Bitcoin Forum
November 18, 2024, 01:40:01 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Terracoin attack caused Bter.com 50BTC loss  (Read 5403 times)
neotrix
Sr. Member
****
Offline Offline

Activity: 428
Merit: 250



View Profile WWW
July 28, 2013, 11:54:46 PM
Last edit: July 29, 2013, 12:07:05 AM by neotrix
 #21

Happy that a 24/24 monitoring and immediate update to 100 confirmations deposit with a special checking on each then TRC deposit, helped crypto-trade.com to be safe of such lost.

here something else I don't understand
during the attack 100 confirmations were a matter of a few minutes... since the blocks were generated with very high frequency... what difference did it make?

Letting few minutes more to check more about big deposits.

When you see 120k trc coming if you monitor as you know it is attacked, you usually suspect something...And lock the user for more investigation

Even smaller amount looking enornous compar to usual... Of course as said 24/24 monitoring is needed... Or the TRC trading should be stopped directly before any disaster... I agree on that

Happy that a 24/24 monitoring and immediate update to 100 confirmations deposit with a special checking on each then TRC deposit, helped crypto-trade.com to be safe of such lost.

here something else I don't understand
during the attack 100 confirmations were a matter of a few minutes... since the blocks were generated with very high frequency... what difference did it make?

None. Coinotron had over 100 confirmed blocked they mined erased by the attacker before they suspended the TRC pool. The difficulty exploit made the attack unstoppable for the most part. In the main thread discussing the attack we were surprised trading was open at all.

I agree while coinotron is a pool, managed by only one operator. Pool also dont earn same fees than exchange and dont push same risk on users. We can understand that coinotron took time to react. An exchange shouln't run if is not 24/24 monitored, my opinion remains the same about this.

Crypto-trade.com : https://bitcointalk.org/index.php?topic=149458.0
https://koddos.com and http://kovpslayer.com.  "Bitcointalkdiscount" to get 10% discount recurring.
mercSuey
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250


View Profile
July 29, 2013, 01:05:26 AM
 #22

Happy that a 24/24 monitoring and immediate update to 100 confirmations deposit with a special checking on each then TRC deposit, helped crypto-trade.com to be safe of such lost.

here something else I don't understand
during the attack 100 confirmations were a matter of a few minutes... since the blocks were generated with very high frequency... what difference did it make?

Letting few minutes more to check more about big deposits.

When you see 120k trc coming if you monitor as you know it is attacked, you usually suspect something...And lock the user for more investigation

Even smaller amount looking enornous compar to usual... Of course as said 24/24 monitoring is needed... Or the TRC trading should be stopped directly before any disaster... I agree on that

Happy that a 24/24 monitoring and immediate update to 100 confirmations deposit with a special checking on each then TRC deposit, helped crypto-trade.com to be safe of such lost.

here something else I don't understand
during the attack 100 confirmations were a matter of a few minutes... since the blocks were generated with very high frequency... what difference did it make?

None. Coinotron had over 100 confirmed blocked they mined erased by the attacker before they suspended the TRC pool. The difficulty exploit made the attack unstoppable for the most part. In the main thread discussing the attack we were surprised trading was open at all.

I agree while coinotron is a pool, managed by only one operator. Pool also dont earn same fees than exchange and dont push same risk on users. We can understand that coinotron took time to react. An exchange shouln't run if is not 24/24 monitored, my opinion remains the same about this.

I completely agree.  Good to know you have the proper safety checks at crypto-trade.  I know Cryptsy also had alerts triggered and disabled accounts.  Your efforts will help keep damage to altcoins to a minimum as the industry continues to mature, and for that I thank you.

-Merc
neotrix
Sr. Member
****
Offline Offline

Activity: 428
Merit: 250



View Profile WWW
July 29, 2013, 01:17:38 AM
 #23

Happy that a 24/24 monitoring and immediate update to 100 confirmations deposit with a special checking on each then TRC deposit, helped crypto-trade.com to be safe of such lost.

here something else I don't understand
during the attack 100 confirmations were a matter of a few minutes... since the blocks were generated with very high frequency... what difference did it make?

Letting few minutes more to check more about big deposits.

When you see 120k trc coming if you monitor as you know it is attacked, you usually suspect something...And lock the user for more investigation

Even smaller amount looking enornous compar to usual... Of course as said 24/24 monitoring is needed... Or the TRC trading should be stopped directly before any disaster... I agree on that

Happy that a 24/24 monitoring and immediate update to 100 confirmations deposit with a special checking on each then TRC deposit, helped crypto-trade.com to be safe of such lost.

here something else I don't understand
during the attack 100 confirmations were a matter of a few minutes... since the blocks were generated with very high frequency... what difference did it make?

None. Coinotron had over 100 confirmed blocked they mined erased by the attacker before they suspended the TRC pool. The difficulty exploit made the attack unstoppable for the most part. In the main thread discussing the attack we were surprised trading was open at all.

I agree while coinotron is a pool, managed by only one operator. Pool also dont earn same fees than exchange and dont push same risk on users. We can understand that coinotron took time to react. An exchange shouln't run if is not 24/24 monitored, my opinion remains the same about this.

I completely agree.  Good to know you have the proper safety checks at crypto-trade.  I know Cryptsy also had alerts triggered and disabled accounts.  Your efforts will help keep damage to altcoins to a minimum as the industry continues to mature, and for that I thank you.

-Merc

Thanks, nice to see some people more concerned on securities and future of cryptocurrencies.

Especially when it take 10 min to any programmer to make some script to check such special activities (big deposit...) We talk as admin of exchangers sometime managing hundreds of USD worth owned by users, also making good money with fees... I wont say more you got my point Wink If admin of an exchange cannot hire some people to monitor 24/24, then exchange should'nt run or users should expect some lost anytime....Or just avoid this exchange.

Crypto-trade.com : https://bitcointalk.org/index.php?topic=149458.0
https://koddos.com and http://kovpslayer.com.  "Bitcointalkdiscount" to get 10% discount recurring.
hanzac
Sr. Member
****
Offline Offline

Activity: 425
Merit: 262


View Profile
July 29, 2013, 02:29:21 AM
 #24

The hard-fork really damages a lot except the attacker is happy at the end.
I think terracoin community should thank bter.com for taking most of the damage. Otherwise, TRC value will be dilute more.
sumantso
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000



View Profile
July 29, 2013, 08:14:02 AM
 #25

Quote
The attacker's deposit disappeared.

let me understand how an exchange works...
a guy deposit x coins on his address...
then he sells something to someone else
are the coins really moved to the seller address to the buyer address after the trade?


When you deposit, you just deposit to the exchange wallet; where other deposits happen too. Same happens with withdrawl. So you don't do a point to point transaction between buyer/seller.

Arbitrageur
Hero Member
*****
Offline Offline

Activity: 556
Merit: 500


View Profile
July 29, 2013, 08:23:20 AM
 #26

Quote
When you deposit, you just deposit to the exchange wallet; where other deposits happen too. Same happens with withdrawl. So you don't do a point to point transaction between buyer/seller.

thanks a lot for that answer

but I'm still confused!

what I would like to know is: which coins really disappeared??

1) the ones the attacker deposited on BTER? (this seems to be confirmed by BTER)

2) the ones the attacker sold on BTER but still sitting in the buyer's BTER account? (this also seems to be the case)

3) the ones that were moved out of BTER buyer's account into other exchange accounts (in this case any other exchange should have a total of TRC which is less that the total of its clients' TRC individual holdings, the difference made by the disappearead TRC brought in there)

are all the three cases true?

thanks for your help
Arbitrageur
Hero Member
*****
Offline Offline

Activity: 556
Merit: 500


View Profile
July 29, 2013, 09:44:03 AM
 #27


Even smaller amount looking enornous compar to usual... Of course as said 24/24 monitoring is needed... Or the TRC trading should be stopped directly before any disaster... I agree on that

neotrix, did any TRC disappear from your exchange? any at all? not even 1.

sumantso
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000



View Profile
July 29, 2013, 10:09:55 AM
 #28

Quote
When you deposit, you just deposit to the exchange wallet; where other deposits happen too. Same happens with withdrawl. So you don't do a point to point transaction between buyer/seller.

thanks a lot for that answer

but I'm still confused!

what I would like to know is: which coins really disappeared??

1) the ones the attacker deposited on BTER? (this seems to be confirmed by BTER)

2) the ones the attacker sold on BTER but still sitting in the buyer's BTER account? (this also seems to be the case)

3) the ones that were moved out of BTER buyer's account into other exchange accounts (in this case any other exchange should have a total of TRC which is less that the total of its clients' TRC individual holdings, the difference made by the disappearead TRC brought in there)

are all the three cases true?

thanks for your help


What is in you account is just a number. You don't have a separate wallet. Bter's TRC balance reduced after the attackers TRCs disappeared.

When buyers withdrew TRC, it MAY been partly the attacker's ones too. If no user reports that they have any TRC missing, there is a very strong possibility that Bter is hiding something.

lamiomni
Newbie
*
Offline Offline

Activity: 53
Merit: 0


View Profile
July 29, 2013, 11:38:23 AM
 #29


Even smaller amount looking enornous compar to usual... Of course as said 24/24 monitoring is needed... Or the TRC trading should be stopped directly before any disaster... I agree on that

neotrix, did any TRC disappear from your exchange? any at all? not even 1.



Basicly this is what happens during a 51% attack:
You have to understand that the blockchain contains all the transactions and block are minted on top of it
The attacker build his own blockchain, with his mining speed, he can be faster than the network
Blockchain acceptation is done by consensus by all the nodes, basicly, the longest chain wins
The attacker spend his money on the network chain, but his money remains on his (and longer!)
The attacker broadcasts (release) his chain to all the node, in order to be accepted by them
The longest chain is validated, orphaning the network's chain, reversing his spending
The attacker, sucessfully spent his money (like exchanging TRC in BTC) and keep his money on the newly accepted chain
In this case, I think that he successfully use his minting reward because he doesn't seem to have balance before the attack
This attack seems to give 100% of minted blocks to the attacker

Please tell me if I'm wrong somewhere.
Arbitrageur
Hero Member
*****
Offline Offline

Activity: 556
Merit: 500


View Profile
July 29, 2013, 12:08:03 PM
 #30

the blockchain now says:

175049           2013-07-29 11:49:19   36   126.31668153   294231.656   3501029.85549999

on the 23th before the attack there were 327049 TRC, here the situation at block 163500

163500   2013-07-23 03:36:06   1   20   20574.792   3270049.85549999

11549 blocks difference, 20 trc on each block: 230980 TRC total generated by these 11549 new blocks

3.270.049+230.980 = 3.501.029

EXACT!

so the frigging TRC coins generated by all those blocks are still counted by the block chain
but... if THEY DISAPPEARED, shouldn't they be erased and not computed anymore???

the mystery is still there... are those coins existing or not??

I still can't get it!




Arbitrageur
Hero Member
*****
Offline Offline

Activity: 556
Merit: 500


View Profile
July 29, 2013, 12:13:21 PM
 #31

....unless those coins belongs to the attacker now and he's holding them somewhere, they disappeared from BTER but still are in the attacker's possesion, aren't they?

sumantso
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000



View Profile
July 29, 2013, 12:29:25 PM
 #32

....unless those coins belongs to the attacker now and he's holding them somewhere, they disappeared from BTER but still are in the attacker's possesion, aren't they?



As lamiomni said, a profit happens when you double spend. In the current blockchain the deposit by the attacker would be invalid. So they are still with the attacker (unless they have been spent again).

Some of that TRC  deposit may have been withdrawn by Bter users and should have vanished. Since nobody is reporting that it seems a tad fishy. Unless by luck all the withdrawls used other TRCs only.

Arbitrageur
Hero Member
*****
Offline Offline

Activity: 556
Merit: 500


View Profile
July 29, 2013, 12:41:50 PM
 #33

in other words he still have the cake and ate it too
bcp19
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500



View Profile
July 29, 2013, 01:01:46 PM
 #34

the blockchain now says:

175049           2013-07-29 11:49:19   36   126.31668153   294231.656   3501029.85549999

on the 23th before the attack there were 327049 TRC, here the situation at block 163500

163500   2013-07-23 03:36:06   1   20   20574.792   3270049.85549999

11549 blocks difference, 20 trc on each block: 230980 TRC total generated by these 11549 new blocks

3.270.049+230.980 = 3.501.029

EXACT!

so the frigging TRC coins generated by all those blocks are still counted by the block chain
but... if THEY DISAPPEARED, shouldn't they be erased and not computed anymore???

the mystery is still there... are those coins existing or not??

I still can't get it!





Try this explanation: Attacker has legally mined 100 coins

Code:
Original Blockchain                                   Attacker Blockchain
Block 102, 1 transaction, 20 coins to A       Block 102, 1 transaction, 20 coins to attacker (C)
block 103, 1 transaction, 20 coins to B       Block 103, 1 transaction, 20 coins to attacker
block 104, 1 transaction, 20 coins to A       Block 104, 1 transaction, 20 coins to attacker
block 105, 1 transaction, 20 coins to C       Block 105, 1 transaction, 20 coins to attacker
block 106, 2 trans, 20 to A, 100 C->D        Block 106, 1 transaction, 20 coins to attacker
block 107-113 1 trans, 20 each to A/B/E     Block 197-113, 20 coins each to attacker
block 114, 1 trans 20 coins to E                  Block 114 attacker makes a longer chain by creating a larger transaction, orphaning true blocks 102-113

Example of attacker's transactions in block 114:
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2.06         1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 80.1575
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2.0975
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2
1PAnMKuTs9R4U9FF7xdQSmQc655d2r9zeB: 2

Since the attacker's blockchain is longer and he has more hashrate, he forces his blockchain onto the network as the real one and the real one disappears (orphaned).  The spend he made at block 106 to the Exchange at Address D 'disappears'(even though the exchange credits it after the 4/6 confirmations), the coins mined by A, B and E disappear, their blocks orphaned.  Attacker goes to exchange, converts credited coins to BTC or other coins, transfers them out, Exchange later sees balance mismatch between wallet and their system and trace it back, but too late, attacker has run with converted coins.

Now, by this explanation, the attacker still has the coins.  TRC developers though said the time warped blocked would be invalidated.  What does this mean?  Dunno.  Maybe the attackers address is rendered invalid in the system and while the coins are 'in' his wallet, the client will never allow them to be spent.  Maybe it's just a platitude given to us to calm the masses into thinking the attacker lost his coins, while they sweep it under the rug and let him go.  Maybe... <insert your theory here>

We will never know the real truth unless the TRC dev's come right out and explain it in terms we can understand.

I do not suffer fools gladly... "Captain!  We're surrounded!"
I embrace my inner Kool-Aid.
lamiomni
Newbie
*
Offline Offline

Activity: 53
Merit: 0


View Profile
July 29, 2013, 01:03:08 PM
 #35

in other words he still have the cake and ate it too

Yup.

Here is a simplified explanation:
- 2 blockchains: One where you spend it (on the legit blockchain, B1), one where you keep it (on the attacker's one, B2)
- During the attack, you deposit your funds on an exchange and withdraw BTC, LTC, whatever, something different than TRC, these transactions takes place on B1 but not on B2
- You broadcast B2 to reverse TRC transactions you did on B1, this is likely to succeed only if you have more than 51% of the network
- Unfortunately, all the others blockchains didn't reverse the transaction so you still have withdrawn BTC, LTC... and TRC

Time warp attack seems to block difficulty to a low level, so the blocks can be minted at very high speed.
bcp19
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500



View Profile
July 29, 2013, 01:09:33 PM
 #36

....unless those coins belongs to the attacker now and he's holding them somewhere, they disappeared from BTER but still are in the attacker's possesion, aren't they?



As lamiomni said, a profit happens when you double spend. In the current blockchain the deposit by the attacker would be invalid. So they are still with the attacker (unless they have been spent again).

Some of that TRC  deposit may have been withdrawn by Bter users and should have vanished. Since nobody is reporting that it seems a tad fishy. Unless by luck all the withdrawls used other TRCs only.
I think you are not looking at the big picture.

Exchange wallet: 2,000,000 TRC
Attacker sends 120,000 TRC, coins go to his deposit address, then into exchange wallet.
Exchange wallet: 2,120,000 TRC
Attacker converts on site to BTC and withdraws
Exchange wallet: 2,120,000 TRC
Attacker invalidates original blockchain and deposit disappears
Exchange wallet: 2,000,000 TRC

Now, *IF* someone happened to withdraw from the exchange during this brief period, their TRC sent to other sites would disappear, but how often do people transfer out of an exchange?

I do not suffer fools gladly... "Captain!  We're surrounded!"
I embrace my inner Kool-Aid.
mnyonpa
Full Member
***
Offline Offline

Activity: 140
Merit: 100



View Profile
July 29, 2013, 01:14:54 PM
 #37

Heads up and condolences for Bter.

But also a good illustration for us all who would invest in unsecured cryptocurrencies.

BTC address for donations: 1EEjkAqLXTxscD24D1S6aXWtxPUWxSkHcd
lamiomni
Newbie
*
Offline Offline

Activity: 53
Merit: 0


View Profile
July 29, 2013, 01:29:18 PM
 #38

....unless those coins belongs to the attacker now and he's holding them somewhere, they disappeared from BTER but still are in the attacker's possesion, aren't they?



As lamiomni said, a profit happens when you double spend. In the current blockchain the deposit by the attacker would be invalid. So they are still with the attacker (unless they have been spent again).

Some of that TRC  deposit may have been withdrawn by Bter users and should have vanished. Since nobody is reporting that it seems a tad fishy. Unless by luck all the withdrawls used other TRCs only.
I think you are not looking at the big picture.

Exchange wallet: 2,000,000 TRC
Attacker sends 120,000 TRC, coins go to his deposit address, then into exchange wallet.
Exchange wallet: 2,120,000 TRC
Attacker converts on site to BTC and withdraws
Exchange wallet: 2,120,000 TRC
Attacker invalidates original blockchain and deposit disappears
Exchange wallet: 2,000,000 TRC

Now, *IF* someone happened to withdraw from the exchange during this brief period, their TRC sent to other sites would disappear, but how often do people transfer out of an exchange?

Not really, since normally blockchain acceptation is weighted with transactions, the attacker's blockchain contains all the transactions except his own (as a node, you have the ability to rejects transactions).
Arbitrageur
Hero Member
*****
Offline Offline

Activity: 556
Merit: 500


View Profile
July 29, 2013, 01:36:37 PM
Last edit: July 29, 2013, 02:20:55 PM by Arbitrageur
 #39

I'd ask freeworm, who seems to be part of BTER staff, to post here all the trades done by the attacker.
heatgsm
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
July 29, 2013, 02:36:25 PM
 #40

There are risks in every business...you`ll get over this. Heads up - i appreciate your approach on this matter.
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!