|
Lucky Cris
|
 |
February 06, 2014, 07:10:34 AM |
|
It's things like this that keeps my faith going in this community. FenixRD, you rock! I know you haven't recovered the coins yet (I hope you do), but thanks for setting a good example  |
|
|
|
FenixRD
Sr. Member
 Offline
Activity: 364
Merit: 250
I am Citizenfive.
|
|
February 06, 2014, 07:17:36 AM |
|
Okay. So, although the way the Android Blockchain app errors out is new to me, the facts are unfortunately unchanged. Hopefully this thread will help to explain this better: https://bitcointalk.org/index.php?topic=50206.10It's about this exact address. It's been collecting funds for several years now. As I was saying before, it's address zero, which is a unique thing in the protocol. I'm not a SCRIPT expert, personally, but in the thread Theymos and others make it clear that this address is unable to be spent from due to the way the hashing works — it's just not possible to create a valid TX signature for it, even with the "right" private key. This is a very unique phenomenon and yes, by the guy convincing you to accept the coins without Tx, that's how you were scammed. That said, now that 2.2 BTC is a significant thing, this might deserve to be added to the list of scams to watch for. It's certainly not well-known (there's only ONE zero address, out of the uncountable numbers that exist) I don't think. But again, and someone is welcome to explain how I'm wrong and clarify what Themos means, but if seems pretty straightforward. He says they're unspendable. I'd have thought a custom client would allow them to be spent, as can happen with pretty much every other nonstandard keypair introduced to the raw blockchain ledger. But it seems zero is unique. |
Uberlurker. Been here since the Finney transaction. Please consider this before replying; there is a good chance I've heard it before.
-Citizenfive
|
|
|
FenixRD
Sr. Member
Offline
Activity: 364
Merit: 250
I am Citizenfive.
|
|
February 06, 2014, 07:20:04 AM |
|
It's things like this that keeps my faith going in this community. FenixRD, you rock! I know you haven't recovered the coins yet (I hope you do), but thanks for setting a good example I don't rock nearly enough. I can think of no way to resurrect these coins. People have been wanting to for years.  I PMed a couple fellows more knowledgeable than I to make sure I'm not missing something, just in case. |
Uberlurker. Been here since the Finney transaction. Please consider this before replying; there is a good chance I've heard it before.
-Citizenfive
|
|
|
|
Lucky Cris
|
|
February 06, 2014, 07:44:16 AM |
|
It's things like this that keeps my faith going in this community. FenixRD, you rock! I know you haven't recovered the coins yet (I hope you do), but thanks for setting a good example I don't rock nearly enough. I can think of no way to resurrect these coins. People have been wanting to for years. I PMed a couple fellows more knowledgeable than I to make sure I'm not missing something, just in case. Oh take the compliment for what it is, seriously! I'm not talking about you're know how to solve this - but you would be hailed as a genius if you succeeded.  What I meant to convey is how refreshing it is to read this thread. I enjoy reading the scams (no pun intended OP, it's so I won't get caught with my skirt up again; learn from others' mistakes), but your willingness to help and the fact that you're obviously not trying to pull a scam within a scam, brings things back into perspective a bit. If that makes any sense |
|
|
|
FenixRD
Sr. Member
Offline
Activity: 364
Merit: 250
I am Citizenfive.
|
|
February 06, 2014, 07:55:54 AM |
|
Oh take the compliment for what it is, seriously! I'm not talking about you're know how to solve this - but you would be hailed as a genius if you succeeded. What I meant to convey is how refreshing it is to read this thread. I enjoy reading the scams (no pun intended OP, it's so I won't get caught with my skirt up again; learn from others' mistakes), but your willingness to help and the fact that you're obviously not trying to pull a scam within a scam, brings things back into perspective a bit. If that makes any sense Heh. Of course, sorry. I've never been very good at accepting compliments based on effort alone. It is a character flaw of mine. Thank you for the kind words. Indeed, this scam was completely off my radar. Granted, adopting the recommended policy of *always* sweeping funds before completing a deal, rather than accepting an exposed privkey, negates this threat; but, I would not have been looking for this type of thing specifically. And I've been around for a good while. It's a useful reminder to keep the guards up and not make exceptions to the "best practices". |
Uberlurker. Been here since the Finney transaction. Please consider this before replying; there is a good chance I've heard it before.
-Citizenfive
|
|
|
|
Lucky Cris
|
|
February 06, 2014, 08:39:57 AM |
|
Oh take the compliment for what it is, seriously! I'm not talking about you're know how to solve this - but you would be hailed as a genius if you succeeded. What I meant to convey is how refreshing it is to read this thread. I enjoy reading the scams (no pun intended OP, it's so I won't get caught with my skirt up again; learn from others' mistakes), but your willingness to help and the fact that you're obviously not trying to pull a scam within a scam, brings things back into perspective a bit. If that makes any sense Heh. Of course, sorry. I've never been very good at accepting compliments based on effort alone. It is a character flaw of mine. Thank you for the kind words. Indeed, this scam was completely off my radar. Granted, adopting the recommended policy of *always* sweeping funds before completing a deal, rather than accepting an exposed privkey, negates this threat; but, I would not have been looking for this type of thing specifically. And I've been around for a good while. It's a useful reminder to keep the guards up and not make exceptions to the "best practices". No doubt! **** dang it... I just read my previous post. I know the difference between you're and your. I hate when my fingers think for me, lol. |
|
|
|
ironmask (OP)
Newbie
Offline
Activity: 16
Merit: 0
|
|
February 06, 2014, 11:40:44 AM |
|
Okay. So, although the way the Android Blockchain app errors out is new to me, the facts are unfortunately unchanged. Hopefully this thread will help to explain this better: https://bitcointalk.org/index.php?topic=50206.10It's about this exact address. It's been collecting funds for several years now. As I was saying before, it's address zero, which is a unique thing in the protocol. I'm not a SCRIPT expert, personally, but in the thread Theymos and others make it clear that this address is unable to be spent from due to the way the hashing works — it's just not possible to create a valid TX signature for it, even with the "right" private key. This is a very unique phenomenon and yes, by the guy convincing you to accept the coins without Tx, that's how you were scammed. That said, now that 2.2 BTC is a significant thing, this might deserve to be added to the list of scams to watch for. It's certainly not well-known (there's only ONE zero address, out of the uncountable numbers that exist) I don't think. But again, and someone is welcome to explain how I'm wrong and clarify what Themos means, but if seems pretty straightforward. He says they're unspendable. I'd have thought a custom client would allow them to be spent, as can happen with pretty much every other nonstandard keypair introduced to the raw blockchain ledger. But it seems zero is unique. FenixRD, What actually address zero ? is this address create illegal coin that the protocol cannot accept it ?, why still recorded on the blockchain ? And how this guy can have the coin ? He said got it from mining ... or it has another way to get coins ?, are he bought it ? When it's said not possible to create a valid Tx signature its mean that this guy also cannot spend it right ?, but the dangerous thing that he able to make same SCAM scenario again and again, because the coins will always there. If this so, BitCoin .. still have big vulnerability due this kind of bug, regular guy like me will be very careful to have any interaction with BitCoin , there still so many threat that us not yet have any clue due security and network protocol. |
|
|
|
|
|
Lucky Cris
|
|
February 06, 2014, 12:25:07 PM |
|
FenixRD,
What actually address zero ? is this address create illegal coin that the protocol cannot accept it ?, why still recorded on the blockchain ?
And how this guy can have the coin ? He said got it from mining ... or it has another way to get coins ?, are he bought it ?
When it's said not possible to create a valid Tx signature its mean that this guy also cannot spend it right ?, but the dangerous thing that he able to make same SCAM scenario again and again, because the coins will always there.
If this so, BitCoin .. still have big vulnerability due this kind of bug, regular guy like me will be very careful to have any interaction with BitCoin , there still so many threat that us not yet have any clue due security and network protocol.
ironmask, I'm certain English isn't your first language, so I'll try to translate what's going on: The address is not creating coins. It's on the blockchain because all transactions are listed. You are correct. The scammer cannot spend the coins, no can spend them. Ever. Coins are sent to bitcoin addresses. So the address can still accept coins, but no one will ever be able to send the coins out of that address. Honestly, I don't know enough about the technical part to break it down, but I can tell you that it doesn't happen often. Using bitcoins is safer than using your credit card. The problem isn't with vulnerabilities or other security features of bitcoin, the threat comes from regular who don't understand how the system works. |
|
|
|
|
|
|
Lucky Cris
|
|
February 06, 2014, 02:15:04 PM |
|
That's the spirit! Welcome to the world of bitcoin. |
|
|
|
ironmask (OP)
Newbie
Offline
Activity: 16
Merit: 0
|
|
February 06, 2014, 02:18:03 PM |
|
|
|
|
|
|
|
Lucky Cris
|
|
February 06, 2014, 02:25:24 PM |
|
Impressive - excellent investigation! Do yourself and the community a favor by helping to spread the word that he's a scammer |
|
|
|
|
