NXT :: descendant of Bitcoin - Updated Information

[gbeirn]

OK, a summary of that we know so far:

The smoking gun points to EpicThomas, and kudos to LiQio for finding the smoking gun.  

Go to the Google cache page LiQio found below, then hover your mouse over the link where EpicThomas says "NRS 0.4.8 is ready and can be downloaded from: http://info.nxtcrypto.org/nxt-client-0.4.8.zip".  The mouseover link that appears goes to http://162.243.246.233/nxt-client-0.4.8.zip even tho the blue text of the link says http://info,nxtcrypto.org/nxt-client-0.4.8.zip.

http://webcache.googleusercontent.com/search?q=cache:x1fHlORdUIEJ:https://bitcointalk.org/index.php%3Ftopic%3D345619.11820+&cd=1&hl=de&ct=clnk&gl=de

EpicThomas then later edited his post and CHANGED IT BACK to the correct client.

The 0.4.8 losses were first reported by Sparta_cuss (147K NXT), then PaulyC (8K) , then newcn (18K), then plasticAiredale (19K).  The 0.4.8 losses we do know of came in a 8 minute window:

Time   Victim   Vic Account   Thief Account   NXT
            
01.01.2014 12:56:54   plasticAiredale    8439060069775407509   15182566201738727933   18665
01.01.2014 12:58:03   PaulyC   16821029889165561706   16204974692852323982   7808
01.01.2014 13:01:45   newcn   16886318053889080545   9793828175536096502   18197
01.01.2014 13:05:06   sparta_cuss   11794318797680953099   12152013998194592943   147690

There may well be more 0.4.8 losses that haven't been discovered or reported yet.  

There may have been losses from earlier clients before 0.4.8, as first reported by Framewood on  December 27, 2013, 06:26:16 PM.  If so, here is the first reported loss:

Time   Victim   Vic Account   Thief Account   NXT
            
26.12.2013 17:09:30   Framewood   697109629372813510   13643712185318669838  100088

Total reported losses so far are 292,448 NXT worth around 28 BTC or over $23,000.

There's got to be more.  Keep digging.

Thank you everyone for your reporting and hard work tracking this all down. Sorry I am not able reimburse everyone. I did PaulyC just because s/he seemed to be the most active with trying to figure out what happened and most diligent. Sorry for the other who were blown off. If I had more funds I would reimburse you too.

[salsacz]

I am still updating my originall post.
https://bitcointalk.org/index.php?topic=345619.msg4269560#msg4269560

EpicThomas is online so he is cleaning probably. After my research I will check all quoting links for the clients, can anyone help? Like to check pages 500-550...?

[Damelon]

I am still updating my originall post.
https://bitcointalk.org/index.php?topic=345619.msg4269560#msg4269560

EvilDave is online so he is cleaning probably. After my research I will check all quoting links for the clients, can anyone help? Like to check pages 500-550...?

It's not EvilDave. I thought we had established that yesterday night. It was EpicThomas.

[Tompa]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Version 0.4.9e is available for download from:

snip snip

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJSxUyZAAoJEFOhyXc7+e2AZhAQAKgm5PfGywUCB5AJsMqsxPla
6gPDDU0QrayOqeuEiVyHHj1whaua7MQH7ImpNazGuRRp5dXgm0iiq2pcZkz/m+jY
A970Wxj5wGleJp6GiAb0+7BgwU64DYOnDD4Q2H2IbFjDUdPqdXkgFvkb+jBbUpZO
xGAxCQRcfa3RnjlFjZK5EVqGUSY4ATUWhs0r9bZ4GuiqX/7PZ3Wb7WgT1pCf6g1c
IJqJB8QbIwPj+qtyG7PB1VN9j6QHt/i+Fx8OjdHWxBFQ3FIZWj7F5Bw2ox3Vb6Uw
P8ogvWu00bNZeJV4Qc4PG3tPqUtJOrXSe7CWX7qMMHyD3Y3tcrL4SR+fRKJUoxG6
obHPfyTHuCeGMrHJKSCXAY7jITZguFg4VOo16u+F3SxJ3lMVfbbpfJZ5IZg4du0e
L9Vg2yLZrdDr3qIBsuR41fuIER4+dze5d2w7hhUrPWoAHgSwUc03NdBFfIeMgI9e
UZzU/nnpjsE5zPNZSOe6PjgDTLqWrc1UKQ7m1tmlxMtkpx8/UEvr5JKWLuW7XuDm
mzDcBRlgTULR1WOXOnxFauWf5de+k6Fyq1S/SgyxSsqTqrvRCuK4IpROB06T0g/T
wLBF44hjmgLsZtQFLNWyt80u8npG7QYi+b+QuV+s469+SKJDuU4fVgVZq1/tyAPr
I0MxSJGxoNwV2CVCOvmW
=o9Il
-----END PGP SIGNATURE-----

Why do I get: Key NOT valid

[rickyjames]

Going forward from this moment:

How can we be 100% sure someone coins are actually stolen? the victim could himself open an account and send the funds there....then after a period of time he then transfers the stolen funds to some new account and carries on happily ever after.

MOTIVATION: Those who have there funds stolen may get some sort of funding to compensate for their loss.  An greedy individual may take advantage of this.

 

Because of this reason, I think only PaulyC and newcn are eligible for some type of reimbursement/ bounties for uncovering the bogus client.

You guys need to rethink this.  The evidence shows pretty conclusively that Sparta_cuss was actually robbed and reported it before either PaulyC or newcn.  Plus Framewood beat them all to it by a couple of days.

So - we gonna create a loss fund to cover 300K NXT and counting?

[EmoneyRu]

Easiest way to detect java.lang.NullPointerException

And now kit handles it (not only detects)

[xyzzyx]

You guys need to rethink this.  The evidence shows pretty conclusively that Sparta_cuss was actually robbed and reported it before either PaulyC or newcn.  Plus Framewood beat them all to it by a couple of days.

So - we gonna create a loss fund to cover 300K NXT and counting?

I'm relatively NXT poor, but I'll contribute 1k to a theft fund if it's set up.

[EvilDave]

I am still updating my originall post.
https://bitcointalk.org/index.php?topic=345619.msg4269560#msg4269560

EvilDave is online so he is cleaning probably. After my research I will check all quoting links for the clients, can anyone help? Like to check pages 500-550...?

Not me, salsa, I'm an innocent bystander here.
Intel got EpicThomas and EvilDave mixed up for a moment in the heat of the fight.

So do we have any leads on the realworld ID and/or location of EpicThomas ?
I volunteer as part of a doorkicking crew if he's within a reasonable distance of Amsterdam.

@Damelon...thx for the quick correction, bro.

[rickyjames]

You guys need to rethink this.  The evidence shows pretty conclusively that Sparta_cuss was actually robbed and reported it before either PaulyC or newcn.  Plus Framewood beat them all to it by a couple of days.

So - we gonna create a loss fund to cover 300K NXT and counting?

I'm relatively NXT poor, but I'll contribute 1k to a theft fund if it's set up.

The fact is that the stolen NXT from all five of these guys is sitting stuck in the five thief accounts and it can't get converted to BTC without going thru Dgex.   That ain't gonna happen.

This is a major crime in the tens of thousands of dollars range and we know who did it.  People go to prison for years for this kind of crap.
  
(Are you reading this, EpicThomas?  I know you are.)  

You know, if the NXT were somehow to be magically transferred back into the accounts where it is supposed to be, maybe just maybe I won't personally make it my mission to find your home address and phone number, post it right here on this forum, and call the police in your local town or city.

Do you feel lucky, punk?

[Come-from-Beyond]

Currently it looks like EpicThomas only was able to get a few accounts. Hopefully now people will be more vigilante with downloading new clients. But if there is no official client, or at least one endorsed by CFB how do we even know if the posted hash is the one for the client that isn't hacked. Who else can we trust?

Just make sure it matches SHA256 checksum posted by Jean-Luc.

[Damelon]

I volunteer as part of a doorkicking crew if he's within a reasonable distance of Amsterdam.

We could travel together  

[mcjavar]

I volunteer as part of a doorkicking crew if he's within a reasonable distance of Amsterdam.

We could travel together  

We can make a fund for that!
But you have to post photos!

[Come-from-Beyond]

I just checked the nxt$Crypto.class that I downloaded yesterday via the instructions for linux, and I get this.
It doesn't match at all with what is reported should be in there, but is also different from the "modified" file posted yesterday.
Can someone explain if I need to freak out or not?

Code:

import java.security.MessageDigest;
import java.util.Arrays;

class Nxt$Crypto
{
  static byte[] getPublicKey(String paramString)
  {
    try
    {
      byte[] arrayOfByte = new byte[32];
      Nxt.Curve25519.keygen(arrayOfByte, null, MessageDigest.getInstance("SHA-256").digest(paramString.getBytes("UTF-8")));
      return arrayOfByte;
    }
    catch (Exception localException) {}
    return null;
  }
  
  static byte[] sign(byte[] paramArrayOfByte, String paramString)
  {
    try
    {
      byte[] arrayOfByte1 = new byte[32];
      byte[] arrayOfByte2 = new byte[32];
      MessageDigest localMessageDigest = MessageDigest.getInstance("SHA-256");
      Nxt.Curve25519.keygen(arrayOfByte1, arrayOfByte2, localMessageDigest.digest(paramString.getBytes("UTF-8")));
      byte[] arrayOfByte3 = localMessageDigest.digest(paramArrayOfByte);
      localMessageDigest.update(arrayOfByte3);
      byte[] arrayOfByte4 = localMessageDigest.digest(arrayOfByte2);
      byte[] arrayOfByte5 = new byte[32];
      Nxt.Curve25519.keygen(arrayOfByte5, null, arrayOfByte4);
      localMessageDigest.update(arrayOfByte3);
      byte[] arrayOfByte6 = localMessageDigest.digest(arrayOfByte5);
      byte[] arrayOfByte7 = new byte[32];
      Nxt.Curve25519.sign(arrayOfByte7, arrayOfByte6, arrayOfByte4, arrayOfByte2);
      byte[] arrayOfByte8 = new byte[64];
      System.arraycopy(arrayOfByte7, 0, arrayOfByte8, 0, 32);
      System.arraycopy(arrayOfByte6, 0, arrayOfByte8, 32, 32);
      return arrayOfByte8;
    }
    catch (Exception localException) {}
    return null;
  }
  
  static boolean verify(byte[] paramArrayOfByte1, byte[] paramArrayOfByte2, byte[] paramArrayOfByte3)
  {
    try
    {
      byte[] arrayOfByte1 = new byte[32];
      byte[] arrayOfByte2 = new byte[32];
      System.arraycopy(paramArrayOfByte1, 0, arrayOfByte2, 0, 32);
      byte[] arrayOfByte3 = new byte[32];
      System.arraycopy(paramArrayOfByte1, 32, arrayOfByte3, 0, 32);
      Nxt.Curve25519.verify(arrayOfByte1, arrayOfByte2, arrayOfByte3, paramArrayOfByte3);
      MessageDigest localMessageDigest = MessageDigest.getInstance("SHA-256");
      byte[] arrayOfByte4 = localMessageDigest.digest(paramArrayOfByte2);
      localMessageDigest.update(arrayOfByte4);
      byte[] arrayOfByte5 = localMessageDigest.digest(arrayOfByte1);
      return Arrays.equals(arrayOfByte3, arrayOfByte5);
    }
    catch (Exception localException) {}
    return false;
  }
}

thnx for posting!

Hey devs... should users be worried about having arrayOfByte as opposed to publicKey in the code above?

Looks like arrayOfByte is just how ur decompiler translated this:

Code:

	static class Crypto {
		
		static byte[] getPublicKey(String secretPhrase) {
			
			try {
				
				byte[] publicKey = new byte[32];
				Curve25519.keygen(publicKey, null, MessageDigest.getInstance("SHA-256").digest(secretPhrase.getBytes("UTF-8")));
				
				return publicKey;
				
			} catch (Exception e) {
				
				return null;
				
			}
			
		}
		
		static byte[] sign(byte[] message, String secretPhrase) {
			
			try {
				
				byte[] P = new byte[32];
				byte[] s = new byte[32];
				MessageDigest digest = MessageDigest.getInstance("SHA-256");
				Curve25519.keygen(P, s, digest.digest(secretPhrase.getBytes("UTF-8")));
				
				byte[] m = digest.digest(message);
				
				digest.update(m);
				byte[] x = digest.digest(s);
				
				byte[] Y = new byte[32];
				Curve25519.keygen(Y, null, x);
				
				digest.update(m);
				byte[] h = digest.digest(Y);
				
				byte[] v = new byte[32];
				Curve25519.sign(v, h, x, s);
				
				byte[] signature = new byte[64];
				System.arraycopy(v, 0, signature, 0, 32);
				System.arraycopy(h, 0, signature, 32, 32);
				
				return signature;
				
			} catch (Exception e) {
				
				return null;
				
			}
			
		}
		
		static boolean verify(byte[] signature, byte[] message, byte[] publicKey) {
			
			try {
				
				byte[] Y = new byte[32];
				byte[] v = new byte[32];
				System.arraycopy(signature, 0, v, 0, 32);
				byte[] h = new byte[32];
				System.arraycopy(signature, 32, h, 0, 32);
				Curve25519.verify(Y, v, h, publicKey);
				
				MessageDigest digest = MessageDigest.getInstance("SHA-256");
				byte[] m = digest.digest(message);
				digest.update(m);
				byte[] h2 = digest.digest(Y);
				
				return Arrays.equals(h, h2);
				
			} catch (Exception e) {
				
				return false;
				
			}
			
		}
		
	}

[Come-from-Beyond]

Hey CfB... will there be a new thread for the official NXT source code release?

U should ask Jean-Luc. I'll create a thread about the bounties for found flaws.

[Damelon]

I just checked the nxt$Crypto.class that I downloaded yesterday via the instructions for linux, and I get this.
It doesn't match at all with what is reported should be in there, but is also different from the "modified" file posted yesterday.
Can someone explain if I need to freak out or not?

Code:

things that are confusing to Damelon

thnx for posting!

Hey devs... should users be worried about having arrayOfByte as opposed to publicKey in the code above?

Looks like arrayOfByte is just how ur decompiler translated this:

Code:

things that are also confusing to Damelon

Halleluja, seems I am still safe then. Thanks for the feedback.

[Vega]

Going forward from this moment:

How can we be 100% sure someone coins are actually stolen? the victim could himself open an account and send the funds there....then after a period of time he then transfers the stolen funds to some new account and carries on happily ever after.

MOTIVATION: Those who have there funds stolen may get some sort of funding to compensate for their loss.  An greedy individual may take advantage of this.

 

Because of this reason, I think only PaulyC and newcn are eligible for some type of reimbursement/ bounties for uncovering the bogus client.

You guys need to rethink this.  The evidence shows pretty conclusively that Sparta_cuss was actually robbed and reported it before either PaulyC or newcn.  Plus Framewood beat them all to it by a couple of days.

So - we gonna create a loss fund to cover 300K NXT and counting?

Paying back stolen Nxt is not realistic. Shit happends.
However PaulyC (and for a smaller extent newcn) should (and did) get bounty for uncovering the method of the theft, saving others.

[Jean-Luc]

Hey CfB Jean-Luc... will there be a new thread for the official NXT source code release?   lmao   

Fine, I will start one tomorrow after I do it.

[S3MKi]

Hey CfB... will there be a new thread for the official NXT source code release?

U should ask Jean-Luc. I'll create a thread about the bounties for found flaws.

Hey CfB Jean-Luc... will there be a new thread for the official NXT source code release?   lmao  

[allwelder]

There is an NXT thread for Chinese people and all of you.
中国人的NXT。

https://bitcointalk.org/index.php?topic=361812.0

[Jean-Luc]

Isn't there a javascript library to check sha256 sums? If so, somebody more fluent than me in javascript can easily add an update.html page to the client. It can request the value of the NRSversion alias from localhost, which contains the latest stable version and sha256, and I can also start putting the download url as a value of NRSrelease alias. Then download the zip file from that url, check if sha256 matches, and notify the user whether the downloaded zip file is legitimate or not. No need to trust a third party or manually check sha256 sums. Only the first time you download a client need to verify manually.