Man Behind Week-Long Bitcoin Attacks Reveals Himself

[onemorexmr]

wever, I remain to be convinced that people are that naïve, and in sufficient numbers, to warrant the excuse amaclin has offered.

actually we need people attacking bitcoin. and as amaclin has shown that some services are still vulnerable to this he made bitcoin a favor.

i just cant follow his reasoning

[hedgy73]

We need to get all the vulnerabilities out of the way.

1) Are you sure that every problem has a solution? (I am talking not about bitcoin, this is generic question)
2) Why should somebody fix vunerability if you do not want to pay for fixing?

So can the vulnerability be fixed that you have exploited?

[onemorexmr]

We need to get all the vulnerabilities out of the way.

1) Are you sure that every problem has a solution? (I am talking not about bitcoin, this is generic question)
2) Why should somebody fix vunerability if you do not want to pay for fixing?

So can the vulnerability be fixed that you have exploited?

his answer will be: "no, and it cant be fixed without open another one" (he has already answered that one)

my answer is:
 - some services have improved (eg coinbase)
 - its not a vulnerability at all (no money got lost that way; its just a little inconvenient)
 - there is a BIP which may get implemented

[amaclin]

So can the vulnerability be fixed that you have exploited?

This one can be fixed.
But tx malleability is not major problem of bitcoin.

his answer will be: "no, and it cant be fixed without open another one" (he has already answered that one)

Sorry. I see here some misunderstanding
Fixing the vulnerability can lock your funds and open problems.
I do not know how to explain it more clear.

[--Encrypted--]

This one can be fixed.
But tx malleability is not major problem of bitcoin.

then what is this problem that makes bitcoin "too weak for our lifetime savings"?

[johnyj]

http://statoshi.info/dashboard/db/transactions

Just one month after the coinwallet spam, here is another one. Currently my mempool is 25MB and I have not raised the minrelayfee

This proved that you must have a very small block size to make sure the network and CPU can handle this kind of spam

And I think default fee should raise to 0.0005 to make this kind of attack more expensive

[Mickeyb]

All of this stuff, all these attack, stress tests, malleability attacks can only improve Bitcoin network. Devs and smart people of this community will see the problems and release patches while preventing this from happening again. This is the way I see it.

So nothing is broken. I wouldn't be worried until if some day some person causes the attack that will make people lose coins for example, this would be devastating. All these other attacks are just helping us in a long run.

[BitcoinNewsMagazine]

thanks for link to story tokeweed

very annoying but does need addressing
I have little faith in the core developers or foundation to agree zip these days
plus it takes them months, years to even code something small, then they make out their genius'

maybe this guy is doing us a favour in a way
but what if multiple people start doing it? what if he makes his 100 line code opensource

exchanges like cryptsy can't even get basic wallets for alts resynced in over a week. then shut down btc wallet for withdrawals due to this issue for days

shows how fragile things are right now

it would only take a few of these guys to affect price in a bad way, add block debate to conversation too

The core developers need assistance all on fronts, because they're short-staffed and not paid. I don't personally think it would be the end of the world for bitcoin to get hammered in price while we work out some bugs/growing-pains. Weak exchanges, pump-and-dumps and investors that don't belong in the cryptography industry will get theirs if this were the case. Scare away the bandits, feign disorder comrades.

Core has had a fix for this already however, and most 3rd parties are failing to adopt.

Take some time and read bitcoin-dev transcripts end of each day. Developers are quite aware of the problem and are already addressing it. amaclin had his 15 minutes time to move on.

[kolloh]

These attacks will only make bitcoin stronger as bitcoin is further developed and patches are put in place to help prevent these things.

[Holliday]

More than anything i like people that says the truth even in the faces of strong oppositions.
If i may ask, why did you do it? and what do you intend to achieve?

I want to tell you that bitcoin is too weak for you lifetime savings

So, what is strong enough for my lifetime savings?

[Nicolas Dorier]

amaclin, I appreciate what you are doing, but I also don't get my head around your motivations, nor why it proves that Bitcoin is weak.

It makes me think of the first spam, all sirens ringing that Bitcoin will die of small block, then the next one nobody cared about because it was fixed by every actors, at every level.
The 1GB mempool one was a bit more bothersome, but still not a big deal and that will be fixed soon at the bitcoin core level.

What do you consider "safe enough for your life savings" ? I'm not exactly bullish on the alternatives either.

[tl121]

Responsible disclosure of what is (more or less) a security bug, would be to notify the developers of the problem and give them some time to post a fix.  After the time period has expired, it would seem perfectly reasonable to publish the bug. As I understand it, this class of problems has been known for several years.  Thus it is not surprising that we are getting these attacks now. There is considerable history that shows that often a KITA is often needed to get security bugs fixed in proprietary and open source software.

[AGD]

So if amaclin makes these 100 lines of code public, Bitcoin will die?

[Amph]

So if amaclin makes these 100 lines of code public, Bitcoin will die?

no, this is only a pesky attack, it will not broke nothing

More than anything i like people that says the truth even in the faces of strong oppositions.
If i may ask, why did you do it? and what do you intend to achieve?

I want to tell you that bitcoin is too weak for you lifetime savings

So, what is strong enough for my lifetime savings?

i can guess... bank? but that would be hilarious, unless he is working there and want to destroy the little hype arond bitcoin

[alwinlinzee]

Good to understand your reason but now that you know about its
weakness how do we make it strong because there is possibility
that a lot of people might die of one ailment or the other if they
loss their bitcoins especially those that have put their life investment in it.

Let me give you an example.
Assume you have two semi identical electric instruments. For example two drills.
The only difference between them that the first one consumes 1kWH and the second 2kWH
You are reasonable.
What will you do? There are several possibilities:
1) Use both instruments time-to-time
2) Use first one
3) Use second one
4) Modify first one to improve it
5) Modify second one to improve it
6) Research the difference and improve both instruments...
7) ... etc

You are speaking in parable but i feel that we should speak plain and direct words  in a matter that is as sensitive as this.
I do not see this as a competitions for people to display their skills we should thread this with CAUTION

[turtlehurricane]

I built a program that does the exact same thing, it's script kiddie stuff. This form of 'attack' is not an issue, barely a nuisance if anything.

[Denker]

All of this stuff, all these attack, stress tests, malleability attacks can only improve Bitcoin network. Devs and smart people of this community will see the problems and release patches while preventing this from happening again. This is the way I see it.

So nothing is broken. I wouldn't be worried until if some day some person causes the attack that will make people lose coins for example, this would be devastating. All these other attacks are just helping us in a long run.

Yes I agree with you. Bitcoin is still a baby and will have to withstand several growing pains I believe. After each solved issue and flaw Bitcoin becomes more and more resilient.I'm not worried for the slightest.

[Nicolas Dorier]

I built a program that does the exact same thing, it's script kiddie stuff. This form of 'attack' is not an issue, barely a nuisance if anything.

Can you run it so it force HighS to LowS ? Would limit the consequences of the attack

[turtlehurricane]

I built a program that does the exact same thing, it's script kiddie stuff. This form of 'attack' is not an issue, barely a nuisance if anything.

Can you run it so it force HighS to LowS ? Would limit the consequences of the attack

I'm talking about spam attack, I I didn't see that part in the OP about malleability. I built a dust collector to get that coinwallet.eu giveaway BTC and it totally worked, lots and lots of double spends and rejected transactions though.

The data in the OP looked more like a dust attack to me, where's the proof that was the high S low S attack?

Both are a nuisance in any case, not real attacks...

[AGD]

So if amaclin makes these 100 lines of code public, Bitcoin will die?

no, this is only a pesky attack, it will not broke nothing

This is not a "pesky attack" anymore, when a few thousand people or a botnet start to run the script.