Bitcoin maleabity attack - who made it and is it still running?

[GermanGiant]

we will never know why and who are attacking it

never say never.
it was me behind this particular stress-test
i am not from bank company and do not work for google

I understand you are a developer, but which industry do you serve as an employee or an employer ?

[amaclin]

I understand you are a developer, but which industry do you serve as an employee or an employer ?

I am a code developer, but my main work is not bitcoin-related. I am employee in small it-company.
Bitcoin technolodgy is a hobby.

[BitcoinNewsMagazine]

i read somewhere that somebody said its him doing the attack yet i cannot find this post.

so my questio nis - who did this attack and is it still running?

When malleability attack is running you will see this:



Attack ended 10/5 about 10:00 and is not ongoing right now.

[HI-TEC99]

i read somewhere that somebody said its him doing the attack yet i cannot find this post.

so my questio nis - who did this attack and is it still running?

When malleability attack is running you will see this:



Attack ended 10/5 about 10:00 and is not ongoing right now.

Why is the mempool increasing in size so quickly if the attack is now stopped? It's now 909.7 MB which is the largest size I've ever seen, not that I regularly keep a track of it. It's the largest size in the lat seven days according to tradeblock. Something must be causing it, and it's not unconfirmed transactions this time. I thought its size would reduce after the attack stopped.

[gmaxwell]

Please explain (or reference an explanation) as to why malleability features would be quite useful.

For example, anyonecanpay sighash flag allows arbitrary parties to add funds to a transaction. It's what makes lighthouse possible, but every time someone updates the transaction the txid changes.

Also, I would like to understand why people care about old implementations that aren't being actively maintained by people who are following bitcoin.  Please explain why it matters what happens to these old implementations?  Why should you or anyone else waste effort to dig up these issues?

Because they are widely used (or had been historically-- we're getting to the point where .this is less true). Just blocking the transactions for non-trivial amounts of users does not yield a good experience, to say the least. Forcing people to constantly rev their software reduces decentralization-- and who precisely has the authority to go decide what is "old" or "actively maintained"?--if people are happy happy with what they're running, I am not eager to disrupt that.  I am also not eager to try to dictate how often authors of wallet software must revise their software (again, something that would reduce decentralization-- by pushing out development teams with less resources).  As to why you should care and go help move them along: it's cheap to do, and the failure to do so holds the ecosystem back.--- the same reason I've done so.

If you note the patch I linked to, my change was only a few characters--- why? because the code was already written a long time ago... but not activated due to waiting for the ecosystem to catch up; we're ready.

[Blawpaw]

This has been delaying all the transactions and been the cause for many vendors and other service providers to increase the tx fee.

Does anyone knows or at least has a suspicion on who's responsible for this bug exploit?

[tl121]

This has been delaying all the transactions and been the cause for many vendors and other service providers to increase the tx fee.

Does anyone knows or at least has a suspicion on who's responsible for this bug exploit?

There is at least one poster on this forum who is claiming credit for this, FWIW.

At this point, years after the bug has been identified, there really isn't much of an excuse for not having plugged this hole.  But then, the philosophy of the so called leaders is not to make and execute any decisions that might inconvenience anyone. In other words, abdicate leadership.  A strong leader has to make decisions and take responsibility for the consequences, including the possibility that people won't follow him and he may have to find a new job or even a new career.

[tl121]

Please explain (or reference an explanation) as to why malleability features would be quite useful.

For example, anyonecanpay sighash flag allows arbitrary parties to add funds to a transaction. It's what makes lighthouse possible, but every time someone updates the transaction the txid changes.

Also, I would like to understand why people care about old implementations that aren't being actively maintained by people who are following bitcoin.  Please explain why it matters what happens to these old implementations?  Why should you or anyone else waste effort to dig up these issues?

Because they are widely used (or had been historically-- we're getting to the point where .this is less true). Just blocking the transactions for non-trivial amounts of users does not yield a good experience, to say the least. Forcing people to constantly rev their software reduces decentralization-- and who precisely has the authority to go decide what is "old" or "actively maintained"?--if people are happy happy with what they're running, I am not eager to disrupt that.  I am also not eager to try to dictate how often authors of wallet software must revise their software (again, something that would reduce decentralization-- by pushing out development teams with less resources).  As to why you should care and go help move them along: it's cheap to do, and the failure to do so holds the ecosystem back.--- the same reason I've done so.

If you note the patch I linked to, my change was only a few characters--- why? because the code was already written a long time ago... but not activated due to waiting for the ecosystem to catch up; we're ready.

The problem in your example is not changing some code.  It's an architectural question.  What is the meaning of a "transaction", in other words what is the object that a transaction id references?  Binding time issue.  if there is lack of clarity here, then there is no hope for a clean software design or bug free operation.

Reasonable people running old software have no problem switching to new software.  Anyone who has used computers for more than a few years understands that technology changes and people have to keep up.  It's the way the industry works.  The most these people have a right to expect is a migration path from old software to new software that enables them to keep their coins.

[BitcoinNewsMagazine]

i read somewhere that somebody said its him doing the attack yet i cannot find this post.

so my questio nis - who did this attack and is it still running?

When malleability attack is running you will see this:



Attack ended 10/5 about 10:00 and is not ongoing right now.

Why is the mempool increasing in size so quickly if the attack is now stopped? It's now 909.7 MB which is the largest size I've ever seen, not that I regularly keep a track of it. It's the largest size in the lat seven days according to tradeblock. Something must be causing it, and it's not unconfirmed transactions this time. I thought its size would reduce after the attack stopped.

Attack seems to be back on and seems to have been predicted by mempool increase:

[Amph]

This has been delaying all the transactions and been the cause for many vendors and other service providers to increase the tx fee.

Does anyone knows or at least has a suspicion on who's responsible for this bug exploit?

increasing tx fee right, well there must be only one responsable, a miners, it's in their interest to increase the fee at all cost

so i'll not be surprised if they are again the one to blame for this

[amaclin]

Is this a website? Where can I see this graph?

http://statoshi.info/dashboard/db/transactions
right now there is some sort of "turbulence" there.
the reason of "turbulence" is https://bitcointalk.org/index.php?topic=1175321.msg12623681#msg12623681

It seems Coinwallet have cancelled the 'giveaway' and have started consolidating the remaining dust presumably for themselves.  Example tx.  They have not released anymore keys AFAIK.

[twister]

Is this a website? Where can I see this graph?

http://statoshi.info/dashboard/db/transactions
right now there is some sort of "turbulence" there.
the reason of "turbulence" is https://bitcointalk.org/index.php?topic=1175321.msg12623681#msg12623681

It seems Coinwallet have cancelled the 'giveaway' and have started consolidating the remaining dust presumably for themselves.  Example tx.  They have not released anymore keys AFAIK.

Yeah, something is definitely up, my transactions have been stuck for 2+ hours, they were medium priority which usually takes upto 6 blocks and there have been 10 blocks since then and they still haven't moved, I think they might get stuck for infinity. If only I knew that there's another stress test I would have added extra fee.

Thanks for the link.

What if there is another wave of malleability attack whilst the spam attack is underway, it could really turn things upside down. 

[amaclin]

What if there is another wave of malleability attack whilst the spam attack is underway, it could really turn things upside down. 

Should we test this case?
I can resume malleability stress-test in any moment

[twister]

What if there is another wave of malleability attack whilst the spam attack is underway, it could really turn things upside down.  

Should we test this case?
I can resume malleability stress-test in any moment

Well according to this article, a fix might get pushed soon.

But Maclin’s window may be closing. A Bitcoin update designed to fix the malleability issue has been in the works for over a year, and the latest attack could be just the spark to light a fire under it.

And until then, you can do whatever you want to do.

On the brighter side of things, all of my transactions just got confirmed.

[amaclin]

Well according to this article, a fix might get pushed soon.

Bitcoin is decentralized. Nobody can "push a fix soon".
Yes, I do understand, that today we have a very small number of miner pools.
And it is quite possible to developer team to communicate with admins and ask them to implement a "small and very good patch" in code.
What does it mean?
This means, that all words about the "real decentralization" have been forgotten.
And the community is under the control by core devs and pool owners.

[monsanto]

What if there is another wave of malleability attack whilst the spam attack is underway, it could really turn things upside down. 

Should we test this case?
I can resume malleability stress-test in any moment

Would be an interesting experiment... in the name of science of course 

[knowhow]

Soo why not to join the team of bitcoin to clear the bugs and the hole that you looks like you are taking advantage to explore ,would be better clear it instead use it .

[BitcoinNewsMagazine]

Bitcoin developers are already planning to block the malleability attack with an update that will enforce lowS according to the chat in bitcoin-dev.

[forzendiablo]

Well according to this article, a fix might get pushed soon.

Bitcoin is decentralized. Nobody can "push a fix soon".
Yes, I do understand, that today we have a very small number of miner pools.
And it is quite possible to developer team to communicate with admins and ask them to implement a "small and very good patch" in code.
What does it mean?
This means, that all words about the "real decentralization" have been forgotten.
And the community is under the control by core devs and pool owners.

you are right, seems BTC is loosing decentralization

but that just means... nothing can be decentralised for real

[Omikifuse]

i read somewhere that somebody said its him doing the attack yet i cannot find this post.

so my questio nis - who did this attack and is it still running?

marcotheminer said something about maleability issues with the bot that affected some users from the bit-x campaign.

I thought the problem has been solved long ago after the Gox thing