Bitcoin Forum
January 17, 2019, 01:50:48 PM *
News: The copper membership price will increase by about 300% around Friday.
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Would it be easy for Pool operators to steal from miners?  (Read 1134 times)
boliu
Sr. Member
****
Offline Offline

Activity: 267
Merit: 250

6th BTC reached. Thank you for your support


View Profile
September 10, 2015, 04:56:06 PM
 #1

Wouldn't be easy for the Pool operators to put in a few line of codes to forward the Block Hash to his account and claim the Reward for himself?


Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1547733048
Hero Member
*
Offline Offline

Posts: 1547733048

View Profile Personal Message (Offline)

Ignore
1547733048
Reply with quote  #2

1547733048
Report to moderator
1547733048
Hero Member
*
Offline Offline

Posts: 1547733048

View Profile Personal Message (Offline)

Ignore
1547733048
Reply with quote  #2

1547733048
Report to moderator
tiggytomb
Legendary
*
Offline Offline

Activity: 1792
Merit: 1000


View Profile
September 10, 2015, 05:02:24 PM
 #2

I guess it would be very easy for them to steal your coins as they hold the coins until you withdraw them.  I only have experience with altcoin pools perhaps it is a different setup when mining bitcoin.
boliu
Sr. Member
****
Offline Offline

Activity: 267
Merit: 250

6th BTC reached. Thank you for your support


View Profile
September 10, 2015, 05:05:52 PM
 #3

I don't mean they steal your coins, but the whole Block reward (25 BTC)

From my understand (I may be wrong) but, once a miner on the pool found the Block, it's fowarded to the pool and out to the blockchain.  Would it be easy for the site operation to put in line of code to redirect the Hash found and use it for himself therefore claiming the 25 BTC reward.

He wouldn't do it for every block, but maybe 1 in every 4 blocks found.

TheRealSteve
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500

FUN > ROI


View Profile
September 10, 2015, 05:45:32 PM
 #4

Yes-and-no.  Most pools already mine only against their own address - that is to say, the coinbase transaction only has their address and nothing else.  They then pay out the people using that pool from that address in secondary transactions.  So yes, for them, it would be easy.
On the other hand, if they did that, they can kiss their pool (with all the nice and stable fees, etc.) goodbye.  Nobody would want to mine there anymore.  Their name would be forever tainted (which doesn't mean much in Bitcoin, but alright). So if a pool were to do something like that, doing it for 1-in-4 blocks wouldn't fly.  They could do it only on outstanding balances, once; they'd better make sure it's a good one if they want to take the bitcoin and run Smiley

There are other pool types where the coinbase transaction is set up to pay out to the users directly, though - there's no cheating with that, as the pool operator setting it to pay out only to themselves would be immediately obvious (presuming the software is set up to detect it).  P2Pool is a good example of this.

MCHouston
Hero Member
*****
Offline Offline

Activity: 840
Merit: 500


Where am I?


View Profile
September 10, 2015, 05:46:34 PM
 #5

It is easy for them to do but very noticeable. They would get caught fast.

Better for them to take like .5%.


BTC 13WWomzkAoUsXtxANN9f1zRzKusgFWpngJ
LTC LKXYdqRzRC8WciNDtiRwCeb8tZtioZA2Ks
DOGE DMsTJidwkkv2nL7KwwkBbVPfjt3MhS4TZ9
jonnybravo0311
Legendary
*
Offline Offline

Activity: 1344
Merit: 1015


Mine at Jonny's Pool


View Profile WWW
September 10, 2015, 06:53:10 PM
 #6

Could they take the entire block reward for themselves?  Sure... at least in a traditional pool.  In a pool like p2pool, no.  In p2pool the block's coinbase transaction contains the payouts of the block reward to all the miners.  In a traditional pool, the entire reward is paid to the pool's address.  That's why when you get rewarded from p2pool, it shows up as an immature transaction and you must wait for the 101 block confirmations before you can use that coin.  When you get a payout from a traditional pool, it's just like getting sent BTC from anyone else - it becomes spendable coin after a single confirmation.

Now, just because it's easy doesn't mean it's done.  Who's going to mine on a pool where the operator keeps everything for himself?  Skimming of the top would be considerably easier to conceal.  Not too many people are going to notice that small percentage missing.

Jonny's Pool - Mine with us and help us grow!  Support a pool that supports Bitcoin, not a hardware manufacturer's pockets!  No SPV cheats.  No empty blocks.
boliu
Sr. Member
****
Offline Offline

Activity: 267
Merit: 250

6th BTC reached. Thank you for your support


View Profile
September 10, 2015, 07:04:08 PM
 #7

I am not suggesting the pool operators to steal from the pool balance, but steal the Block itself.

Lets say for F2Pool, if one of the miners found the hash for the current block, and report it to F2Pool, instead of broadcasting to the blockchain and get reward for the Pool, a few simple line of code can redirect the Hash to an outside miner and they then broadcast it to the blockchain and get the reward.

tiggytomb
Legendary
*
Offline Offline

Activity: 1792
Merit: 1000


View Profile
September 10, 2015, 07:06:24 PM
 #8

I don't mean they steal your coins, but the whole Block reward (25 BTC)

From my understand (I may be wrong) but, once a miner on the pool found the Block, it's fowarded to the pool and out to the blockchain.  Would it be easy for the site operation to put in line of code to redirect the Hash found and use it for himself therefore claiming the 25 BTC reward.

He wouldn't do it for every block, but maybe 1 in every 4 blocks found.

I see, apologies I misunderstood what you were getting at.
aeleeth
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
September 10, 2015, 07:10:44 PM
 #9

It is easy for them to do but very noticeable. They would get caught fast.

Better for them to take like .5%.
This, they win the long-term battle
spazzdla
Legendary
*
Offline Offline

Activity: 1554
Merit: 1000


View Profile
September 10, 2015, 08:03:29 PM
 #10

The risk reward here is to high.  Found out once and your pool is dead instantly.
TheRealSteve
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500

FUN > ROI


View Profile
September 10, 2015, 10:13:34 PM
 #11

Lets say for F2Pool, if one of the miners found the hash for the current block, and report it to F2Pool, instead of broadcasting to the blockchain and get reward for the Pool, a few simple line of code can redirect the Hash to an outside miner and they then broadcast it to the blockchain and get the reward.
Nope - can't do that.  The hash is specific for the block header in question.  That block header depends on the content of that block.  So if some 'outside miner' wanted the bitcoin reward, the coinbase transaction would first have to be changed to pay out only to that 'outside miner'.  When that happens, the hash calculated earlier will no longer be valid.

Miners at pools generally cannot scam the pool operators - regardless of traditional pool or P2Pool - for this very reason.

There were some suggestions of actually turning that upside down - e.g. making it so that the individual miner could steal from a pool.  I don't know if any pool has dared implement that.  Further reading (one of several such articles): http://hackingdistributed.com/2014/06/18/how-to-disincentivize-large-bitcoin-mining-pools/

boliu
Sr. Member
****
Offline Offline

Activity: 267
Merit: 250

6th BTC reached. Thank you for your support


View Profile
September 11, 2015, 01:56:26 AM
 #12

Lets say for F2Pool, if one of the miners found the hash for the current block, and report it to F2Pool, instead of broadcasting to the blockchain and get reward for the Pool, a few simple line of code can redirect the Hash to an outside miner and they then broadcast it to the blockchain and get the reward.
Nope - can't do that.  The hash is specific for the block header in question.  That block header depends on the content of that block.  So if some 'outside miner' wanted the bitcoin reward, the coinbase transaction would first have to be changed to pay out only to that 'outside miner'.  When that happens, the hash calculated earlier will no longer be valid.

Miners at pools generally cannot scam the pool operators - regardless of traditional pool or P2Pool - for this very reason.

There were some suggestions of actually turning that upside down - e.g. making it so that the individual miner could steal from a pool.  I don't know if any pool has dared implement that.  Further reading (one of several such articles): http://hackingdistributed.com/2014/06/18/how-to-disincentivize-large-bitcoin-mining-pools/

thank you for the clarification.

RGBKey
Hero Member
*****
Offline Offline

Activity: 840
Merit: 628


rgbkey.github.io/pgp.txt


View Profile WWW
September 11, 2015, 02:57:00 AM
 #13

I mean if a pool isn't paying you you're going to find out pretty quick. It's easy to see where the money went and if you're getting money or not.

afriezalie
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250


View Profile
September 11, 2015, 03:15:12 AM
 #14

They could steal your money, but you would realize that quickly because you could see where are your reward from a block. And you could realize that your reward decrease with same difficulty and hash rate. They can control block reward for miners easily if they want
notlist3d
Legendary
*
Offline Offline

Activity: 1470
Merit: 1000



View Profile
September 11, 2015, 06:52:53 AM
 #15

They could steal your money, but you would realize that quickly because you could see where are your reward from a block. And you could realize that your reward decrease with same difficulty and hash rate. They can control block reward for miners easily if they want

There is a lot they could way's they could do it.  But eventually someone would most likely put it together doing math on what they should earn.  Most don't just trust and not run any ROI math.

If a pool did this once caught they would loose all workers.  So were talking about a move that would stop future business.  I don't see this happening on major pools at least.
Pages: [1]
  Print  
 
Jump to:  

Bitcointalk.org is not available or authorized for sale. Do not believe any fake listings.
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!