Bitcoin Forum
November 07, 2024, 02:46:37 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: « 1 ... 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 [119] 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 ... 280 »
  Print  
Author Topic: Eligius: 0% Fee BTC, 105% PPS NMC, No registration, CPPSRB  (Read 1061425 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
jamesg
VIP
Legendary
*
Offline Offline

Activity: 1358
Merit: 1000


AKA: gigavps


View Profile
June 13, 2014, 04:13:18 AM
 #2361

It is unknown how many other pools they’ve executed this attack against. While withholding attacks are detectable, they are not possible to prevent: the risk of block withholding is inherent in how Bitcoin pooling works. Since the attacker does not gain any direct benefit by performing the attack it is usually assumed to not be a serious risk. A withholding attacker can’t profit, except through indirect effects like making a pool look less “lucky” and driving miners to other pools.

Can eligius code something that says to the effect "if you are over x% of the pool, we withhold all payments until you've found a block"?

x% would be such that the attacker would need to go to great lengths to mine at or under that percentage on different btc addresses?

Is this a feasible solution to keep known withholding attackers at bay?
ratty
Sr. Member
****
Offline Offline

Activity: 261
Merit: 250


View Profile
June 13, 2014, 04:16:45 AM
 #2362

I'm just curious, how do you detect it, and know they aren't just unlucky in ever finding a block?
gmaxwell
Moderator
Legendary
*
Offline Offline

Activity: 4270
Merit: 8805



View Profile WWW
June 13, 2014, 04:25:52 AM
 #2363

Can eligius code something that says to the effect "if you are over x% of the pool, we withhold all payments until you've found a block"?
Not really useful, since you could always split yourself up to a bunch of small accounts... and even if you weren't attacking you'd prudently do this to avoid any delays, even if they were small. Smiley  ... if you thought your odds of getting a block soon were good why would you be on the pool in the first place? Smiley
Hektur
Member
**
Offline Offline

Activity: 271
Merit: 10


View Profile
June 13, 2014, 05:00:52 AM
 #2364

We're missing something. To block withold attack of this magnitude (given the luck change) would have to be 2,000TH per pool. To do this to eligius and BTC guild for 2 months would not make sense unless they could profit elsewhere.

Not true. By going unnoticed and getting paid they only suffered a small percentage of the total payout as a loss. If they haven't fixed the bug by now, it is probably something wrong with the hardware and would be a total loss if they didn't scam unsuspecting pools. This is not a defense of their actions, only my attempt to find a root cause for the attacker to continue to block withhold.

The only people making hardware, writing their own software and mining at the ~2Ph/s scale that I am aware of is ______.

If this is the case and it is the pool with the biggest percentage right now, then they are after 51% and seek to undermine, control and possibly destroy BTC or at least damage the reputation.  There has been speculation about them hiding their hashing power by splitting it and obscuring the pool that found the blocks, but since the miners there refuse to leave to another pool, I don't think much if anything can be done.

Regardless, at least these people were found and have had their btc frozen.  It's a possibility that their delay in attempting to withdraw the coins was an attempt to slide under the radar while they were busy doing the same to other pools.  No matter what, we can go ahead and figure that they are reading these posts and are either laughing about it (thinking they got away with something), or seething  because Wizkid made an official post about them.  Either way, we need to stand with Wizkid, Luke Jr and Eleuthria.  Threats are just that...threats.  Terrorists seek to cause fear amongst the people.  Extortionists just want to line their greedy pockets from other people's hard work.

Has anyone taken into account that instead of another pool being responsible that it could be a ASIC company that has failed over and over again to ship products to consumers who pre-ordered months in advance?

organofcorti
Donator
Legendary
*
Offline Offline

Activity: 2058
Merit: 1007


Poor impulse control.


View Profile WWW
June 13, 2014, 05:04:20 AM
 #2365

We're missing something. To block withold attack of this magnitude (given the luck change) would have to be 2,000TH per pool. To do this to eligius and BTC guild for 2 months would not make sense unless they could profit elsewhere.

Not true. By going unnoticed and getting paid they only suffered a small percentage of the total payout as a loss. If they haven't fixed the bug by now, it is probably something wrong with the hardware and would be a total loss if they didn't scam unsuspecting pools. This is not a defense of their actions, only my attempt to find a root cause for the attacker to continue to block withhold.

The only people making hardware, writing their own software and mining at the ~2Ph/s scale that I am aware of is ______.

If this is the case and it is the pool with the biggest percentage right now, then they are after 51% and seek to undermine, control and possibly destroy BTC or at least damage the reputation. 


How is a 2Phps pool (2% of the network) going to come close to a 51% attack?

Bitcoin network and pool analysis 12QxPHEuxDrs7mCyGSx1iVSozTwtquDB3r
follow @oocBlog for new post notifications
CanaryInTheMine
Donator
Legendary
*
Offline Offline

Activity: 2352
Merit: 1060


between a rock and a block!


View Profile
June 13, 2014, 05:18:40 AM
 #2366

Nice job catching them!!!
I think out of the 200 btc, Eligius should acquire solid state disks (such as nimbus data gemeni flash array).  Db will never have any issues and rebuilding/reorganizing etc.. will be a thousand times faster. 
Just my 2 cents. 
Overall, we should beef up Eligius and spread what's leftover

Another point, couldn't we analyze these 2 addresses for relationships with other addresses to see if we could infer identities behind these addys?  Maybe not, but it could yield some interesting leads...
wizkid057 (OP)
Legendary
*
Offline Offline

Activity: 1223
Merit: 1006


View Profile
June 13, 2014, 05:20:47 AM
 #2367

Nice job catching them!!!
I think out of the 200 btc, Eligius should acquire solid state disks (such as nimbus data gemeni flash array).  Db will never have any issues and rebuilding/reorganizing etc.. will be a thousand times faster. 
Just my 2 cents. 
Overall, we should beef up Eligius and spread what's leftover

Another point, couldn't we analyze these 2 addresses for relationships with other addresses to see if we could infer identities behind these addys?  Maybe not, but it could yield some interesting leads...

The ~200 BTC belongs to the miners affected, IMO, not in any way a donation to Eligius.

On a side note, almost everything important is on SSDs except for the webserver... which will be shortly.  Software is needing some updating/rewriting to get more speed, though.

Tips: 1LDQrLr6dPVqNJmpZm82eZVKqDFRk7ERW8
Operator of the Eligius Mining Pool - 0% Fee, SAPPLNS, GBT, Stratum, IRC+Phone Support, Share Market (coming soon), Generation payouts, and more.
Don't feed the trolls. Science Confirms: Internet Trolls Really Are Narcissistic, Psychopathic, and Sadistic (1)
CanaryInTheMine
Donator
Legendary
*
Offline Offline

Activity: 2352
Merit: 1060


between a rock and a block!


View Profile
June 13, 2014, 05:25:44 AM
 #2368

Nice job catching them!!!
I think out of the 200 btc, Eligius should acquire solid state disks (such as nimbus data gemeni flash array).  Db will never have any issues and rebuilding/reorganizing etc.. will be a thousand times faster. 
Just my 2 cents. 
Overall, we should beef up Eligius and spread what's leftover

Another point, couldn't we analyze these 2 addresses for relationships with other addresses to see if we could infer identities behind these addys?  Maybe not, but it could yield some interesting leads...

The ~200 BTC belongs to the miners affected, IMO, not in any way a donation to Eligius.

On a side note, almost everything important is on SSDs except for the webserver... which will be shortly.  Software is needing some updating/rewriting to get more speed, though.
All true... I'd give up my portion to put towards improvements...  There's probably enough miners here who'd do the same.  If Eligius is made better and faster, more miners will come over
AussieHash
Hero Member
*****
Offline Offline

Activity: 692
Merit: 500



View Profile
June 13, 2014, 05:30:02 AM
 #2369

I have a theory. The network hashrate has just jumped up 14PH approx as per bitcoinwisdom difficulty.

Perhaps this is a large farm, concerned about rising difficulty and wanting to minimize the impact of difficulty increases. They mine on btcguild/eligius and submit low difficulty shares (for which they are paid) and discard winning shares (so the network hashrate is artificially low). Profit ?
CanaryInTheMine
Donator
Legendary
*
Offline Offline

Activity: 2352
Merit: 1060


between a rock and a block!


View Profile
June 13, 2014, 05:40:51 AM
 #2370

I have a theory. The network hashrate has just jumped up 14PH approx as per bitcoinwisdom difficulty.

Perhaps this is a large farm, concerned about rising difficulty and wanting to minimize the impact of difficulty increases. They mine on btcguild/eligius and submit low difficulty shares (for which they are paid) and discard winning shares (so the network hashrate is artificially low). Profit ?
Could they be not discarding winning shares and instead using them in solo mining setup?
Guarantee themselves benefits of pooled mining and win some by solo mining winning shares by withholding from a pool?
eleuthria
Legendary
*
Offline Offline

Activity: 1750
Merit: 1007



View Profile
June 13, 2014, 05:49:04 AM
 #2371

I have a theory. The network hashrate has just jumped up 14PH approx as per bitcoinwisdom difficulty.

Perhaps this is a large farm, concerned about rising difficulty and wanting to minimize the impact of difficulty increases. They mine on btcguild/eligius and submit low difficulty shares (for which they are paid) and discard winning shares (so the network hashrate is artificially low). Profit ?
Could they be not discarding winning shares and instead using them in solo mining setup?
Guarantee themselves benefits of pooled mining and win some by solo mining winning shares by withholding from a pool?

Work done for the pool is useless for solo/any other pool.  The hash is only valid for the pool it came from, with the payment to the address the pool told you to put.  Otherwise the pool's hash (since the pools check your work) will not match yours and it will be rejected.

RIP BTC Guild, April 2011 - June 2015
baddw
Hero Member
*****
Offline Offline

Activity: 700
Merit: 500



View Profile
June 13, 2014, 06:37:09 AM
 #2372

Greetings Eligius miners,

So, after some investigation over the past month or so, it turns out a couple of clients/addresses were involved in a “block withholding attack” against Eligius which has cost us an estimated 300 BTC, and likely miners of other pools as well. A block withholding attack is where a miner submits low difficulty shares but does not submit block solutions— so they appear to be working for the pool and continue to get paid while not actually doing useful work for the pool.

It is unknown how many other pools they’ve executed this attack against. While withholding attacks are detectable, they are not possible to prevent: the risk of block withholding is inherent in how Bitcoin pooling works. Since the attacker does not gain any direct benefit by performing the attack it is usually assumed to not be a serious risk. A withholding attacker can’t profit, except through indirect effects like making a pool look less “lucky” and driving miners to other pools.

My guess is that they never expected to get caught and suffer income loss as a result of their attack.  But, once they were caught, I put a filter in place to block them from the payout queue (similar to the block on known MtGox addresses). Eligius’s offline wallet now has roughly 200 BTC work credits held from the payout queue under the attacker's addresses, that we have stopped them from stealing.

When they noticed, weeks later, they contacted us complaining.  We asked them to sign messages to verify they were in fact in control of the addresses in question including asking them to include a real name and location in the signed message, refusing to discuss it until they had done so.  They eventually responded around the Memorial Day US holiday weekend.  Before we were able to respond (everyone has been extra busy as you all know), they threatened putting a 200 BTC bounty on hacking Eligius. More recently, their behaviours have extended to additional ultimatums, arbitrary deadlines, demanding 1164%-APY interest on the payout, etc.

Suffice it to say, communications with the attacker have been less than productive.

My original plan was to return the coins we have held in offline storage to the rightful owners— the miners who were submitting real work and were affected by the withholding attack— by paying towards shelved shares accrued during that time period (doing this is non-trivial due to security measures in place). This is still my intention, as I have no real inclination to yield to the demands and threats made by this attacker who has cost all of us quite a bit. It has unofficially been decided that if it came down to it, Eligius would shut down before being forced to pay any attacker of any kind any amount whatsoever.

In any case, I wanted to make sure I posted the details of this before the attacker attempts to take the public FUD route, and possibly get some constructive opinions on how to actually proceed with this.  

I will be posting all details we have about this soon.  For now, the two addresses I have filtered from the payout queue are 17JkL94B2ngJg4QQZuiozDQjnxXB6B7yTc and 1Gu8zxRi8cyENV8CQe52D7QEsiZ7ruT73u.

Rest assured that there is no need to be concerned about their threats.  Eligius is the second oldest mining pool and is also one of the few remaining pools which has never had any loss of bitcoin from any type of hack.  The reason there have been no successful hacks is because we take security very seriously.  There really are no possible methods for such an attack with Eligius.  While I won't reveal any of the specific security measures in place, even if an attacker were to somehow compromise any or even every single Eligius server, keep in mind that there are no funds stored on any online machine for them to steal anyway.  Other data is protected and verified by remote machines as well.  The pool will simply be cut off from the world pending my personal review if anything important were actually manipulated. As previously noted, the offline wallet requires coordination between both myself and Luke-Jr, and also very shortly, after completing some testing, a confidential third party.

I am taking this very seriously, and I'll be monitoring the pool as closely as possible.  Measures are also being taken to further harden our already very good existing security as well. If  My assumption is that the attacker is not going to take kindly to being publicly outed.

Thanks,

-wk

P.S. - This is unrelated to any of the stats issues that have occurred. (Server migration for the new web server is still under way…)

Great work!  I'm so glad you caught the bastards.  I know that many of us in this thread and elsewhere have been suspicious of the bad luck lately, and I have seen rumors of block withholding attacks in several locations.  Giving the BTC to honest miners sounds like the right way to go IMO Smiley  Looking forward to hearing more details, and seeing what kind of sleuthing the revenge squad can come up with, LOL.

Might not hurt to put this post, or a shortened version of it, in one of the reserved posts on the front page of this thread for easy reference.

BTC/XCP 11596GYYq5WzVHoHTmYZg4RufxxzAGEGBX
DRK XvFhRFQwvBAmFkaii6Kafmu6oXrH4dSkVF
Eligius Payouts/CPPSRB Explained  I am not associated with Eligius in any way.  I just think that it is a good pool with a cool payment system Smiley
Bitskint
Member
**
Offline Offline

Activity: 79
Merit: 10


View Profile
June 13, 2014, 07:47:26 AM
 #2373

Sorry for being not too clued up on the software that runs all the hashing to do with Bitcoin, but
why is there no time limit for work to be returned ?

Having been a SETI/BOINC cruncher from early days , to present , there is a time limit in place, that if you do not return
your work in a given time period the work is sent out to someone else.

I know a month for SETI is ok - maybe a much less time period should have been in placed into Bitcoin Mining
so as you had a small window to return your work - if you had a power loss or some internet time - you lose a little - but not
a lot.

Nice work.  WK.


1M68XehjYww77DLgwW9rk2zRid8Z8B7uw7 <-- my new BTC addy since Cryptsy took everything
greenlion
Hero Member
*****
Offline Offline

Activity: 667
Merit: 500


View Profile
June 13, 2014, 07:49:12 AM
 #2374

What would be the incentive of actually running a block-withholding attack, when all it actually does is reduce the profitability of having run that hashing power in the first place?

Is it sufficiently-compelling to hash at a loss simply to reduce the payouts of other participants?
Luke-Jr
Legendary
*
Offline Offline

Activity: 2576
Merit: 1186



View Profile
June 13, 2014, 07:50:53 AM
 #2375

Sorry for being not too clued up on the software that runs all the hashing to do with Bitcoin, but
why is there no time limit for work to be returned ?
There is, 1-2 minutes.
Miners cannot lie positively (claiming there is a share at X when there isn't) because the pool double-checks every share, but they CAN lie negatively (claiming there is no share at X where there is) which is what block withholding does.

HypnoticGuy
Member
**
Offline Offline

Activity: 65
Merit: 10


View Profile WWW
June 13, 2014, 08:02:03 AM
 #2376

Eligius’s offline wallet now has roughly 200 BTC work credits held from the payout queue under the attacker's addresses, that we have stopped them from stealing.

This is fucking awesome!  What an idiot, or bunch of idiots!


At the current rate of $601.50 per BTC they have had to forfeit over $120,000.


Ha ha ha ha ha! ROTFL!!!!!


No matter what their attack actually accomplished, I am pretty sure it wasn't worth a cost of $120,000.
freebit13
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500

I got Satoshi's avatar!


View Profile
June 13, 2014, 08:09:19 AM
 #2377

Nice work WK and Luke! Obviously you've put something in place to prevent them from simply changing btc addresses and carrying on...

And thank you for being so honest and trustworthy WK, I've agreed with every decision you've made so far and it's clear to me that you have very high ethical standards as this would have been an excellent opportunity to fill your personal wallet with an extra 200btc Wink

On a side note, looks like automatic NMC payments are working nicely too Smiley

Decentralize EVERYTHING!
Bitskint
Member
**
Offline Offline

Activity: 79
Merit: 10


View Profile
June 13, 2014, 08:10:14 AM
 #2378

Sorry for being not too clued up on the software that runs all the hashing to do with Bitcoin, but
why is there no time limit for work to be returned ?
There is, 1-2 minutes.
Miners cannot lie positively (claiming there is a share at X when there isn't) because the pool double-checks every share, but they CAN lie negatively (claiming there is no share at X where there is) which is what block withholding does.

Oh !!

Thanks.

1M68XehjYww77DLgwW9rk2zRid8Z8B7uw7 <-- my new BTC addy since Cryptsy took everything
HypnoticGuy
Member
**
Offline Offline

Activity: 65
Merit: 10


View Profile WWW
June 13, 2014, 08:21:35 AM
 #2379

Greetings Eligius miners,

.... When they noticed, weeks later, they contacted us complaining.  We asked them to sign messages to verify they were in fact in control of the addresses in question including asking them to include a real name and location in the signed message, refusing to discuss it until they had done so.  They eventually responded around the Memorial Day US holiday weekend.  ....

I will be posting all details we have about this soon.  

Did they actually give you a real name and location?  Do you actually know who it is that did this?  


If so, you should post all of their details immediately.  


Also, is there any legal recourse that can be taken?
NewLiberty
Legendary
*
Offline Offline

Activity: 1204
Merit: 1002


Gresham's Lawyer


View Profile WWW
June 13, 2014, 09:03:54 AM
 #2380

including asking them to include a real name and location in the signed message, refusing to discuss it until they had done so.  They eventually responded around the Memorial Day US holiday weekend

So who are they?

Someone with Hash power to waste on such nonsense.

Current pool distribution.
https://blockchain.info/pools?timespan=24hrs

FREE MONEY1 Bitcoin for Silver and Gold NewLibertyDollar.com and now BITCOIN SPECIE (silver 1 ozt) shows value by QR
Bulk premiums as low as .0012 BTC "BETTER, MORE COLLECTIBLE, AND CHEAPER THAN SILVER EAGLES" 1Free of Government
Pages: « 1 ... 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 [119] 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 ... 280 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!