Bitcoin Forum
November 09, 2024, 03:47:09 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: « 1 ... 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 [118] 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 ... 280 »
  Print  
Author Topic: Eligius: 0% Fee BTC, 105% PPS NMC, No registration, CPPSRB  (Read 1061430 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
kp5995
Newbie
*
Offline Offline

Activity: 36
Merit: 0


View Profile
June 12, 2014, 10:48:39 AM
 #2341

Just a stats issue, although I did a rewind on CPPSRB back several hours to make sure it gets corrected properly.  Should correct itself shortly.

Thank You
merv77
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500


1.21 GIGA WATTS


View Profile
June 12, 2014, 11:53:57 AM
 #2342

thanks wizkid, stats working now
fubly
Hero Member
*****
Offline Offline

Activity: 561
Merit: 521


Trustless IceColdWallet


View Profile WWW
June 12, 2014, 12:00:52 PM
 #2343

where can I see the nmc payouts, or the nmc I mined?

thx

each time you send a transaction don't forget to use a new address, each time you receive one also!
Bitskint
Member
**
Offline Offline

Activity: 79
Merit: 10


View Profile
June 12, 2014, 12:51:17 PM
 #2344

where can I see the nmc payouts, or the nmc I mined?

thx

There are no stats at the moment for those.

You have to wait for them to turn up in your wallet .

1M68XehjYww77DLgwW9rk2zRid8Z8B7uw7 <-- my new BTC addy since Cryptsy took everything
jcumins
Full Member
***
Offline Offline

Activity: 312
Merit: 100


Bcnex - The Ultimate Blockchain Trading Platform


View Profile
June 12, 2014, 02:32:14 PM
 #2345

Looks like it is broken again,  for the pay out process that is.  Looks like the shares are still working.

I truly feel for Wizkid he works hard keeping this running.

kp5995
Newbie
*
Offline Offline

Activity: 36
Merit: 0


View Profile
June 13, 2014, 02:12:48 AM
 #2346

Looks like it is broken again,  for the pay out process that is.  Looks like the shares are still working.

I truly feel for Wizkid he works hard keeping this running.

What's broken?  My payment has not been confirmed 4plus hrs
wizkid057 (OP)
Legendary
*
Offline Offline

Activity: 1223
Merit: 1006


View Profile
June 13, 2014, 02:15:29 AM
 #2347

Nothing broken.

Tips: 1LDQrLr6dPVqNJmpZm82eZVKqDFRk7ERW8
Operator of the Eligius Mining Pool - 0% Fee, SAPPLNS, GBT, Stratum, IRC+Phone Support, Share Market (coming soon), Generation payouts, and more.
Don't feed the trolls. Science Confirms: Internet Trolls Really Are Narcissistic, Psychopathic, and Sadistic (1)
wizkid057 (OP)
Legendary
*
Offline Offline

Activity: 1223
Merit: 1006


View Profile
June 13, 2014, 02:19:01 AM
 #2348

Greetings Eligius miners,

So, after some investigation over the past month or so, it turns out a couple of clients/addresses were involved in a “block withholding attack” against Eligius which has cost us an estimated 300 BTC, and likely miners of other pools as well. A block withholding attack is where a miner submits low difficulty shares but does not submit block solutions— so they appear to be working for the pool and continue to get paid while not actually doing useful work for the pool.

It is unknown how many other pools they’ve executed this attack against. While withholding attacks are detectable, they are not possible to prevent: the risk of block withholding is inherent in how Bitcoin pooling works. Since the attacker does not gain any direct benefit by performing the attack it is usually assumed to not be a serious risk. A withholding attacker can’t profit, except through indirect effects like making a pool look less “lucky” and driving miners to other pools.

My guess is that they never expected to get caught and suffer income loss as a result of their attack.  But, once they were caught, I put a filter in place to block them from the payout queue (similar to the block on known MtGox addresses). Eligius’s offline wallet now has roughly 200 BTC work credits held from the payout queue under the attacker's addresses, that we have stopped them from stealing.

When they noticed, weeks later, they contacted us complaining.  We asked them to sign messages to verify they were in fact in control of the addresses in question including asking them to include a real name and location in the signed message, refusing to discuss it until they had done so.  They eventually responded around the Memorial Day US holiday weekend.  Before we were able to respond (everyone has been extra busy as you all know), they threatened putting a 200 BTC bounty on hacking Eligius. More recently, their behaviours have extended to additional ultimatums, arbitrary deadlines, demanding 1164%-APY interest on the payout, etc.

Suffice it to say, communications with the attacker have been less than productive.

My original plan was to return the coins we have held in offline storage to the rightful owners— the miners who were submitting real work and were affected by the withholding attack— by paying towards shelved shares accrued during that time period (doing this is non-trivial due to security measures in place). This is still my intention, as I have no real inclination to yield to the demands and threats made by this attacker who has cost all of us quite a bit. It has unofficially been decided that if it came down to it, Eligius would shut down before being forced to pay any attacker of any kind any amount whatsoever.

In any case, I wanted to make sure I posted the details of this before the attacker attempts to take the public FUD route, and possibly get some constructive opinions on how to actually proceed with this.  

I will be posting all details we have about this soon.  For now, the two addresses I have filtered from the payout queue are 17JkL94B2ngJg4QQZuiozDQjnxXB6B7yTc and 1Gu8zxRi8cyENV8CQe52D7QEsiZ7ruT73u.

Rest assured that there is no need to be concerned about their threats.  Eligius is the second oldest mining pool and is also one of the few remaining pools which has never had any loss of bitcoin from any type of hack.  The reason there have been no successful hacks is because we take security very seriously.  There really are no possible methods for such an attack with Eligius.  While I won't reveal any of the specific security measures in place, even if an attacker were to somehow compromise any or even every single Eligius server, keep in mind that there are no funds stored on any online machine for them to steal anyway.  Other data is protected and verified by remote machines as well.  The pool will simply be cut off from the world pending my personal review if anything important were actually manipulated. As previously noted, the offline wallet requires coordination between both myself and Luke-Jr, and also very shortly, after completing some testing, a confidential third party.

I am taking this very seriously, and I'll be monitoring the pool as closely as possible.  Measures are also being taken to further harden our already very good existing security as well. If  My assumption is that the attacker is not going to take kindly to being publicly outed.

Thanks,

-wk

P.S. - This is unrelated to any of the stats issues that have occurred. (Server migration for the new web server is still under way…)

Tips: 1LDQrLr6dPVqNJmpZm82eZVKqDFRk7ERW8
Operator of the Eligius Mining Pool - 0% Fee, SAPPLNS, GBT, Stratum, IRC+Phone Support, Share Market (coming soon), Generation payouts, and more.
Don't feed the trolls. Science Confirms: Internet Trolls Really Are Narcissistic, Psychopathic, and Sadistic (1)
kp5995
Newbie
*
Offline Offline

Activity: 36
Merit: 0


View Profile
June 13, 2014, 02:27:29 AM
 #2349

Nothing broken.

yeah, my problem doesn't look like eligius.
crashoveride54902
Hero Member
*****
Offline Offline

Activity: 784
Merit: 504


Dream become broken often


View Profile
June 13, 2014, 02:40:13 AM
 #2350

WOOT WTG WK!!! you teach them that messing with our pool isn't an option Cheesy Great job on catching them and stopping them from getting their reward for doing nothing Smiley Finally some scammers didn't get to scam...oh how good that makes me feel...lost 21 coins to some lying cheating bastards already Sad one was the btcrow or some website email scam..thought i was using escrow but was really sending them the coins Sad oh well...Great job on running the pool WK!! couldn't ask for a better pool op

Dreams of cyprto solving everything is slowly slipping away...Replaced by scams/hacks Sad
GrapeApe
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250



View Profile
June 13, 2014, 02:49:55 AM
 #2351


It is unknown how many other pools they’ve executed this attack against. While withholding attacks are detectable, they are not possible to prevent: the risk of block withholding is inherent in how Bitcoin pooling works. Since the attacker does not gain any direct benefit by performing the attack it is usually assumed to not be a serious risk. A withholding attacker can’t profit, except through indirect effects like making a pool look less “lucky” and driving miners to other pools.

My guess is that they never expected to get caught and suffer income loss as a result of their attack.  But, once they were caught, I put a filter in place to block them from the payout queue (similar to the block on known MtGox addresses). Eligius’s offline wallet now has roughly 200 BTC work credits held from the payout queue under the attacker's addresses, that we have stopped them from stealing.


Nice catch first of all. I appreciate the due diligence.

I have what may be a stupid question(who knows).

You say there is no way the attacker can profit, but I was wondering by withholding are they possibly withholding shares of a certain difficulty range and mining at several pools with difficulty ranges for each to look like they are mining at each pool to get credit for their hash rate at each pool?

I don't even know if this is possible and I've been drinking a little, but it came to me while reading your post....

Anyway again nice catch.....
organofcorti
Donator
Legendary
*
Offline Offline

Activity: 2058
Merit: 1007


Poor impulse control.


View Profile WWW
June 13, 2014, 03:08:59 AM
 #2352

Greetings Eligius miners,

So, after some investigation over the past month or so, it turns out a couple of clients/addresses were involved in a “block withholding attack” against Eligius which has cost us an estimated 300 BTC, and likely miners of other pools as well.

Was this done intentionally, or was it due to the same bug that was seen at BTC Guild (where valid shares > 2^31 were not submitted by a particular device)? Or is there some news that I'm not aware of?

Bitcoin network and pool analysis 12QxPHEuxDrs7mCyGSx1iVSozTwtquDB3r
follow @oocBlog for new post notifications
taipo
Full Member
***
Offline Offline

Activity: 238
Merit: 100

Kia ora!


View Profile WWW
June 13, 2014, 03:10:46 AM
 #2353

including asking them to include a real name and location in the signed message, refusing to discuss it until they had done so.  They eventually responded around the Memorial Day US holiday weekend

So who are they?

Support the two platforms essential to protecting the identities of whistleblowers. Both accept bitcoin donations.
https://globaleaks.org - GlobalLeaks ( btc: see http://goo.gl/D5wM0L )
http://goo.gl/sZg2RN  - SecureDrop: whistleblower submission system
eleuthria
Legendary
*
Offline Offline

Activity: 1750
Merit: 1007



View Profile
June 13, 2014, 03:11:08 AM
 #2354

Greetings Eligius miners,

So, after some investigation over the past month or so, it turns out a couple of clients/addresses were involved in a “block withholding attack” against Eligius which has cost us an estimated 300 BTC, and likely miners of other pools as well.

Was this done intentionally, or was it due to the same bug that was seen at BTC Guild (where validshares > 2^31 were not submitted by a particular device)? Or is there some news that I'm not aware of?

Same users.  Before the full scope of what was happening to BTC Guild was made clear, I informed many other pool operators of the addresses for accounts I was freezing in relation to the block withholding.  We were in discussion about withholding vectors already from the abnormally low luck that Eligius and BTC Guild both had in March and April respectively.

RIP BTC Guild, April 2011 - June 2015
ManeBjorn
Legendary
*
Offline Offline

Activity: 1288
Merit: 1004



View Profile
June 13, 2014, 03:28:33 AM
 #2355

It's getting abnormally low again. Do you think they are just moving around now?
I wish they would just go to ghash and screw them up and leave us alone at the legit pools.


Greetings Eligius miners,

So, after some investigation over the past month or so, it turns out a couple of clients/addresses were involved in a “block withholding attack” against Eligius which has cost us an estimated 300 BTC, and likely miners of other pools as well.

Was this done intentionally, or was it due to the same bug that was seen at BTC Guild (where validshares > 2^31 were not submitted by a particular device)? Or is there some news that I'm not aware of?

Same users.  Before the full scope of what was happening to BTC Guild was made clear, I informed many other pool operators of the addresses for accounts I was freezing in relation to the block withholding.  We were in discussion about withholding vectors already from the abnormally low luck that Eligius and BTC Guild both had in March and April respectively.

Hektur
Member
**
Offline Offline

Activity: 271
Merit: 10


View Profile
June 13, 2014, 03:31:04 AM
 #2356

Good catch guys.

I'm with Wizkid, No negotiating with terrorists or extortionists.  Too bad there is no registration on Eligius or we could all call out for a name and shame.

They want a higher percentage rate than those payday loan locations.

Luke-Jr
Legendary
*
Offline Offline

Activity: 2576
Merit: 1186



View Profile
June 13, 2014, 03:42:59 AM
 #2357

they threatened putting a 200 BTC bounty on hacking Eligius.
LOL, if someone could hack Eligius to get 200 BTC, why would they be waiting for a bounty? Smiley

AussieHash
Hero Member
*****
Offline Offline

Activity: 692
Merit: 500



View Profile
June 13, 2014, 03:48:37 AM
 #2358

We're missing something. To block withold attack of this magnitude (given the luck change) would have to be 2,000TH per pool. To do this to eligius and BTC guild for 2 months would not make sense unless they could profit elsewhere.
jamesg
VIP
Legendary
*
Offline Offline

Activity: 1358
Merit: 1000


AKA: gigavps


View Profile
June 13, 2014, 04:04:37 AM
 #2359

We're missing something. To block withold attack of this magnitude (given the luck change) would have to be 2,000TH per pool. To do this to eligius and BTC guild for 2 months would not make sense unless they could profit elsewhere.

Not true. By going unnoticed and getting paid they only suffered a small percentage of the total payout as a loss. If they haven't fixed the bug by now, it is probably something wrong with the hardware and would be a total loss if they didn't scam unsuspecting pools. This is not a defense of their actions, only my attempt to find a root cause for the attacker to continue to block withhold.

The only people making hardware, writing their own software and mining at the ~2Ph/s scale that I am aware of is ______.
warhawk187
Sr. Member
****
Offline Offline

Activity: 327
Merit: 250



View Profile
June 13, 2014, 04:07:08 AM
 #2360

We're missing something. To block withold attack of this magnitude (given the luck change) would have to be 2,000TH per pool. To do this to eligius and BTC guild for 2 months would not make sense unless they could profit elsewhere.

ghash.io?

Pages: « 1 ... 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 [118] 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 ... 280 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!