Ente
Legendary
 Offline
Activity: 2126
Merit: 1001
|
 |
February 22, 2012, 10:39:27 AM |
|
About the "Warning! this bitcoin address contains transactions which maybe double spends. You should be extremely careful when trusting any transactions to/from this address. ":
- ignorant of how p2pool works.
- pathetic.
- discriminating.
- unprofessional.
To sum it up, sod off, blockchain.info.
It happens quite often that I read a post, am annoyed by it, look to the left and see your profilename. Please reduce your rudeness and generally calm down. Ente |
|
|
|
|
pirateat40
Avast Ye!
Sr. Member
Offline
Activity: 378
Merit: 250
"Yes I am a pirate, 200 years too late."
|
|
February 23, 2012, 01:30:24 AM |
|
Wallet seems to be having issues.  |
|
|
|
frankendoodle
Newbie
Offline
Activity: 30
Merit: 0
|
|
February 23, 2012, 01:43:55 AM |
|
Mine as well, but I contacted their support team and they said that some changes were being made to the site and that it should be working properly again soon.
However I did almost have a panic attack when I checked my wallet and it showed my balance back at 0 and no transactions recorded aaaand I still can't send anything.
|
|
|
|
|
mcorlett
Donator
Sr. Member
Offline
Activity: 308
Merit: 250
|
|
February 23, 2012, 03:51:35 AM |
|
Out of curiosity, why shouldn't your address lookup APIs be used for payment processing?
|
|
|
|
|
piuk (OP)
|
|
February 23, 2012, 10:21:20 AM |
|
Wallet seems to be having issues. Apologies, should be ok now. Out of curiosity, why shouldn't your address lookup APIs be used for payment processing?
Because they include 0 confirmation transactions and in some rare circumstances unconfirmed double spends. |
|
|
|
Ente
Legendary
Offline
Activity: 2126
Merit: 1001
|
|
February 23, 2012, 11:32:35 AM |
|
Because they include 0 confirmation transactions and in some rare circumstances unconfirmed double spends.
Uhm, where there any double-spend "attacks" already? Ever? I guess it would only be a "two concurrent transactions are broadcasted", and wouldnt have anything to do with the blockchain at all? Ente |
|
|
|
|
Rassah
Legendary
Offline
Activity: 1680
Merit: 1035
|
|
February 23, 2012, 04:37:09 PM |
|
Because they include 0 confirmation transactions and in some rare circumstances unconfirmed double spends.
Uhm, where there any double-spend "attacks" already? Ever? I guess it would only be a "two concurrent transactions are broadcasted", and wouldnt have anything to do with the blockchain at all? Ente If we are to believe Mybitcoin.com, that's how they lost half their money, with thieves stealing small amounts using unconfirmed transactions. If we are to believe Mybitcoin.com. |
|
|
|
|
mcorlett
Donator
Sr. Member
Offline
Activity: 308
Merit: 250
|
|
February 23, 2012, 04:57:49 PM |
|
Because they include 0 confirmation transactions and in some rare circumstances unconfirmed double spends.
Uhm, where there any double-spend "attacks" already? Ever? I guess it would only be a "two concurrent transactions are broadcasted", and wouldnt have anything to do with the blockchain at all? Ente If we are to believe Mybitcoin.com, that's how they lost half their money, with thieves stealing small amounts using unconfirmed transactions. If we are to believe Mybitcoin.com. MyBitcoin didn't accept unconfirmed transactions - they accepted single-confirmation transactions. |
|
|
|
Rassah
Legendary
Offline
Activity: 1680
Merit: 1035
|
|
February 23, 2012, 05:01:38 PM |
|
Because they include 0 confirmation transactions and in some rare circumstances unconfirmed double spends.
Uhm, where there any double-spend "attacks" already? Ever? I guess it would only be a "two concurrent transactions are broadcasted", and wouldnt have anything to do with the blockchain at all? Ente If we are to believe Mybitcoin.com, that's how they lost half their money, with thieves stealing small amounts using unconfirmed transactions. If we are to believe Mybitcoin.com. MyBitcoin didn't accept unconfirmed transactions - they accepted single-confirmation transactions. Would that mean that there were actual double spend transactions and possible 51% attacks, or the thieves got really lucky because some of their transactions were part of a chain fork split? Or does that mean there is a higher probability that they lied? As I understand it, even with a single confirm, the chances of a double spend thanks to a block that later gets rejected, and doing this continuously, are near impossible. |
|
|
|
|
|
realnowhereman
|
|
February 23, 2012, 05:11:50 PM |
|
Because they include 0 confirmation transactions and in some rare circumstances unconfirmed double spends.
Uhm, where there any double-spend "attacks" already? Ever? I guess it would only be a "two concurrent transactions are broadcasted", and wouldnt have anything to do with the blockchain at all? Ente If we are to believe Mybitcoin.com, that's how they lost half their money, with thieves stealing small amounts using unconfirmed transactions. If we are to believe Mybitcoin.com. MyBitcoin didn't accept unconfirmed transactions - they accepted single-confirmation transactions. Fair enough; but the only time that loses you money is if those single-confirm transactions are subsequently undone because of a double spend on a separate chain. Surely that large quantity of double spends to steal so much from MyBitcoin would show up? |
1AAZ4xBHbiCr96nsZJ8jtPkSzsg1CqhwDa
|
|
|
mcorlett
Donator
Sr. Member
Offline
Activity: 308
Merit: 250
|
|
February 23, 2012, 05:13:42 PM
Last edit: February 23, 2012, 06:43:00 PM by mcorlett |
|
For context: After careful analysis of the intrusion we have concluded that the software
that waited for Bitcoin confirmations was far too lenient. An unknown
attacker was able to forge Bitcoin deposits via the Shopping Cart Interface
(SCI) and withdraw confirmed/older Bitcoins. This led to a slow trickle of
theft that went unnoticed for a few days. Luckily, we do keep a percentage of
the holdings in cold storage so the attackers didn'tt completely clean us out.
Just to clarify, we weren't "fully" hacked aka "rooted". You can still trust
our PGP, SSL, and Tor public keys.
It appears to be human error combined with a misunderstanding of how Bitcoin
secures transactions into the next block. Our programmer was under the
assumption that one block was good enough to secure a transaction. Two years
ago when the software was written, this single confirm myth was a popular
belief.
In hindsight we should have credited deposits after one confirmation so they
would show up in the transaction history, and held the deposit until it reached
at least 3 confirmations. Keeping track of two balances and displaying them in
the login area would have been trivial. Would that mean that there were actual double spend transactions and possible 51% attacks, or the thieves got really lucky because some of their transactions were part of a chain fork split?
It may. However, controlling 51% of the network only means that you can outrun the honest miners on a consistent basis. An attacker could've been constantly moving funds to and from MyBitcoin, hoping for a lucky break where he got lucky and scored a couple of fast rounds, and the network slower ones. Or does that mean there is a higher probability that they lied?
This is what I think happened. There is no way they kept just 49% of their funds in cold storage. Even if you only moved funds to and from cold storage once per day, there probably still wasn't need for 51% of their funds to be active and ready to go. |
|
|
|
horgh
Newbie
Offline
Activity: 20
Merit: 0
|
|
February 24, 2012, 12:17:37 PM |
|
Site is completely down now...
|
|
|
|
|
|
piuk (OP)
|
|
February 24, 2012, 12:22:11 PM |
|
I'm on it.
|
|
|
|
Inaba
Legendary
Offline
Activity: 1260
Merit: 1000
|
|
February 24, 2012, 03:14:24 PM |
|
Well get off it and fix it! Jeez... everyone knows sitting on a computer usually causes it to crash.
|
If you're searching these lines for a point, you've probably missed it. There was never anything there in the first place.
|
|
|
pirateat40
Avast Ye!
Sr. Member
Offline
Activity: 378
Merit: 250
"Yes I am a pirate, 200 years too late."
|
|
February 25, 2012, 12:40:28 AM |
|
The wallet just doesn't seem to work anymore. |
|
|
|
Callius
Newbie
Offline
Activity: 25
Merit: 0
|
|
February 25, 2012, 01:00:23 AM |
|
Anyone else seeing a spike on the unknown % making up the hash rate? looking at 53% atm with 67 blocks solved by 0.0.0.0 , is this just a default IP the site sets if it can't get one, an error, plain luck or something else?
|
|
|
|
|
Inaba
Legendary
Offline
Activity: 1260
Merit: 1000
|
|
February 25, 2012, 01:57:26 AM |
|
The entire blockchain is messed up on the site, if you go look at individual blocks, the coinbase is wrong, along with the inputs and transactions.
The hashes are right... something is crosslinked somewhere that shouldn't be.
|
If you're searching these lines for a point, you've probably missed it. There was never anything there in the first place.
|
|
|
|
Jine
|
|
February 25, 2012, 12:01:01 PM |
|
The entire blockchain is messed up on the site, if you go look at individual blocks, the coinbase is wrong, along with the inputs and transactions.
The hashes are right... something is crosslinked somewhere that shouldn't be.
Could this be related: This is NOT our block: https://blockchain.info/block-height/168357We're using poolserverj with workmaker, so all our generated inputs go to the same address, and it's the address shown on: http://blockexplorer.com/block/00000000000001d440e68701c7e82de8b095741bdb76936b07598a8a9d0a5c29https://blockchain.info/blocks/Bitcoins.lc isn't even our URL afaik. https://blockchain.info/blocks/Bitlc.net shows the correct blocks, but what and where does Bitcoins.lc comes from? Whats going on? Is it possible to delete the bitcoins.lc-tag from that block, so our users don't get confused? Note:All our blocks contains "BitLC /P2SH/" in the coinbase, just fyi. |
Previous founder of Bit LC Inc. | I've always loved the idea of bitcoin.
|
|
|
|
piuk (OP)
|
|
February 25, 2012, 12:36:24 PM |
|
Yesterday there was a problem with the database, I thought I had fixed it by importing a backup from a few days ago. But it looks like the script indexes are out of sync with the transaction indexes. I'm not sure what to do, I think the only option is to reimport the entire blockchain - but then all previous orphaned block data and ip address data will be lost.
I'm so tired of this, I'm supposed to be taking a break from bitcoin development for a bit.
|
|
|
|
|
Jine
|
|
February 25, 2012, 01:19:28 PM |
|
I know the feeling  I support you in either way, you're doing a great job. |
Previous founder of Bit LC Inc. | I've always loved the idea of bitcoin.
|
|
|
|
