?
- produce a script which may be hacked? In that case, avoid to produce this script.


Title: Re: Hackers attacking again, pools are down, how to protect?
Post by: jackg on September 09, 2017, 02:06:01 PM
Generally, if you're going to mine bitcoin./store high values (10BTC+) it's recommended that you don't host a node that has access to that address. Most mining sites will move coins immediately or will use an offline/tor connected wallet.
You can configure nodes to mine to a foreign address or produce a script that makes nodes able to immediately send block rewards to another address (these scripts may also be hacked or the reward address in the node can be changed if not constantly monitored).

I'm not an expert in this nodes field, but I don't think bitcoin could be hacked through blockchain if someone send bitcoin to another address.
What do you mean with:
host a node that has access to that address? Is this refers to 'only miner'/mining activities?
- configure nodes to mine a foreign address or produce a script? Foreign address?
- produce a script which may be hacked? In that case, avoid to produce this script.

So for the first one, you could produce a script to basically keep checking the address statuses and if any have any bitcoin in them, that is immediately sent to cold storage. Merely, if the server is hacked, the address in the script could be changed to the address of the hacker.
Foreign address - an address that the node doesn't know the private key of. I've seen commands that do that in bitcoin core to specify a reward address.

If a script is used or a reward address is changed in the core, this means any future rewards would be stolen by a hacker until they are changed back. But it could be continuously changed if there's a hole in the system.


Title: Re: Hackers attacking again, pools are down, how to protect?
Post by: miguelmorales85 on September 09, 2017, 10:23:04 PM
What do you mean pools are down? please elaborate


Title: Re: Hackers attacking again, pools are down, how to protect?
Post by: Kumic on September 11, 2017, 01:15:48 PM
What do you mean pools are down? please elaborate

Sorry for my maybe not entirely correct expression... pools are not functioning due to hacking attacks.
And sorry for my late reply.




Title: Re: Hackers attacking again, pools are down, how to protect?
Post by: bitcoindev2014 on September 11, 2017, 02:37:46 PM
what is your pool ?


Title: Re: Hackers attacking again, pools are down, how to protect?
Post by: jackg on September 11, 2017, 04:27:43 PM
What do you mean pools are down? please elaborate

Sorry for my maybe not entirely correct expression... pools are not functioning due to hacking attacks.
And sorry for my late reply.




I assumed this was hypothetical. Afaik, there's no pool that had bbeen hacked recently (not a main one anyway) - unless you include bitmain who had a cloud mining management server breached.