Bitcoin Forum
December 13, 2017, 03:55:46 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 [4] 5 6 7 »  All
  Print  
Author Topic: Cheap way to attack blockchain  (Read 27889 times)
Zombier0
Sr. Member
****
Offline Offline

Activity: 435


View Profile
October 10, 2015, 09:58:22 AM
 #61

So its dead[1] already?
[1] look at the date http://www.coindesk.com/blacklist-debate-ok-meddle-bitcoins-code/
Nobody cares.
Nobody even know that one pool today does not process transactions to/from some set of addresses.



It was debate, thats i.

Bc is digital cash, cash is free to move.

Wh btc blaclists then i go full prO LTC

1513137346
Hero Member
*
Offline Offline

Posts: 1513137346

View Profile Personal Message (Offline)

Ignore
1513137346
Reply with quote  #2

1513137346
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513137346
Hero Member
*
Offline Offline

Posts: 1513137346

View Profile Personal Message (Offline)

Ignore
1513137346
Reply with quote  #2

1513137346
Report to moderator
1513137346
Hero Member
*
Offline Offline

Posts: 1513137346

View Profile Personal Message (Offline)

Ignore
1513137346
Reply with quote  #2

1513137346
Report to moderator
onemorexmr
Sr. Member
****
Offline Offline

Activity: 252



View Profile
October 10, 2015, 10:00:22 AM
 #62

So its dead[1] already?
[1] look at the date http://www.coindesk.com/blacklist-debate-ok-meddle-bitcoins-code/
Nobody cares.
Nobody even know that one pool today does not process transactions to/from some set of addresses.



It was debate, thats i.

Bc is digital cash, cash is free to move.

Wh btc blaclists then i go full prO LTC

LTC is the same as BTC.
if bitcoin ever goes with blacklisting (i dont think or hope so) LTC will be next shortly after

XMR || Monero || monerodice.net || xmr.to || mymonero.com || openalias.org || you think bitcoin is fungible? watch this
Zombier0
Sr. Member
****
Offline Offline

Activity: 435


View Profile
October 10, 2015, 03:04:59 PM
 #63

So its dead[1] already?
[1] look at the date http://www.coindesk.com/blacklist-debate-ok-meddle-bitcoins-code/
Nobody cares.
Nobody even know that one pool today does not process transactions to/from some set of addresses.



It was debate, thats i.

Bc is digital cash, cash is free to move.

Wh btc blaclists then i go full prO LTC

LTC is the same as BTC.
if bitcoin ever goes with blacklisting (i dont think or hope so) LTC will be next shortly after

Then we move to nxt and next Smiley

Bifta
Full Member
***
Offline Offline

Activity: 182


View Profile
October 19, 2015, 10:42:13 PM
 #64

I'm looking at the transaction referenced in the OP: https://blockchain.info/tx/6766e75d6166a0a14bd814921d0f903285e15779e648d7ec52a4f7c0868ec07d and I noticed that the input scripts don't seem to verify with the output script of their referenced outpoints. Can someone explain how this is considered valid?
basil00
Member
**
Offline Offline

Activity: 60


View Profile
October 31, 2015, 11:57:42 PM
 #65

It appears that someone launched a limited form of this attack using the address 3G83ox5zw7D6eySoSMCervh9cbhMXdA5t9.  The address corresponds to the script:

Code:
OP_IF
   0x451e75af
   OP_15
   OP_CHECKMULTISIG
OP_ENDIF
OP_1

The script is spent by push 0 in the sigScript.

The attacker only generated 960 such outputs, which corresponds to 14400 sigOps, which is not enough even to fill a block.  Furthermore the fee rate for the transactions was not very high (37sat/byte), meaning that most normal traffic would be unaffected anyway.  So overall this attack had no affect.  Maybe this was a test?
amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
November 01, 2015, 07:37:27 AM
 #66

It appears that someone launched a limited form of this attack

http://www.youtube.com/watch?v=0QtKDlZ7FKE
Bifta
Full Member
***
Offline Offline

Activity: 182


View Profile
November 02, 2015, 12:26:23 AM
 #67

Blockchain have been providing some best wallet services for bitcoins. They're famous for their features, security and privacy, but now some cheap hackers Have tried some typical tricks for hacking the blockchain system. What they used were some fake proxy servers for gaining access to the wallets. They have been successful a few times. But, no longer now as blockchain made their system more secure and strong.
That is just not the right blockchain. Please stop confusing blockchain.info for that actual Bitcoin Blockchain. They are two different things. We are talking about the bitcoin blockchain here, and how to spam and perform a DoS attack against full nodes which download the entire blockchain. Also, please read the thread before posting, we don't want your spam here.
Decoded
Legendary
*
Offline Offline

Activity: 924


Crypto-News.net: News from Crypto World


View Profile WWW
November 04, 2015, 04:47:56 AM
 #68

What do people have against bitcoin? It's a revolutionary new currency, and people are trying to use it to hurt other bitcoiners.

You're advertising a service to ruin the experience for other bitcoiners, on the official forum where all the bitcoiners come.

Am I missing something?



              ▄▄▄██████▄▄▄
          ▄██████████████████▄
       ▄████████████████████████▄
 ▄▄  ▄████████████████████████████▄
███████████████████████████████████▄
 ▀▀█████████████████████████████████▄
   ██████████████████████████████████
   ██████████████████████████████████
   ██████████████████████████████████
   ██████████████████████████████████
   ▀████████████████████████████████▀
    ▀██████████████████████████████▀
     ▀▀██████████████████████████▀
        ▀██████████████████████▀
           ▀▀▀████████████▀▀▀
.
.....
.....
.....
.....
.....
.....





DuddlyDoRight
Sr. Member
****
Offline Offline

Activity: 318



View Profile WWW
November 04, 2015, 05:47:46 AM
 #69

Be thankful people are doing free security research.. The more they achieve the harder BTC is to hack because it leads to mitigations and patches even if they are blackhat..

Even a really complex algorithmic attack on the block-chain will reveal design flaws that can be fixed and someone will bankrupt a lot of tumblers trying to convert stolen coins.. There are probably companies and criminal groups all over the world with talented people looking for this right now; probably mostly in Russia and China..

I have faith that one day this forum will get threads where people won't just repeat their previous posts or what others have already stated in the same thread. Also that people will stop acting like BTC is toy-money and start holding vendors accountable. Naive? Maybe.
basil00
Member
**
Offline Offline

Activity: 60


View Profile
November 05, 2015, 01:21:44 AM
 #70

Looks like the attacker has successfully launched another attack.  This time using the address 3EgSUauJG5N27AUfQwiUfjAhHe6y9AKdVs corresponding to the script:

Code:
OP_IF 0x42412fb4 OP_15 OP_CHECKMULTISIG OP_ENDIF OP_1

This time the attacker managed to successfully fill the 20,000 sigOp limit for block #382053, where 1245x15 = 18675 are fake sigOps arising from the attack transactions.  This meant that no more transactions (legitimate or otherwise) could be included in the block, leading to an underfull block of ~288KB (of which ~68KB are the attack txs).  Note that the network is currently running at capacity, with 1MB or 750KB blocks the norm.

The new attack was limited to a single block.  Also the attacker used a low fee rate of ~18sat/byte.  A higher fee rate would have made the attack for effective (but more expensive).
erickimani
Jr. Member
*
Offline Offline

Activity: 42


View Profile
November 05, 2015, 08:40:31 PM
 #71

we can never be secure anywhere. will just depend on luck and other firms that offer cyber security to protect us from scams..Haha. especially from you guys who understand the language of programming. Be good.
amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
November 05, 2015, 08:50:23 PM
 #72

Be good.
It is not possible for humans alive creatures to be good for everyone.
Wolves can not be good for rabbits.
DuddlyDoRight
Sr. Member
****
Offline Offline

Activity: 318



View Profile WWW
November 08, 2015, 12:33:28 AM
 #73

Looks like the attacker has successfully launched another attack.  This time using the address 3EgSUauJG5N27AUfQwiUfjAhHe6y9AKdVs corresponding to the script:

Code:
OP_IF 0x42412fb4 OP_15 OP_CHECKMULTISIG OP_ENDIF OP_1

This time the attacker managed to successfully fill the 20,000 sigOp limit for block #382053, where 1245x15 = 18675 are fake sigOps arising from the attack transactions.  This meant that no more transactions (legitimate or otherwise) could be included in the block, leading to an underfull block of ~288KB (of which ~68KB are the attack txs).  Note that the network is currently running at capacity, with 1MB or 750KB blocks the norm.

The new attack was limited to a single block.  Also the attacker used a low fee rate of ~18sat/byte.  A higher fee rate would have made the attack for effective (but more expensive).

Worse case scenerio: Buffer Overflow->Code Execution in poorly coded clients. I doubt this person would have the skill to do that espesiaclly since it requires brute forcing with weak hashes for shellcode which is next to impossible unless you have super-computers like a gov...

dos will just cause repo commits fixing the handler routines within 72 hours on popular clients..

EDIT: BTC Blockchain and core-implementation have a huge attack surface and design spec. I bet most wallets and miners don't even bounds check and have strict spec handling without error handling.

I have faith that one day this forum will get threads where people won't just repeat their previous posts or what others have already stated in the same thread. Also that people will stop acting like BTC is toy-money and start holding vendors accountable. Naive? Maybe.
basil00
Member
**
Offline Offline

Activity: 60


View Profile
November 08, 2015, 05:18:00 AM
 #74

Worse case scenerio: Buffer Overflow->Code Execution in poorly coded clients.

This is a specific DoS attack vector that has nothing to do with buffer overflows.

The worse case scenario is that no transactions are confirmed for a while until centralized mining intervenes.
kbtakbta
Newbie
*
Offline Offline

Activity: 1


View Profile
November 09, 2015, 11:51:09 AM
 #75

Hi,

im not a technical guy, but i would fear to use a system, running on a not a self-devloped op. system. Since Snowden we know, how the US try to keep up his superiority above the net. It is possible to defect some of the major op.systems, so large part of the Bitcon system can be compromised on the next op.system update. The Bitcoin Core only a program running above the op. system.
DuddlyDoRight
Sr. Member
****
Offline Offline

Activity: 318



View Profile WWW
November 09, 2015, 08:27:56 PM
 #76

Worse case scenerio: Buffer Overflow->Code Execution in poorly coded clients.

This is a specific DoS attack vector that has nothing to do with buffer overflows.

The worse case scenario is that no transactions are confirmed for a while until centralized mining intervenes.

It depends on what controls the allocation in code. If it's secure it puts x bytes in a x bytes buffer after a verified pointer in meta data with no parsing except after allocation of said buffer. Otherwise it can likely be exploited for code execution through malicious hashing&encoding.

Even if it's not the case here with the reference implementation, that doesn't mean it's not the case with other full clients.

If we're going to raise alerts over dos and block spamming I could easily post a python script that fork-spams the block-chain and bloats it with orphan blocks. I'm more interested in programming flaws though and not the genius currency design that changes hundredths at second intervals and has arbitrary fees..

EDIT: I only mention it because it's obvious that the reference implementation and all the clients based on it just blindly allocate and mine on the block-chain.. At some point malicious people will exploit it..

I have faith that one day this forum will get threads where people won't just repeat their previous posts or what others have already stated in the same thread. Also that people will stop acting like BTC is toy-money and start holding vendors accountable. Naive? Maybe.
StateOfAffairs
Newbie
*
Offline Offline

Activity: 16


View Profile
November 09, 2015, 09:03:24 PM
 #77

So are people actually trying to attack Blockchain? I thought it was fairly secure..
DuddlyDoRight
Sr. Member
****
Offline Offline

Activity: 318



View Profile WWW
November 09, 2015, 10:16:19 PM
 #78

So are people actually trying to attack Blockchain? I thought it was fairly secure..

The crypto is till quantum computers. The design and economics not so much. The currency itself changes hundredths in seconds and has arbitrary fees.. It wasn't well thought out and anyone who learned programming two years ago are writing tools and solutions for it because it's marketable..

It's trivial to spam and fork the blockchain for anyone with little research..

Governments and botnet industry will eventually start looking for way to exploit things.

I have faith that one day this forum will get threads where people won't just repeat their previous posts or what others have already stated in the same thread. Also that people will stop acting like BTC is toy-money and start holding vendors accountable. Naive? Maybe.
amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
November 22, 2015, 05:34:30 PM
 #79

https://statoshi.info/dashboard/db/transactions

basil00
Member
**
Offline Offline

Activity: 60


View Profile
November 23, 2015, 02:19:38 PM
 #80


Another attack, this time block #384831's sigOp limit was hit.

Is this you amaclin?  I thought this would be against your policy of not spending money on attacks?

Pages: « 1 2 3 [4] 5 6 7 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!