People ask why Nxt is not inflationary. Could anyone tell me why it's not inflationary if it's possible to issue other currencies using Asset Exchange? This increases number of "coins" owned by users, right?
interesting question! at least, inflation is increase of the price. if we substitute 1nxt by 3btc we have increased the price for one nxt by factor 3:0.0001 ... hm ? ? this point has to be stressed again and again. You don't issue Bitcoin, litecoin or any other actual assets via colored coin tech. You merely issue tokens or stickers that represent these coins . It's up to you to add a value on these tokens. They are basically IOU you issue. There would be a lot of uncertainty at the beginning of the asset market to see who can be trusted. Similar issue to the Ripple gateway currently.
|
|
|
The hacker might have tried it for a while, but he hit multiple targets with 0.4.8 versions.
|
|
|
Let's keep the historical record straight here. sparta_cuss reported this before PaulyC, and sparta_cuss was immediately blown off by CfB:
Quote from: sparta_cuss on January 01, 2014, 04:05:58 PM
Hey, looks like I just got robbed, too. Someone please check this account: 12152013998194592943 They now have 147k+ from me. Had a 40 char random password, capital, lower, numbers, symbols. WTF?
Quote from CfB:
Can u prove that ur coins were stolen? My account passphrase < 40 chars and contains 2M, why did the thief choose ur account instead of mine? Sorry, but ur case looks more like black PR attempt.
There's a clear pattern if you look at all the data:
Time Victim Vic Account Thief Account NXT 01.01.2014 12:56:54 plasticAiredale 8439060069775407509 15182566201738727933 18665 01.01.2014 12:58:03 PaulyC 16821029889165561706 16204974692852323982 7808 01.01.2014 13:01:45 newcn 16886318053889080545 9793828175536096502 18197 01.01.2014 13:05:06 sparta_cuss 11794318797680953099 12152013998194592943 147690
Somebody is manually stealing data at 3-4 minute intervals and Sparta_cuss was by far the most wronged. We should check the blocks / transactions/ accounts before and after this time period.
Don't forget Framewood, too. https://bitcointalk.org/index.php?topic=345619.msg4172532#msg4172532This instance was on December 27. It might be a different issue.
|
|
|
People ask why Nxt is not inflationary. Could anyone tell me why it's not inflationary if it's possible to issue other currencies using Asset Exchange? This increases number of "coins" owned by users, right?
Many people asking wrong questions. This kind of question is not even clear at a conceptual level. Currency inflation has to do with a decreasing purchasing power, not merely about increasing the number of currency. Gold is steady mined over centuries but I never heard anyone complain that gold is inflationary. Everyone can issue their own tokens but the fact of issuing does not make them valuable. People can't just issue NXT and get everyone accept it.
|
|
|
Going forward from this moment: How can we be 100% sure someone coins are actually stolen? the victim could himself open an account and send the funds there....then after a period of time he then transfers the stolen funds to some new account and carries on happily ever after. MOTIVATION: Those who have there funds stolen may get some sort of funding to compensate for their loss. An greedy individual may take advantage of this. Because of this reason, I think only PaulyC and newcn are eligible for some type of reimbursement/ bounties for uncovering the bogus client.
|
|
|
I am not a cryptographer and ...
James
so please, don't try to be one. I am very good at creative solutions to so called impossible problems. I have extensive software expertise. I am trying to make nxt the most secure crypto at the architectural level. I am not proposing any new cryptographic algorithms, just using standard public private key in a way that has not been done before Maybe i am totally offbase on this, but until i get a clear explantion about how this is wrong, i am apt to believe it is possible to add second layer of security to nxt Why do you want me to stop? James its not wrong. but its not more secure too. there is no difference between using one or two passwords for the probability getting hacked. the only way is to have a long (31+ character) pass-phrase with high entropy and only use the download links (signed) from NxT dev. crew. Will you reimburse the first person whose acct key is cracked with the offline parallel test against all nxt accts? If so you can provide hackers insurance for all for free They would do such thing to Bitcoin first. At protocol level, NXT security is at the same level as Bitcoin.
|
|
|
If coins are stolen....we can freeze them until a full investigation is completed.
Who will play judge Dredd? yeah, I guess there should be guidelines when a chain roll back can be allowed, I think it's only when there are major security flaws in the software, like we had one ~10 days ago, not when there are individual cases of security breaches. Otherwise, NXT would be more frozen and rolled back than actually working each day Impossible to roll back the blockchain after some certain times because of time travel paradox.
|
|
|
the max bit length of NXT Password is ?
Don't know. But 256 bit pass is already impossible to crack at the current state of science and technology. I use 35 character and it already 240 bit.
|
|
|
I ended up with the bad client on 3 out of 3 VPS nodes. FOR SURE I downloaded the bad client like this: wget http://162.243.246.223/nxt-client-0.4.8.zipIt's as plain as day in my bash history. The weird part is I had about 2000 Nxt in the 3 accounts and none of it was transferred out. I just transfered it out myself and I'm shutting down the nodes. Where was it posted ? Why did you go to a private ip address to download the client ?
|
|
|
By the way, I just checked and Drexme was last online here two hours ago. There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
And just how many accounts is he gonna plunder, I wonder? This is gonna get really, really bad... I will be the first to ask the question "Do we wanna stop the blockchain and roll it back?" At this point, I don't think there are more than a few cases. The thief will certainly take the fund right when he gets the pass. We have two reported cases so far. It is important to locate the source of the bogus link. 1. What about that guy who lost 250k of coins? Total is about 300K, there are many reports on nextcoin.org forum. 2. Already located. 1. Can you give me the link to 250k loss case. 2. We still don't know where it was posted. Nextcoin or nxtcrypto or where ? I would support a roll-back if that much money involved. the problem here is that a rollback may cause even more loss because plenty of btc nxt trades would have happened and no one is rolling back the btc blockchain for us Time travel paradox. I did not think about it. It looks like the roll back option would not be possible since it is going to kill DGEX and any other BTC-NXT exchange. We don't even know when the bogus link started to appear. The best option here to to locate the hacker and demand him to pay back.
|
|
|
By the way, I just checked and Drexme was last online here two hours ago. There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
And just how many accounts is he gonna plunder, I wonder? This is gonna get really, really bad... I will be the first to ask the question "Do we wanna stop the blockchain and roll it back?" At this point, I don't think there are more than a few cases. The thief will certainly take the fund right when he gets the pass. We have two reported cases so far. It is important to locate the source of the bogus link. 1. What about that guy who lost 250k of coins? Total is about 300K, there are many reports on nextcoin.org forum. 2. Already located. 1. Can you give me the link to 250k loss case. 2. We still don't know where it was posted. Nextcoin or nxtcrypto or where ? I would support a roll-back if that much money involved.
|
|
|
intel, when PaulyC reported the theft, lots of people besides EvilDave were suggesting possibilities. The most commonly suggested was keylogger. I remember someone posted something like 1) SHA256 and Elliptic Curve algo broken: 0.0001% 2) Keylogger: 80% 3) Bogus client: 10% 4) Rogue node: 10% Personally I suggested some nonsense about possible address collision from different passwords. So I guess that makes me a troll too If you still didnt understand, there was a patched NXT Client which logged all password to server of EvilDave! Is it the same or separate issue from PaulyC's hacked account ?
|
|
|
By the way, I just checked and Drexme was last online here two hours ago. There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
And just how many accounts is he gonna plunder, I wonder? This is gonna get really, really bad... I will be the first to ask the question "Do we wanna stop the blockchain and roll it back?" At this point, I don't think there are more than a few cases. The thief will certainly take the fund right when he gets the pass. We have two reported cases so far. It is important to locate the source of the bogus link.
|
|
|
Also clear.
Very big PHEW
Edit: blockchain explorer is back up, btw
Great Love the blockchain explorer and nexern's work.
|
|
|
People, the malware is being hosted on 162.243.246.223, it is digital ocean, a lot of people here have VPS here.
Contact their support asap and notify that the IP 162.243.246.223 is running a listening backdoor / passlogger.
How does this work ? what type of activities are risky now ?
|
|
|
|