Bitcoin Forum
December 15, 2017, 04:45:09 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5 »  All
  Print  
Author Topic: MyMonero.com - Security Issues  (Read 7815 times)
BlockaFett
Sr. Member
****
Offline Offline

Activity: 364

@blockafett


View Profile WWW
June 02, 2015, 12:33:39 AM
 #1

Some of you might know me from investigating the Mintpal V2 scam after losing BTC there.

Also some of you know me from lots of confrontations with core Monero supporters / devs on various threads with my Dash investor hat on, which I recently moved most of my alts into.

So I am not the person to be unbiased / neutral when discussing Monero - it's one of several competitors to my main investment so this gives me a conflict of interest when criticizing it.

That being said I just want to share this in case there is more to it and someone else wants to look into it and without wanting to slander Monero because this is just pure speculation.

(note, I started putting reference in but can't be bothered, if you want for something below then ask)

UPDATE 4th June: Security issues found with MyMonero.com sending the private key to the server in a cookie for some users, as per the posts starting here: https://bitcointalk.org/index.php?topic=1077775.msg11529538#msg11529538

-------------------------------

A lot of Monero users use (and get recommended to use) MyMonero.com, their web wallet ran by lead dev Fluffypony, instead of the official wallet client - because the wallet client has no GUI and a lot of technical / usability issues (e.g. just today here and here)

So Fluffypony can technically access distribution / what funds are moving around for all MyMonero wallets which could give him leading info on the market and pumps / dumps etc, whilst no-one else can (being a Cryptonote coin you can't see anything on the blockchain like distribution).

On it's own this might be innocent / incompetent in terms of centralizing / deanonimizing Monero users and transactions whilst simultaneously claiming your coin is the most anonymous and decentrazlied coin.

But then we find out that Fluffypony has done this before in trying to setup the same type of site for Vertcoin (Vertpay.com) and raising $200,000 to develop that from VTC users.  And that he is also working on Paybee.com, another payment site.

Next thing is that 95% of XMR volume is through one exchange, meaning open-season on price-manipulation, and bigger profits from anyone with leading info on what users are doing - and this has been the case for 1 year already, still no other exchanges

So just connecting the dots but what if it's no accident that Monero wallet is dysfunctional after one year (crippled?) and so most wallets are on MyMonero.com and under the sole visibility of the core team, that all volume is still on Poloniex giving whales their a single place to manipulate after one year, that the GUI wasn't added even now Cryptonote has made an open source one so most people go to MyMonero.com, and all on the "most secure and untraceable coin".

Plus we know that Monero did launch a crippled miner with things like useless loops inserted to slow the mining down, although we don't know if this was innocently copied in from Bytecoin or not.  

Potentially, are we are looking at a coin *setup* as a scam here, with various parts crippled to make sure the core team are the only ones with access to the key 'behind the scenes' market information and are also actually big investors / traders, that all trade is through Poloniex, and then they go around accusing everyone else of being a scam whilst scamming XMR volume behind the scenes?

Maybe Cryptnote is a prime target for this kind of stuff because everything is hidden - in such an environment, MyMonero / Poloniex owners can go wild if they make use of the info that no one else can have....

I'm sure a lot of the Fluffypony fans will be outraged at this suggestion.  And I could be totally wrong.  But if your argument is "I know Fluffy wouldn't do that" then lol because you should no in crypto now anything like this can and does happen, regularly..

No offence to Monero investors here....if i'm totally wrong then sorry for suggesting.  And this isn't to help Dash in any way, that coin is strong enough on it's own without needing any trolling and i'm probably the only Dash supporter bothering about the Monero trolling and that's because i'm new probably - I was investigating Mintpal before I went Dash and i'm good at it so that's where i'm coming from and I learnt a lot about Monero recently.

anyway...let the roasting commence.

[BTW - if you are a Dash supporter, please don't post here to bash Monero as you will be biased; I am not here for anything to do with Dash]



1513313109
Hero Member
*
Offline Offline

Posts: 1513313109

View Profile Personal Message (Offline)

Ignore
1513313109
Reply with quote  #2

1513313109
Report to moderator
1513313109
Hero Member
*
Offline Offline

Posts: 1513313109

View Profile Personal Message (Offline)

Ignore
1513313109
Reply with quote  #2

1513313109
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513313109
Hero Member
*
Offline Offline

Posts: 1513313109

View Profile Personal Message (Offline)

Ignore
1513313109
Reply with quote  #2

1513313109
Report to moderator
1513313109
Hero Member
*
Offline Offline

Posts: 1513313109

View Profile Personal Message (Offline)

Ignore
1513313109
Reply with quote  #2

1513313109
Report to moderator
1513313109
Hero Member
*
Offline Offline

Posts: 1513313109

View Profile Personal Message (Offline)

Ignore
1513313109
Reply with quote  #2

1513313109
Report to moderator
DaveyJones
Hero Member
*****
Offline Offline

Activity: 722


View Profile
June 02, 2015, 12:45:48 AM
 #2

I don´t mind you investigating, when there is a flaw it needs to be fixed... if its a flaw.

But what i mind is that i do not understand that you call Monero a scam... but are perfectly fine about Dash´s shady past ( which we don´t need to get into because all has been said plenty of times )
rangedriver
Hero Member
*****
Offline Offline

Activity: 707



View Profile
June 02, 2015, 12:49:53 AM
 #3

I don´t mind you investigating, when there is a flaw it needs to be fixed... if its a flaw.

But what i mind is that i do not understand that you call Monero a scam... but are perfectly fine about Dash´s shady past ( which we don´t need to get into because all has been said plenty of times )

It's reply-bait. The only purpose of this thread is so the words 'Investigate Monero' can be perpetually alive in the altcoin section, thus subtly insinuating that it's some kind of scam. The actual dialogue is meaningless.
BlockaFett
Sr. Member
****
Offline Offline

Activity: 364

@blockafett


View Profile WWW
June 02, 2015, 01:09:20 AM
 #4

I don´t mind you investigating, when there is a flaw it needs to be fixed... if its a flaw.

But what i mind is that i do not understand that you call Monero a scam... but are perfectly fine about Dash´s shady past ( which we don´t need to get into because all has been said plenty of times )

Not calling Monero a scam, because I have zero evidence that it is.  OP is speculation and I am biased like I said.  Just sharing my tinfoil hat theory from today.

Most coins have something shady in their past.  Dash beginnings are probably the most investigated, I checked it out and decided to invest, that's it really, everyone make their own decision.

It's going to be too hard for me to add any value on anything here, kind of looks just like Dash supporter attacking Monero which wasn't the intention.


bathrobehero
Legendary
*
Offline Offline

Activity: 1372


ICO? Not even once.


View Profile
June 02, 2015, 01:09:48 AM
 #5

Code:
# Source  Pair   Volume (24h) Price Volume (%)
1 Poloniex  XMR/BTC $ 19,109 $ 0.452966 83.06 %
2 HitBTC  XMR/BTC $ 2,442 $ 0.457652 10.61 %
3 Bittrex  XMR/BTC $ 675 $ 0.449139 2.93 %

As someone who dislike both Monero and Dash, I think this might be worrying for some considering Polo is entirely dependent on FinCEN. And then there's the very slim possibility of Polo getting hacked, either way it's centralization in a way.

RIP Bittrex
BlockaFett
Sr. Member
****
Offline Offline

Activity: 364

@blockafett


View Profile WWW
June 02, 2015, 01:09:55 AM
 #6

I don´t mind you investigating, when there is a flaw it needs to be fixed... if its a flaw.

But what i mind is that i do not understand that you call Monero a scam... but are perfectly fine about Dash´s shady past ( which we don´t need to get into because all has been said plenty of times )

It's reply-bait. The only purpose of this thread is so the words 'Investigate Monero' can be perpetually alive in the altcoin section, thus subtly insinuating that it's some kind of scam. The actual dialogue is meaningless.

totally not my intention, probably bad idea to start this

celestio
Sr. Member
****
Offline Offline

Activity: 406



View Profile
June 02, 2015, 01:13:00 AM
 #7

I don´t mind you investigating, when there is a flaw it needs to be fixed... if its a flaw.

But what i mind is that i do not understand that you call Monero a scam... but are perfectly fine about Dash´s shady past ( which we don´t need to get into because all has been said plenty of times )

Not calling Monero a scam, because I have zero evidence that it is.  OP is speculation and I am biased like I said.  Just sharing the info with my tinfoil hat on.

Most coins have something shady in their past.  Dash beginnings are probably the most investigated, I checked it out and decided to invest, that's it really, everyone make their own decision.

It's going to be too hard for me to add any value on anything here, kind of looks just like Dash supporter attacking Monero which wasn't the intention.



Problem is that it's all speculation as you said. None of what's in the OP about pumping and so on has any basis in fact. I can very well say Gavin Anderson was a CIA agent like so many have been doing in the Bitcoin Discussion section, but that's all "speculation"(Aka nonsense).

So yes, this thread looks like 100% trolling.

"The nature of Bitcoin is such that once version 0.1 was released, the core design was set in stone for the rest of its lifetime" - Satoshi Nakamoto, June 17, 2010
GTO911
Hero Member
*****
Offline Offline

Activity: 672



View Profile
June 02, 2015, 04:23:16 AM
 #8

As someone who dislike both Monero and Dash

You are just another Darkcoin/Dash shill
benthach
Legendary
*
Offline Offline

Activity: 1176


--- I AM LEGEND --- i scam no one --- like ARK


View Profile WWW
June 02, 2015, 05:17:16 AM
 #9

As someone who dislike both Monero and Dash

You are just another Darkcoin/Dash shill

both monero and dash are shit coins. shit name and shit brand, actually they don't have brand, they have shit nonsense coin name. lol

HCLivess
Legendary
*
Offline Offline

Activity: 1372


[[[],[]],[[],[]]]


View Profile WWW
June 02, 2015, 05:29:32 AM
 #10

both suck

Bismuth - New Language, Interpretation Engines, Free Set of DAPPs https://bitcointalk.org/index.php?topic=1896497
Bitrated user: HCLivess.
coinfusion
Full Member
***
Offline Offline

Activity: 138


View Profile
June 02, 2015, 05:57:35 AM
 #11

As someone who dislike both Monero and Dash

You are just another Darkcoin/Dash shill

both monero and dash are shit coins. shit name and shit brand, actually they don't have brand, they have shit nonsense coin name. lol

Benthach, why are you always so bent out of shape in every thread I see you post in? Tongue
GTO911
Hero Member
*****
Offline Offline

Activity: 672



View Profile
June 02, 2015, 06:00:00 AM
 #12

both suck

monero, its got hype
myriad for longterm

And myraid coin wins, lolz

Pathetic trolls we got here
Rux
Legendary
*
Offline Offline

Activity: 966


www.crypto.ba


View Profile WWW
June 02, 2015, 08:55:11 AM
 #13

I know he said dont intervene but how can i just watch this  Cool

If DASH is scam, then wtf is Monero?? MOTHER OF ALL SCAMS

if DASH is scam, why so many buys in last days Grin

if DASH is scam, how come nobody has break his mixing service amd instantx, and prove that Evan is full of shit?

...
BitcoiNaked
Sr. Member
****
Offline Offline

Activity: 449


View Profile
June 02, 2015, 09:02:47 AM
 #14

Both monero and dash are a piece of scam junk, both beling in the trash.
MalMen
Member
**
Offline Offline

Activity: 95


View Profile
June 02, 2015, 09:12:19 AM
 #15

......

I understund your arguments and I am sorry about all the people here attacking DASH vs Monero based on you beeing an DASH holder, I think XMR is for me like DASH is for you, so we are in the same position..
About your concerns I personally believe that fluffyponny is honest, even if he wanted to take advantage from the viewkeys that he have on mymonero i think there is no mutch information that can be used to know if the market is going up or down, he can have only some perseption for the ones who are on XMR for long term... the ones who short keep the coins on exchange...

About poloniex beeing the main exchange i dont like that fact too, but its not devs fault.. They try to contact another exchanges multiple times to add monero, but for some reason (dont know what, the volume is pretty high) they have allways some problem in adding it

There is no official GUI because there is more important things to do before that, and over time i saw that clearly.. there are alot of unofficial guis that can be used and working fine for the current daemon... Finishing the DB version and releasing an propper API for the wallet at this stage its primary, what is the point in having an official gui if there is almost no market for this coin yet ?
Of course that you can say that fluffypony beeing an core dev should had focus his energy on releasing first one official gui before creating and releasing his own, but this is an opensource project and he is doing his work voluntary, I think its better having him working for the cominity and for himself rather than working for himself only
astrobitcoin
Full Member
***
Offline Offline

Activity: 134


View Profile
June 02, 2015, 10:07:46 AM
 #16


So just connecting the dots but what if it's no accident that Monero wallet is dysfunctional after one year (crippled?) and so most wallets are on MyMonero.com and under the sole visibility of the core team, that all volume is still on Poloniex giving whales their a single place to manipulate after one year, that the GUI wasn't added even now Cryptonote has made an open source one so most people go to MyMonero.com, and all on the "most secure and untraceable coin".



make sense Wink
considering the low level of replies and argumentations from moronero shill accounts this can actually be true

it's easy to scream SCAM louder than anybody else just to cover your own tricks and take advantage of your own community (moreno users have been victim of fraud for more than a year now)
othe
Hero Member
*****
Offline Offline

Activity: 532


View Profile
June 02, 2015, 10:31:49 AM
 #17


So just connecting the dots but what if it's no accident that Monero wallet is dysfunctional after one year (crippled?) and so most wallets are on MyMonero.com and under the sole visibility of the core team, that all volume is still on Poloniex giving whales their a single place to manipulate after one year, that the GUI wasn't added even now Cryptonote has made an open source one so most people go to MyMonero.com, and all on the "most secure and untraceable coin".



make sense Wink
considering the low level of replies and argumentations from moronero shill accounts this can actually be true

it's easy to scream SCAM louder than anybody else just to cover your own tricks and take advantage of your own community (moreno users have been victim of fraud for more than a year now)

Pathetic little liers, it´s almost funny...

1. There are several working GUI´s linked: http://getmonero.org/getting-started/choose
2. MyMonero doesn´t have your spendkeys, that means only the MyMonero users can spend their own funds.
...
47. https://www.cryptsy.com/coinvotes/ - we voted for it on Cryptsy and it was on #1 for several months, why don´t you ask them why they don´t add it? Did Dash pay them off to not add it?


Not going to answer the rest of your bullshit, has already been answered x times.

ShowmeDmoney
Newbie
*
Offline Offline

Activity: 3


View Profile
June 02, 2015, 11:14:45 AM
 #18

Quote
Plus we know that Monero did launch a crippled miner with things like useless loops inserted to slow the mining down, although we don't know if this was innocently copied in from Bytecoin or not.

There is no innocence there, it was copied for sure, so if they infringed on someone else's code than i bet my 100 moneros that a scam it is

http://www8.gmanews.tv/webpics/v3/2012/02/Admiral-Ackbar_Its-a-scam.jpg
Febo
Legendary
*
Offline Offline

Activity: 1260



View Profile
June 02, 2015, 11:50:14 AM
 #19



A lot of Monero users use (and get recommended to use) MyMonero.com, their web wallet ran by lead dev Fluffypony, instead of the official wallet client - because the wallet client has no GUI and a lot of technical / usability issues (e.g. just today here and here)


There are several Monero GUI valets.

When i started with Monero in May 2014 i started on one of first GUI vallet, but latter rather starting using simple vallet, since for me simple is perfect .

I have no ideas where your ignorance come from.  Monero GUI valets are mention in many threads on this forum. Some even have their own thread, where you can monitor how they developed.


.BitDice.               ▄▄███▄▄
           ▄▄██▀▀ ▄ ▀▀██▄▄
      ▄▄█ ▀▀  ▄▄█████▄▄  ▀▀ █▄▄
  ▄▄██▀▀     ▀▀ █████ ▀▀     ▀▀██▄▄
██▀▀ ▄▄██▀      ▀███▀      ▀██▄▄ ▀▀██
██  ████▄▄       ███       ▄▄████  ██
██  █▀▀████▄▄  ▄█████▄  ▄▄████▀▀█  ██
██  ▀     ▀▀▀███████████▀▀▀     ▀  ██
             ███████████
██  ▄     ▄▄▄███████████▄▄▄     ▄  ██
██  █▄▄████▀▀  ▀█████▀  ▀▀████▄▄█  ██
██  ████▀▀       ███       ▀▀████  ██
██▄▄ ▀▀██▄      ▄███▄      ▄██▀▀ ▄▄██
  ▀▀██▄▄     ▄▄ █████ ▄▄     ▄▄██▀▀
      ▀▀█ ▄▄  ▀▀█████▀▀  ▄▄ █▀▀
           ▀▀██▄▄ ▀ ▄▄██▀▀
               ▀▀███▀▀
        ▄▄███████▄▄
     ▄███████████████▄
    ████▀▀       ▀▀████
   ████▀           ▀████
   ████             ████
   ████ ▄▄▄▄▄▄▄▄▄▄▄ ████
▄█████████████████████████▄
██████████▀▀▀▀▀▀▀██████████
████                   ████
████                   ████
████                   ████
████                   ████
████                   ████
████▄                 ▄████
████████▄▄▄     ▄▄▄████████
  ▀▀▀█████████████████▀▀▀
        ▀▀▀█████▀▀▀
▄▄████████████████████████████████▄▄
██████████████████████████████████████
█████                            █████
█████                            █████
█████                            █████
█████                            █████
█████                     ▄▄▄▄▄▄▄▄▄▄
█████                   ▄█▀▀▀▀▀▀▀▀▀▀█▄
█████                   ██          ██
█████                   ██          ██
█████                   ██          ██
██████████████████▀▀███ ██          ██
 ████████████████▄  ▄██ ██          ██
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ██          ██
             ██████████ ██          ██
           ▄███████████ ██████▀▀██████
          █████████████  ▀████▄▄████▀
[/]
BlockaFett
Sr. Member
****
Offline Offline

Activity: 364

@blockafett


View Profile WWW
June 02, 2015, 12:05:32 PM
 #20

......

I understund your arguments and I am sorry about all the people here attacking DASH vs Monero based on you beeing an DASH holder, I think XMR is for me like DASH is for you, so we are in the same position..
About your concerns I personally believe that fluffyponny is honest, even if he wanted to take advantage from the viewkeys that he have on mymonero i think there is no mutch information that can be used to know if the market is going up or down, he can have only some perseption for the ones who are on XMR for long term... the ones who short keep the coins on exchange...

About poloniex beeing the main exchange i dont like that fact too, but its not devs fault.. They try to contact another exchanges multiple times to add monero, but for some reason (dont know what, the volume is pretty high) they have allways some problem in adding it

There is no official GUI because there is more important things to do before that, and over time i saw that clearly.. there are alot of unofficial guis that can be used and working fine for the current daemon... Finishing the DB version and releasing an propper API for the wallet at this stage its primary, what is the point in having an official gui if there is almost no market for this coin yet ?
Of course that you can say that fluffypony beeing an core dev should had focus his energy on releasing first one official gui before creating and releasing his own, but this is an opensource project and he is doing his work voluntary, I think its better having him working for the cominity and for himself rather than working for himself only

Viewkeys is one thing but when you run a website you have access to all the data entered in every form, so MyMonero.com is positioned to collect pretty much all the data on the users including what amounts they type in, addresses, who sends to who and how much, what is distribution, plus their IPs, browser / OS type, etc etc, which made me wonder why? because the whole point of Cryptonote is to hide such info, why take Bytecoin which is client-based like all cryptos then dev a single website to route all that through a single server instead.  

So it just seems like an odd choice - take over development of an untraceable coin, then instead of developing the client wallet to be secure / anonymous / usable, you spend that development time making a website delivered from your own server instead.

1 year on and nothing has changed - new users go to MyMonero and the official wallet still not working properly.

Why?  MyMonero.com took development time and $ to build, why spend on that and not on a decent anonymous client wallet for users so they don't have to use a server?

One explanation might be that centralized payment sites are what Fluffy is used to and feels comfortable developing (as he tried Vertpay.com before and also working on Paybee.com now)

Either way, the solution is surely to get rid of MyMonero.com - Monero just can't be untraceable / anonymous with the bulk of it's users doing their transactions through a single server owned by the dev

Plus get volume spread across different exchanges and not just through Poloniex - my understanding is exchanges like Cryptsy didn't add Monero again because of problems with the official wallet client - so same problem, same solution, get the wallet working...

EDIT: Dash supporters thanks for not posting here...if there is any truth to what I am saying it's better for Monero to fix it than have arguments over who's coin is better...thanks.

Pages: [1] 2 3 4 5 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!