Bitcoin Forum
November 06, 2024, 03:44:00 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 [19] 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 ... 88 »
  Print  
Author Topic: Network Attack on XVG / VERGE  (Read 29508 times)
Gaglam
Sr. Member
****
Offline Offline

Activity: 390
Merit: 250


View Profile
April 05, 2018, 02:36:47 PM
 #361

XVG got in the show:

https://twitter.com/ToneVays/status/981899076051451905

#Bitcoin Morning Brief w/ @jimmysong @giacomozucco & @LeahWald1 talkin @MagicalTux's @MtGox AMA, $VRG #Verge showing us the future of all #Shitcoins, #Ripple attempts to bribe exchanges to list useless $XRP securities & @foxconnoficial making Crypto phones  Grin
ACP
Hero Member
*****
Offline Offline

Activity: 612
Merit: 520



View Profile
April 05, 2018, 02:37:51 PM
 #362

look 1st post: "...

EDIT: On 05. April the attacker started again and mined about 12k blocks again:

I skimmed the logs and saw the attacker started the new attack at around block 2014060 and stopped just now at block 2026196

..

12k blocks this time Lets say 10k... so additional 10.000 + 1560 = 15.600.000
"


How can an attacker get 1% out of mining? This attack must have taken much longer than a few hours like people were saying yesterday.

I'm quoting @OCminer  from a previous post

https://bitcointalk.org/index.php?topic=3256693.msg33956498#msg33956498


The attack started on block  2007365 and ended on block 2010039 = 2674 blocks, okay lets say 2500 blocks...

One Block makes about 1560 coins, so you have 2500 * 1560 = 3,900,000  "extra" coins generated (at least!) ....


-
This means the attack lasted for enough time to allow 3.9 Million XVG to be created illegally.

That's 32.72 BTC at current prices   or  $223,902  USD



Ha I just saw that as I went back to check the mined addresses.


We are now looking at a total of  ~ 3.9 Million + 15.6 Million


~19,500,000   XVG have been created illegally



Equals to 166.725 BTC or around  $1,147,034.43 USD

Not illigal
Expensive bug bounty
aciddude
Member
**
Offline Offline

Activity: 179
Merit: 27


View Profile WWW
April 05, 2018, 02:41:05 PM
 #363

Not illigal
Expensive bug bounty


illegal *


And if there's a bug in the code that allows hackers/thieves  the ability to go against the consensus rules of the chain, that would be considered illegal creation of coins as they did not follow the rules laid out in the code.

FTC API + Block Explorer https://fsight.chain.tips
CA_TD_investor
Newbie
*
Offline Offline

Activity: 41
Merit: 0


View Profile
April 05, 2018, 02:44:20 PM
 #364

i love seeing so many people who aren't even involved in verge talking about it though ;]

When you're a public figure, people will talk.  
When you make boneheaded mistakes in your code AND deny/don't fix it and leave the community hanging after they just put together 75M xvg for your island??   People will talk.  
Oh and I just watched your announcement video... what a joke.   Thanks for offering the market space zero credibility.

How do you know who is involved and who isn't?   Do you have a list of wallets and forum ids?   Are you going off what people say on forums?    
Because you know... people lie.  

I mean you told the community this was fixed yesterday.
  
Just stop trying to make yourself look better, we don't give a shit about your ego.  Fix this coin which has nearly A BILLION DOLLARS OF PEOPLES MONEY in it.
ACP
Hero Member
*****
Offline Offline

Activity: 612
Merit: 520



View Profile
April 05, 2018, 02:52:10 PM
 #365

Not illegal
Expensive bug bounty


illegal *


And if there's a bug in the code that allows hackers/thieves  the ability to go against the consensus rules of the chain, that would be considered illegal creation of coins as they did not follow the rules laid out in the code.
Yeah what would top off the show is if the exploited "coins" got sent to a burn address.
It's better that this was seen sooner than later or slowly over a long period without such noise may have done more damage or could have already been doing damage for awhile.
Patuba
Newbie
*
Offline Offline

Activity: 63
Merit: 0


View Profile
April 05, 2018, 03:02:28 PM
 #366

is this safe to mine again? seeing its back up on yiimp pool

I would say no. I have been mining on the yiimp pool for over an hour and have 0 confirmed blocks.
CryptoYeff
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
April 05, 2018, 03:04:26 PM
 #367

is this safe to mine again? seeing its back up on yiimp pool

I would say no. I have been mining on the yiimp pool for over an hour and have 0 confirmed blocks.

You need to wait until you have 140 confirmations; which you don't have yet-- that's why you haven't been paid.
ocminer (OP)
Legendary
*
Offline Offline

Activity: 2688
Merit: 1240



View Profile WWW
April 05, 2018, 03:05:46 PM
Merited by Coiner_ (1), Marbella_Broker (1)
 #368

Okay guys, as the shit keep hitting the fan harder and harder here I need to take a few steps to actually end that drama for me:

Suprnova will not reopen any of it's XVG/Verge pools for mining whatsoever. You can mine it freely on any different pool if you like. Withdrawals are possible of course.

The background is that the "fix" promoted by the devs simply won't fix the problem. It will just make the timeframe smaller in which the blocks can be mined / spoofed and the attack
will still work, just be a bit slower.

Also the over 20 Million XVG which were instamined by the attacker won't be blacklisted, reverted, filtered or rolled-back in anyway according to the verge-dev, so in my opinion you all (the miners and investors) got betrayed about that 20 M coins .. For some it might be only a few coins, for some it might be a lot.. For some this might all be drama for them, I see you there of course..

Just to clarify a few last things:

1. The fix won't fix it. The problem is not alone the drifttime, but also the algo variance. You have to make sure that not X blocks get mined on one algo.
    Myriad and digibyte had the same issues - they fixed it.

    Here's a possible fix for the issues: https://github.com/digibyte/digibyte/pull/15

    Please DON'T just merge the code like you see it in that commit, you need to actually find the right places in your code and merge it. It's a slightly different codebase, so it won't work
    with just copy & paste, you actually have to understand and rewrite it to fit to your needs.


2. It's possible to blacklist certain addresses within the blockchain. So if you know on which addresses hacked funds reside, you can simply "blacklist" them directly in the codebase of the coin.
    For example you know that the attacker has used address "123abc123acb123abc" as the root for his hacked funds. You can now - at anytime - update your wallet code and just say
    "orphan all transactions with the root address "123abc123acb123abc". So even if the hacker moves the funds NOW or in one year, it won't happen as you've blacklisted the originating address.
    This was done previously also, not on myriad but on another coin - I can also find that commit for you.


3. I was getting blamed for "judging" too early and posting this info publicly on bitcointalk. I've mixed feelings about this.. Yes, I could have spoken silently to the devs at first and tell them "hey,
    something weird is going on on your blockchain" - however in the same time my miners were asking why the pool wasn't finding blocks and I already saw the first tweets about "skimming" and    
    stuff.. So.. What to do ? Keep the info about the hacker silent with the devs and wait 3-4 days for a (non-working) fix and get my reputation killed totally or just go for a public post about it
    and shutdown the pools ? I know, it's a difficult decision and my decision might have been wrong, but hey, I'm neither the attacker nor am I the guy responsible for the coin..  Also I was a bit
    astonished that I was actually the first to report the problem.. I was expecting devs watch their coin closely and come up with fixes upfront.. or at least know about what happend.

    In my opinion the optimal handling for this problem probably would have been something like this:

   1. Contact pools and exchanges to shutdown mining and trading
   1a. Tweet/Inform miners about the problem and tell them it's been worked on but takes it's time.
   2. Talk about possible problems and mitigation practices with devs/exchanges and pools.. Create a "conference room" for this for example and invite all necessary people there.
   3. Find a resolution, roll back the chain or at least filter the malicious coins (as someone as a (big) advantage here which he shouldn't, or?? So some others have a big disadvantage, or not ?)
   4. Go back online with the resolution and back to mining.



Least but not last here's a chatlog from a few moments ago, sorry for posting the drama but I just can't let it stand like it is at the moment.. If you don't want to read drama, just skip the part:
And yes, I might be a bit upset there as well, sorry, next time I'll be more precise and "nice" Smiley


...
[16:08:43]  <vergeDEV>   yes i put it in both branches
[16:10:11]    ed__ (319465d0@gateway/web/freenode/ip) joined the channel
[16:12:43]  <ocminer>   hmm no filtering/rollback of the attackers coins ?
[16:12:55]  <ocminer>   thats over 20 mills for him...
[16:13:08]  <vergeDEV>   we dont do rollbacks.
[16:13:16]  <vergeDEV>   we roll forward
[16:13:17]  <@Epsylon3>   i imagine the mess :p
[16:13:31]  <@Epsylon3>   the only this you can do is tracking the coins
[16:13:38]  <vergeDEV>   ocminer, would have been great if you contacted someone from our team. by you putting this on bitcointalk, you invited a ton of other people to attack as well.
[16:13:39]  <@Epsylon3>   talking with exchanges
[16:14:01]  <vergeDEV>   also your quote The vergeDEV @ Discord says "everything is okay - there's nothing to fix"..
[16:14:03]  <vergeDEV>   thats bullshit.
[16:14:05]  <vergeDEV>   i never said that
[16:14:15]  <vergeDEV>   why are you quoting me saying something i never said?
[16:14:18]  <ocminer>   -.-
[16:14:25]  <vergeDEV>   i already talked to bittrex and binance, theyre updated
[16:14:55]  <ocminer>   you just don't understand what this is all about
[16:16:02]  <vergeDEV>   how so?
[16:16:14]  <vergeDEV>   i do understand. we are having blocks injected with spoofed timestamps.
[16:16:20]  <@Epsylon3>   what the amount mined per day ?
[16:16:22]  <@Epsylon3>   is*
[16:16:24]  <vergeDEV>   and i never said "everything is okay - there's nothing to fix"
[16:16:46]  <@Epsylon3>   i need to add a script command for that :p
[16:16:54]  <ocminer>   also your commit won't fix it
[16:16:57]  <ocminer>   but ..
[16:17:12]  <ocminer>   go ahead and "move forward"
[16:17:14]  <vergeDEV>   ~4mill/day
[16:17:17]  <@Epsylon3>   XVG: current block_time set in the db 0mn35 (35 sec)
[16:17:18]  <@Epsylon3>   XVG: avg time for the last 2048 blocks = 0mn13 (13 sec)
[16:17:18]  <@Epsylon3>   XVG: avg time for the last 1024 blocks = 0mn31 (31 sec)
[16:17:35]  <@Epsylon3>   my script dont go so far :p
[16:17:51]  <ocminer>   12000 * 1560 = 18.7 mills already
[16:17:53]  <@Epsylon3>   XVG need 20x that :p
[16:18:30]  <vergeDEV>   yeah it wasnt that bad until ocminer posted it on bitcointalk, and then everyone and their mother joined in.
[16:18:51]  <vergeDEV>   and also misquoted me completely
[16:19:00]  <ocminer>   lol, now you're blaming me for an attack on your blockchain ? srsly ? Smiley
[16:19:07]  <vergeDEV>   did i blame you?
[16:19:09]  <@Epsylon3>   2026860 now... 2000000 was 2018-04-01 17:39:37
[16:19:11]  <vergeDEV>   i said the attack wasnt as bad
[16:19:14]  <ocminer>   [16:18:30]  <vergeDEV>    yeah it wasnt that bad until ocminer posted it on bitcointalk, and then everyone and their mother joined in.
[16:19:15]  <vergeDEV>   it was worse after
[16:19:20]  <@Epsylon3>   3 days..
[16:19:25]  <@Epsylon3>   4
[16:19:27]  <vergeDEV>   yes that is correct. congrats, you got a quote correct
[16:20:03]  <@Epsylon3>   so yep, maybe not 12000 blocks
[16:20:14]  <@Epsylon3>   i may create a script to check :p
[16:20:49]  <@Epsylon3>   Height:    2010000
[16:20:49]  <@Epsylon3>   Time:    2018-04-04 14:22:01
[16:21:03]  <@Epsylon3>   after first hack so
[16:21:31]  <@Epsylon3>   will do the script, i like right numbers
[16:26:22]  <ocminer>   listen.. kid... you have a absolutely trashy shitcoin pumped in heaven through that tweet from john mcafee back in that day.. you probably made a lof of money by that idiot tweeting xvg to the moon.. you should have used the chance and invested some of that money and invest it into a decent dev team, as seriously, and everyone knows that, you have not the slightest idea of coding whatsoever... If you've had done that, you could have patched your
[16:26:22]  <ocminer>    super-old codebase already to a super-recent codebase like myriad or digibyte and wallets would't have memory leaks all over, wouldn't take >30 mins until they startup and also those two drama's with the earlier tor hardforks wouldn't have happen. I'm not the guy who "keeps bullshit silent" - when I see something is happening, I report it - immediately and from my POV your users/miners have been betrayed by over 20 M coins which were injected
[16:26:22]  <ocminer>    maliciously into the blockchain... This is not a kiddo script hack and my post didn't change anyhting but just revealing what is happening at the moment (as you didn't notice yourself until I came into your hostile discord) and it's not a bad thing to post that publicly. You know see me as your enemy or whatever - I don't care, if you want to continue with your coin, go ahead, surely without me, but this should be your utmost last warning - think
[16:26:22]  <ocminer>    about yourself, think about how you make decisions and maybe come down a bit from your emperor throne and get help from professionals if you can't handle it alone... You'll see what happens after your HF - nothing, guaranteed, because you don't fix the root cause of this.
[16:26:27]    vergeDEV (~sunerok@unaffiliated/sunerok) left IRC (Ping timeout: 240 seconds)
[16:26:50]  <ocminer>   And Epsylon3 ... you
[16:27:04]  <@Epsylon3>   i slept
[16:27:09]  <@Epsylon3>   :p
[16:27:22]  <phm87>   Hi, sorry I come back late
[16:27:23]  <ocminer>   're not much better than him.. only looking for the profits here.. .your miners also lost a lof of coins during the network was stalled and the 15k blocks mined...
[16:27:34]  <phm87>   I am running unimining where there is XVG
[16:27:36]  <@Epsylon3>   you are wrong
[16:27:38]  <phm87>   (on blake2s)
[16:27:39]  <ocminer>   if you'd be honest, you'd shutdown the pool and let him fix his shit up
[16:27:41]  <@Epsylon3>   i stopped the pool the whole day
[16:28:02]  <@Epsylon3>   and answered everyone why
[16:28:08]  <ocminer>   it's up and running already, without any fix for the malicious coins
[16:28:10]  <@Epsylon3>   lot of spam
[16:28:16]  <@Epsylon3>   took the whole day
[16:28:37]  <@Epsylon3>   i pasted the fix i made this morning
[16:28:38]  <phm87>   sorry I will read what you said few minutes ago, I am late but I'll shut the pool if coin dev say so then I can explain to my miners that I follow coin dev orders
[16:28:52]  <phm87>   when a coin explodes randomly and coin dev don't care then I delist it
[16:28:58]  <@Epsylon3>   which is the commit, with proper knowledge and amount of seconds
[16:29:04]  <phm87>   but XVG risk is high for Uni so I may delist it
[16:29:07]  <ocminer>   that fix from him is just bullshit, it changes nothing, just the timespan of which they do the attacks.. .they will be slowed down a bit, but that's all

....



This will be my last dealing with XVG. I don't like to get cheated and blamed. As a miner myself I care for what I mine and I care for others as well - you can take it or leave it.

Rest assured there will be lots of pools you can still mine on, no problem at all will occur.


Also Congratulations to the Hacker - you've chosen the right coin for your hack (which was invented in 2014 btw:)) - don't buy too many Lambos with your > 20M Verge... so what.. About 1 Million $ now ?




suprnova pools - reliable mining pools - #suprnova on freenet
https://www.suprnova.cc - FOLLOW us @ Twitter ! twitter.com/SuprnovaPools
Patuba
Newbie
*
Offline Offline

Activity: 63
Merit: 0


View Profile
April 05, 2018, 03:06:32 PM
 #369

is this safe to mine again? seeing its back up on yiimp pool

I would say no. I have been mining on the yiimp pool for over an hour and have 0 confirmed blocks.

You need to wait until you have 140 confirmations; which you don't have yet-- that's why you haven't been paid.

It has usually been pretty fast in the past. That's why I assumed it wasn't good yet. I've looked at the oldest one and it's up to 119 confirmations so I'll know in a little bit if it's good.
banjo22
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
April 05, 2018, 03:06:49 PM
 #370

Not illigal
Expensive bug bounty


illegal *


And if there's a bug in the code that allows hackers/thieves  the ability to go against the consensus rules of the chain, that would be considered illegal creation of coins as they did not follow the rules laid out in the code.

They are neither hackers nor thieves, nor was the creation of coins illegal, in fact it was done with accordance to the consensus rules of the chain, otherwise it would be impossible to do.
You can't have decentralized pros without its cons.
aciddude
Member
**
Offline Offline

Activity: 179
Merit: 27


View Profile WWW
April 05, 2018, 03:12:44 PM
 #371

Not illigal
Expensive bug bounty


illegal *


And if there's a bug in the code that allows hackers/thieves  the ability to go against the consensus rules of the chain, that would be considered illegal creation of coins as they did not follow the rules laid out in the code.

They are neither hackers nor thieves, nor was the creation of coins illegal, in fact it was done with accordance to the consensus rules of the chain, otherwise it would be impossible to do.
You can't have decentralized pros without its cons.


This is so so so wrong...

Can you please link to the line of code which says blocks can be instamined or created in <1 second  as per the "consensus rules"


FTC API + Block Explorer https://fsight.chain.tips
enkayz
Full Member
***
Offline Offline

Activity: 298
Merit: 100

hashbag.cc


View Profile WWW
April 05, 2018, 03:14:08 PM
 #372

You think it'd be surprising that even whilst there is millions of XVG coins being instamined, XVG continues to go up in price. But it's not really.. most of the value in XVG doesn't even exist in the coin itself. People who are trading and making this market happen really don't care about XVG. They just care about XVG's value versus it's trading pairs. And as long as the volume continues to go through the roof, the technical troubles of the coin don't even matter.

Hell, if someone sold 15M XVG right now at market price it would drop the price from 850 satoshi to 775 satoshi which wouldn't even drop it past the 24hr low. Most of the time if you had a shitload of easily mined coins you couldn't just dump them all at market price, but in this case hey no worries.

Technical development stuff of a coin basically doesn't matter. It doesn't matter how good your development is, or what features your crypto has, what matters is that someone wants to trade it. Coins like DNR are really showing this right now; taking a constant downtrend vs BTC whilst constantly releasing new updates & functionality - e.g. recently release masternodes, 50% of the total supply is locked in masternodes yet the BTC price is down 50% from the price at MN release, how does that work? They don't have a giant marketing machine driving hype so nobody wants to trade it.

XVG development team might have no clue what they're doing, but their marketing department (which is at this point basically provided by interested holders I'm guessing) is on it. Wraith protocol? Huge pump - what was wraith protocol technically? Stealth addressing code lifted directly from shadowcoin source. Loads of coins have this exact feature and it's just called stealth addressing. Does it matter that wraith protocol isn't actually protocol? Hell no, it sounded cool so people wanted to buy it, so the price went up. Honesty and transparency is basically useless in this market right now, if you're upfront and just want your coin functionality to do the talking, you're not gonna go anywhere, which is a shame.

Anyway, this attack will continue until the new chain parameters are implemented across the majority of nodes in the network - that is, this will require a hard fork to a new chain with new parameters. And that cannot happen one node at a time, it must happen at a specific point (usually a block height) and all nodes need to be running the new code at this point; at which time the network will 'cleanly' hard fork to the new code. It's also possible to implement some invalidation of the coins generated in this hack however that generally should be done specifically - and since the attack will still be available up until this fork and you need time to get everyone updated beforehand, it's not going to be easy done.

Updating thousands of nodes doesn't happen over night. However if you can ensure all the exchanges and pools are updated, then you basically force anyone using the old version to update since in order to send their XVG to an exchange they're gonna need the new version.

hashbag.cc - where do you put your hash? region based stratums available now: https://bitcointalk.org/index.php?topic=2044808.new
elcoblast
Full Member
***
Offline Offline

Activity: 390
Merit: 100



View Profile
April 05, 2018, 03:14:13 PM
 #373

As soon as I've posted this, the attacker stopped his pool .. now we need to rollback the last 13h of the chain or leave the attacker with 13h * 1 second blocks

But if @Devs don´t fix it, the attacker can start again anytime. Bad time for XVG is coming.  Cry

when the attacker stopped attacking the on verge blockchain, they can start attack again later, i have the same statement with VenMinet this is a bad time for Verge developer, this issue can make investor selling their Verge asset and make the market price going down.

CDEX-CROSS-CHAIN DECENTRALIZED EXCHANGE PLATFORM
luckydoky
Jr. Member
*
Offline Offline

Activity: 231
Merit: 1


View Profile
April 05, 2018, 03:23:19 PM
 #374

Thanks ocminer for letting us know what's actually going on & offering your help (only to get spat on...).

Genesisnetwork.io │ P2P Payment Ecosystem │ POW-MNs
Solution for businesses & e-commerce
Fair Launch │ Airdrops & Bounties
banjo22
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
April 05, 2018, 03:24:10 PM
 #375

Not illigal
Expensive bug bounty


illegal *


And if there's a bug in the code that allows hackers/thieves  the ability to go against the consensus rules of the chain, that would be considered illegal creation of coins as they did not follow the rules laid out in the code.

They are neither hackers nor thieves, nor was the creation of coins illegal, in fact it was done with accordance to the consensus rules of the chain, otherwise it would be impossible to do.
You can't have decentralized pros without its cons.


This is so so so wrong...

Can you please link to the line of code which says blocks can be instamined or created in <1 second  as per the "consensus rules"



Code is all that matters, if it's possible to do it is implied that it's within the rules, this is a non argument.
aciddude
Member
**
Offline Offline

Activity: 179
Merit: 27


View Profile WWW
April 05, 2018, 03:25:26 PM
 #376

Not illigal
Expensive bug bounty


illegal *


And if there's a bug in the code that allows hackers/thieves  the ability to go against the consensus rules of the chain, that would be considered illegal creation of coins as they did not follow the rules laid out in the code.

They are neither hackers nor thieves, nor was the creation of coins illegal, in fact it was done with accordance to the consensus rules of the chain, otherwise it would be impossible to do.
You can't have decentralized pros without its cons.


This is so so so wrong...

Can you please link to the line of code which says blocks can be instamined or created in <1 second  as per the "consensus rules"



Code is all that matters, if it's possible to do it is implied that it's within the rules, this is a non argument.


You don't understand blockchains or code

FTC API + Block Explorer https://fsight.chain.tips
noicyminer
Newbie
*
Offline Offline

Activity: 13
Merit: 0


View Profile
April 05, 2018, 03:31:06 PM
 #377

Full support and respect for ocminer. You did what you had. Over vise it was open gate for illegal mining.

Looks like ocminr have much more knowledge in this meter compare to dev...sad they are so arrogant and don't see point.
banjo22
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
April 05, 2018, 03:31:57 PM
 #378

Not illigal
Expensive bug bounty


illegal *


And if there's a bug in the code that allows hackers/thieves  the ability to go against the consensus rules of the chain, that would be considered illegal creation of coins as they did not follow the rules laid out in the code.

They are neither hackers nor thieves, nor was the creation of coins illegal, in fact it was done with accordance to the consensus rules of the chain, otherwise it would be impossible to do.
You can't have decentralized pros without its cons.


This is so so so wrong...

Can you please link to the line of code which says blocks can be instamined or created in <1 second  as per the "consensus rules"



Code is all that matters, if it's possible to do it is implied that it's within the rules, this is a non argument.


You don't understand blockchains or code

Alright, next thing you will say is that 51%'ing bitcoin would be illegal or that it would be hacking, stay ignorant.
hegemon1
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
April 05, 2018, 03:33:02 PM
 #379

Okay guys, as the shit keep hitting the fan harder and harder here I need to take a few steps to actually end that drama for me:

Suprnova will not reopen any of it's XVG/Verge pools for mining whatsoever. You can mine it freely on any different pool if you like. Withdrawals are possible of course.

The background is that the "fix" promoted by the devs simply won't fix the problem. It will just make the timeframe smaller in which the blocks can be mined / spoofed and the attack
will still work, just be a bit slower.

Also the over 20 Million XVG which were instamined by the attacker won't be blacklisted, reverted, filtered or rolled-back in anyway according to the verge-dev, so in my opinion you all (the miners and investors) got betrayed about that 20 M coins .. For some it might be only a few coins, for some it might be a lot.. For some this might all be drama for them, I see you there of course..

Just to clarify a few last things:

1. The fix won't fix it. The problem is not alone the drifttime, but also the algo variance. You have to make sure that not X blocks get mined on one algo.
    Myriad and digibyte had the same issues - they fixed it.

    Here's a possible fix for the issues: https://github.com/digibyte/digibyte/pull/15

    Please DON'T just merge the code like you see it in that commit, you need to actually find the right places in your code and merge it. It's a slightly different codebase, so it won't work
    with just copy & paste, you actually have to understand and rewrite it to fit to your needs.


2. It's possible to blacklist certain addresses within the blockchain. So if you know on which addresses hacked funds reside, you can simply "blacklist" them directly in the codebase of the coin.
    For example you know that the attacker has used address "123abc123acb123abc" as the root for his hacked funds. You can now - at anytime - update your wallet code and just say
    "orphan all transactions with the root address "123abc123acb123abc". So even if the hacker moves the funds NOW or in one year, it won't happen as you've blacklisted the originating address.
    This was done previously also, not on myriad but on another coin - I can also find that commit for you.


3. I was getting blamed for "judging" too early and posting this info publicly on bitcointalk. I've mixed feelings about this.. Yes, I could have spoken silently to the devs at first and tell them "hey,
    something weird is going on on your blockchain" - however in the same time my miners were asking why the pool wasn't finding blocks and I already saw the first tweets about "skimming" and    
    stuff.. So.. What to do ? Keep the info about the hacker silent with the devs and wait 3-4 days for a (non-working) fix and get my reputation killed totally or just go for a public post about it
    and shutdown the pools ? I know, it's a difficult decision and my decision might have been wrong, but hey, I'm neither the attacker nor am I the guy responsible for the coin..  Also I was a bit
    astonished that I was actually the first to report the problem.. I was expecting devs watch their coin closely and come up with fixes upfront.. or at least know about what happend.

    In my opinion the optimal handling for this problem probably would have been something like this:

   1. Contact pools and exchanges to shutdown mining and trading
   1a. Tweet/Inform miners about the problem and tell them it's been worked on but takes it's time.
   2. Talk about possible problems and mitigation practices with devs/exchanges and pools.. Create a "conference room" for this for example and invite all necessary people there.
   3. Find a resolution, roll back the chain or at least filter the malicious coins (as someone as a (big) advantage here which he shouldn't, or?? So some others have a big disadvantage, or not ?)
   4. Go back online with the resolution and back to mining.



Least but not last here's a chatlog from a few moments ago, sorry for posting the drama but I just can't let it stand like it is at the moment.. If you don't want to read drama, just skip the part:
And yes, I might be a bit upset there as well, sorry, next time I'll be more precise and "nice" Smiley


...
[16:08:43]  <vergeDEV>   yes i put it in both branches
[16:10:11]    ed__ (319465d0@gateway/web/freenode/ip) joined the channel
[16:12:43]  <ocminer>   hmm no filtering/rollback of the attackers coins ?
[16:12:55]  <ocminer>   thats over 20 mills for him...
[16:13:08]  <vergeDEV>   we dont do rollbacks.
[16:13:16]  <vergeDEV>   we roll forward
[16:13:17]  <@Epsylon3>   i imagine the mess :p
[16:13:31]  <@Epsylon3>   the only this you can do is tracking the coins
[16:13:38]  <vergeDEV>   ocminer, would have been great if you contacted someone from our team. by you putting this on bitcointalk, you invited a ton of other people to attack as well.
[16:13:39]  <@Epsylon3>   talking with exchanges
[16:14:01]  <vergeDEV>   also your quote The vergeDEV @ Discord says "everything is okay - there's nothing to fix"..
[16:14:03]  <vergeDEV>   thats bullshit.
[16:14:05]  <vergeDEV>   i never said that
[16:14:15]  <vergeDEV>   why are you quoting me saying something i never said?
[16:14:18]  <ocminer>   -.-
[16:14:25]  <vergeDEV>   i already talked to bittrex and binance, theyre updated
[16:14:55]  <ocminer>   you just don't understand what this is all about
[16:16:02]  <vergeDEV>   how so?
[16:16:14]  <vergeDEV>   i do understand. we are having blocks injected with spoofed timestamps.
[16:16:20]  <@Epsylon3>   what the amount mined per day ?
[16:16:22]  <@Epsylon3>   is*
[16:16:24]  <vergeDEV>   and i never said "everything is okay - there's nothing to fix"
[16:16:46]  <@Epsylon3>   i need to add a script command for that :p
[16:16:54]  <ocminer>   also your commit won't fix it
[16:16:57]  <ocminer>   but ..
[16:17:12]  <ocminer>   go ahead and "move forward"
[16:17:14]  <vergeDEV>   ~4mill/day
[16:17:17]  <@Epsylon3>   XVG: current block_time set in the db 0mn35 (35 sec)
[16:17:18]  <@Epsylon3>   XVG: avg time for the last 2048 blocks = 0mn13 (13 sec)
[16:17:18]  <@Epsylon3>   XVG: avg time for the last 1024 blocks = 0mn31 (31 sec)
[16:17:35]  <@Epsylon3>   my script dont go so far :p
[16:17:51]  <ocminer>   12000 * 1560 = 18.7 mills already
[16:17:53]  <@Epsylon3>   XVG need 20x that :p
[16:18:30]  <vergeDEV>   yeah it wasnt that bad until ocminer posted it on bitcointalk, and then everyone and their mother joined in.
[16:18:51]  <vergeDEV>   and also misquoted me completely
[16:19:00]  <ocminer>   lol, now you're blaming me for an attack on your blockchain ? srsly ? Smiley
[16:19:07]  <vergeDEV>   did i blame you?
[16:19:09]  <@Epsylon3>   2026860 now... 2000000 was 2018-04-01 17:39:37
[16:19:11]  <vergeDEV>   i said the attack wasnt as bad
[16:19:14]  <ocminer>   [16:18:30]  <vergeDEV>    yeah it wasnt that bad until ocminer posted it on bitcointalk, and then everyone and their mother joined in.
[16:19:15]  <vergeDEV>   it was worse after
[16:19:20]  <@Epsylon3>   3 days..
[16:19:25]  <@Epsylon3>   4
[16:19:27]  <vergeDEV>   yes that is correct. congrats, you got a quote correct
[16:20:03]  <@Epsylon3>   so yep, maybe not 12000 blocks
[16:20:14]  <@Epsylon3>   i may create a script to check :p
[16:20:49]  <@Epsylon3>   Height:    2010000
[16:20:49]  <@Epsylon3>   Time:    2018-04-04 14:22:01
[16:21:03]  <@Epsylon3>   after first hack so
[16:21:31]  <@Epsylon3>   will do the script, i like right numbers
[16:26:22]  <ocminer>   listen.. kid... you have a absolutely trashy shitcoin pumped in heaven through that tweet from john mcafee back in that day.. you probably made a lof of money by that idiot tweeting xvg to the moon.. you should have used the chance and invested some of that money and invest it into a decent dev team, as seriously, and everyone knows that, you have not the slightest idea of coding whatsoever... If you've had done that, you could have patched your
[16:26:22]  <ocminer>    super-old codebase already to a super-recent codebase like myriad or digibyte and wallets would't have memory leaks all over, wouldn't take >30 mins until they startup and also those two drama's with the earlier tor hardforks wouldn't have happen. I'm not the guy who "keeps bullshit silent" - when I see something is happening, I report it - immediately and from my POV your users/miners have been betrayed by over 20 M coins which were injected
[16:26:22]  <ocminer>    maliciously into the blockchain... This is not a kiddo script hack and my post didn't change anyhting but just revealing what is happening at the moment (as you didn't notice yourself until I came into your hostile discord) and it's not a bad thing to post that publicly. You know see me as your enemy or whatever - I don't care, if you want to continue with your coin, go ahead, surely without me, but this should be your utmost last warning - think
[16:26:22]  <ocminer>    about yourself, think about how you make decisions and maybe come down a bit from your emperor throne and get help from professionals if you can't handle it alone... You'll see what happens after your HF - nothing, guaranteed, because you don't fix the root cause of this.
[16:26:27]    vergeDEV (~sunerok@unaffiliated/sunerok) left IRC (Ping timeout: 240 seconds)
[16:26:50]  <ocminer>   And Epsylon3 ... you
[16:27:04]  <@Epsylon3>   i slept
[16:27:09]  <@Epsylon3>   :p
[16:27:22]  <phm87>   Hi, sorry I come back late
[16:27:23]  <ocminer>   're not much better than him.. only looking for the profits here.. .your miners also lost a lof of coins during the network was stalled and the 15k blocks mined...
[16:27:34]  <phm87>   I am running unimining where there is XVG
[16:27:36]  <@Epsylon3>   you are wrong
[16:27:38]  <phm87>   (on blake2s)
[16:27:39]  <ocminer>   if you'd be honest, you'd shutdown the pool and let him fix his shit up
[16:27:41]  <@Epsylon3>   i stopped the pool the whole day
[16:28:02]  <@Epsylon3>   and answered everyone why
[16:28:08]  <ocminer>   it's up and running already, without any fix for the malicious coins
[16:28:10]  <@Epsylon3>   lot of spam
[16:28:16]  <@Epsylon3>   took the whole day
[16:28:37]  <@Epsylon3>   i pasted the fix i made this morning
[16:28:38]  <phm87>   sorry I will read what you said few minutes ago, I am late but I'll shut the pool if coin dev say so then I can explain to my miners that I follow coin dev orders
[16:28:52]  <phm87>   when a coin explodes randomly and coin dev don't care then I delist it
[16:28:58]  <@Epsylon3>   which is the commit, with proper knowledge and amount of seconds
[16:29:04]  <phm87>   but XVG risk is high for Uni so I may delist it
[16:29:07]  <ocminer>   that fix from him is just bullshit, it changes nothing, just the timespan of which they do the attacks.. .they will be slowed down a bit, but that's all

....



This will be my last dealing with XVG. I don't like to get cheated and blamed. As a miner myself I care for what I mine and I care for others as well - you can take it or leave it.

Rest assured there will be lots of pools you can still mine on, no problem at all will occur.


Also Congratulations to the Hacker - you've chosen the right coin for your hack (which was invented in 2014 btw:)) - don't buy too many Lambos with your > 20M Verge... so what.. About 1 Million $ now ?





You did well. Sir Likealot...
karmakazi_dsm
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
April 05, 2018, 03:38:30 PM
 #380

Okay guys, as the shit keep hitting the fan harder and harder here I need to take a few steps to actually end that drama for me:

Suprnova will not reopen any of it's XVG/Verge pools for mining whatsoever. You can mine it freely on any different pool if you like. Withdrawals are possible of course.

....


This will be my last dealing with XVG. I don't like to get cheated and blamed. As a miner myself I care for what I mine and I care for others as well - you can take it or leave it.


I get why you're pissed off and I'm a total noob here, but I gotta say that I think they need you ocminer.

WE need people like you running the pools and keeping an eye on things for the rest of us. In this quickly evolving space we need a lot more than straight up profit-takers. We need people who give a shit about doing this thing right.

I hope you change your mind about XVG. I'd use your pool at double the fee exactly because you care about more than profits.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 [19] 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 ... 88 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!