Okay guys, as the shit keep hitting the fan harder and harder here I need to take a few steps to actually end that drama for me:
Suprnova will not reopen any of it's XVG/Verge pools for mining whatsoever. You can mine it freely on any different pool if you like. Withdrawals are possible of course.The background is that the "fix" promoted by the devs simply won't fix the problem. It will just make the timeframe smaller in which the blocks can be mined / spoofed and the attack
will still work, just be a bit slower.
Also the over 20 Million XVG which were instamined by the attacker won't be blacklisted, reverted, filtered or rolled-back in anyway according to the verge-dev, so in my opinion you all (the miners and investors) got betrayed about that 20 M coins .. For some it might be only a few coins, for some it might be a lot.. For some this might all be drama for them, I see you there of course..
Just to clarify a few last things:
1. The fix won't fix it. The problem is not alone the drifttime, but also the algo variance. You have to make sure that not X blocks get mined on one algo.
Myriad and digibyte had the same issues - they fixed it.
Here's a possible fix for the issues:
https://github.com/digibyte/digibyte/pull/15 Please DON'T just merge the code like you see it in that commit, you need to actually find the right places in your code and merge it. It's a slightly different codebase, so it won't work
with just copy & paste, you actually have to understand and rewrite it to fit to your needs.
2. It's possible to blacklist certain addresses within the blockchain. So if you know on which addresses hacked funds reside, you can simply "blacklist" them directly in the codebase of the coin.
For example you know that the attacker has used address "123abc123acb123abc" as the
root for his hacked funds. You can now - at anytime - update your wallet code and just say
"orphan all transactions with the root address "123abc123acb123abc". So even if the hacker moves the funds NOW or in one year, it won't happen as you've blacklisted the originating address.
This was done previously also, not on myriad but on another coin - I can also find that commit for you.
3. I was getting blamed for "judging" too early and posting this info publicly on bitcointalk. I've mixed feelings about this.. Yes, I could have spoken silently to the devs at first and tell them "hey,
something weird is going on on your blockchain" - however in the same time my miners were asking why the pool wasn't finding blocks and I already saw the first tweets about "skimming" and
stuff.. So.. What to do ? Keep the info about the hacker silent with the devs and wait 3-4 days for a (non-working) fix and get my reputation killed totally or just go for a public post about it
and shutdown the pools ? I know, it's a difficult decision and my decision might have been wrong, but hey, I'm neither the attacker nor am I the guy responsible for the coin.. Also I was a bit
astonished that I was actually the first to report the problem.. I was expecting devs watch their coin closely and come up with fixes upfront.. or at least know about what happend.
In my opinion the optimal handling for this problem probably would have been something like this:
1. Contact pools and exchanges to shutdown mining and trading
1a. Tweet/Inform miners about the problem and tell them it's been worked on but takes it's time.
2. Talk about possible problems and mitigation practices with devs/exchanges and pools.. Create a "conference room" for this for example and invite all necessary people there.
3. Find a resolution, roll back the chain or at least filter the malicious coins (as someone as a (big) advantage here which he shouldn't, or?? So some others have a big disadvantage, or not ?)
4. Go back online with the resolution and back to mining.
Least but not last here's a chatlog from a few moments ago, sorry for posting the drama but I just can't let it stand like it is at the moment.. If you don't want to read drama, just skip the part:
And yes, I might be a bit upset there as well, sorry, next time I'll be more precise and "nice"
...
[16:08:43] <vergeDEV> yes i put it in both branches
[16:10:11] ed__ (319465d0@gateway/web/freenode/ip) joined the channel
[16:12:43] <ocminer> hmm no filtering/rollback of the attackers coins ?
[16:12:55] <ocminer> thats over 20 mills for him...
[16:13:08] <vergeDEV> we dont do rollbacks.
[16:13:16] <vergeDEV> we roll forward
[16:13:17] <@Epsylon3> i imagine the mess :p
[16:13:31] <@Epsylon3> the only this you can do is tracking the coins
[16:13:38] <vergeDEV> ocminer, would have been great if you contacted someone from our team. by you putting this on bitcointalk, you invited a ton of other people to attack as well.
[16:13:39] <@Epsylon3> talking with exchanges
[16:14:01] <vergeDEV> also your quote The vergeDEV @ Discord says "everything is okay - there's nothing to fix"..
[16:14:03] <vergeDEV> thats bullshit.
[16:14:05] <vergeDEV> i never said that
[16:14:15] <vergeDEV> why are you quoting me saying something i never said?
[16:14:18] <ocminer> -.-
[16:14:25] <vergeDEV> i already talked to bittrex and binance, theyre updated
[16:14:55] <ocminer> you just don't understand what this is all about
[16:16:02] <vergeDEV> how so?
[16:16:14] <vergeDEV> i do understand. we are having blocks injected with spoofed timestamps.
[16:16:20] <@Epsylon3> what the amount mined per day ?
[16:16:22] <@Epsylon3> is*
[16:16:24] <vergeDEV> and i never said "everything is okay - there's nothing to fix"
[16:16:46] <@Epsylon3> i need to add a script command for that :p
[16:16:54] <ocminer> also your commit won't fix it
[16:16:57] <ocminer> but ..
[16:17:12] <ocminer> go ahead and "move forward"
[16:17:14] <vergeDEV> ~4mill/day
[16:17:17] <@Epsylon3> XVG: current block_time set in the db 0mn35 (35 sec)
[16:17:18] <@Epsylon3> XVG: avg time for the last 2048 blocks = 0mn13 (13 sec)
[16:17:18] <@Epsylon3> XVG: avg time for the last 1024 blocks = 0mn31 (31 sec)
[16:17:35] <@Epsylon3> my script dont go so far :p
[16:17:51] <ocminer> 12000 * 1560 = 18.7 mills already
[16:17:53] <@Epsylon3> XVG need 20x that :p
[16:18:30] <vergeDEV> yeah it wasnt that bad until ocminer posted it on bitcointalk, and then everyone and their mother joined in.
[16:18:51] <vergeDEV> and also misquoted me completely
[16:19:00] <ocminer> lol, now you're blaming me for an attack on your blockchain ? srsly ?
[16:19:07] <vergeDEV> did i blame you?
[16:19:09] <@Epsylon3> 2026860 now... 2000000 was 2018-04-01 17:39:37
[16:19:11] <vergeDEV> i said the attack wasnt as bad
[16:19:14] <ocminer> [16:18:30] <vergeDEV> yeah it wasnt that bad until ocminer posted it on bitcointalk, and then everyone and their mother joined in.
[16:19:15] <vergeDEV> it was worse after
[16:19:20] <@Epsylon3> 3 days..
[16:19:25] <@Epsylon3> 4
[16:19:27] <vergeDEV> yes that is correct. congrats, you got a quote correct
[16:20:03] <@Epsylon3> so yep, maybe not 12000 blocks
[16:20:14] <@Epsylon3> i may create a script to check :p
[16:20:49] <@Epsylon3> Height: 2010000
[16:20:49] <@Epsylon3> Time: 2018-04-04 14:22:01
[16:21:03] <@Epsylon3> after first hack so
[16:21:31] <@Epsylon3> will do the script, i like right numbers
[16:26:22] <ocminer> listen.. kid... you have a absolutely trashy shitcoin pumped in heaven through that tweet from john mcafee back in that day.. you probably made a lof of money by that idiot tweeting xvg to the moon.. you should have used the chance and invested some of that money and invest it into a decent dev team, as seriously, and everyone knows that, you have not the slightest idea of coding whatsoever... If you've had done that, you could have patched your
[16:26:22] <ocminer> super-old codebase already to a super-recent codebase like myriad or digibyte and wallets would't have memory leaks all over, wouldn't take >30 mins until they startup and also those two drama's with the earlier tor hardforks wouldn't have happen. I'm not the guy who "keeps bullshit silent" - when I see something is happening, I report it - immediately and from my POV your users/miners have been betrayed by over 20 M coins which were injected
[16:26:22] <ocminer> maliciously into the blockchain... This is not a kiddo script hack and my post didn't change anyhting but just revealing what is happening at the moment (as you didn't notice yourself until I came into your hostile discord) and it's not a bad thing to post that publicly. You know see me as your enemy or whatever - I don't care, if you want to continue with your coin, go ahead, surely without me, but this should be your utmost last warning - think
[16:26:22] <ocminer> about yourself, think about how you make decisions and maybe come down a bit from your emperor throne and get help from professionals if you can't handle it alone... You'll see what happens after your HF - nothing, guaranteed, because you don't fix the root cause of this.
[16:26:27] vergeDEV (~sunerok@unaffiliated/sunerok) left IRC (Ping timeout: 240 seconds)
[16:26:50] <ocminer> And Epsylon3 ... you
[16:27:04] <@Epsylon3> i slept
[16:27:09] <@Epsylon3> :p
[16:27:22] <phm87> Hi, sorry I come back late
[16:27:23] <ocminer> 're not much better than him.. only looking for the profits here.. .your miners also lost a lof of coins during the network was stalled and the 15k blocks mined...
[16:27:34] <phm87> I am running unimining where there is XVG
[16:27:36] <@Epsylon3> you are wrong
[16:27:38] <phm87> (on blake2s)
[16:27:39] <ocminer> if you'd be honest, you'd shutdown the pool and let him fix his shit up
[16:27:41] <@Epsylon3> i stopped the pool the whole day
[16:28:02] <@Epsylon3> and answered everyone why
[16:28:08] <ocminer> it's up and running already, without any fix for the malicious coins
[16:28:10] <@Epsylon3> lot of spam
[16:28:16] <@Epsylon3> took the whole day
[16:28:37] <@Epsylon3> i pasted the fix i made this morning
[16:28:38] <phm87> sorry I will read what you said few minutes ago, I am late but I'll shut the pool if coin dev say so then I can explain to my miners that I follow coin dev orders
[16:28:52] <phm87> when a coin explodes randomly and coin dev don't care then I delist it
[16:28:58] <@Epsylon3> which is the commit, with proper knowledge and amount of seconds
[16:29:04] <phm87> but XVG risk is high for Uni so I may delist it
[16:29:07] <ocminer> that fix from him is just bullshit, it changes nothing, just the timespan of which they do the attacks.. .they will be slowed down a bit, but that's all
....
This will be my last dealing with XVG. I don't like to get cheated and blamed. As a miner myself I care for what I mine and I care for others as well - you can take it or leave it.
Rest assured there will be lots of pools you can still mine on, no problem at all will occur.
Also Congratulations to the Hacker - you've chosen the right coin for your hack (which was invented in 2014 btw:)) - don't buy too many Lambos with your > 20M Verge... so what.. About 1 Million $ now ?
