Bitcoin Forum
November 21, 2019, 01:02:22 AM *
News: 10th anniversary art contest
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 [6] 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 ... 88 »
  Print  
Author Topic: Network Attack on XVG / VERGE  (Read 28693 times)
phm87
Full Member
***
Offline Offline

Activity: 174
Merit: 101

Mining pool operator @ https://www.unimining.net


View Profile WWW
April 04, 2018, 08:31:18 PM
 #101

nice a new version of the famed timewarp attack.. very interesting.

yep.. we pushed a quick fix and most pools have already updated.. we're already working on a whole new block verification process.

we're kinda glad this happened and that it wasn't as bad as it could have been.


Hmm, you guys are aware that the "fix" you pushed actually IS a hardfork ? So your blockchain snapshot is not valid anymore, the wallet's won't sync up from scratch anymore and the current chain is simply not usable anymore with that new "fix" ?

Your change simply disagrees with the attackers blocks, the first block I see from the attacker was 2007365 - so the wallets will stop syncing there and simply not progress any further.

I remember your first forking dramas when trying to fork into Tor which failed 2 times IIRC.

You should immediately refrain from that "fix" and set a proper fork-height (at least 48h) and the chain up until the fork block MUST accept blocks with the old timestamps and blocks after that fork block then only with the new timestamp.




bumping this for awareness

Thank you ocminer, I hope that dev coin team will fix this problem and warn pools in a timely manner if a fork should be done. i'd be happy that we revert the coins mined by the attacker.

⚠️🚀 https://www.unimining.net 🚀⚠️ Low fee, multi algo pool | 2 hr payout | No registration required. ⚠️🚀 https://www.unimining.net 🚀⚠️
1574298142
Hero Member
*
Offline Offline

Posts: 1574298142

View Profile Personal Message (Offline)

Ignore
1574298142
Reply with quote  #2

1574298142
Report to moderator
1574298142
Hero Member
*
Offline Offline

Posts: 1574298142

View Profile Personal Message (Offline)

Ignore
1574298142
Reply with quote  #2

1574298142
Report to moderator
1574298142
Hero Member
*
Offline Offline

Posts: 1574298142

View Profile Personal Message (Offline)

Ignore
1574298142
Reply with quote  #2

1574298142
Report to moderator
The Bitcoin Forum is turning 10 years old! Join the community in sharing and exploring the notable posts made over the years.
ocminer
Legendary
*
Offline Offline

Activity: 2422
Merit: 1233



View Profile WWW
April 04, 2018, 08:34:47 PM
 #102

nice a new version of the famed timewarp attack.. very interesting.

yep.. we pushed a quick fix and most pools have already updated.. we're already working on a whole new block verification process.

we're kinda glad this happened and that it wasn't as bad as it could have been.


Hmm, you guys are aware that the "fix" you pushed actually IS a hardfork ? So your blockchain snapshot is not valid anymore, the wallet's won't sync up from scratch anymore and the current chain is simply not usable anymore with that new "fix" ?

Your change simply disagrees with the attackers blocks, the first block I see from the attacker was 2007365 - so the wallets will stop syncing there and simply not progress any further.

I remember your first forking dramas when trying to fork into Tor which failed 2 times IIRC.

You should immediately refrain from that "fix" and set a proper fork-height (at least 48h) and the chain up until the fork block MUST accept blocks with the old timestamps and blocks after that fork block then only with the new timestamp.




bumping this for awareness

Thank you ocminer, I hope that dev coin team will fix this problem and warn pools in a timely manner if a fork should be done. i'd be happy that we revert the coins mined by the attacker.


From what I know they won't roll back and just move on.. However, they still must do the hardfork in a proper way

suprnova pools - reliable mining pools - #suprnova on freenet
https://www.suprnova.cc - FOLLOW us @ Twitter ! twitter.com/SuprnovaPools
BitPotus
Hero Member
*****
Offline Offline

Activity: 1022
Merit: 574


View Profile
April 04, 2018, 08:36:01 PM
Merited by ACP (1)
 #103

When Ocminer tells you that Shit hit the Fan, Shit hit the fucking fan.

Verge fanbois better listen the fuck up.

cchub
Full Member
***
Offline Offline

Activity: 560
Merit: 101


Migranet ITO


View Profile
April 04, 2018, 08:38:08 PM
 #104

if im not wrong they fixed it bug could be happen on any coin even bitcoin so lets  not blame them for bug lets blame them for not fixing it so fast

It cannot happen in bitcoin because bitcoin doesn't have such a system. Instead, bitcoin relies on proof-of-work only.

❉❉❉ Migranet ❉❉❉  [MIGRATION。SIMPLIFIED 。]
▐| Global immigrationpowered by AI & blockchain |▌
TELEGRAMTWITTERFACEBOOKYOUTUBEINSTREAGRAM
aciddude
Member
**
Offline Offline

Activity: 175
Merit: 26


View Profile WWW
April 04, 2018, 08:40:53 PM
 #105

nice a new version of the famed timewarp attack.. very interesting.

yep.. we pushed a quick fix and most pools have already updated.. we're already working on a whole new block verification process.

we're kinda glad this happened and that it wasn't as bad as it could have been.


Hmm, you guys are aware that the "fix" you pushed actually IS a hardfork ? So your blockchain snapshot is not valid anymore, the wallet's won't sync up from scratch anymore and the current chain is simply not usable anymore with that new "fix" ?

Your change simply disagrees with the attackers blocks, the first block I see from the attacker was 2007365 - so the wallets will stop syncing there and simply not progress any further.

I remember your first forking dramas when trying to fork into Tor which failed 2 times IIRC.

You should immediately refrain from that "fix" and set a proper fork-height (at least 48h) and the chain up until the fork block MUST accept blocks with the old timestamps and blocks after that fork block then only with the new timestamp.




bumping this for awareness

how can we verify the hardfork ?

just download an updated wallet which includes the "fix" - then download the blockchain snapshot and try to sync up to the latest block...it will get stuck at 2007364

heh Yeah I'm building their wallet with the fix now.

FTC API + Block Explorer https://fsight.chain.tips
ChekaZ
Legendary
*
Offline Offline

Activity: 1852
Merit: 1005



View Profile
April 04, 2018, 08:41:18 PM
 #106

Great post ocminer, thanks for this valuable information & awesome to see the newbie accounts pop up and say its fake and fud Cheesy


BTC: 1Ges1taJ69W7eEMbQLcmNGnUZenBkCnn45
FTC: 6sxjM96KMZ7t4AmDTUKDZdq82Nj931VQvY
Polonex
Newbie
*
Offline Offline

Activity: 196
Merit: 0


View Profile
April 04, 2018, 08:49:26 PM
 #107

How can one initiate an attack such as this?

Do you need step by step instructions?

Yes
IDCToken
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
April 04, 2018, 08:54:14 PM
 #108

Can confirm it is still exploitable, will not abuse it futher myself but fix this problem immediately I'll give Verge some hours to solve this otherwise I'll make this public and another unpatchable problem.
ico_fond
Newbie
*
Offline Offline

Activity: 21
Merit: 0


View Profile
April 04, 2018, 08:54:44 PM
 #109

So if I transfer XVG from exchange to my wallet there's the risk that my coins will be lost due hardfork?

ChekaZ
Legendary
*
Offline Offline

Activity: 1852
Merit: 1005



View Profile
April 04, 2018, 08:59:41 PM
 #110

Github XVG:

"justinvforvendetta replied 2 hours ago
i'm glad this happened now. it's got us working on a whole new method for block and transaction verification =]"

Yeah, maybe work on a new verification method for blocks if he dev doesnt even know that nMaxClockDrift is in seconds..

static const int64 nMaxClockDrift = 2 * 15;        // fifteen minutes


BTC: 1Ges1taJ69W7eEMbQLcmNGnUZenBkCnn45
FTC: 6sxjM96KMZ7t4AmDTUKDZdq82Nj931VQvY
bitcoinwallet1972
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
April 04, 2018, 09:00:28 PM
 #111

i,m just a little seed and dont have any tech skills,verge is really a sollid part of my portfolio.
i have a question if the buck stops @ block  2007365 and will stop syncing there and not progress any further.
then the blockchain will stop and payments will stop with it so wouldend there be a lot of spam in the telegram and discord from people who are not getting there transactions thrue?
i hope i can get a anwser to my question because FUD is the right statement of my state of being right now and asking these questions in discord or telegram is like putting your head in a sling right about now.... Cry
i just want to protect my investment and really believe in what verge represents but my $$$ are more important

greetings from a little seedling  Roll Eyes
OiMonetka
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
April 04, 2018, 09:00:58 PM
 #112

U can't fix it through time... Why wouldn't u fix it through the prefix of current readable algorythm? I don't know how hard is it to realise, but (1) u may call each reachable algorythm with the new block with the prefix. Like for the SHA-256 - 00A-, DH - 00B-, Crypt - 00C-, NightCrypt - 01N-, Keccak - 01K-, Lyra - 012-,  X11 - 00D-, X15 - 01D-, Blake - 01B-, Quibit - 00Q-, Quark - 01Q-... etc
(2) Randomise it. (3) Implement Not-in-a-row accessable algorythm. Done. Too hard? - skip (1)
boxalex
Member
**
Offline Offline

Activity: 420
Merit: 13


View Profile
April 04, 2018, 09:01:44 PM
 #113

Great post ocminer, thanks for this valuable information

Totally agree. ocminer should get rewarded with some bigger amount of XVG from Verge for showing them a lot of their problems.
GJ ocminer. Rarely seen such informative and excelent described problems on a forum. Hope you keep up the good work.
IDCToken
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
April 04, 2018, 09:03:14 PM
 #114

Hey Verge Team,
get some real developers and fix your code.
We have found another 2 exploits which can make quick hashes aswell.

The (soon) Bits Team.
phm87
Full Member
***
Offline Offline

Activity: 174
Merit: 101

Mining pool operator @ https://www.unimining.net


View Profile WWW
April 04, 2018, 09:05:15 PM
 #115

nice a new version of the famed timewarp attack.. very interesting.

yep.. we pushed a quick fix and most pools have already updated.. we're already working on a whole new block verification process.

we're kinda glad this happened and that it wasn't as bad as it could have been.


Hmm, you guys are aware that the "fix" you pushed actually IS a hardfork ? So your blockchain snapshot is not valid anymore, the wallet's won't sync up from scratch anymore and the current chain is simply not usable anymore with that new "fix" ?

Your change simply disagrees with the attackers blocks, the first block I see from the attacker was 2007365 - so the wallets will stop syncing there and simply not progress any further.

I remember your first forking dramas when trying to fork into Tor which failed 2 times IIRC.

You should immediately refrain from that "fix" and set a proper fork-height (at least 48h) and the chain up until the fork block MUST accept blocks with the old timestamps and blocks after that fork block then only with the new timestamp.




bumping this for awareness

Thank you ocminer, I hope that dev coin team will fix this problem and warn pools in a timely manner if a fork should be done. i'd be happy that we revert the coins mined by the attacker.


From what I know they won't roll back and just move on.. However, they still must do the hardfork in a proper way

I'd prefer that XVG coin dev team decide to roll back to cancel the coins mined during the hack, it is better I think.


What do you think guys ?

⚠️🚀 https://www.unimining.net 🚀⚠️ Low fee, multi algo pool | 2 hr payout | No registration required. ⚠️🚀 https://www.unimining.net 🚀⚠️
SacredRonin
Newbie
*
Offline Offline

Activity: 171
Merit: 0


View Profile
April 04, 2018, 09:07:33 PM
 #116

@OP

As an avid Verge supporter I'm actually glad you did what you did. Thanks for helping.

Don't listen to the radicals on both sides.

Seems the issue is fixed, let's all move on and be happy this happened now and not later.

Finally! A VALID response from VergeFam! Thanks Ragnarok for posting something of value!
OneNattyLitecoin
Sr. Member
****
Offline Offline

Activity: 353
Merit: 335

If you don’t believe, why are you here?


View Profile
April 04, 2018, 09:18:57 PM
 #117

nice a new version of the famed timewarp attack.. very interesting.

yep.. we pushed a quick fix and most pools have already updated.. we're already working on a whole new block verification process.

we're kinda glad this happened and that it wasn't as bad as it could have been.


Hmm, you guys are aware that the "fix" you pushed actually IS a hardfork ? So your blockchain snapshot is not valid anymore, the wallet's won't sync up from scratch anymore and the current chain is simply not usable anymore with that new "fix" ?

Your change simply disagrees with the attackers blocks, the first block I see from the attacker was 2007365 - so the wallets will stop syncing there and simply not progress any further.

I remember your first forking dramas when trying to fork into Tor which failed 2 times IIRC.

You should immediately refrain from that "fix" and set a proper fork-height (at least 48h) and the chain up until the fork block MUST accept blocks with the old timestamps and blocks after that fork block then only with the new timestamp.




bumping this for awareness

Thank you ocminer, I hope that dev coin team will fix this problem and warn pools in a timely manner if a fork should be done. i'd be happy that we revert the coins mined by the attacker.


From what I know they won't roll back and just move on.. However, they still must do the hardfork in a proper way

I'd prefer that XVG coin dev team decide to roll back to cancel the coins mined during the hack, it is better I think.


What do you think guys ?

A rollback?

XVG will be judged accordingly.

WWG1WGA
Dogedarkdev
Legendary
*
Offline Offline

Activity: 1428
Merit: 1005


$XVG - The Standard in Privacy Based Crypto


View Profile WWW
April 04, 2018, 09:33:16 PM
 #118

we are not doing a rollback and we are preparing a fork to patch this up.

_///// [XVG] ★★★★★WE ARE ON  THE VERGE ★★★★★ [MULTI-ALGO] /////_
_///// TOR // I2P // LINUX . WINDOWS . MAC . ANDROID . ELECTRUM . WEBWALLET . GITHUB // WEBSITE // RADIO // IRC /////_
bitcoinwallet1972
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
April 04, 2018, 09:36:25 PM
 #119

sorry tryd to make a quote from my last post.... but made a qoute from some one else here

i just made a paymen from Binance : Completed XVG9.9 2018-04-04 23:20:54 Address:   DLv25ww5CipJngsKMYemBTBWH14CUpucxX

to the verge fundraise adress : 4th Apr 2018 23:23:52   d9480b0f0b95bb5ec8a066d93b54fcd8b97c7b7c0ee83effe4ad95b80f004a83   + 9.90000000

so i think my investment is safe for now,i was really hoping to get a fair reaction from one of you Huh

thanks anyway for making a contribution in making the verge blockchain more reliable

good luck and happy trading(mining) to you
aciddude
Member
**
Offline Offline

Activity: 175
Merit: 26


View Profile WWW
April 04, 2018, 09:39:03 PM
 #120

nice a new version of the famed timewarp attack.. very interesting.

yep.. we pushed a quick fix and most pools have already updated.. we're already working on a whole new block verification process.

we're kinda glad this happened and that it wasn't as bad as it could have been.


Hmm, you guys are aware that the "fix" you pushed actually IS a hardfork ? So your blockchain snapshot is not valid anymore, the wallet's won't sync up from scratch anymore and the current chain is simply not usable anymore with that new "fix" ?

Your change simply disagrees with the attackers blocks, the first block I see from the attacker was 2007365 - so the wallets will stop syncing there and simply not progress any further.

I remember your first forking dramas when trying to fork into Tor which failed 2 times IIRC.

You should immediately refrain from that "fix" and set a proper fork-height (at least 48h) and the chain up until the fork block MUST accept blocks with the old timestamps and blocks after that fork block then only with the new timestamp.




bumping this for awareness

how can we verify the hardfork ?

just download an updated wallet which includes the "fix" - then download the blockchain snapshot and try to sync up to the latest block...it will get stuck at 2007364

Confirmed.    client stalls at block 2007364


FTC API + Block Explorer https://fsight.chain.tips
Pages: « 1 2 3 4 5 [6] 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 ... 88 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!