Bitcoin Forum
August 13, 2020, 06:01:04 PM *
News: Latest Bitcoin Core release: 0.20.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 [101] 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 »
  Print  
Author Topic: [0Th]Ozcoin Pooled Mining |DGM 1%|Stratum+VarDiff port 80|NEW CN mining|  (Read 397841 times)
organofcorti
Donator
Legendary
*
Offline Offline

Activity: 2058
Merit: 1007


Poor impulse control.


View Profile WWW
April 19, 2013, 10:13:31 AM
 #2001

I guess the script already sent transactions out,
but not all are accepted (included in the blocks they create) by the solo miners and pools.

That seems about right. The amount is still increasing on that address as more blocks are mined..

It looks like most of those are 0conf unconfirmed payouts finally making it through the backlog.

It looks like most of them are 0 fee...is it possible to push through a much higher fee transaction and get it accepted before one of the fraudulent ones, thereby invalidating the whole chain? Forgive my relative ignorance on this matter.

Like the SD 0conf exploit?

Bitcoin network and pool analysis 12QxPHEuxDrs7mCyGSx1iVSozTwtquDB3r
follow @oocBlog for new post notifications
1597341664
Hero Member
*
Offline Offline

Posts: 1597341664

View Profile Personal Message (Offline)

Ignore
1597341664
Reply with quote  #2

1597341664
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1597341664
Hero Member
*
Offline Offline

Posts: 1597341664

View Profile Personal Message (Offline)

Ignore
1597341664
Reply with quote  #2

1597341664
Report to moderator
1597341664
Hero Member
*
Offline Offline

Posts: 1597341664

View Profile Personal Message (Offline)

Ignore
1597341664
Reply with quote  #2

1597341664
Report to moderator
1597341664
Hero Member
*
Offline Offline

Posts: 1597341664

View Profile Personal Message (Offline)

Ignore
1597341664
Reply with quote  #2

1597341664
Report to moderator
LazyOtto
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250


View Profile
April 19, 2013, 10:14:19 AM
 #2002

is it possible to push through a much higher fee transaction and get it accepted before one of the fraudulent ones, thereby invalidating the whole chain?
As far as the bitcoin network is concerned, they are not fraudulent.

That is the nature of BTCs. Once they are sent, they are sent.

Any mechanic which could 'pull back' the BTC sent as a result of this successful attack would be a demonstration that the bitcoin concept itself is fatally flawed. Resulting in a collapse in value of bitcoin itself.

--

My condolences, Graet.


-- edit - changed "hack" to "successful attack"
Mikej0h
Member
**
Offline Offline

Activity: 117
Merit: 100

Life is short, play long


View Profile
April 19, 2013, 10:45:22 AM
 #2003

Oh geez, I was already wondering why I got the mail "ozco.in Automatic Payout Notification", but didn't receive the payment and didn't see it on the blockchain.

I'm on the list for "-8.75307302".

I'm really feel bad for Graet, and I could very well understand this would make him sick Sad.
He tries to do his best, and then all this sh*t is happening.

I'm with you Graet, i'm with you; I keep supporting you and your pool (even though what you now going through).
Nicolai
Newbie
*
Offline Offline

Activity: 39
Merit: 0



View Profile
April 19, 2013, 11:23:37 AM
Last edit: April 19, 2013, 01:32:27 PM by Nicolai
 #2004

I don't know how bitcoind's default behavior is, but can't you try to re-spend all the 0-confirms (and add a fee to the new transaction)?
If the hacked transactions has a very low priority (or isn't added the the mempool), because they don't have a fee (why would the hacker not even pay a fking fee?), then you might be able to "steal" some of them back Wink

EDIT: When I wrote this, less than 50 BTC was confirmed. Now all of them is confirmed, so it is too late.
JackPatrick
Newbie
*
Offline Offline

Activity: 13
Merit: 0


View Profile
April 19, 2013, 12:16:48 PM
 #2005

Oh shi*, we're fucked.
BTCGuild takes over, all Pools are being DDOSed, MTRed closes door, ozco hacked to steal payouts.
The System itself has gotten attention of too much people, now some try to get our money out, then destroy it.

And the loss of ~1600BTC, jesus, Graet deserves a gold medal for taking this as a lesson and continue working.
Most would have killed someone responsible for this.
Why 1600 BTC? Great reported about 934 BTC theft.
Welvis
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile WWW
April 19, 2013, 12:24:34 PM
 #2006

Oh shi*, we're fucked.
BTCGuild takes over, all Pools are being DDOSed, MTRed closes door, ozco hacked to steal payouts.
The System itself has gotten attention of too much people, now some try to get our money out, then destroy it.

And the loss of ~1600BTC, jesus, Graet deserves a gold medal for taking this as a lesson and continue working.
Most would have killed someone responsible for this.
Why 1600 BTC? Great reported about 934 BTC theft.

He is talking about the theft plus the previous loss of 700 odd BTC from PPS issues that Graet also funded out of his pocket.
DrG
Legendary
*
Offline Offline

Activity: 1932
Merit: 1019



View Profile
April 19, 2013, 12:34:01 PM
 #2007

Wow, just wow.  I think this is a new first.  It's one thing to keep money that a pool mistakenly sent you.  It's another to steal 1kBTC from miners!  Shocked  Angry
refer_2_me
Full Member
***
Offline Offline

Activity: 213
Merit: 100



View Profile
April 19, 2013, 12:54:00 PM
 #2008

We have isolated the method used to change the code on our side.
All payout/bitcoind control access has been removed from the public facing systems and is now operating on a private internal network with SQL.

We have implemented a pre-check system that will run prior to all payouts to stop this last incident from happening.

As mentioned before I take full responsibility for what has happened, and will be covering it personally.
I have already funded the loss again, and for what I hope to be a very short period, payouts have been throttled as an extra precaution.

Some people have shared concerns about other sites I work with. I can assure everyone that Ozcoin is separately coded and managed.
While this was indeed a great and frustrating loss, it's not a first for pools and thankfully by far one of the smallest still.

As always, I will keep everyone informed as updates become available.
Best wishes
Graet

I hope you are taking proper SQL injection precautions. I'm really sorry that this happened to you and I will be delaying any payments indefinitely, I don't need them right now, but it seems that you do. And I really have to thank you for being honorable in the face of such challenges. It restores my faith in humanity.

BTC: 1reFerkRnftob5YvbB112bbuwepC9XYLj
XPM: APQpPZCfEz3kejrYTfyACY1J9HrjnRf34Y
rupy
Hero Member
*****
Offline Offline

Activity: 725
Merit: 500



View Profile
April 19, 2013, 01:02:23 PM
 #2009

This is interesting: I just realized, the theif can't spend this money for ANYTHING at ANY point in time!

That address will be tracked by a hundred people for all future, I'm writing a system for this NOW.

Basically, he has BTC but as soon as he spends them, he will get caught!

Edit: Can someone point me to threads about this fact OR prove me wrong!

YOU CANNOT STEAL BITCOINS!

BANKBOOK GWT Wallet & no-FIAT Billing API
organofcorti
Donator
Legendary
*
Offline Offline

Activity: 2058
Merit: 1007


Poor impulse control.


View Profile WWW
April 19, 2013, 01:06:51 PM
 #2010

This is interesting: I just realized, the theif can't spend this money for ANYTHING at ANY point in time!

That address will be tracked by a hundred people for all future, I'm writing a system for this NOW.

Basically, he has BTC but as soon as he spends them, he will get caught!

Edit: Can someone point me to threads about this fact OR prove me wrong!

YOU CANNOT STEAL BITCOINS!

He send the coins to gox, trades them for USD and buys other coins back. Or uses a coin mixing service. Or trades them for virgin coin. Or spends them with someone who doesn't care that they're dealing with a dick.


Bitcoin network and pool analysis 12QxPHEuxDrs7mCyGSx1iVSozTwtquDB3r
follow @oocBlog for new post notifications
DrG
Legendary
*
Offline Offline

Activity: 1932
Merit: 1019



View Profile
April 19, 2013, 01:07:52 PM
 #2011

This is interesting: I just realized, the theif can't spend this money for ANYTHING at ANY point in time!

That address will be tracked by a hundred people for all future, I'm writing a system for this NOW.

Basically, he has BTC but as soon as he spends them, he will get caught!

Edit: Can someone point me to threads about this fact OR prove me wrong!

YOU CANNOT STEAL BITCOINS!

Rupy come on, you've been here since 2011 and you don't know about PPS or how stolen coins can't be tracked? All the thief has to do is collect the coins, use a mixing service or even an exchange and they'll never be tracked again.

I wonder if the developers are making any headway into blacklisting addresses or would that defeat the anonymity of BTC?
zhunifa
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
April 19, 2013, 01:13:51 PM
 #2012

I did not receive your payment , and payment records on the web has been paid . Please give me a reasonable explanation .sir Smiley
os2sam
Legendary
*
Offline Offline

Activity: 3038
Merit: 1060


Think for yourself


View Profile
April 19, 2013, 01:14:05 PM
 #2013

This is interesting: I just realized, the theif can't spend this money for ANYTHING at ANY point in time!

That address will be tracked by a hundred people for all future, I'm writing a system for this NOW.

Basically, he has BTC but as soon as he spends them, he will get caught!

Edit: Can someone point me to threads about this fact OR prove me wrong!

YOU CANNOT STEAL BITCOINS!

Rupy come on, you've been here since 2011 and you don't know about PPS or how stolen coins can't be tracked? All the thief has to do is collect the coins, use a mixing service or even an exchange and they'll never be tracked again.

I wonder if the developers are making any headway into blacklisting addresses or would that defeat the anonymity of BTC?

Or you could drop the wallet.dat into an online wallet service.

What good will blacklisting addresses do?  Anyone can create as many addresses as they want?

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
os2sam
Legendary
*
Offline Offline

Activity: 3038
Merit: 1060


Think for yourself


View Profile
April 19, 2013, 01:15:00 PM
 #2014

I did not receive your payment , and payment records on the web has been paid . Please give me a reasonable explanation .sir Smiley

Read the previous chain of post's here!!!!!

Starting with this one

https://bitcointalk.org/index.php?topic=14085.msg1883478#msg1883478

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
kano
Legendary
*
Offline Offline

Activity: 3220
Merit: 1292


Linux since 1997 RedHat 4


View Profile
April 19, 2013, 01:16:39 PM
 #2015

This is interesting: I just realized, the theif can't spend this money for ANYTHING at ANY point in time!

That address will be tracked by a hundred people for all future, I'm writing a system for this NOW.

Basically, he has BTC but as soon as he spends them, he will get caught!

Edit: Can someone point me to threads about this fact OR prove me wrong!

YOU CANNOT STEAL BITCOINS!

Rupy come on, you've been here since 2011 and you don't know about PPS or how stolen coins can't be tracked? All the thief has to do is collect the coins, use a mixing service or even an exchange and they'll never be tracked again.

I wonder if the developers are making any headway into blacklisting addresses or would that defeat the anonymity of BTC?
As per discussions that have been around (and I've been part of some) black listing addresses is not an option.
The problem is simply that someone is then given the power to decide what addresses are black listed.
Who should be given power to control BTC? No one.
It's even worse when you consider what it means for the average person.
If I have 10BTC stolen can I then go to this 'power' and ask them to blacklist the target address?
Of course not - since we then have the issue of who is right and who is wrong - that again someone will be given the power to decide.
So basically it becomes a power to be used either for those with a lot of BTC and well known, or those who are also considered 'powerful' in the BTC world.
It's called give central control of BTC to a few people - which is of course a very bad thing.

Pool: https://kano.is - lowest fee PPLNS 3 Days Here on Bitcointalk: Forum
Discord support invite at https://kano.is/ Majority developer of the ckpool code - k for kano
Help keep Bitcoin secure by mining on pools with full block verification on all blocks - and NO empty blocks!
amigaman
Sr. Member
****
Offline Offline

Activity: 406
Merit: 250



View Profile
April 19, 2013, 01:23:35 PM
 #2016

@rupy:
That would definitely kill the anonymity aspect.
Who are you to blacklist any address?
Law enforcement? No.
Bitcoin Administration? Also, no.

So this feature can't be added, because it would let them asses in, blacklisting any publicly available adress from forum posts, "donate here please" and whatever.
Would be a nice feature, but the only responsible person to blacklist any adress is the owner of it, and the only use to blacklist is when the wallet.dat gets lost/stolen, as to prevent someone spend the moniez.
But then you do not have any information to prove you're the responsible person.

And also, you can't track where these btc's go. That's the way the system is defined. You may be able to see the target adress, but that's an anon value also, so no Name/whatever behind it, at least as long the receiving person doesn't decide to reveal its adress in a googleable way.

Only possible option would be to enforce a new version of any btc related software that allows pool operators to blacklist such transactions/adresses and basically not process them, either as target or source of any transaction.
But there is the devil of "law enforcement person".
Do you trust any and all pool operators to not blacklist some adresses just because "they're fuckers let's kill them"?
I personally don't. Graet and some others are maybe "angels" ("faith in humanity restored" and the like), but i bet there are some bad dudes out there...
And you'll only need one to kill the whole system.
rupy
Hero Member
*****
Offline Offline

Activity: 725
Merit: 500



View Profile
April 19, 2013, 01:35:44 PM
 #2017

I'm going to explain this like you where 5 years old:

I, my son, his children, will _personally_ track 16cDeEFn6sraUEJrDCt2Yg3r7j2oazSYEd for all eternity, no matter how many addresses the value is being sent to.

The value originating in 16cDeEFn6sraUEJrDCt2Yg3r7j2oazSYEd is for all future marked in our collective consciousness as stolen money.

Nothing else matters, I could create a service where you can store stolen addresses, but that is COMPLETELY IRRELEVANT.

NO ONE will EVER take money from 16cDeEFn6sraUEJrDCt2Yg3r7j2oazSYEd, period.

Case closed.

BANKBOOK GWT Wallet & no-FIAT Billing API
Marrs
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
April 19, 2013, 01:38:45 PM
 #2018


He send the coins to gox, trades them for USD and buys other coins back. Or uses a coin mixing service. Or trades them for virgin coin. Or spends them with someone who doesn't care that they're dealing with a dick.



Pecunia non olet.
rupy
Hero Member
*****
Offline Offline

Activity: 725
Merit: 500



View Profile
April 19, 2013, 01:42:27 PM
 #2019

Do you really think Mt.Gox would hide the new address, if they know (which they do) that the old contained stolen coins?

AFAIK there is NO WAY to "mix" your coins. It's all in the blockchain.

BANKBOOK GWT Wallet & no-FIAT Billing API
organofcorti
Donator
Legendary
*
Offline Offline

Activity: 2058
Merit: 1007


Poor impulse control.


View Profile WWW
April 19, 2013, 01:44:15 PM
 #2020

Do you really think Mt.Gox would hide the new address?

Can you force them to? And don't forget coin mixers and escrow agents.

Bitcoin network and pool analysis 12QxPHEuxDrs7mCyGSx1iVSozTwtquDB3r
follow @oocBlog for new post notifications
Pages: « 1 ... 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 [101] 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!