Once again there was another double spend attempt on the exchange. The exchange closed block chain processing when it happened. As a result of these continued attacks I've had to close the exchange. As it says from the main page: Deposits for I0Coin and Bitcoin have been suspended, along with trading. Due to low network power of the I0Coin chain over the last couple of weeks there have been attempts to do 51% double spend attacks. The exchange would stop processing the block chain when these were detected and users will have noticed this, as deposits/withdrawals were suspended while I investigate. I'd then re-open with a higher deposit confirmation limit. Some of the double spends were successful and a total of 198 bitcoins were successfully taken from the exchange. This involved anonymous users operating over TOR depositing I0Coins, trading for bitcoins, withdrawing the bitcoins and reversing the original deposit. Due to this loss and the risk involved in continuing to operating an exchange for a chain which has, or can easily get, an attacker with >51% of the power, I've closed the exchange. Please withdraw all bitcoins and I0Coins before 31 Oct 2011 12:00 UTC. You can reach the exchange operator at admin@bitparking.com if you have any questions. It's unfortunate that the actions of a few have to stop the exchange usage for many honest users. The basic approach from the attacking user was to deposit about 120,000 I0Coins, sell them, withdraw the BTC then invalidate/remove the original deposit. All the successful attacks (totaling 198 bitcoins or so) were done by a user operating over TOR. The user used accounts with names like: * youdozeek * mooncoin * ploti * adolf * mojimcheo The bitcoin addresses that were withdraw too were: * 13kf6BR32STEuW7FSKVbM3WNUcF6nqcP3q * 1H3Zx5a7fTWnpt8pfZnwekQzQYb4497vWb * 1AKxgg8jESUvooeHtNvaSQYhbPCyv7wYZF * 1G8XACmUXoTF3FaA5bATSD3fnSR2WQXVJH * 1PoUHcuTqoSiKupYzkQUbPHE4SwTPBT9Ht If you were one of these users and don't believe you did a deliberate double spend, please get in touch. |
|
|
|
That gave me a moment of pride but another moment of wtf, namecoin should have dozens of useful services already.
Mooncoin had namecoin poker - but that story didn't end so well so doesn't make the best 'first service' example. |
|
|
|
He posted FUD on the nmc exchange. He abused his IRC op privs to squash discussion on that.
By which you mean he kicked you from #namecoin when you were spreading FUD and not listening to everyone else in the channel pointing out your errors. |
|
|
|
At this point I hope the police come because I haven't committed a crime and it would be easy for me to prove it (considering I have been doing a field internship most of the summer).
I'm interested in knowing if you are mr_moon, not whether you've committed a crime. It's entirely possible mr_moon got hacked or otherwise lost control of the server containing the wallet and is handling the situation badly. If that is the case I'd prefer he just come out and help with fund tracking - wallet addresses, etc from backups he should have. mr_moon said he was traveling when the server originally went down so whether you were on a field internship or not doesn't affect your likelihood of being or knowing mr_moon. |
|
|
|
|
Another block chain rollback was attempted and the exchange stopped processing blocks until I look into it.
|
|
|
|
There's been a bunch of discussion about that paste in other threads. See here for more digging on mr_moon and what happened. |
|
|
|
doublec has twice as much SolidCoin than me. I don't have any solidcoins. The bitparking exchange wallet still has about 20,000 in it though, many of them claimed by users via email but no current way for them to get them since the network is down. Once solidcoin is resurrected they'll be transferred back, assuming that's possible. |
|
|
|
Edit: The above post shows me logged into irc at the same time as mr_moon but with a different ip. We are clearly different people, this should be enough lay to rest any claims that I am mr_moon.
Interestingly that 'different ip' (209.237.253.79) is very similar to the ip used by mr_moon when he briefly appeared to post his 'pastebin' link claiming the exchange was hacked: [11:58] * [1]mm (~mm@209.237.253.55) has joined #solidcoin [11:58] <TimothyA> ... and then they'll do what? [11:58] <Ten98> since it's over 10k [11:58] <[1]mm> http://pastie.org/2544332[11:58] <Ten98> arrest them? [11:58] <TimothyA> cash the bribe checks? [11:58] * [1]mm (~mm@209.237.253.55) has left #solidcoin You say you don't know how to program but your github account links to a C++ project that lists you as a contributor. |
|
|
|
cpu-miner.c:786: warning: passing argument 2 of ‘json_load_file’ makes integer from pointer without a cast
/usr/include/jansson.h:221: note: expected ‘size_t’ but argument is of type ‘struct json_error_t *’
cpu-miner.c:786: error: too few arguments to function ‘json_load_file’
You'll need to tweak the call to json_loads. It changed the number of arguments it accepted between the 1.x and 2.x versions of libjansson. |
|
|
|
I've posted in another bitcointalk thread some details on mr_moon based on his IP address, the wikipedia pages that were edited using that IP, and links between pages edited and another bitcoin IRC user who has the same IP address as mr_moon. mr_moon registered his irc nick 6 minutes after the other user last appeared on IRC. |
|
|
|
Someone is selling Christian Verdun art...
Yes, he's paradoxart on reddit too selling his art. There's a couple of moonco.in related posts too. |
|
|
|
Following up to my last post. Christian Verdun lurked in irc as 'upisdown' in #bitcoin-otc. His OTC rating is here. Doing a '/msg nickserv info upisdown' on Freenode I get: NickServ(NickServ@services.)- Information on upisdown (account upisdown):
NickServ(NickServ@services.)- Registered : Jun 20 16:10:19 2011 (13 weeks, 3 days, 23:18:38 ago)
NickServ(NickServ@services.)- Last addr : ~upisdown@c-24-7-158-162.hsd1.ca.comcast.net
NickServ(NickServ@services.)- Last seen : Jun 22 15:20:33 2011 (13 weeks, 2 days, 00:08:24 ago)
NickServ(NickServ@services.)- Flags : HideMail
NickServ(NickServ@services.)- *** End of Info ***
That IP address is the same as the IP address that was Mr Moon's moonco.in server, and the IP address Moon lurked in #namecoin, and posted to forums and email. Could it be a university shared IP and they were both behind the same NAT or something? NickServ(NickServ@services.)- Information on mr_moon (account mr_moon):
NickServ(NickServ@services.)- Registered : Jun 22 15:26:07 2011 (13 weeks, 2 days, 00:09:24 ago)
NickServ(NickServ@services.)- Last addr : ~mrmoon@c-24-7-158-162.hsd1.ca.comcast.net
NickServ(NickServ@services.)- Last seen : Sep 01 20:00:32 2011 (3 weeks, 0 days, 19:34:59 ago)
NickServ(NickServ@services.)- Flags : HideMail
NickServ(NickServ@services.)- *** End of Info ***
|
|
|
|
An IP Address that Mr Moon used was 24.7.158.162. This list of wikipedia pages edited by this IP address are here. This list includes namecoin related edits. It also includes edits to Christian Verdun and a disambiguation page for 'Paradox', an art piece by Christian Verdun. There are a lot of edits associated with that. Christian Verdun sells artwork for bitcoins and solid coins here. Maybe Mr Moon knows him? Or he knows Mr Moon? Christian goes to UC Davis, not far from Sacramento where Mr Moon's IP address is geolocated. Christian Verdun appears to be upisdown on the bitcointalk forums here. He has posted as being a user of moonco.in. Mr Moon's Wikipedia page edits include plant related pages, a topic that Christian indicates as being interested in studying at UC Davis in this interview. Christian/Uptown, if you read this, have you had any contact with Mr Moon since the closing of his site? |
|
|
|
Anybody has a client zip download file for i0Coin? The download link on i0coin.org does not work......
I think the windows binaries are included in the source distribution: https://github.com/fusebox/i0coin |
|
|
|
I have solid commitments from several former Solidcoin exchanges and pools that they will adopt the new client that our team is building to support the original SC block chain. Your new chain will not be recognized and the SC 2.0 fork will just another invalid fork. With no exchanges or pools, you have no future. Your 1000 inserted blocks is invalid. yes people love you that much.
Several former Solidcoin exchanges? To my knowledge there were only bitparking, moonco.in, ruxum, solidcoin24 and btc-e. Bitparking is not doing it. Moonco.in is highly unlikely. I can't see Ruxum being keen on doing an alternate currency again. So that leaves solidcoin24 and btc-e. What other former exchange were there? |
|
|
|
One thing is for sure, Mr. Moon was NOT using bcrypt. I timed the login and it was wayyyy too fast to use crypt.
He changed to bcrypt recently but you had to change your password to have it re-encrypted. Did you test after that? |
|
|
|
This is friendly advice based on someone who understands this exploit. I would close the I0 Exchange. until I0 is patched and a new client is distributed. Bitparking is providing the final piece needed for I0C to be a huge laboratory. I am afraid they will find the missing piece which allow them to deploy this exploit with a lot less than 51%. Possibly against Bitcoin when NMC merges.
The I0Coin exchange (and the other bit parking exchanges) have some protection against exploits involving rolling back the block chain to steal money from the exchange. They stop processing blocks at any attempt to rollback beyond the deposit confirmation limit. This has already happened once, yesterday, at a 10 confirmation limit, and today at a 20 confirmation limit. The I0Coin exchange is still closed for deposits/withdraws as a result of the latter while I examine the logs to see what was attempted. I'm also logging IP addresses of nodes sending rollback transactions to track down the nodes involved. One upside of these attempts is it has given me a number of ideas on how to make an exchange safer against such attacks. I hope to implement some of these in a future exchange project and will be unlikely to be opening any further exchanges until this is done. There's just too much that can go wrong with low hash chains and exchanges. |
|
|
|
what happening in exchange?
200 blocks behind?
Same problem as last time. A block reorg going back further than the deposit confirmation limited caused the exchange to stop processing blocks. I'll look into it to see what caused it and re-enable deposits/withdrawals when it looks safe. |
|
|
|
|
Show Posts
