Confirmation: PowerCoin was 51% attacked

[markm]

It is pretty obvious that the vast majority of scrypt coins are vulnerable to attack, even with merged mining they might not be able to muster enough hashing power to secure themselves, without it they are pretty much begging to be attacked.

-MarkM-

Is this true for ltc too?

It could maybe become so if enough scamclones manage to divert enough hashing power, maybe.

However I think it is also possible that litecoin, like bitcoin, imagined itself to have such a huge amount of hash power that it might have deliberately avoided fixing at least one known attack, known as the timetravel exploit, and seemingly no one has yet managed to timetravel either bitcoin or litecoin yet as far as I know so maybe litecoin really does have "enough" hashing.

But, if it is true that litecoin, like bitcoin, felt that fixing the timetravel exploit was not necessary due to their massively huge amount of hashing power, how many clonecoin authors will have even known about the timetravel exploit, let alone about bitcoin and litecoin not having bothered to fix it 9due to arrogantly assuming their own hash rates are too huge for anyone to make use of the exploit) and thus actually bothered to puthe timetravel fix into their clonecoin?

I am thinking few, if any. Thus that probably almost all these recent scamclones are basically begging to be timetravel-exploited...

I am not actually sure though that litecoin never did get around to including a fix for the timetravel exploit. (An excuse for not fixing it would be that it would be a hardfork change, thus maybe not worth doing if there seemed negligible chance anyone could muster enough hashing power to use the exploit.)

-MarkM-

[fenican]

So let's be clear:

1.  PWC, with the new checkpoints, is perfectly valid.  Anyone can mine it.  Anyone can use it.  It will, like the other 40 or so low hash rate coins, remain vulnerable to further 51% attacks

2.  An attacker was able to steal coins from Cryptsy using an exploit where they deposited coins on a forked block chain and then proceeded to withdraw those coins on a real blockchain

3.  Vern has fixed the vulnerability in #2 but does not have sufficient PWC to pay everyone their full balance

While this particular attack is unlikely to occur again, a far more common one is far an attacker to do a 51% attack, deposit coins to an exchange, immediately convert to BTC, and then withdraw the BTC.  That attack is easier to pull off and much harder for an exchange to protect against.

Anyone trading alt coins on an exchange needs to be aware coins can effectively be stolen from an exchange in this manner resulting in a loss of capital for the traders.  That is why there are very few exchanges that allow low hash rate coins to be traded.

[r3wt]

It is pretty obvious that the vast majority of scrypt coins are vulnerable to attack, even with merged mining they might not be able to muster enough hashing power to secure themselves, without it they are pretty much begging to be attacked.

-MarkM-

Is this true for ltc too?

It could maybe become so if enough scamclones manage to divert enough hashing power, maybe.

However I think it is also possible that litecoin, like bitcoin, imagined itself to have such a huge amount of hash power that it might have deliberately avoided fixing at least one known attack, known as the timetravel exploit, and seemingly no one has yet managed to timetravel either bitcoin or litecoin yet as far as I know so maybe litecoin really does have "enough" hashing.

But, if it is true that litecoin, like bitcoin, felt that fixing the timetravel exploit was not necessary due to their massively huge amount of hashing power, how many clonecoin authors will have even known about the timetravel exploit, let alone about bitcoin and litecoin not having bothered to fix it 9due to arrogantly assuming their own hash rates are too huge for anyone to make use of the exploit) and thus actually bothered to puthe timetravel fix into their clonecoin?

I am thinking few, if any. Thus that probably almost all these recent scamclones are basically begging to be timetravel-exploited...

I am not actually sure though that litecoin never did get around to including a fix for the timetravel exploit. (An excuse for not fixing it would be that it would be a hardfork change, thus maybe not worth doing if there seemed negligible chance anyone could muster enough hashing power to use the exploit.)

-MarkM-

so would anyone be open to another sha-256 coin?

[markm]

so would anyone be open to another sha-256 coin?

Most of the recent bitcoin clonse probably also are vulnerable to the timetravel exploit since they pretty much just cloned bitcoin. For good SHA256 coins look for the merged mined coins, most of them added the timetravel fix way back when they added merged mining, and some of them are very low difficulty still since so few people bother merged mining. As actually getting the most out of your SHA256 hashing power becomes more important (as more and more hardware starts finding electricity bills significant) it seems likely that more and more pools and solo miners will pick up more and more of the merged mined coins so picking them up now before everyone does could be a good strategy...

-MarkM-

[markm]

Oh cool if Lolcust was involved in that then maybe Tenebrix also has the fix, heck maybe even Fairbrix has it.

-MarkM-

[ghostlander]

So let's be clear:

1.  PWC, with the new checkpoints, is perfectly valid.  Anyone can mine it.  Anyone can use it.  It will, like the other 40 or so low hash rate coins, remain vulnerable to further 51% attacks

2.  An attacker was able to steal coins from Cryptsy using an exploit where they deposited coins on a forked block chain and then proceeded to withdraw those coins on a real blockchain

3.  Vern has fixed the vulnerability in #2 but does not have sufficient PWC to pay everyone their full balance

While this particular attack is unlikely to occur again, a far more common one is far an attacker to do a 51% attack, deposit coins to an exchange, immediately convert to BTC, and then withdraw the BTC.  That attack is easier to pull off and much harder for an exchange to protect against.

Anyone trading alt coins on an exchange needs to be aware coins can effectively be stolen from an exchange in this manner resulting in a loss of capital for the traders.  That is why there are very few exchanges that allow low hash rate coins to be traded.

You don't get how hilarious the story is. I've spent some time on analysis of the Powercoin's block chain. This is not a single exploit or security breach, this is something really outstanding

They say someone with huge hash power took control over the network, so here we have a 51% attack. That evil guy double spent his coins through Cryptsy. He forked the block chain, deposited coins at Cryptsy, mined new blocks until it confirmed, then switched to the original block chain, withdrew coins to his address, and continued to mine until the withdrawal confirmed. It seemed no one cared to process such high deposit and withdrawal manually, so the evil guy got away with over 2 million PWC. Cool, yeah? Now they feel pissed off extremely and ready to destroy the whole currency to make sure the hacker never profits. Good guys with PWC deposits at Cryptsy are going to receive some kind of compensation, other good guys out there get nothing. And the story ends.

Wait, 2 million coins moved at once? Get ready for real fun now. They weren't hacked once or twice. They were hacked a couple dozen times! The bad guy worked hard 2 days long forking and orphaning the block chain, depositing and withdrawing coins. The 1st attempt was at block #29294, time stamp 2013-06-15 00:38:00. He started with some 20K PWC to double spend. It worked out, cool. He tried it again a few more times. No problem. The dude decided to raise stakes. Again and again. The last double spends were over 200K each: #29669 (2013-06-16 11:55:17) and #29706 (2013-06-16 15:42:35).

His highest withdrawals went to this address: p5p53rioyjqyuwbySUzZAeX2JU4778yECZ

2 days under attack and no one gave a shit! They didn't care even to increase the number of confirmations for deposits, say, to 100 like BTC-e did with Feathercoin recently. Now they tell stories and the community is at loss.

[markm]

Blockchains are insanely expensive to secure.

It is crazy to launch some new crapcoin and expect anything other than absymal failure, possibly with a quick dump on the way if you're lucky and you premine or instamine a lot of coins.

This stuff should be happening constantly. Get ready for it...

-MarkM-

[coinerd]

You don't get how hilarious the story is. I've spent some time on analysis of the Powercoin's block chain. This is not a single exploit or security breach, this is something really outstanding

They say someone with huge hash power took control over the network, so here we have a 51% attack. That evil guy double spent his coins through Cryptsy. He forked the block chain, deposited coins at Cryptsy, mined new blocks until it confirmed, then switched to the original block chain, withdrew coins to his address, and continued to mine until the withdrawal confirmed. It seemed no one cared to process such high deposit and withdrawal manually, so the evil guy got away with over 2 million PWC. Cool, yeah? Now they feel pissed off extremely and ready to destroy the whole currency to make sure the hacker never profits. Good guys with PWC deposits at Cryptsy are going to receive some kind of compensation, other good guys out there get nothing. And the story ends.

Wait, 2 million coins moved at once? Get ready for real fun now. They weren't hacked once or twice. They were hacked a couple dozen times! The bad guy worked hard 2 days long forking and orphaning the block chain, depositing and withdrawing coins. The 1st attempt was at block #29294, time stamp 2013-06-15 00:38:00. He started with some 20K PWC to double spend. It worked out, cool. He tried it again a few more times. No problem. The dude decided to raise stakes. Again and again. The last double spends were over 200K each: #29669 (2013-06-16 11:55:17) and #29706 (2013-06-16 15:42:35).

His highest withdrawals went to this address: p5p53rioyjqyuwbySUzZAeX2JU4778yECZ

2 days under attack and no one gave a shit! They didn't care even to increase the number of confirmations for deposits, say, to 100 like BTC-e did with Feathercoin recently. Now they tell stories and the community is at loss.

No way man didn't you know?

@NWO
(Full disclosure: I have absolutely no financial interest in any aspect of PWC.)

From what I understand you are telling me is that you are being told an attacker supposedly created "magic coins" from thin air on one chain, deposited them, allowed the chain to merge and then withdrew those supposed coins from Cryptsy on the proper chain?

Whoever told you that, hasn't the slightest clue on how a 51% attack works. Furthermore, simply out of curiosity only, I have done a very detailed analysis of the PWC block chain and can't state as a fact, no attack occurred.

Take it from someone that has pulled off a few 51% attacks and understands such, No 51% attack occurred on PWC.

~BCX~

The ultimate authority assured us there was no attack. And that anyone who thinks there was obviously doesn't have a clue about crypto.

 

[ghostlander]

You guys want to think a 51% "attack" occurred, be my guest.

The reason no exchange implemented a 100 block confirm is because no attack occurred.

What more than likely happened is that someone with a lot of hashing power simply mined a lot of coins.

My whole point was from the beginning of the thread was to say, even if an attack occurred, the DEV TEAM shouldn't simply give up.

Simply it back to the last known good point and move forward.

That's all.


~BCX~

Alright, how can you explain all those block chains forked and dropped? One of them was 67 blocks long forked at #29516.

[faraway]

You guys want to think a 51% "attack" occurred, be my guest.

The reason no exchange implemented a 100 block confirm is because no attack occurred.

What more than likely happened is that someone with a lot of hashing power simply mined a lot of coins.

My whole point was from the beginning of the thread was to say, even if an attack occurred, the DEV TEAM shouldn't simply give up.

Simply it back to the last known good point and move forward.

That's all.


~BCX~

Alright, how can you explain all those block chains forked and dropped? One of them was 67 blocks long forked at #29516.

The PowerCoin client wait for a 100 blocks confirmation. A smaller fork is not an issue.

[coblee]

It is pretty obvious that the vast majority of scrypt coins are vulnerable to attack, even with merged mining they might not be able to muster enough hashing power to secure themselves, without it they are pretty much begging to be attacked.

-MarkM-

Is this true for ltc too?

It could maybe become so if enough scamclones manage to divert enough hashing power, maybe.

However I think it is also possible that litecoin, like bitcoin, imagined itself to have such a huge amount of hash power that it might have deliberately avoided fixing at least one known attack, known as the timetravel exploit, and seemingly no one has yet managed to timetravel either bitcoin or litecoin yet as far as I know so maybe litecoin really does have "enough" hashing.

But, if it is true that litecoin, like bitcoin, felt that fixing the timetravel exploit was not necessary due to their massively huge amount of hashing power, how many clonecoin authors will have even known about the timetravel exploit, let alone about bitcoin and litecoin not having bothered to fix it 9due to arrogantly assuming their own hash rates are too huge for anyone to make use of the exploit) and thus actually bothered to puthe timetravel fix into their clonecoin?

I am thinking few, if any. Thus that probably almost all these recent scamclones are basically begging to be timetravel-exploited...

I am not actually sure though that litecoin never did get around to including a fix for the timetravel exploit. (An excuse for not fixing it would be that it would be a hardfork change, thus maybe not worth doing if there seemed negligible chance anyone could muster enough hashing power to use the exploit.)

-MarkM-

You mean this fix from 2 years ago? https://github.com/coblee/litecoin-old/commit/b1be77210970a6ceb3680412cc3d2f0dd4ca8fb9
Litecoin was launched with it already fixed.

[ghostlander]

You guys want to think a 51% "attack" occurred, be my guest.

The reason no exchange implemented a 100 block confirm is because no attack occurred.

What more than likely happened is that someone with a lot of hashing power simply mined a lot of coins.

My whole point was from the beginning of the thread was to say, even if an attack occurred, the DEV TEAM shouldn't simply give up.

Simply it back to the last known good point and move forward.

That's all.


~BCX~

Alright, how can you explain all those block chains forked and dropped? One of them was 67 blocks long forked at #29516.

The PowerCoin client wait for a 100 blocks confirmation. A smaller fork is not an issue.

Mined balance only. Some cryptos set it even higher like 520 blocks for NVC and YAC. 100 blocks to confirm regular transactions is a disaster.

[crazyearner]

Well shame to see this one go it did look promising however just because of an attack now kills the coin seems that their was  not enough development oh wel. Bring on the next one.

[Badabing]

Well shame to see this one go it did look promising however just because of an attack now kills the coin seems that their was  not enough development oh wel. Bring on the next one.

It's a shame for the attacker for attacking it. Who can not play a fair game. They must know that their scamcoins has no chance against powercoin. They must see it as threat. If powercoin has given enough time. The promotion and projects we are on the line must have make powercoin soared above the rest. But before we execute our plan they already killed it. If we reincarnate it back they will attack it again. Poor bastard losers instead making projects and promoting their own shitcoin they attack others. But we will not stop here because of this set back but will back with more better coin.

[hanzac]

Actually, the attacker should award him because he found the security flaw.  
He should re-brand the whole chain of Powercoin and push it to the market just as premined!  

Ps, the idea is coming from the traditional stock market indeed... repackage and on-shelf.

[zahra4571]

I don't think its dead someone still mining it and it was currently traded in http://www.coins-e.com/exchange/PWC_BTC/ .