[ANN][XRB]Cryptocurrency's killer app: RaiBlocks micropayments

[cr1pton00b]

Why RaiBlocks is not secure.

[...]
5. The Man in the Middle attack.

If an attacker succeeds to put himself between a merchant and the RaiBlocks network he can just filter the double spending payment packets, and the merchant will never know that he is receiving a double spending. The Raiblocks network will discard that payment while the merchant will accept it.

https://s18.postimg.org/7pnm6yweh/doublespend.png
[...]

This kind of FUD can be done to every cryptocurrency. So once and for all :
Every cryptocurrency, every online bank is vulnerable to Mitm attacks, if such attack successfully happens.
Example for bitcoin: If a hacker successfully performs a Mitm attack between a buyer and seller, he can just give to the buyer his own bitcoin address instead of the seller's. End of the story. And there are a myriad of more sophisticated attacks depending on whether you have a temporary or persistant Mitm attack.
Fortunately, Mitm attacks (over ssh) are rare, difficult and simply not accessible to the vast majority. They can still happen though and countermeasures (such as ssl pinning) are outside of the scope of crypto currencies underlying technology.
Basically if you are afraid of Mitm attacks, don't open a bank account, don't use any crypto currency, or better, don't use internet (or LANs) and make payments only in cash.

This is 100% correct. It is a common FUD technique to state extreme "edge cases" like they are common occurrences so you have posts like "this coin is not secure - all an attacker has to do is gain control of the majority of the voting delegates". LMFAO

If it is so easy, why hasn't it happened yet? It would be much easier for this kind of attack to occur early on in a coin's life before more nodes come online. Raiblocks has been running for over 2 years straight - why hasn't anyone exploited these "flaws" yet?

Because the time, money and resources required to do so make it impossible.

Imagine you are storing money in one of those Swiss vaults deep inside a mountain. The idiots on this thread trying to scare people with their FUD would make an argument such as:

"Your money is at great risk! All someone has to do is pay off every single guard inside the mountain, circumvent the alarm system and walk straight out the door with your funds". Their arguments are laughable. In fact, they aren't even arguments at all, they are just straight up talking out their asses  

Well BTC is not vulnerable to the same attack, because of the blockchain and 6 confirmations. What rail is essentially is BTC without the blockchain. That's where the double spend protection has been lost.

And no, it's not that hard to pull a MITM attack. With some DNS poisoning you could do this to an exchange and to empty their wallet. No wonder good exchanges won't accept railblock. They'd have to be crazy to do so.

You don't understand. You take the "confirmation" angle since XRB and BTC have different approaches on this aspect. But if you successfully performed a Mitm attack, there are a myriad of other ways to exploit [insert your favorite crypto currency or bank] system. A simple example for BTC is : the attacker intercepts deposit BTC addresses and replaces them with his own addresses. Same with any crypto. And every online bank is vulnerable AFTER a successful Mitm attack. That's why they place countermeasures such as SSL pinning, not to be vulnerable to Mitm attacks in the first place. But even then, this is not always enough. For example : https://thehackernews.com/2017/12/mitm-ssl-pinning-hostname.html

As I said earlier, if you successfully performed a Mitm attack, you have already won, no matter the crypto currency or bank.

You cannot replace any address in a BTC tx. BTC tx are signed (every crypto has signed tx) which doesn't permit tx forging. BTC is currently not vulnerable to MITM.

[ex-nihilo]

Why RaiBlocks is not secure.

[...]
5. The Man in the Middle attack.

If an attacker succeeds to put himself between a merchant and the RaiBlocks network he can just filter the double spending payment packets, and the merchant will never know that he is receiving a double spending. The Raiblocks network will discard that payment while the merchant will accept it.

https://s18.postimg.org/7pnm6yweh/doublespend.png
[...]

This kind of FUD can be done to every cryptocurrency. So once and for all :
Every cryptocurrency, every online bank is vulnerable to Mitm attacks, if such attack successfully happens.
Example for bitcoin: If a hacker successfully performs a Mitm attack between a buyer and seller, he can just give to the buyer his own bitcoin address instead of the seller's. End of the story. And there are a myriad of more sophisticated attacks depending on whether you have a temporary or persistant Mitm attack.
Fortunately, Mitm attacks (over ssh) are rare, difficult and simply not accessible to the vast majority. They can still happen though and countermeasures (such as ssl pinning) are outside of the scope of crypto currencies underlying technology.
Basically if you are afraid of Mitm attacks, don't open a bank account, don't use any crypto currency, or better, don't use internet (or LANs) and make payments only in cash.

This is 100% correct. It is a common FUD technique to state extreme "edge cases" like they are common occurrences so you have posts like "this coin is not secure - all an attacker has to do is gain control of the majority of the voting delegates". LMFAO

If it is so easy, why hasn't it happened yet? It would be much easier for this kind of attack to occur early on in a coin's life before more nodes come online. Raiblocks has been running for over 2 years straight - why hasn't anyone exploited these "flaws" yet?

Because the time, money and resources required to do so make it impossible.

Imagine you are storing money in one of those Swiss vaults deep inside a mountain. The idiots on this thread trying to scare people with their FUD would make an argument such as:

"Your money is at great risk! All someone has to do is pay off every single guard inside the mountain, circumvent the alarm system and walk straight out the door with your funds". Their arguments are laughable. In fact, they aren't even arguments at all, they are just straight up talking out their asses  

Well BTC is not vulnerable to the same attack, because of the blockchain and 6 confirmations. What rail is essentially is BTC without the blockchain. That's where the double spend protection has been lost.

And no, it's not that hard to pull a MITM attack. With some DNS poisoning you could do this to an exchange and to empty their wallet. No wonder good exchanges won't accept railblock. They'd have to be crazy to do so.

You don't understand. You take the "confirmation" angle since XRB and BTC have different approaches on this aspect. But if you successfully performed a Mitm attack, there are a myriad of other ways to exploit [insert your favorite crypto currency or bank] system. A simple example for BTC is : the attacker intercepts deposit BTC addresses and replaces them with his own addresses. Same with any crypto. And every online bank is vulnerable AFTER a successful Mitm attack. That's why they place countermeasures such as SSL pinning, not to be vulnerable to Mitm attacks in the first place. But even then, this is not always enough. For example : https://thehackernews.com/2017/12/mitm-ssl-pinning-hostname.html

As I said earlier, if you successfully performed a Mitm attack, you have already won, no matter the crypto currency or bank.

You cannot replace any address in a BTC tx. BTC tx are signed (every crypto has signed tx) which doesn't permit tx forging. BTC is currently not vulnerable to MITM.

You intercept the bitcoin address before any transaction has been made. The victim sends his funds to the attacker address and a correct tx is done.

[Batus]

Happy New Year everybody!

[Brightt202]

hi everyone happy new year, i have a same problem which about u have heard lot of time my laptop dropped and hard is damaged so i lost wallet which pin isnot saved but i have xrb adress and password can i retrive my xrb account again please give me a useful advice thankx

[cr1pton00b]

Why RaiBlocks is not secure.

[...]
5. The Man in the Middle attack.

If an attacker succeeds to put himself between a merchant and the RaiBlocks network he can just filter the double spending payment packets, and the merchant will never know that he is receiving a double spending. The Raiblocks network will discard that payment while the merchant will accept it.

https://s18.postimg.org/7pnm6yweh/doublespend.png
[...]

This kind of FUD can be done to every cryptocurrency. So once and for all :
Every cryptocurrency, every online bank is vulnerable to Mitm attacks, if such attack successfully happens.
Example for bitcoin: If a hacker successfully performs a Mitm attack between a buyer and seller, he can just give to the buyer his own bitcoin address instead of the seller's. End of the story. And there are a myriad of more sophisticated attacks depending on whether you have a temporary or persistant Mitm attack.
Fortunately, Mitm attacks (over ssh) are rare, difficult and simply not accessible to the vast majority. They can still happen though and countermeasures (such as ssl pinning) are outside of the scope of crypto currencies underlying technology.
Basically if you are afraid of Mitm attacks, don't open a bank account, don't use any crypto currency, or better, don't use internet (or LANs) and make payments only in cash.

This is 100% correct. It is a common FUD technique to state extreme "edge cases" like they are common occurrences so you have posts like "this coin is not secure - all an attacker has to do is gain control of the majority of the voting delegates". LMFAO

If it is so easy, why hasn't it happened yet? It would be much easier for this kind of attack to occur early on in a coin's life before more nodes come online. Raiblocks has been running for over 2 years straight - why hasn't anyone exploited these "flaws" yet?

Because the time, money and resources required to do so make it impossible.

Imagine you are storing money in one of those Swiss vaults deep inside a mountain. The idiots on this thread trying to scare people with their FUD would make an argument such as:

"Your money is at great risk! All someone has to do is pay off every single guard inside the mountain, circumvent the alarm system and walk straight out the door with your funds". Their arguments are laughable. In fact, they aren't even arguments at all, they are just straight up talking out their asses  

Well BTC is not vulnerable to the same attack, because of the blockchain and 6 confirmations. What rail is essentially is BTC without the blockchain. That's where the double spend protection has been lost.

And no, it's not that hard to pull a MITM attack. With some DNS poisoning you could do this to an exchange and to empty their wallet. No wonder good exchanges won't accept railblock. They'd have to be crazy to do so.

You don't understand. You take the "confirmation" angle since XRB and BTC have different approaches on this aspect. But if you successfully performed a Mitm attack, there are a myriad of other ways to exploit [insert your favorite crypto currency or bank] system. A simple example for BTC is : the attacker intercepts deposit BTC addresses and replaces them with his own addresses. Same with any crypto. And every online bank is vulnerable AFTER a successful Mitm attack. That's why they place countermeasures such as SSL pinning, not to be vulnerable to Mitm attacks in the first place. But even then, this is not always enough. For example : https://thehackernews.com/2017/12/mitm-ssl-pinning-hostname.html

As I said earlier, if you successfully performed a Mitm attack, you have already won, no matter the crypto currency or bank.

You cannot replace any address in a BTC tx. BTC tx are signed (every crypto has signed tx) which doesn't permit tx forging. BTC is currently not vulnerable to MITM.

You intercept the bitcoin address before any transaction has been made. The victim sends his funds to the attacker address and a correct tx is done.

Yes with the exception that every website uses SSL and you cannot break it.

[Verethraghna]

hi everyone happy new year, i have a same problem which about u have heard lot of time my laptop dropped and hard is damaged so i lost wallet which pin isnot saved but i have xrb adress and password can i retrive my xrb account again please give me a useful advice thankx

you need the seed from your wallet, without the seed you cannot retrieve your wallet, even if you know the password and the address

[CyraxMax]

To all newcomers to Raiblocks

If you are new to Bitcointalk you may not realize how things work around here. Ask yourself this - why would someone who states that Raiblocks is crap/a pump and dump/full of flaws, etc. keep coming on here posting the same thing over and over again even though it has already been addressed numerous times before? Because they care about noobs and want to protect them from the big bad Raiblocks dev stealing their money? LOL, I think not.

There are 3 reasons for these FUD (Fear, Uncertainty, Doubt) posts:

1) Usually the person posting the FUD is actually holding the coin they are bashing - they make negative posts in an attempt to drive down the price so they can buy more.

2) They may also be holding a competing coin (IOTA for example) and they are angry that another coin has taken the spotlight away from them. You can spot people in this group as they will often have a signature advertising another coin or they will shill it directly in their post.

3) Pure saltiness. This forum has really gone downhill over the years and it is now filled with desperate, salty children who are angry that they missed the boat.

The world is full of toxic people who cannot accomplish anything on their own so they try to make themselves feel better by attacking other people's accomplishments. Ignore them and DO YOUR OWN RESEARCH!

[Verethraghna]

I have just discovered a curious thing, Bittrex listed and immediately removed XRB in past times:
- https://bitcointalk.org/index.php?topic=1381323.2000

During Bittrex testing XRB chain went down 2 days. So the exchange decided to remove the coin immediately. Of course no dev even mentioned it.

Fracas got it wrong again, dude c'mon do your research before you post something like this on here, saying that the dev never mentioned it, is just wrong mate, the dev mentioned it frequently on slack, they've all told us way before that the reason bittrex isn't adding this coin on their exchange yet is because of the flawed wallet, that's why the devs are working on the wallet, they're developing the wallet to avoid problems that bittrex was having when the coin was first listed on there. I think you should join the raiblocks discord group mate, you'll discover that most of the problems that you're addressing, are already being talked about in the slack group and the dev is really working to eliminate these problems, that's one of the reason why the dev decided to develop this project full time. The price didn't skyrocket out of nothing, the price skyrocket because one by one these problems are already being solved. It's kind of funny that most people that are spreading hate on this thread don't even know this project's full story lol.

thank you again for clearing things up... I almost got taken by the FUD spread here

That was their plan Verethraghna - I am glad that you didn’t fall for it. This is why I have been taking the time to come on here to point out the true nature of these people.

ALWAYS DO YOUR OWN RESEARCH and to be honest, Bitcointalk isn’t the place to do it because of all the idiots and FUDsters. You will find better information on the Raiblocks Discord or Reddit thread.

Glad I took the time to reconfirm what's being said here... Still holding tight to my xrb

I think the developers should team up with the Stone dev and combine great idea's, create two of the best DAG, zero fee based coins, Stone can be litecoin to Raiblock's Bitcoin. If your interested in supporting DAG based chains, jump over to the Stone thread and show your support: https://bitcointalk.org/index.php?topic=2581762.0

I read that he already scam two times. please check there
I think better to support XRB

can you explain more about the 'scam two times'? 

Basically, some veteran members have recognized the MO of a old and known member of the bitcointalk that did multiple scams and the STONE project seems to be just that.
A scam alert thread has been opened here: https://bitcointalk.org/index.php?topic=2677524
The STONE "project" thread its heavily moderated by the scammer, he deletes the posts that reveal this project for what it is.
Now the thread is locked, no new posts can be made.

I do see a lot of posts being deleted and not a single line of code brought up even until now... really doubtful indeed

[Verethraghna]

To all newcomers to Raiblocks

If you are new to Bitcointalk you may not realize how things work around here. Ask yourself this - why would someone who states that Raiblocks is crap/a pump and dump/full of flaws, etc. keep coming on here posting the same thing over and over again even though it has already been addressed numerous times before? Because they care about noobs and want to protect them from the big bad Raiblocks dev stealing their money? LOL, I think not.

There are 3 reasons for these FUD (Fear, Uncertainty, Doubt) posts:

1) Usually the person posting the FUD is actually holding the coin they are bashing - they make negative posts in an attempt to drive down the price so they can buy more.

2) They may also be holding a competing coin (IOTA for example) and they are angry that another coin has taken the spotlight away from them. You can spot people in this group as they will often have a signature advertising another coin or they will shill it directly in their post.

3) Pure saltiness. This forum has really gone downhill over the years and it is now filled with desperate, salty children who are angry that they missed the boat.

The world is full of toxic people who cannot accomplish anything on their own so they try to make themselves feel better by attacking other people's accomplishments. Ignore them and DO YOUR OWN RESEARCH!

Can colin put this on the first post?

[CyraxMax]

Can colin put this on the first post?

Even if he does, people don't read. It's up to the community / us to defend this attack with FUD on railblocks.
These FUDers won't stop.

[White_A]

By the way, so well grew RaiBlocks, I certainly understand everything no commissions and instant transitions, but due to what then the network is supported?

[brisadinBr]

I don't know if this is right, and I'm so sorry if it's not.

But I'm here to ask you guys, could you donate some XRB for a young dweller from "Favela da Rocinha" (Brazil) ? (if you don't know this place, google it)

If you're able to donate 1 XRB I'll be extremely thankful.

I'm asking you because I'm trying to leave this place I live and I see the opportunity of holding this coin in particular so I can rent a house miles away of this hell

PS: I know everyone has personal problems, but living this close to drug deallers armeds with AK-47 and shooting 24/7 is not cool at all.

This is the wallet address: xrb_15mq8obcyxs4xpfg75mqj1tg4uo83kibpta3jo37rjkawycp4owidoi56yk4

Sorry for bad english. Thank you again and good luck for all holders in this brand new year!

[Lvesefougu]

Why so much information in first post?

[raoulsergia]

To all newcomers to Raiblocks

If you are new to Bitcointalk you may not realize how things work around here. Ask yourself this - why would someone who states that Raiblocks is crap/a pump and dump/full of flaws, etc. keep coming on here posting the same thing over and over again even though it has already been addressed numerous times before? Because they care about noobs and want to protect them from the big bad Raiblocks dev stealing their money? LOL, I think not.

There are 3 reasons for these FUD (Fear, Uncertainty, Doubt) posts:

1) Usually the person posting the FUD is actually holding the coin they are bashing - they make negative posts in an attempt to drive down the price so they can buy more.

2) They may also be holding a competing coin (IOTA for example) and they are angry that another coin has taken the spotlight away from them. You can spot people in this group as they will often have a signature advertising another coin or they will shill it directly in their post.

3) Pure saltiness. This forum has really gone downhill over the years and it is now filled with desperate, salty children who are angry that they missed the boat.

The world is full of toxic people who cannot accomplish anything on their own so they try to make themselves feel better by attacking other people's accomplishments. Ignore them and DO YOUR OWN RESEARCH!

Can colin put this on the first post?

Why should this be on the front page?  
Everyone knows the true nature of bitcoin talk. It has gone down hill for years now, just useful in finding a few intelligent people contacts and taking conversations elsewhere
otherwise it is a dumping ground for scammy ICOs

Real projects are all based elsewhere

Anyone who reads the FUD on this website and actually believes it can be tricked into believing anything


Any thing that is said on this site its best to take it with a scoop of salt and DYOR


Anyone who wants to join the community of developers can come visit the discord where many 3rd party developers are always there discussing stuff

[ex-nihilo]

Why RaiBlocks is not secure.

[...]
5. The Man in the Middle attack.

If an attacker succeeds to put himself between a merchant and the RaiBlocks network he can just filter the double spending payment packets, and the merchant will never know that he is receiving a double spending. The Raiblocks network will discard that payment while the merchant will accept it.

https://s18.postimg.org/7pnm6yweh/doublespend.png
[...]

This kind of FUD can be done to every cryptocurrency. So once and for all :
Every cryptocurrency, every online bank is vulnerable to Mitm attacks, if such attack successfully happens.
Example for bitcoin: If a hacker successfully performs a Mitm attack between a buyer and seller, he can just give to the buyer his own bitcoin address instead of the seller's. End of the story. And there are a myriad of more sophisticated attacks depending on whether you have a temporary or persistant Mitm attack.
Fortunately, Mitm attacks (over ssh) are rare, difficult and simply not accessible to the vast majority. They can still happen though and countermeasures (such as ssl pinning) are outside of the scope of crypto currencies underlying technology.
Basically if you are afraid of Mitm attacks, don't open a bank account, don't use any crypto currency, or better, don't use internet (or LANs) and make payments only in cash.

This is 100% correct. It is a common FUD technique to state extreme "edge cases" like they are common occurrences so you have posts like "this coin is not secure - all an attacker has to do is gain control of the majority of the voting delegates". LMFAO

If it is so easy, why hasn't it happened yet? It would be much easier for this kind of attack to occur early on in a coin's life before more nodes come online. Raiblocks has been running for over 2 years straight - why hasn't anyone exploited these "flaws" yet?

Because the time, money and resources required to do so make it impossible.

Imagine you are storing money in one of those Swiss vaults deep inside a mountain. The idiots on this thread trying to scare people with their FUD would make an argument such as:

"Your money is at great risk! All someone has to do is pay off every single guard inside the mountain, circumvent the alarm system and walk straight out the door with your funds". Their arguments are laughable. In fact, they aren't even arguments at all, they are just straight up talking out their asses  

Well BTC is not vulnerable to the same attack, because of the blockchain and 6 confirmations. What rail is essentially is BTC without the blockchain. That's where the double spend protection has been lost.

And no, it's not that hard to pull a MITM attack. With some DNS poisoning you could do this to an exchange and to empty their wallet. No wonder good exchanges won't accept railblock. They'd have to be crazy to do so.

You don't understand. You take the "confirmation" angle since XRB and BTC have different approaches on this aspect. But if you successfully performed a Mitm attack, there are a myriad of other ways to exploit [insert your favorite crypto currency or bank] system. A simple example for BTC is : the attacker intercepts deposit BTC addresses and replaces them with his own addresses. Same with any crypto. And every online bank is vulnerable AFTER a successful Mitm attack. That's why they place countermeasures such as SSL pinning, not to be vulnerable to Mitm attacks in the first place. But even then, this is not always enough. For example : https://thehackernews.com/2017/12/mitm-ssl-pinning-hostname.html

As I said earlier, if you successfully performed a Mitm attack, you have already won, no matter the crypto currency or bank.

You cannot replace any address in a BTC tx. BTC tx are signed (every crypto has signed tx) which doesn't permit tx forging. BTC is currently not vulnerable to MITM.

You intercept the bitcoin address before any transaction has been made. The victim sends his funds to the attacker address and a correct tx is done.

Yes with the exception that every website uses SSL and you cannot break it.

1) you can break it, but you need additional side attacks. SSL alone, in a perfect world on a non compromised computer and correct settings, can't be broken. But we don't live in a perfect world and the local truststore of the victim for example can be compromised.
2) You can transmit a btc address via a non encrypted network (for example via some chat apps that don't support end-to-end encryption like google allo).  

BUT OK, let's theorise that all communications on all networks are secured by SSL and we live in a perfect world so no Mitm attacks over SSL are possible. Then the sentence "If an attacker succeeds to put himself between a merchant and the RaiBlocks network he can ..." has no chance to happen, because a Mitm is not possible in the first place.

On the other hand, if you successfully performed a Mitm attack, then BTC, XRB or any crypto currency is defenseless.

[kryptobrother]

Hey guys, who can help me? I have a backup of my seed. My wallet is synchronized. I reinstalled my wallet, syncing everything again. Import Wallet is not working! Why? I enter the correct seed, then type in clear key, but balance stays at zero! Why can not anyone help me? https://raiblocks.net/block/index.php?h=BFB5931DEC616DBE4F0F978FF0F42BC6BFC306E9DCFD6FFC7EEF65260498DBE1

[Loperenbits]

dont want to create fud but I need to solve this question too much money in the wallet and I need to know its secure:  I have created a second wallet in the same computer in railwallet.com to make tests with transfers and I have created it with different email  and I have generated another seed,  identifier ... but I have the same balance, I have done some transfer and the two wallets are synchronized, transfers and balances. Can someone explain this to me or say me how to contact a raiblocks dev? I have two IDs, seeds, and I acces to the same wallet and address, how can it be?

[bestiya]

dont want to create fud but I need to solve this question too much money in the wallet and I need to know its secure:  I have created a second wallet in the same computer in railwallet.com to make tests with transfers and I have created it with different email  and I have generated another seed,  identifier ... but I have the same balance, I have done some transfer and the two wallets are synchronized, transfers and balances. Can someone explain this to me or say me how to contact a raiblocks dev? I have two IDs, seeds, and I acces to the same wallet and address, how can it be?

Try running the wallets separately. At first one to complete the synchronization and check your balance. Then exit it and run the second one. Again wait for the complete synchronization and check the balance. I saw information that two simultaneously running purses do not work correctly.

[rorschach1]

any news on bigger exchanges? what about the voting contest on binance?

Yeah it's high time for listing to normal exchange. Anyway  Project with that large capitalization deserves listing to Binance, Bittrex.

[fracas]

Hey guys, who can help me? I have a backup of my seed. My wallet is synchronized. I reinstalled my wallet, syncing everything again. Import Wallet is not working! Why? I enter the correct seed, then type in clear key, but balance stays at zero! Why can not anyone help me? https://raiblocks.net/block/index.php?h=

What should your balance be?