Here's mine. I added everyone here, but nothing happened. Do I take it that I have to post this before anyone can add me? I was kind of thinking that you would see that I had added you and then you would add me back without both sides having to post public keys. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.11 (GNU/Linux)
mQENBE4AWRABCAC3jHo+WZTKKB6BKoLGkFV1zjfFndW4owMYrb5tg1R3/rsXWUe4 d6KFR8RLqFoXSnow3IHQntqWTqHdJXDgyETkLMG8vkGMEZd9RwfttB++hQR6gGZD kueSesONfFKXy/D6nP+grisxwZ8W4loaGaj5i1TO9WIwRpPake2IOX+KN/be+IF7 AaYdfvcHANi/zrjM8OqvE0BgNJZ0n6Y1RfZ4L0Pg2Zac1obS9ACa0aWuZ3U59Gtc Q+yXS9E5FR4ae8lXW6/dd8pC5fz4p4LJMIYVhngytoJQ+JUUZY+pIM3zJbLTB8M2 keTA8V3e8YGEj/EOQEtzPW760PvDkHS9bK9pABEBAAG0H0NocmlzIE1vb3JlIDxk b29nbHVzQGdtYWlsLmNvbT6JATgEEwECACIFAk4AWRACGwMGCwkIBwMCBhUIAgkK CwQWAgMBAh4BAheAAAoJEEvmoBBJKjWOS8cH/3YpQKLjedZ7lQq7brje3qREocpM 6QpSxu5u6txaFCMwty0FZfxoVOr/9iQzJ926jVJPKDzCXqaOU2W9QccjoYNIfwP6 5f+UOOBLrq4k3tbx3sRQs8ciNBafexo3bZYWQ+fZmFTF/CgN8ldYZeDmDC9jDPhT gNf5XzDEZ9D6U7nBDeNMiB5TwsFyVM2iS5nJPXu2SXg0C6wVvJ7sfEJNjOg5x3Hs fL5CcYuSd4N4ZOqQCRifmfZbf0PmYIIa+tpSGnW/u6+JbFaACwmSe3ID0ubo/23U DrTlZkh+g1LvM7Yw/EcF0gB63QHYHFJCYXd9IQj2kMlhkkJ6XqIkKajJ/xA= =W2x7 -----END PGP PUBLIC KEY BLOCK----- --SSLID--66ce998bb6578782161f0cd1ee5a81a4;--LOCATION--laptop; --LOCAL--192.168.0.172:51122;--EXT--174.4.146.206:51122;
|
|
|
Yes, that is it, thanks! Totally forgot that I tried that site. Apologies for the undue paranoia.
I use a different receiving address for every site I use. Then when coins arrive in my wallet I can instantly tell who sent them. For example, only sealswithclubs.org knows the address I use when I'm withdrawing from sealswithclubs.org, and it's labelled in my wallet as "sealswithclubs.org". The address in my signature here is only ever in my signature, and is labelled "bitcointalk forum donation".
|
|
|
Edit: It looks like someone is sending out small amounts of bitcoin to a large number of public addresses in alphabetical order...I think I just got tainted...
But those coins aren't tainted. At least not from the linode theft. 'Only' these 1062 addresses contain coins from the linode theft: http://privatepaste.com/ce5905880dMy guess would be that this transaction was made by http://dailybitcoins.org/ - do you use them? dailybitcoins.org: * sends out their payments around 3am (your transaction was at 2012-03-06 03:55:43) * mostly sends out 0.001 bitcoins, almost never less, with a few bigger (yours has 55 of 0.001, 24 of 0.005, 1 of 0.015 and some change) * puts the addresses in alphabetical order * usually has 81 outputs in their transactions (your transaction in blockexplorer: http://blockexplorer.com/tx/de3177f4e929d4deb1984889aa7ad79fd2e78075e41babbda23315bb5135e71f - has 81 outputs) I think it's a pretty good guess that it's them.
|
|
|
You cannot prevent people from transferring coins to your address. So people who disagree with the tainted coins system could browse the blockchain for "clean" addresses, and do giant batch transactions sending each address a satoshi.
I think you misunderstand. Addresses don't get tainted, transaction outputs do. It's possible to have clean and tainted coins at the same address, from different transactions.
|
|
|
I updated it so it now shows the private keys in 'sipa format', ready for importing into the official 0.6.x client, once it's released: http://bitcoin.stackexchange.com/a/3037/659Check that it was last edited Feb 29th 2012.
|
|
|
Miners can also not say no to a TX fee, the reward (50BTC current) and TX fee are melted together and cannot be separated without tainting both coins if we were for checking tainted TX fees.
So I agree with you, no taint checking on fee's.
Miners can decide which transactions to include in their blocks. It's well within their power to refuse to mine transactions with 'tainted' inputs. Then they don't end up with tainted mining fees. Not that I think anyone should care. It's hard to know whether the person sending the tainted coins had anything to do with the alleged theft. We can't always know for sure whether there even was a theft.
|
|
|
I saw how BlockExplorers shows that a single address ( 1NRy8GbX56MymBhDYMyqsNKwW9VupqKVG7 ) shows twice as inputs in that transaction so was thinking this was some script-fu to cause the length to be 1337. The client won't do that on its own though, right?
No, wrong. That's exactly what the client will do on its own. If I send you 2 separate payments to the same address, they stay as two separate payments to that address. And if you spend them both at once, they'll show up as two inputs from the same address in the transaction. That's the only time that separate payments ever get 'mixed'.
|
|
|
while I hope they catch the guy I have to pull my hat to this move - it's almost blockchain art. ![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif) I was just looking at it. I recently made a post on stackexchange explaining how to calculate the size of a transaction before you send it: http://bitcoin.stackexchange.com/a/3011/659( "if your transaction has in inputs and out outputs, the transaction size, in bytes will be: in*180 + out*34 + 10 plus or minus 'in' ) It turns out that if your transaction has 7 inputs and 2 outputs, then the transaction size is 1338 plus/minus 7, but with a binomial distribution. This means that 1338 is the most common size (21% of 7-in, 2-out transactions), then 1337 and 1339 are the next most common (18.3% each), etc. Over 94% of 7-in 2-out transactions have a size between 1335 and 1341 inclusive. So perhaps the 1337 *was* just a coincidence. It's not a rare transaction size. Looking at the first ten 7-in 2-out transactions made by the thief while laundering his spoils, we see a random distribution of transaction sizes: size 1337 - tx d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333 size 1337 - tx 4533991cd3072d04ffbae4bc97ac0d69c4111d2266a99a2a3853eb28acf87315 size 1340 - tx d396e1f3117c7516270e68041f50183540aeece29860a8d8bb4ca00b4dd5b202 size 1336 - tx afea4f38c1a6c42303e41462df5671aaeb439f047808cc330b911668446d3b9a size 1340 - tx eaa4390039b8c31fe8e2c7af80494eb47ccbd4456906b461c20e58bea7a38aff size 1339 - tx 50fe1017ea020e0f20f45cb71d855dc8f935e5db654824f7355ae0258d5fc897 size 1337 - tx 3472d8d9bcda865fbf3c34f68e4c87dc85b8fac0d37495cf2d29e887fb033532 size 1340 - tx ea49f5cd1998a218023a4f1b9f6eff6fe3a5ce41e2c3cb71640e1205b92dc44d size 1336 - tx 8c05029e5d2b49d1cf7881f29fc3978632f858620efaeb58fb5cb5abc5ec4611 size 1338 - tx d5c18faaa0f4daf8440b20905ef8a6eba49f09aa6178af115b51b35110eb34d6
Wouldn't a 'leet' thief modify their bitcoin client to make all the 7/2 transactions use a size of exactly 1337?
|
|
|
I saw a post here yesterday where the user explored the trail of the allinvain heist of 25,000 BTC. Since that occurred (what, 9 months ago or so?) it can now be traced into almost a million addresses including 9 of the poster himself.
That was me. It's 100k addresses, and 8 of mine, but you were close. http://bitcoin.stackexchange.com/a/2900/659
|
|
|
could be, if it's the only 10 grand that moved lately, will wait for zt confirm These are all the transactions with outputs of 2500 BTC or more in the time period we're looking at: Thu Mar 1 02:16:40 2012 e558957e4108f33775f08cc1277d22fbb51261d232a2d2a14cfd518d333ce5f1 2822.44 Thu Mar 1 06:50:07 2012 7b45c1742ca9f544cccd92d319ef8a5e19b7dcb8742990724c6a9c2f569ae732 20555.0 Thu Mar 1 06:50:07 2012 0268b7285b95444808753969099f7ae43fb4193d442e3e0deebb10e2bb1764d0 10000.0 Thu Mar 1 06:50:07 2012 901dbcef30a541b8b55fae8f7ad9917ef0754bda5b643705f3773e590785c4d3 3000.0 Thu Mar 1 06:50:07 2012 a82ad85286c68f37a2feda1f5e8a4efa9db1e642b4ef53cb9fd86170169e5e68 3000.0 Thu Mar 1 06:50:07 2012 a57132e2cbc580ac262aa3f7bac1e441d6573f9633118bc48009618585a0967e 3000.0 Thu Mar 1 07:59:31 2012 34b84108a142ad7b6c36f0f3549a3e83dcdbb60e0ba0df96cd48f852da0b1acb 3094.0 <-- slush Thu Mar 1 18:39:22 2012 d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333 25000.0
The Bitcoinica 10k is certainly in that 06:50:07 block - it was a busy block indeed! http://blockexplorer.com/b/169179
|
|
|
Have a more secure system in place next time.
The attacker went outside his secure system and gained root access. There's not much you can do about that except for not using a hosting service which allows attackers root access to your files. How about encrypting the wallet ? I have root access. I log in, modify bitcoind to send a copy of the plaintext password in a file somewhere the next time they type it, then reboot their system. They log back in, type their password, and I get their BTC. It's very hard to protect against an attacker with root access. P2SH would help, of course.
|
|
|
Have a more secure system in place next time.
The attacker went outside his secure system and gained root access. There's not much you can do about that except for not using a hosting service which allows attackers root access to your files.
|
|
|
What that means is the amount that is currently stashed on 1NRy8GbX56MymBhDYMyqsNKwW9VupqKVG7 is stained with a weight = amountStolen/(amountStolen + amountStoredThereBefore)
Once some coins on that address get spent, they will go and taint the amount stored on the address they land on, using the same formula.
Just a small detail, but: If I send tainted coins to an address which is already holding clean coins, the two transaction outputs don't "mix". They stay separate - some tainted, some clean. The mixing only happens when I combine several outputs to make a new transaction, then each of the outputs is tainted with: output_taint = sum(input_n * input_n_taint) / sum(input_n)
|
|
|
Of course everyone has the ability to track down the path of the coins and then possibly confront the perpetrator and request them to return the coins.
A while ago I decided to track down the 'allinvain' stolen coins and see where they ended up. It turned out that by mid February they were distributed to over 100,000 different addresses, including 8 of my own addresses. I'm guessing somebody did a very good job of laundering them. Either that, or this is just the natural way that bitcoins are passed around. http://bitcoin.stackexchange.com/a/2900/659 is where I posted my findings.
|
|
|
So the addresses will be get longer sometime in the future?
Or the hashing function that's used could get more computationally intensive. 2. Can private keys somehow be different for the same address and the correct one can be checked against the blockchain?
There are lots of different private keys for each bitcoin address. If you can find any one of them then you can spend the coins at that address. The problem is that it's too hard to find any them.
|
|
|
Yes that system was what I meant, what do you mean with "dont even need to try" ? He meant this part of that page: The conclusion is that players using Martingale strategy pose no threat to a casino. The odds are high that the player will go bust before he is able even to double his money.
|
|
|
Are you using floating point variables to store bitcoin amounts? According to http://coinworker.com/activity/ I have earned 0.00621162BTC twice (I was doing the 'get-paid-to-look-at-dicks' job), and both payments went out in the same transaction. What showed up in my wallet, and on blockexplorer, was 0.01242323. That's one satoshi short, and leads me to think you're not using integer arithmetic. Later I earned 4 payments of 0.00620220BTC. They all appeared in a single transaction, and I received 0.02480882. That's 2 satoshis too much.
|
|
|
i thought stars shut down us players?
They did. It's a shame; the games are harder to beat now the US players aren't there.
|
|
|
|