Bitcoin Forum
December 14, 2024, 01:46:02 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 5 6 7 »  All
  Print  
Author Topic: Stats on malled transactions  (Read 17402 times)
Jan (OP)
Legendary
*
Offline Offline

Activity: 1043
Merit: 1002



View Profile
February 11, 2014, 07:03:30 AM
Last edit: February 15, 2014, 11:00:32 AM by Jan
 #1

I am running a custom node that does real-time double spend analysis. I took a look at the log file over the last few days to see what was going on now that we have a lot of focus on malleable transactions.

Note that my custom node counts mutations on the same transaction as a double spend, which it isn't.

Detected double spends by date:

2014-01-29 470
2014-01-30 460
2014-01-31 460
2014-01-29 470
2014-01-30 460
2014-01-31 0
2014-02-01 39
2014-02-02 18
2014-02-03 97
2014-02-04 918
2014-02-05 461
2014-02-06 406
2014-02-07 769
2014-02-08 1260
2014-02-09 2618
2014-02-10 14576
2014-02-11 16960
2014-02-12 393
2014-02-13 219
2014-02-14 54

Needless to say that things got hectic yesterday with 14576 "double spends" which I am pretty sure are malled transactions.

We seem to be approaching the total number of transactions which is about 60k a day. So it seems that someone is having a lot of fun.

I will be changing my software to do real malled transaction detection to get some more accurate numbers.

Edit 1: added stats for 2014-02-11
Edit 2: added stats for 2014-02-12
Edit 3: added stats for 2014-02-13
Edit 4: added stats for 2014-02-14

Mycelium let's you hold your private keys private.
maaku
Legendary
*
expert
Offline Offline

Activity: 905
Merit: 1012


View Profile
February 11, 2014, 07:23:52 AM
 #2

What do you mean by double-spend?

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
Jan (OP)
Legendary
*
Offline Offline

Activity: 1043
Merit: 1002



View Profile
February 11, 2014, 07:33:15 AM
 #3

What do you mean by double-spend?
Two transactions with different hashes and with overlapping inputs.
The definition is not entirely correct as a malled tx is not a double spend.

Mycelium let's you hold your private keys private.
nibyokwy
Newbie
*
Offline Offline

Activity: 51
Merit: 0


View Profile
February 11, 2014, 08:44:27 AM
 #4

Two transactions with different hashes and with overlapping inputs.
The definition is not entirely correct as a malled tx is not a double spend.
it will result in one though if the user has also tried to spend the change output of the original transaction that was voided by the malleable one. this seems to be happening quite a lot based on network chatter. probably because the client allows spending the change while it's unconfirmed.
Jan (OP)
Legendary
*
Offline Offline

Activity: 1043
Merit: 1002



View Profile
February 11, 2014, 11:21:50 AM
 #5

Two transactions with different hashes and with overlapping inputs.
The definition is not entirely correct as a malled tx is not a double spend.
it will result in one though if the user has also tried to spend the change output of the original transaction that was voided by the malleable one. this seems to be happening quite a lot based on network chatter. probably because the client allows spending the change while it's unconfirmed.
Correct. All wallets allowing spending unconfirmed coins-sent-to-self (bitcoin-qt included) are potentially affected.
If this trend continues wallets may have to abandon this practice until mallability issues have been resolved.

Mycelium let's you hold your private keys private.
Rampion
Legendary
*
Offline Offline

Activity: 1148
Merit: 1018


View Profile
February 11, 2014, 11:54:14 AM
 #6

Yes, those are very probably "mutated" transactions - I'm getting those "double spend attempts" on every and each transactions I've been transmitting since yesterday.

Pretty useless stuff for the attacker, but I can bet that some novice got scared by seeing two transactions instead of one.


dexX7
Legendary
*
Offline Offline

Activity: 1106
Merit: 1026



View Profile WWW
February 11, 2014, 02:07:52 PM
 #7

Hey Jan,

thanks for sharing. Is there a way to get those stats without any modifications from bitcoind? Would be nice, if you could keep this thread updated as it looks like the amount of attempted double spends still increases.

nomailing
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
February 11, 2014, 02:14:13 PM
 #8

These stats are really disconcerting.
The priority of the core devs should be to fix the malleability issue once and for all. It shouldn't be a problem to get a majority of the network to agree to some patch. I think everyone would agree that it would be good for Bitcoin to just disallow transaction malleability.

Also it would solve the problems with mtgox withdrawals. Of course, in principle, it is a bug in the mtgox wallet. But this shouldn't be the time to accuse each other. Just solve the issue in the protocol and everyone will be fine and we would all have a better Bitcoin after all this mess.

BM-2D9KqQQ9Fg864YKia8Yz2VTtcUPYFnHVBR
Loozik
Sr. Member
****
Offline Offline

Activity: 378
Merit: 250


Born to chew bubble gum and kick ass


View Profile
February 11, 2014, 02:16:52 PM
 #9

2014-01-29 470
2014-01-30 460
2014-01-31 460
2014-01-29 470
2014-01-30 460
2014-01-31 0
2014-02-01 39
2014-02-02 18
2014-02-03 97
2014-02-04 918
2014-02-05 461
2014-02-06 406
2014-02-07 769
2014-02-08 1260
2014-02-09 2618
2014-02-10 14576
                ---------
                23 482 BTC stolen? all from gox?
Jan (OP)
Legendary
*
Offline Offline

Activity: 1043
Merit: 1002



View Profile
February 11, 2014, 02:18:40 PM
 #10

Hey Jan,

thanks for sharing. Is there a way to get those stats without any modifications from bitcoind? Would be nice, if you could keep this thread updated as it looks like the amount of attempted double spends still increases.
I don't know how to get the stats from bitcoind, but looking into my debug.log I see a bunch of messages containing "was not accepted into the memory pool"
Many of those may be mutated transactions.
You can get a feel of how many there are by executing this (on a unix box):
Code:
grep "was not accepted into the memory pool" debug.log  | wc -l

In the meantime I can report that it has intensified. For today I have observed 16k "double spends", and there are still 9 hours left of "my today" (CET)

I will continue updating this thread as long as there is something interesting to report.

Mycelium let's you hold your private keys private.
Jan (OP)
Legendary
*
Offline Offline

Activity: 1043
Merit: 1002



View Profile
February 11, 2014, 02:19:56 PM
 #11

2014-01-29 470
2014-01-30 460
2014-01-31 460
2014-01-29 470
2014-01-30 460
2014-01-31 0
2014-02-01 39
2014-02-02 18
2014-02-03 97
2014-02-04 918
2014-02-05 461
2014-02-06 406
2014-02-07 769
2014-02-08 1260
2014-02-09 2618
2014-02-10 14576
                ---------
                23 482 BTC stolen? all from gox?
No. Those numbers are assumed transaction mutations on the bitcoin network over the last few days

Mycelium let's you hold your private keys private.
Loozik
Sr. Member
****
Offline Offline

Activity: 378
Merit: 250


Born to chew bubble gum and kick ass


View Profile
February 11, 2014, 02:22:17 PM
 #12

No. Those numbers are assumed transaction mutations on the bitcoin network over the last few days

Is there a way to calculate how many btcs were stolen through these malled / assumed malled transactions?
btcinsight
Member
**
Offline Offline

Activity: 104
Merit: 10


View Profile
February 11, 2014, 02:22:52 PM
 #13

Two transactions with different hashes and with overlapping inputs.
The definition is not entirely correct as a malled tx is not a double spend.
it will result in one though if the user has also tried to spend the change output of the original transaction that was voided by the malleable one. this seems to be happening quite a lot based on network chatter. probably because the client allows spending the change while it's unconfirmed.
Correct. All wallets allowing spending unconfirmed coins-sent-to-self (bitcoin-qt included) are potentially affected.
If this trend continues wallets may have to abandon this practice until mallability issues have been resolved.


I had a similar issue about one year ago. I was using bitcoind offline to issue several transactions, and probably some were taking change from the previous ones.

Afterwards, I took all the generated txs with getrawtransaction and went broadcast them through a connected computer on blockchain.info/pushtx.

I then saw that some were refused due to already spent outpoints, and I think it might be the very problem you are talking about.

But as long as there is no real attack, just rescanning to reference the mutated txid for subsequent spendings should be sufficient right?

Bitrated user: 2btcinsight.
Jan (OP)
Legendary
*
Offline Offline

Activity: 1043
Merit: 1002



View Profile
February 11, 2014, 02:29:38 PM
 #14

No. Those numbers are assumed transaction mutations on the bitcoin network over the last few days

Is there a way to calculate how many btcs were stolen through these malled / assumed malled transactions?
I can't think of a way to do that, and frankly I wouldn't care. It seems that someone is trying to mutate all transactions right now, not only those from MtGox.

Mycelium let's you hold your private keys private.
dexX7
Legendary
*
Offline Offline

Activity: 1106
Merit: 1026



View Profile WWW
February 11, 2014, 02:33:03 PM
 #15

Is there a way to calculate how many btcs were stolen through these malled / assumed malled transactions?

This is not an useful stat to determine the amount of lost-due-to-whatever-reason coins and you'd need to ask the exchange or service provider for any data.

Don't worry, the amount of attempted double spends is irrelevant.

Loozik
Sr. Member
****
Offline Offline

Activity: 378
Merit: 250


Born to chew bubble gum and kick ass


View Profile
February 11, 2014, 02:34:46 PM
 #16

Don't worry, the amount of attempted double spends is irrelevant.

Just trying to find out if the exchange I am using will go bust  Grin
dexX7
Legendary
*
Offline Offline

Activity: 1106
Merit: 1026



View Profile WWW
February 11, 2014, 02:58:46 PM
 #17

I don't know how to get the stats from bitcoind, but looking into my debug.log I see a bunch of messages containing "was not accepted into the memory pool"
Many of those may be mutated transactions.
You can get a feel of how many there are by executing this (on a unix box):
Code:
grep "was not accepted into the memory pool" debug.log  | wc -l

This did not yield any result, however there are more than 58k appearances of "ERROR: CTxMemPool::accept() : inputs already spent" and 28k for "nonstandard transaction type" since Jan 07, 2014. Maybe I'll give it a try later and group those by date. Thanks. Smiley

btcash
Hero Member
*****
Offline Offline

Activity: 968
Merit: 547



View Profile
February 11, 2014, 03:37:41 PM
 #18

Quote
This did not yield any result, however there are more than 58k appearances of "ERROR: CTxMemPool::accept() : inputs already spent" and 28k for "nonstandard transaction type" since Jan 07, 2014. Maybe I'll give it a try later and group those by date. Thanks.
Do you know where these  28k for "nonstandard transactions come from? Normal nodes do not relay them. At least that is what I thought.
StarenseN
Legendary
*
Offline Offline

Activity: 2478
Merit: 1362



View Profile
February 11, 2014, 03:43:06 PM
 #19

following
FoBoT
Sr. Member
****
Offline Offline

Activity: 658
Merit: 250



View Profile
February 11, 2014, 03:47:50 PM
 #20

is this the same issue being discussed about blockchain wallet TM spam?
bitcointalk.org/index.php?topic=459874.0

also this is the same issue?
bitcointalk.org/index.php?topic=459845.0

this spam will hurt credibility of bitcoin and it seems to be related with all the exchange withdrawal slowdowns?
Pages: [1] 2 3 4 5 6 7 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!