Man Behind Week-Long Bitcoin Attacks Reveals Himself

[mezzomix]

It's not an attack at all. It's a test for bad implementations and bad business models. My nodes do not even relay those high S transactions.

[RussianRaibow]

So if amaclin makes these 100 lines of code public, Bitcoin will die?

no, this is only a pesky attack, it will not broke nothing

This is not a "pesky attack" anymore, when a few thousand people or a botnet start to run the script.

For those, using a correct wallet implementation, that does not try to spend UTXO, it'd still be a "pesky attack". Certain bitcoin processor/forwarder/notifier are doing it wrong, e.g. BitPay. They're accepting unconfirmed Tx. They are gonna suffer.

[mezzomix]

Certain bitcoin processor/forwarder/notifier are doing it wrong, e.g. BitPay. They're accepting unconfirmed Tx.

The only problem is to use unconfirmed transaction outputs to create new transactions. Accepting unconfirmed transactions is no problem if it's done right. The changed S value does not change the transaction input or output definitions.

[Amitabh S]

Which exchange was this attack related to? I can assume several wallets and exchanges will lose money if they use txhash to determine whether a payment was successful. This is apparently what MagicalTux claims to have emptied Gox's wallets (which seems implausible). 

[mezzomix]

Which exchange was this attack related to? I can assume several wallets and exchanges will lose money if they use txhash to determine whether a payment was successful. This is apparently what MagicalTux claims to have emptied Gox's wallets (which seems implausible). 

Mark Karpeles lied when he claimed that this money was lost because of transaction malleability. Today the transaction malleabilty behaviour is well known. Only dumb idiots send a money again without any check and lose money if they do not find the expected transaction ID in a block.

[dothebeats]

Actually, it's pretty good that someone is exploiting some vulnerabilities in the network for the developers to take a closer look at the code and patch it up as soon as they can. What's annoying is that it hurts businesses and normal individuals who just wants to send and receive transactions. It kinda scares them to accept bitcoin and be open about it again.

[tl121]

Actually, it's pretty good that someone is exploiting some vulnerabilities in the network for the developers to take a closer look at the code and patch it up as soon as they can. What's annoying is that it hurts businesses and normal individuals who just wants to send and receive transactions. It kinda scares them to accept bitcoin and be open about it again.

The problem isn't that the developers didn't understand the problem or know how to fix it.  The problem is that they lacked the leadership skills to implement the fix.  They have known about the problem since October 4, 2012!

https://bitcointalk.org/index.php?topic=8392.msg1245898#msg1245898

The problem is that bitcoin lacks leadership and governance.  There are "leaders" who can foresee problems but who can not propose and sell acceptable solutions.  The  malleability attack has been known for three years, but no fix has been deployed.  This is because the "leaders" are afraid that the obvious solutions would not be implemented by the followers.  A "leader" who is afraid that he would not be followed is no leader.

[mezzomix]

Seems that 0.11.1 will get the low S check: https://github.com/bitcoin/bitcoin/commit/71cc9d9fe829efd9c9b012c4cd1ece1d988b4869

[thejaytiesto]

thanks for link to story tokeweed

very annoying but does need addressing
I have little faith in the core developers or foundation to agree zip these days
plus it takes them months, years to even code something small, then they make out their genius'

maybe this guy is doing us a favour in a way
but what if multiple people start doing it? what if he makes his 100 line code opensource

exchanges like cryptsy can't even get basic wallets for alts resynced in over a week. then shut down btc wallet for withdrawals due to this issue for days

shows how fragile things are right now

it would only take a few of these guys to affect price in a bad way, add block debate to conversation too

I haven't done any Bitcoin movements in the past week so I don't know to what extent this is a real problem. I need to get my Bitcoins from Coinut to my wallet so we'll see how it goes. I think it's clear somethings needs to be done quick but its a bit overblown saying he broke anything.

[iGotSpots]

I move BTC daily for years and never even felt a hiccup the entire time. Nice 'attack' lol

[notbatman]

Ok, I don't know exactly what they/he were/was doing but Microsoft just patched it. The attack has to be more than just on the Bitcoin network, as you can see whatever MS changed in the last update fixed it.

Here's today's snapshot with the patch being applied just before 12 PM.



Here's a week long snapshot.



Looks like this new attack started on the 8th.

[mayax]

Actually, it's pretty good that someone is exploiting some vulnerabilities in the network for the developers to take a closer look at the code and patch it up as soon as they can. What's annoying is that it hurts businesses and normal individuals who just wants to send and receive transactions. It kinda scares them to accept bitcoin and be open about it again.

The problem isn't that the developers didn't understand the problem or know how to fix it.  The problem is that they lacked the leadership skills to implement the fix.  They have known about the problem since October 4, 2012!

https://bitcointalk.org/index.php?topic=8392.msg1245898#msg1245898

The problem is that bitcoin lacks leadership and governance.  There are "leaders" who can foresee problems but who can not propose and sell acceptable solutions.  The  malleability attack has been known for three years, but no fix has been deployed.  This is because the "leaders" are afraid that the obvious solutions would not be implemented by the followers.  A "leader" who is afraid that he would not be followed is no leader.

"leader" means central power. central power means BTC belongs to "him". You want decentralization? Then, face it

[BitcoinNewsMagazine]

Ok, I don't know exactly what they/he were/was doing but Microsoft just patched it. The attack has to be more than just on the Bitcoin network, as you can see whatever MS changed in the last update fixed it.

Here's today's snapshot with the patch being applied just before 12 PM.



Here's a week long snapshot.



Looks like this new attack started on the 8th.

Microsoft patching bitcoin? Source for your graphs please. Statoshi shows there is still a problem:

[Plento]

I'm generally a fan of these attacks.  Highlights problems that require a resolve.

[rychallenge]

Nothing's broken.

Nope but it caused some annoying disruptions nonetheless.

a lot of annoying distruption, across many service in bitcoin.

thing like this i think is good...this way bitcoin and community can help fix these error from happening in issues in future!

[Meuh6879]

Nothing's broken.

Nope but it caused some annoying disruptions nonetheless.

like 100% CPU in poor nodes ...
but the other face of this, i can test the maxmempooltx setting now (500-800).

[Meuh6879]

a lot of annoying distruption, across many service in bitcoin.

many block explorer crash, it's true.

[notbatman]

Ok, I don't know exactly what they/he were/was doing but Microsoft just patched it. The attack has to be more than just on the Bitcoin network, as you can see whatever MS changed in the last update fixed it.

Here's today's snapshot with the patch being applied just before 12 PM.



Here's a week long snapshot.



Looks like this new attack started on the 8th.

Microsoft patching bitcoin? Source for your graphs please. Statoshi shows there is still a problem:

Obviously MS isn't patching bitcoind directly but their patch clearly resolved the issue. The source of the graph is p2pool. Finally, I don't consider a backlog of spam an issue; I reject everything under 0.0005 BTC as spam.

[shorena]

Ok, I don't know exactly what they/he were/was doing but Microsoft just patched it. The attack has to be more than just on the Bitcoin network, as you can see whatever MS changed in the last update fixed it.

Here's today's snapshot with the patch being applied just before 12 PM.



Here's a week long snapshot.



Looks like this new attack started on the 8th.

Microsoft patching bitcoin? Source for your graphs please. Statoshi shows there is still a problem:

Obviously MS isn't patching bitcoind directly but their patch clearly resolved the issue. The source of the graph is p2pool. Finally, I don't consider a backlog of spam an issue; I reject everything under 0.0005 BTC as spam.

I have questions...

#1 what does the graphs show? The x axis is unlabelled.

#2 What MS patch are you talking about?

[notbatman]

Ok, I don't know exactly what they/he were/was doing but Microsoft just patched it. The attack has to be more than just on the Bitcoin network, as you can see whatever MS changed in the last update fixed it.

Here's today's snapshot with the patch being applied just before 12 PM.



Here's a week long snapshot.



Looks like this new attack started on the 8th.

Microsoft patching bitcoin? Source for your graphs please. Statoshi shows there is still a problem:

Obviously MS isn't patching bitcoind directly but their patch clearly resolved the issue. The source of the graph is p2pool. Finally, I don't consider a backlog of spam an issue; I reject everything under 0.0005 BTC as spam.

I have questions...

#1 what does the graphs show? The x axis is unlabelled.

#2 What MS patch are you talking about?

1) That's my hash rate over time.

2) Not sure, MS automatically installs updates and I haven't bothered see what was installed; KB articles tend to be a dry read.