amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
October 02, 2015, 11:45:26 AM Last edit: October 02, 2015, 12:11:30 PM by amaclin |
|
Perhaps to remind the community not to rely on chains of unconfirmed txs. I do not see profit for me doing this. I am not a bitcoin hoDLer, I am not even a long/short bitcoin trader. I am not a part of community. Btw, I wonder if it is possible to design scripts immune to this attack, e.g. https://github.com/bitcoin/bips/blob/master/bip-0062.mediawiki BIP: 62 Title: Dealing with malleability Author: Pieter Wuille < pieter.wuille@gmail.com> Status: Draft Type: Standards Track Created: 2014-03-12
|
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
October 02, 2015, 06:39:47 PM |
|
But, you are associated with some of the large "hacks" before... no ? What are you talking about? If you have nothing to do with bitcoin, why do you spend so much time here ? What else can we do on Sunday? http://www.youtube.com/watch?v=gcWvW-DgJtU
|
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1520
No I dont escrow anymore.
|
|
October 03, 2015, 06:37:19 AM |
|
@amaclin do you have a list of transactions that you modified? Or can you alternativly confirm whether or not this[1] tx was affected?
[1] f3724b1c1d58b9b505b2255ef9c6d0992874dfe55b734c22b8fa3a09798a561d
|
Im not really here, its just your imagination.
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
October 03, 2015, 06:46:09 AM |
|
@amaclin do you have a list of transactions that you modified?
no
|
|
|
|
Quickseller
Copper Member
Legendary
Offline
Activity: 2926
Merit: 2347
|
|
October 04, 2015, 05:32:59 AM |
|
I mean really , why Because I am able to do it. Are you sure you are not doing this because you are attempting to execute some kind of double spend attack? I would consider the chances of this being high considering your history of maliciously taking advantage of websites/businesses that accept 0/unconfirmed transactions.
|
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
October 04, 2015, 06:20:32 AM |
|
Are you sure you are not doing...? How can I prove it? btw. nigers problems don't fuck sheriff
|
|
|
|
Quickseller
Copper Member
Legendary
Offline
Activity: 2926
Merit: 2347
|
|
October 04, 2015, 06:36:48 AM |
|
Are you sure you are not doing...? How can I prove it? btw. nigers problems don't fuck sheriff So you are trying to execute some kind of malicious attack against some site/business?
|
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
October 04, 2015, 06:38:19 AM |
|
So you are trying to execute some kind of malicious attack against some site/business? not today, man.
|
|
|
|
mallard
|
|
October 04, 2015, 09:49:35 AM |
|
In which part of the world, it is Sunday now ?
It's a rather rainy Sunday in the UK right now.
|
|
|
|
eragmus
Newbie
Offline
Activity: 7
Merit: 0
|
|
October 04, 2015, 01:28:25 PM |
|
Besides BIP 62, which will take time to finalize, what can be done to prevent this attack? What steps can wallets and payment processors take? Thanks for being a good sport. This is the malleability problem: someone is creating copies of transactions OK. This is not "someone". It is me. Right now the stress-test is paused. I reserve a right to resume it. Ask me anything.
|
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
October 04, 2015, 01:50:55 PM |
|
Besides BIP 62, which will take time to finalize, what can be done to prevent this attack?
First of all you should ask yourself - should this problem ever been fixed? (I am very sorry, it is difficult for me to explain in clear English - it is not my native language) Note, that the process of fixing malleablity problem - is a problem for bitcoin itself. And this may be dangerous. What steps can wallets and payment processors take? Thanks for being a good sport. These are different questions. I do not quite understand what is "payment processor" in bitcoin? Bitcoin itself - is a way to deal without third party. Without payment processor. The main thing you should think every day - there is nothing "free or cheap" in the real life and in bitcoin world. If you pay nothing - you have nothing and can not complain.
|
|
|
|
dabura667
|
|
October 04, 2015, 01:54:34 PM |
|
Besides BIP 62, which will take time to finalize, what can be done to prevent this attack? What steps can wallets and payment processors take? Thanks for being a good sport.
Stop relying on others to validate your transactions and watch the blockchain for you. Also, (this is the biggest one) don't categorize transactions based on transaction ID, then store them away and never check them again. It's not that hard. But it's hard when the wallet is already built from the ground up under the assumption that "Once we see a transaction, even with 0 confirmations, it's as good as done." Stop making that assumption, and code your wallets accordingly. Also, there needs to be vigilance on the user side as well. If you spend unconfirmed change, you are risking the chain being broken. If you accept unconfirmed transactions with unconfirmed inputs, you are at a large risk of being double spent if you don't wait for at least one confirmation. The only sure-fire way to prevent becoming a victim is to wait for confirmations.
|
My Tip Address: 1DXcHTJS2DJ3xDoxw22wCt11FeAsgfzdBU
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
October 04, 2015, 02:03:07 PM |
|
The only sure-fire way to prevent becoming a victim is to wait for confirmations. Wrong. There are no "100%-safe" ways at all. First way is "risky & cheap". Second way is "no-so-risky as first, but not-so-cheap" Bitcoin itself is risky. If you do not want to be a victim - pay to third party banks and use your national currency.
|
|
|
|
dabura667
|
|
October 04, 2015, 02:07:04 PM |
|
Wrong. There are no "100%-safe" ways at all.
Never said 100%. If you do not want to be a victim - pay to third party banks and use your national currency.
third party banks and national currencies are proven to not be 100% safe either. If anyone is looking for a 100% safe thing in life, they're in for some big disappointments.
|
My Tip Address: 1DXcHTJS2DJ3xDoxw22wCt11FeAsgfzdBU
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
October 04, 2015, 02:31:19 PM |
|
third party banks and national currencies are proven to not be 100% safe either. Right. There is a relation between "safe" and "cost". In bitcoin world you pay nothing to developers. And you are totally unsafe. Sorry, man. Bitcoin is unsafe by design.
|
|
|
|
RoadStress
Legendary
Offline
Activity: 1904
Merit: 1007
|
|
October 04, 2015, 02:31:20 PM |
|
With Great power comes great responsibility my child...... Not in bitcoin world. Responsibility for whom? I do not know you. You do not know me. There is no third party who can punish me, because I am wrong and you are right. Props for admitting this and for your attitude. Have a great Sunday!
|
|
|
|
basil00
Member
Offline
Activity: 60
Merit: 10
|
|
October 04, 2015, 03:03:54 PM |
|
I do not see profit for me doing this. I am not a bitcoin hoDLer. I am not a "hodler" either; I am not financially or emotionally invested in Bitcoin. I was just curious as to what the effect on the network would be, so was disappointed that it stopped. But it has since restarted. This attack is "free". There is no profit but also no cost. The attack is also not very difficult I think, so if you stop then someone can easily start again.
|
|
|
|
saddambitcoin
Legendary
Offline
Activity: 1610
Merit: 1004
|
|
October 04, 2015, 03:09:36 PM |
|
Is the attack ongoing again?
Yesterday it caused me to waste an hour of time because funds in my trezor were unspendable, I had to restore wallet from seed on another device then create new trezor wallet to send the funds there. Annoying...
|
|
|
|
basil00
Member
Offline
Activity: 60
Merit: 10
|
|
October 04, 2015, 03:12:34 PM |
|
Annoying... This attack is very good at exposing bad software.
|
|
|
|
Luke-Jr
Legendary
Offline
Activity: 2576
Merit: 1186
|
|
October 04, 2015, 03:13:48 PM |
|
I mean really , why Because I am able to do it. With Great power comes great responsibility my child...... Eh, you realise this kind of thing doesn't need any power, right? It's literally just a few lines of code in any old boring node...
|
|
|
|
|