NXT :: descendant of Bitcoin - Updated Information

[Anon136]

REGARDING NXT CLIENT EXPLOIT

Be sure to check the sha256 hash of your download with the official sha256 hash of NRS from Come-from-Beyond.  On the main page, I only list the sha256 hash of the official NRS version from Come-from-Beyond.  MAKE SURE THE SHA256 HASH OF YOUR DOWNLOAD MATCHES!  Even if you download it from the link I provide on the main page, CHECK THE HASH TO MAKE SURE IT MATCHES!  Download links can be compromised!  BE CAREFUL!

All links to download NRS should point to Come-from-Beyond's post on Bitcointalk.org.  Having separate locations hosting the client is a bad idea.  Too many people then have access to modify the download link.  Please make sure to delete all references to other NRS downloads from the website, nxtcrypto.org, the forums and the wiki.

To determine which NRS version contains the exploit, you need to run the sha256 hash of the download and compare it to the official sha256 hash I have listed in the first post.  Please, do this and report your findings to the community.  THIS IS OF UTMOST IMPORTANCE!

On linux the command to check the sha256 hash is:

sha256sum 'path_to_NRS_download'

And EVERYBODY needs to create COMPLETELY NEW ACCOUNTS with NEW PASSWORDS. Because your old one *might*  have been compromised. I myself can't remember whether I used the wrong client, so I created a new account and moved my funds - JUST TO BE SURE. EVERYONE SHOULD DO THIS.

2nd

I am pretty sure that I never used the bad client but I did this also just to be 100% safe. It is good advise.

[Boiar]

Guys, I just wanna remind about my BTC that I sent to 1BCN1ugdKdWd9pQ8Am9hMhtHZfmbXzxE8a

Am I supposed to get them back on 3rd January?

If so, I'd like to clarify:
0.0175 BTC
My BTC wallet: 1DTyh359GysoFaqeT7WYuZPUap77XpSLWn
TxID: 6e45a21c77349d6f314c1f023f4faf2c9f4a91bf2ad133b25d1c43cea5d2a7b8

Thanks.

[laowai80]

Guys, I just wanna remind about my BTC that I sent to 1BCN1ugdKdWd9pQ8Am9hMhtHZfmbXzxE8a

Am I supposed to get them back on 3rd January?

If so, I'd like to clarify:
0.0175 BTC
My BTC wallet: 1DTyh359GysoFaqeT7WYuZPUap77XpSLWn
TxID: 6e45a21c77349d6f314c1f023f4faf2c9f4a91bf2ad133b25d1c43cea5d2a7b8

Thanks.

wrong thread, you need to post this in the exchange support thread, dgex thread? or we have 2 exchanges now, please post there.

[landomata]

Guys, I just wanna remind about my BTC that I sent to 1BCN1ugdKdWd9pQ8Am9hMhtHZfmbXzxE8a

Am I supposed to get them back on 3rd January?

If so, I'd like to clarify:
0.0175 BTC
My BTC wallet: 1DTyh359GysoFaqeT7WYuZPUap77XpSLWn
TxID: 6e45a21c77349d6f314c1f023f4faf2c9f4a91bf2ad133b25d1c43cea5d2a7b8

Thanks.

wrong thread, you need to post this in the exchange support thread, dgex thread? or we have 2 exchanges now, please post there.

No I think he sent his BTC by mistake AFTER the fundraiser was over.

CfB pls advise.

[laowai80]

No I think he sent his BTC by mistake AFTER the fundraiser was over.
CfB pls advise.

oh sorry, my bad, with a lot of ppl posting on exchange issues in this thread.

[Boiar]

wrong thread, you need to post this in the exchange support thread, dgex thread? or we have 2 exchanges now, please post there.

No I think he sent his BTC by mistake AFTER the fundraiser was over.

CfB pls advise.

You're right, I followed the instructions from the previous thread  

Do I have to msg someone about it or it will be sent automatically to every address?

[landomata]

Someone just got Nxt stolen on forum:



Edit:
https://nextcoin.org/index.php/topic,2014.0.html

[landomata]

Can we put in place a block on all previous clients (from inside blockchain) until the fresh secure client is release on an urgent basis?

Can someone answer this QUESTION!!!

[2Kool4Skewl]

Someone just got Nxt stolen on forum:



Edit:
https://nextcoin.org/index.php/topic,2014.0.html

DELETE ALL FORUM DOWNLOAD LINKS NOW!

[laowai80]

Can we put in place a block on all previous clients (from inside blockchain) until the fresh secure client is release on an urgent basis?

Can someone answer this QUESTION!!!

0.4.8 is secure if the hash is verified and correct.

SHA256 hash - ec7c30a100717e60d8abe50eedb23641952847d91ff90b9b05a74ff98d8a4cf2

this is the correct hash.

[landomata]

Can we put in place a block on all previous clients (from inside blockchain) until the fresh secure client is release on an urgent basis?

Can someone answer this QUESTION!!!

0.4.8 is secure if the hash is verified.

I mean we don;t know who downloaded the corrupted client between now and when it was first uploaded.


We should just block all clients ASAP!.....total freeze....I AM NOT SURE IF THIS IS EVEN POSSIBLE.

[wesleyh]

I already unzipped it (and the zip was deleted, can anyone give the sha256 of the file that was supposedly modified)?  (start.jar?)

[swartzfeger]

I already unzipped it (and the zip was deleted, can anyone give the sha256 of the file that was supposedly modified)?  (start.jar?)

You can also check the code directly in nxt/webapps/root/WEB-INF/classes/Nxt$Crypto.class

https://bitcointalk.org/index.php?topic=345619.msg4263175;topicseen#msg4263175

Trying to decompile Java on the Mac is a herculean task... wesleyh, can you confirm the status of the Mac client?

[wesleyh]

I already unzipped it (and the zip was deleted, can anyone give the sha256 of the file that was supposedly modified)?  (start.jar?)

You can also check the code directly in nxt/webapps/root/WEB-INF/classes/Nxt$Crypto.class

https://bitcointalk.org/index.php?topic=345619.msg4263175;topicseen#msg4263175

Can you just give the sha256 of that file?

[wesleyh]

I already unzipped it (and the zip was deleted, can anyone give the sha256 of the file that was supposedly modified)?  (start.jar?)

You can also check the code directly in nxt/webapps/root/WEB-INF/classes/Nxt$Crypto.class

https://bitcointalk.org/index.php?topic=345619.msg4263175;topicseen#msg4263175

Can you just give the sha256 of that file?

In order to compare the SHA-256 checksums you need the zip file.

Since you only have it unzipped, you should check the code directly in nxt/webapps/root/WEB-INF/classes/Nxt$Crypto.class

...or try to remember/locate where you had downloaded the file from...

Actually I can probably do it myself by checking the sha256 of the file against the correct file in a newly downloaded zip. Will do that now.

[Boiar]

Regarding the unclaimed coins: Tomorrow is the very last day when legit owners can claim them! Hurry up!

Could you please clarify, does it have something to do with ppl who sent their BTC to 1BCN1ugdKdWd9pQ8Am9hMhtHZfmbXzxE8a after the fundraiser closed?

[yan83]

OK

[marcus03]

I already unzipped it (and the zip was deleted, can anyone give the sha256 of the file that was supposedly modified)?  (start.jar?)

You can also check the code directly in nxt/webapps/root/WEB-INF/classes/Nxt$Crypto.class

https://bitcointalk.org/index.php?topic=345619.msg4263175;topicseen#msg4263175

Can you just give the sha256 of that file?

My sha256 checksum of Nxt$Crypto.class from 0.4.8. is: 899C74705D1016435B80473BB3C12699C5A36D466E826B334FA3A2F9D58EEC3C

[Come-from-Beyond]

Guys, I just wanna remind about my BTC that I sent to 1BCN1ugdKdWd9pQ8Am9hMhtHZfmbXzxE8a

Am I supposed to get them back on 3rd January?

If so, I'd like to clarify:
0.0175 BTC
My BTC wallet: 1DTyh359GysoFaqeT7WYuZPUap77XpSLWn
TxID: 6e45a21c77349d6f314c1f023f4faf2c9f4a91bf2ad133b25d1c43cea5d2a7b8

Thanks.

wrong thread, you need to post this in the exchange support thread, dgex thread? or we have 2 exchanges now, please post there.

No I think he sent his BTC by mistake AFTER the fundraiser was over.

CfB pls advise.

All such bitcoins will be sent back.

[wesleyh]

OK, I just compared the sha256 of the Nxt$Crypto.class compared to the one in my Nxt Mac app and they are the same.

Users of the nxt mac app should be safe.

wesley@imac-2:~
 > openssl sha256 /Users/wesley/Downloads/nxt/webapps/root/WEB-INF/classes/Nxt\$Crypto.class
SHA256(/Users/wesley/Downloads/nxt/webapps/root/WEB-INF/classes/Nxt$Crypto.class)= 899c74705d1016435b80473bb3c12699c5a36d466e826b334fa3a2f9d58eec3c

wesley@imac-2:~
 > openssl sha256 /Users/wesley/Downloads/NxtMac-0-16/NxtMac.app/Contents/Resources/nxt/webapps/root/WEB-INF/classes/Nxt\$Crypto.class
SHA256(/Users/wesley/Downloads/NxtMac-0-16/NxtMac.app/Contents/Resources/nxt/webapps/root/WEB-INF/classes/Nxt$Crypto.class)= 899c74705d1016435b80473bb3c12699c5a36d466e826b334fa3a2f9d58eec3c