New transaction malleability attack wave? Another stresstest?

[amaclin]

Perhaps to remind the community not to rely on chains of unconfirmed txs.

I do not see profit for me doing this. I am not a bitcoin hoDLer, I am not even a long/short bitcoin trader.
I am not a part of community.

Btw, I wonder if it is possible to design scripts immune to this attack, e.g.

https://github.com/bitcoin/bips/blob/master/bip-0062.mediawiki
 

  BIP: 62
  Title: Dealing with malleability
  Author: Pieter Wuille <pieter.wuille@gmail.com>
  Status: Draft
  Type: Standards Track
  Created: 2014-03-12

[1713891541]

1713891541

[1713891541]

1713891541

[amaclin]

But, you are associated with some of the large "hacks" before... no ?

What are you talking about?

If you have nothing to do with bitcoin, why do you spend so much time here ?

What else can we do on Sunday?
http://www.youtube.com/watch?v=gcWvW-DgJtU

[shorena]

@amaclin do you have a list of transactions that you modified? Or can you alternativly confirm whether or not this[1] tx was affected?

[1] f3724b1c1d58b9b505b2255ef9c6d0992874dfe55b734c22b8fa3a09798a561d

[amaclin]

@amaclin do you have a list of transactions that you modified?

no

[Quickseller]

I mean really , why

Because I am able to do it.

Are you sure you are not doing this because you are attempting to execute some kind of double spend attack? I would consider the chances of this being high considering your history of maliciously taking advantage of websites/businesses that accept 0/unconfirmed transactions.

[amaclin]

Are you sure you are not doing...?

How can I prove it?

btw. nigers problems don't fuck sheriff

[Quickseller]

Are you sure you are not doing...?

How can I prove it?

btw. nigers problems don't fuck sheriff

So you are trying to execute some kind of malicious attack against some site/business?

[amaclin]

So you are trying to execute some kind of malicious attack against some site/business?

not today, man.

[mallard]

In which part of the world, it is Sunday now ?

It's a rather rainy Sunday in the UK right now.

[eragmus]

Besides BIP 62, which will take time to finalize, what can be done to prevent this attack? What steps can wallets and payment processors take? Thanks for being a good sport.

This is the malleability problem: someone is creating copies of transactions

OK. This is not "someone". It is me.
Right now the stress-test is paused. I reserve a right to resume it.
Ask me anything.

[amaclin]

Besides BIP 62, which will take time to finalize, what can be done to prevent this attack?

First of all you should ask yourself - should this problem ever been fixed?
(I am very sorry, it is difficult for me to explain in clear English - it is not my native language)
Note, that the process of fixing malleablity problem - is a problem for bitcoin itself.
And this may be dangerous.

What steps can wallets and payment processors take? Thanks for being a good sport.

These are different questions.
I do not quite understand what is "payment processor" in bitcoin?
Bitcoin itself - is a way to deal without third party. Without payment processor.

The main thing you should think every day - there is nothing "free or cheap" in the real life and in bitcoin world.
If you pay nothing - you have nothing and can not complain.

[dabura667]

Besides BIP 62, which will take time to finalize, what can be done to prevent this attack? What steps can wallets and payment processors take? Thanks for being a good sport.

Stop relying on others to validate your transactions and watch the blockchain for you.
Also, (this is the biggest one) don't categorize transactions based on transaction ID, then store them away and never check them again.

It's not that hard. But it's hard when the wallet is already built from the ground up under the assumption that "Once we see a transaction, even with 0 confirmations, it's as good as done."

Stop making that assumption, and code your wallets accordingly.

Also, there needs to be vigilance on the user side as well.

If you spend unconfirmed change, you are risking the chain being broken.
If you accept unconfirmed transactions with unconfirmed inputs, you are at a large risk of being double spent if you don't wait for at least one confirmation.

The only sure-fire way to prevent becoming a victim is to wait for confirmations.

[amaclin]

The only sure-fire way to prevent becoming a victim is to wait for confirmations.

Wrong. There are no "100%-safe" ways at all.
First way is "risky & cheap". Second way is "no-so-risky as first, but not-so-cheap"
Bitcoin itself is risky. If you do not want to be a victim - pay to third party banks and use your national currency.

[dabura667]

Wrong. There are no "100%-safe" ways at all.

Never said 100%.

If you do not want to be a victim - pay to third party banks and use your national currency.

third party banks and national currencies are proven to not be 100% safe either.

If anyone is looking for a 100% safe thing in life, they're in for some big disappointments.

[amaclin]

third party banks and national currencies are proven to not be 100% safe either.

Right. There is a relation between "safe" and "cost".
In bitcoin world you pay nothing to developers. And you are totally unsafe.
Sorry, man. Bitcoin is unsafe by design.

[RoadStress]

With Great power comes great responsibility my child......

Not in bitcoin world. Responsibility for whom? I do not know you. You do not know me.
There is no third party who can punish me, because I am wrong and you are right.

Props for admitting this and for your attitude. Have a great Sunday!

[basil00]

I do not see profit for me doing this. I am not a bitcoin hoDLer.

I am not a "hodler" either; I am not financially or emotionally invested in Bitcoin.  I was just curious as to what the effect on the network would be, so was disappointed that it stopped.  But it has since restarted.

This attack is "free".  There is no profit but also no cost.  The attack is also not very difficult I think, so if you stop then someone can easily start again.

[saddambitcoin]

Is the attack ongoing again?

Yesterday it caused me to waste an hour of time because funds in my trezor were unspendable, I had to restore wallet from seed on another device then create new trezor wallet to send the funds there. Annoying...

[basil00]

Annoying...

This attack is very good at exposing bad software.

[Luke-Jr]

I mean really , why

Because I am able to do it.

With Great power comes great responsibility my child......

Eh, you realise this kind of thing doesn't need any power, right?

It's literally just a few lines of code in any old boring node...