Bitcoin Forum
June 25, 2017, 12:32:26 AM *
News: Latest stable version of Bitcoin Core: 0.14.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 [647] 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 ... 2652 »
  Print  
Author Topic: NXT :: descendant of Bitcoin - Updated Information  (Read 2579177 times)
plasticAiredale
Full Member
***
Offline Offline

Activity: 171



View Profile
January 02, 2014, 01:22:25 PM
 #12921

So what happened here? I see my NXT have been stolen as well. I only downloaded the client from this thread. Is there any plans to revert the blockchain? Honestly if there is no plans to somehow correct this, I am giving up on this. This is very disappointing.



Account: 8439060069775407509

The 'transfer' went to account 15182566201738727933. It's the account's only activity.

Do you remember which link in the thread the client was downloaded from?
DO NOT DOWNLOAD FROM ANY LINKS IN THIS QUOTE!!!
It was somewhere in this thread, as its the only place I ever download the client from. According to my history I downloaded it from http://162.243.246.223/nxt-client-0.4.8.zip around 7:30am EDT on 12/31/1213.

I realize I got lazy and got used to not downloading the newest client from the first post, instead I just downloaded the latest from CFB whenever he posted new ones. I must have not noticed that the poster wasn't CFB. Granted I only lost 18K, but it still stings.

Thanks for the additional info, seems to point again to EpicThomas

He quoted the original message, but modified the link! And later modified it back!
Check:
https://bitcointalk.org/index.php?topic=345619.msg4237883#msg4237883
BUT in Google cache:
http://webcache.googleusercontent.com/search?q=cache:x1fHlORdUIEJ:https://bitcointalk.org/index.php%3Ftopic%3D345619.11820+&cd=1&hl=de&ct=clnk&gl=de


DUDE! Great research, if I had any NXT left I would tip you  Cheesy
1498350746
Hero Member
*
Offline Offline

Posts: 1498350746

View Profile Personal Message (Offline)

Ignore
1498350746
Reply with quote  #2

1498350746
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1498350746
Hero Member
*
Offline Offline

Posts: 1498350746

View Profile Personal Message (Offline)

Ignore
1498350746
Reply with quote  #2

1498350746
Report to moderator
chanc3r
Sr. Member
****
Offline Offline

Activity: 336

I'm older than Jon


View Profile
January 02, 2014, 01:22:34 PM
 #12922

what i mean is if i want to download bitcoin official client i simply visit bitcoin.org
and same with litecoin.org and there are many others.

is there any official website for NXT?

There is no official website for NXT. Unlike Bitcoin and Litecoin, Nxt is supposed to be decentralized.

Apologies if I get some of the words wrong (as some people seem to be sensitive to terms being misused)

I think this is more about establishing and maintaining 'trust' in a decentralised environment where everyone is a peer.
The network does this for the transaction I think.
How do you extend this to the software that people use to initiate the software on the network is trusted and valid.
Cant this be done also by consensus - perhaps trusted people can test clients and submit a transaction signing the sha256 for the client
the more people sign a client the more it is trusted, the amount of trust generated relating to the stake of the signer.

I don't know if this has any legs.

Otherwise how will other clients ever get trusted after what has happened and the ease with which java can be recompiled, modified and repackaged is a concern.

In some ways its good  this has happened now (although I feel for those affected) and is driving this debate, someones greed has undone them because if this type of attack had happened later the damage could have been far worse in terms of people affected and NXTs reputation.

NXT: 29996814460165 (NXT-JTA7-B2QR-8BFC-2V222)
S3MKi
Hero Member
*****
Offline Offline

Activity: 756


View Profile
January 02, 2014, 01:23:04 PM
 #12923

who is the thief?
xyzzyx
Sr. Member
****
Offline Offline

Activity: 406


I don't really come from outer space.


View Profile
January 02, 2014, 01:23:19 PM
 #12924


Don't forget Framewood, too.  Please notice the date and how little the community paid attention.

https://bitcointalk.org/index.php?topic=345619.msg4172532#msg4172532

Yes, do notice the date: December 27, 2013, 06:26:16 PM

Looks like earlier clients may have also been compromised.

Here are my hashes:
Code:
c079e79d912811d6a0f6f027e0b8872c837a2909db80ae1f80fc4ce2dacba1d1  nxt (1).zip (Dec  6 20:37)
61ed14319bf2c5d0e3fe58200d2f17d572ce8cdd3aec1549f9f8048a9e6ee6df  nxt (2).zip (Dec  9 22:47)
ea14310cd4099b03db715e76ef60e8f83dbd47d7bf50129bd8e0c270344a35d9  nxt (3).zip (Dec 11 22:15)
a8ff15b600d95ae8e280c35b14055677372fb20b2825682e9e35b6d68b8dfff3  nxt (4).zip (Dec 19 16:20)
794ec29a44f7dc2e5c00e682c06916b12e394ba43c0741c2ae748faa5baed606  nxt (5).zip (Dec 20 17:20)
5a4007e2ac28b636e6450d16ba058873ee68b619b6c0a649354708027c09c1ae  nxt (6).zip & nxt (7).zip (Dec 22 21:47 & Dec 23 17:16)
22f589980583addeafde58588b8f1daed0a38c55cd462abf260d8212f3fd884a  nxt (8).zip (Dec 24 14:20)
a15cde30abccf190535e3988eba21bb1974834651f454323e12da32807959317  nxt (9).zip (Dec 25 12:33)
ec7c30a100717e60d8abe50eedb23641952847d91ff90b9b05a74ff98d8a4cf2  nxt-client-0.4.8.zip (Dec 31 16:42) [GOOD HASH]

Assume all are bogus until otherwise confirmed not bogus.

Get latest client, check SHA256 hash to confirm ok, install, and move your NXT to a known safe account, people.

"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
rickyjames
Full Member
***
Offline Offline

Activity: 196


View Profile
January 02, 2014, 01:25:31 PM
 #12925

Let's keep the historical record straight here.  sparta_cuss reported this before PaulyC, and sparta_cuss was immediately blown off by CfB:

Quote from: sparta_cuss on January 01, 2014, 04:05:58 PM

Hey, looks like I just got robbed, too.
Someone please check this account: 12152013998194592943
They now have 147k+ from me.
Had a 40 char random password, capital, lower, numbers, symbols.
WTF?

Quote from CfB:

Can u prove that ur coins were stolen?
My account passphrase < 40 chars and contains 2M, why did the thief choose ur account instead of mine? Sorry, but ur case looks more like black PR attempt.

There's a clear pattern if you look at all the data:

Time   Victim   Vic Account   Thief Account   NXT
            
01.01.2014 12:56:54   plasticAiredale    8439060069775407509   15182566201738727933   18665
01.01.2014 12:58:03   PaulyC   16821029889165561706   16204974692852323982   7808
01.01.2014 13:01:45   newcn   16886318053889080545   9793828175536096502   18197
01.01.2014 13:05:06   sparta_cuss   11794318797680953099   12152013998194592943   147690

Somebody is manually stealing data at 3-4 minute intervals and Sparta_cuss was by far the most wronged.  We should check the blocks / transactions/ accounts before and after this time period.

Don't forget Framewood, too.  Please notice the date and how little the community paid attention.

https://bitcointalk.org/index.php?topic=345619.msg4172532#msg4172532

This bears repeating:

Please notice the date and how little the community paid attention. 
utopianfuture
Full Member
***
Offline Offline

Activity: 224

Internet of Value


View Profile
January 02, 2014, 01:25:53 PM
 #12926

People ask why Nxt is not inflationary. Could anyone tell me why it's not inflationary if it's possible to issue other currencies using Asset Exchange? This increases number of "coins" owned by users, right?

interesting question!

at least, inflation is increase of the price.
if we substitute 1nxt by 3btc we have increased the price for one nxt by factor 3:0.0001
... hm ? Undecided ?



this point has to be stressed again and again. You don't issue Bitcoin, litecoin or any other actual assets via colored coin tech. You  merely issue tokens or stickers that represent these coins . It's up to you to add a value on these tokens. They are basically IOU you issue. There would be a lot of uncertainty at the beginning of the asset market to see who can be trusted. Similar issue to the Ripple gateway currently.

Internet of Value
utopianfuture
Full Member
***
Offline Offline

Activity: 224

Internet of Value


View Profile
January 02, 2014, 01:30:44 PM
 #12927

what i mean is if i want to download bitcoin official client i simply visit bitcoin.org
and same with litecoin.org and there are many others.

is there any official website for NXT?

There is no official website for NXT. Unlike Bitcoin and Litecoin, Nxt is supposed to be decentralized.

Apologies if I get some of the words wrong (as some people seem to be sensitive to terms being misused)

I think this is more about establishing and maintaining 'trust' in a decentralised environment where everyone is a peer.
The network does this for the transaction I think.
How do you extend this to the software that people use to initiate the software on the network is trusted and valid.
Cant this be done also by consensus - perhaps trusted people can test clients and submit a transaction signing the sha256 for the client
the more people sign a client the more it is trusted, the amount of trust generated relating to the stake of the signer.

I don't know if this has any legs.

Otherwise how will other clients ever get trusted after what has happened and the ease with which java can be recompiled, modified and repackaged is a concern.

In some ways its good  this has happened now (although I feel for those affected) and is driving this debate, someones greed has undone them because if this type of attack had happened later the damage could have been far worse in terms of people affected and NXTs reputation.

NXT foundation does not claim to be a sole organization that represent NXT. As long as NXT foundation is trusted then it can be used for the source of trusted information. Currently official information come only from Luc or Cfb. If CFB do not think it is centralization, then I don't know what is.
We still need to trust in individuals, otherwise nothing get done.

Internet of Value
allwelder
Legendary
*
Offline Offline

Activity: 1190



View Profile
January 02, 2014, 01:35:11 PM
 #12928

Just an unmature question:
Is it secure that add some random nodes from the list(forget the website) to well know peers in web.xml?
Thanks.
plasticAiredale
Full Member
***
Offline Offline

Activity: 171



View Profile
January 02, 2014, 01:36:13 PM
 #12929

Let's keep the historical record straight here.  sparta_cuss reported this before PaulyC, and sparta_cuss was immediately blown off by CfB:

Quote from: sparta_cuss on January 01, 2014, 04:05:58 PM

Hey, looks like I just got robbed, too.
Someone please check this account: 12152013998194592943
They now have 147k+ from me.
Had a 40 char random password, capital, lower, numbers, symbols.
WTF?

Quote from CfB:

Can u prove that ur coins were stolen?
My account passphrase < 40 chars and contains 2M, why did the thief choose ur account instead of mine? Sorry, but ur case looks more like black PR attempt.

There's a clear pattern if you look at all the data:

Time   Victim   Vic Account   Thief Account   NXT
            
01.01.2014 12:56:54   plasticAiredale    8439060069775407509   15182566201738727933   18665
01.01.2014 12:58:03   PaulyC   16821029889165561706   16204974692852323982   7808
01.01.2014 13:01:45   newcn   16886318053889080545   9793828175536096502   18197
01.01.2014 13:05:06   sparta_cuss   11794318797680953099   12152013998194592943   147690

Somebody is manually stealing data at 3-4 minute intervals and Sparta_cuss was by far the most wronged.  We should check the blocks / transactions/ accounts before and after this time period.

Don't forget Framewood, too.  Please notice the date and how little the community paid attention.

https://bitcointalk.org/index.php?topic=345619.msg4172532#msg4172532

This bears repeating:

Please notice the date and how little the community paid attention. 

Yeah unfortunately at the time it was a one time thing, made by a Jr. Member so everybody probably just figured it was user error, plus he didn't raise much of a stink after. Doesn't justify it, but probably explains it.

Currently it looks like EpicThomas only was able to get a few accounts. Hopefully now people will be more vigilante with downloading new clients. But if there is no official client, or at least one endorsed by CFB how do we even know if the posted hash is the one for the client that isn't hacked. Who else can we trust?
smaragda
Legendary
*
Offline Offline

Activity: 1330



View Profile
January 02, 2014, 01:37:15 PM
 #12930

Just an unmature question:
Is it secure that add some random nodes from the list(forget the website) to well know peers in web.xml?
Thanks.

Yes.  Adding peers from http://nxtra.org/nodes/ is secure.

Simcoin (SIM) & CryptoPlay (CPS) DEV NxtChg IS A FUCKIN' LOW-LIFE PIECE OF SHIT EMBEZZLING PSYCHOPATH   Angry
https://bitcointalk.org/index.php?topic=929688.msg10205597#msg10205597                    "A world with the money can not be perfect." - BCNext
Buratino
Legendary
*
Offline Offline

Activity: 1151


View Profile
January 02, 2014, 01:39:04 PM
 #12931

Is it possible to provide self test (like ECC) mechanism for safety code in Nxt client to prevent thefts in future?

salsacz
Hero Member
*****
Offline Offline

Activity: 490


View Profile
January 02, 2014, 01:39:43 PM
 #12932

...


please add big warning not to use downloading link from the cache. And congrats - now we have all clues.

Nxt tips: NXT-R67P-6BZ2-XWAK-8RHZR | Nxt forum | Nxt Academy | Donate for Nxt at the Universities // BTCD: RVMLrnxYYy7uy8YZo9FcGfXbk1ZMnNifdg
LiQio
Legendary
*
Offline Offline

Activity: 1129



View Profile
January 02, 2014, 01:42:16 PM
 #12933

...


please add big warning not to use downloading link from the cache. And congrats - now we have all clues.

Done
plasticAiredale
Full Member
***
Offline Offline

Activity: 171



View Profile
January 02, 2014, 01:44:30 PM
 #12934

...


please add big warning not to use downloading link from the cache. And congrats - now we have all clues.

Done

I modified my posts as well. Good thinking.
utopianfuture
Full Member
***
Offline Offline

Activity: 224

Internet of Value


View Profile
January 02, 2014, 01:45:08 PM
 #12935

Let's keep the historical record straight here.  sparta_cuss reported this before PaulyC, and sparta_cuss was immediately blown off by CfB:

Quote from: sparta_cuss on January 01, 2014, 04:05:58 PM

Hey, looks like I just got robbed, too.
Someone please check this account: 12152013998194592943
They now have 147k+ from me.
Had a 40 char random password, capital, lower, numbers, symbols.
WTF?



Don't forget Framewood, too.  Please notice the date and how little the community paid attention.

https://bitcointalk.org/index.php?topic=345619.msg4172532#msg4172532

This bears repeating:

Please notice the date and how little the community paid attention. 

Yeah unfortunately at the time it was a one time thing, made by a Jr. Member so everybody probably just figured it was user error, plus he didn't raise much of a stink after. Doesn't justify it, but probably explains it.

Currently it looks like EpicThomas only was able to get a few accounts. Hopefully now people will be more vigilante with downloading new clients. But if there is no official client, or at least one endorsed by CFB how do we even know if the posted hash is the one for the client that isn't hacked. Who else can we trust?

We have three groups of core developers: BCNext, CfB and Luc. Luc will release new clients from now on. He just posted the 0.4.9 client and I am running it right now.

Internet of Value
landomata
Legendary
*
Offline Offline

Activity: 1148


View Profile WWW
January 02, 2014, 01:45:32 PM
 #12936

Ben just posted this in Forum....should this be regulated.

*LINK TO THE NEW CLIENT!

https://nextcoin.org/index.php/topic,2038.0/topicseen.html



WHO IS PUNKROCK?


This kind of link matches EPICTHOMAS Pattern!


We need multiple checks on this.


Damelon
Legendary
*
Offline Offline

Activity: 1064



View Profile
January 02, 2014, 01:45:35 PM
 #12937

I just checked the nxt$Crypto.class that I downloaded yesterday via the instructions for linux, and I get this.
It doesn't match at all with what is reported should be in there, but is also different from the "modified" file posted yesterday.
Can someone explain if I need to freak out or not?

Code:
import java.security.MessageDigest;
import java.util.Arrays;

class Nxt$Crypto
{
  static byte[] getPublicKey(String paramString)
  {
    try
    {
      byte[] arrayOfByte = new byte[32];
      Nxt.Curve25519.keygen(arrayOfByte, null, MessageDigest.getInstance("SHA-256").digest(paramString.getBytes("UTF-8")));
      return arrayOfByte;
    }
    catch (Exception localException) {}
    return null;
  }
  
  static byte[] sign(byte[] paramArrayOfByte, String paramString)
  {
    try
    {
      byte[] arrayOfByte1 = new byte[32];
      byte[] arrayOfByte2 = new byte[32];
      MessageDigest localMessageDigest = MessageDigest.getInstance("SHA-256");
      Nxt.Curve25519.keygen(arrayOfByte1, arrayOfByte2, localMessageDigest.digest(paramString.getBytes("UTF-8")));
      byte[] arrayOfByte3 = localMessageDigest.digest(paramArrayOfByte);
      localMessageDigest.update(arrayOfByte3);
      byte[] arrayOfByte4 = localMessageDigest.digest(arrayOfByte2);
      byte[] arrayOfByte5 = new byte[32];
      Nxt.Curve25519.keygen(arrayOfByte5, null, arrayOfByte4);
      localMessageDigest.update(arrayOfByte3);
      byte[] arrayOfByte6 = localMessageDigest.digest(arrayOfByte5);
      byte[] arrayOfByte7 = new byte[32];
      Nxt.Curve25519.sign(arrayOfByte7, arrayOfByte6, arrayOfByte4, arrayOfByte2);
      byte[] arrayOfByte8 = new byte[64];
      System.arraycopy(arrayOfByte7, 0, arrayOfByte8, 0, 32);
      System.arraycopy(arrayOfByte6, 0, arrayOfByte8, 32, 32);
      return arrayOfByte8;
    }
    catch (Exception localException) {}
    return null;
  }
  
  static boolean verify(byte[] paramArrayOfByte1, byte[] paramArrayOfByte2, byte[] paramArrayOfByte3)
  {
    try
    {
      byte[] arrayOfByte1 = new byte[32];
      byte[] arrayOfByte2 = new byte[32];
      System.arraycopy(paramArrayOfByte1, 0, arrayOfByte2, 0, 32);
      byte[] arrayOfByte3 = new byte[32];
      System.arraycopy(paramArrayOfByte1, 32, arrayOfByte3, 0, 32);
      Nxt.Curve25519.verify(arrayOfByte1, arrayOfByte2, arrayOfByte3, paramArrayOfByte3);
      MessageDigest localMessageDigest = MessageDigest.getInstance("SHA-256");
      byte[] arrayOfByte4 = localMessageDigest.digest(paramArrayOfByte2);
      localMessageDigest.update(arrayOfByte4);
      byte[] arrayOfByte5 = localMessageDigest.digest(arrayOfByte1);
      return Arrays.equals(arrayOfByte3, arrayOfByte5);
    }
    catch (Exception localException) {}
    return false;
  }
}

Member of the Nxt Foundation | Donations: NXT-D6K7-MLY6-98FM-FLL5T
Join Nxt Slack! https://nxtchat.herokuapp.com/
Founder of Blockchain Workspace | Personal Site & Blog
rlh
Hero Member
*****
Offline Offline

Activity: 778


View Profile
January 02, 2014, 01:45:58 PM
 #12938

Sorry if I'm the 1 millionth person to ask but... source?

A Personal Quote on BTT from 2011:
"I'd be willing to make a moderate "investment" if the value of the BTC went below $2.00.  Otherwise I'll just have to live with my 5 BTC and be happy. :/"  ...sigh.  If only I knew.
bidji29
Sr. Member
****
Offline Offline

Activity: 392


View Profile
January 02, 2014, 01:48:33 PM
 #12939

Sorry if I'm the 1 millionth person to ask but... source?

Tommorow

http://www.freebieservers.com/  100% FREE GAME SERVERS
rlh
Hero Member
*****
Offline Offline

Activity: 778


View Profile
January 02, 2014, 01:50:17 PM
 #12940

Sorry if I'm the 1 millionth person to ask but... source?

Tommorow

Ah, I see now.  I didn't realize it was pushed back a day.  Thank you.

A Personal Quote on BTT from 2011:
"I'd be willing to make a moderate "investment" if the value of the BTC went below $2.00.  Otherwise I'll just have to live with my 5 BTC and be happy. :/"  ...sigh.  If only I knew.
Pages: « 1 ... 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 [647] 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 ... 2652 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!