Possible 51% Attack on fairbrix (fbx)

[OneMINER]

After some difficulty fairbirx was released recently. Shortly after many early adopters had their blocks invalidated. There has been some speculation that an unknown attacker executed a 51% attack effectivly stealing approximatly 1,600 blocks. Lolcust and I were talking about this and decided that making our conversation public might do some good. So I'm posting our conversation below.

Additional info:

Fairbrix Source is here: https://github.com/coblee/Fairbrix
Windows binaries here: http://www.mediafire.com/?9gc2
If you use IRC a fairbirx channel is on freenode at #fairbrix

Here is the conversation between Lolcust and I:

OneMINER:
I was wondering how an accidental 51% attack would occur. If I have some huge farm of CPUs and I start hashing for a coin I do work on the NEXT BLOCK right? Why would a legit miner with legit software start a chain over accidentally?

Based on what I know (and thats not much). The accidental argument sounds like BS. Please correct me if I'm wrong.

Thanks.

Lolcust:
FBX is tiny. As in, below 20% of TBX (and TBX isn't big yet).  
I find it far from implausible that the net got fragmented in an uncanny way and then reconstituted in a manner that orphaned everything.

In fact, I would not call it "impossible" that it was one of those dudes with "fixed up configs" reasserting dominance (in case of a fork, the chain with highest sum of work asserts dominance, and someone who mined for all the time that re-launch was prepared definitely has higher sum of work)

Only competent chain analysis will reveal the truth, but again, the only reason GG "relaunch" did not result in pwnt chain re-asserting itself was that I changed the start-message thingamabobbles for GG2, so that the "oldnet" couldn't chat with "newnet"

OneMINER:
I respect your opinion but frankly that's ridiculous. Fracturing net? So fractured that traffic doesn't get rerouted? I think not. Also if a person edited the faulty software so that it was compatible with the newer software why would the program try to start a new chain again? If it can communicate with other nodes it would download the chain and hash at it like a normal miner. The fact that it orphaned blocks is proof that it communicates with other nodes.

I ask you to reconsider your comments and if you so choose to throw your weight at killing off this chain. Allowing thieves to attack crypto coins and profit from it is unjust and immoral. If you feel like it I think discussing this in public might also be a good idea.

Thanks.

Lolcust:

Quote from: OneMINER on Today at 09:52:44 PM
I respect your opinion but frankly that's ridiculous. Fracturing net? So fractured that traffic doesn't get rerouted? I think not. Also if a person edited the faulty software so that it was compatible with the newer software why would the program try to start a new chain again? If it can communicate with other nodes it would download the chain and hash at it like a normal miner. The fact that it orphaned blocks is proof that it communicates with other nodes.

Um, well yeah, fracturing is not likely. A "bigger" (in the "more work" sense) chain with same pcharstarts being built during the time that you were re-launching ? Not entirely unlikely.

Did you change the pchar-thingies?


Quote from: OneMINER on Today at 09:52:44 PM
I ask you to reconsider your comments and if you so choose to throw your weight at killing off this chain.

Well, best course of action is to analyze the affected chain. I think we should contact   Theymos (theymos is known to have a blockchain-analysis hobby)

Also, I didn't quite get the "throw weight to kill it off" part... whom must I kill ?

Quote from: OneMINER on Today at 09:52:44 PM
Allowing thieves to attack crypto coins and profit from it is unjust and immoral. If you feel like it I think discussing this in public might also be a good idea.

Well, assuming it was indeed a 51-er theft, the attacker has so far failed to generate a profit since no exchange accepts fairbrix.

And discussing it in public is quite a good idea, IMHO. I think you can post this exchange in a thread of your choice (maybe a new one, since this is an interesting and distinct incident) and we can continue from there.


*Edit* If you have an opinion on the matter please post it but keep it on topic. Please ignore and do not comment on the posts that have nothing to do with fairbirx, 51% attacks or other such things. Thank you.

[1714979773]

1714979773

[1714979773]

1714979773

[phelix]

Did you change the pchar-thingies?

+1

[coblee]

The pchar message headers were changes AND a new genesis block was created. So there's no way that the old fairbrix client was the culprit. It is possible that this chain reorg was accidental, but not likely. Anyways, it seems like the overall network hashrate has grown and it's harder to pull off this attack now. And given that fairbrix has no value right now, it's not really worth it to keep attacking it.

[zillagod]

The pchar message headers were changes AND a new genesis block was created. So there's no way that the old fairbrix client was the culprit. It is possible that this chain reorg was accidental, but not likely. Anyways, it seems like the overall network hashrate has grown and it's harder to pull off this attack now. And given that fairbrix has no value right now, it's not really worth it to keep attacking it.

Then it was never worth it to attack it in the first place. Why would anyone pursue such an attack when there's no exchange? The only reason I can think that anyone might want to attack it would be in preparation for attacking tenebrix, which you can exchange. Maybe some of the RS/CH sycophants were a little worried

Still, I'd be willing to bet that it comes down to an accidental fork. Has anyone done any real investigation of this yet?

[CoinHunter]

The pchar message headers were changes AND a new genesis block was created. So there's no way that the old fairbrix client was the culprit. It is possible that this chain reorg was accidental, but not likely. Anyways, it seems like the overall network hashrate has grown and it's harder to pull off this attack now. And given that fairbrix has no value right now, it's not really worth it to keep attacking it.

Then it was never worth it to attack it in the first place. Why would anyone pursue such an attack when there's no exchange? The only reason I can think that anyone might want to attack it would be in preparation for attacking tenebrix, which you can exchange. Maybe some of the RS/CH sycophants were a little worried

Still, I'd be willing to bet that it comes down to an accidental fork. Has anyone done any real investigation of this yet?

Actually there are 2 people who visit these forums who have already been involved in 51% attacks or coordinating them. Artforz and Thebitcoinexpress. Lolcust is partnered with Artforz for his 2 coins. Is it any surprise something which forked from tenebrix was attacked by artforz, someone already known to be doing such attacks?

Doesn't matter though, artforz could 51% attack bitcoin and he'd still be lauded by people around here it seems.

SolidCoin 2.0 will have none of this drama with the hackers, and it will be the only chain that businesses can rely on to not get robbed.

[Littleshop]

SolidCoin 2.0 will have none of this drama with the hackers, and it will be the only chain that businesses can rely on to not get robbed.

Businesses will rely on a chain that has been down for more then a week and can be turned on and off by the will of one person?

[CoinHunter]

Setup a testnet, let's find out.

BTW the solution to supposed "GPU Hostile" platforms like Tenebrix, Fairbrix and your copy cat SolidCoin lies within the GPU hardware accelerator used with IE9 beta.  Modified hardware acceleration, so simple I can't believe it was overlooked. Have I tested it successfully, you be the judge.

LOL, I thought you had me on ignore? And yes, feel free to point your Geforce2MX mining army at SC2.0, do your best (which if I had a sticker for participation, you'd get one).

[freequant]

Doesn't matter though, artforz could 51% attack bitcoin and he'd still be lauded by people around here it seems.
SolidCoin 2.0 will have none of this drama with the hackers, and it will be the only chain that businesses can rely on to not get robbed.

You have got to understand what natural selection means.
There can (and will) exist an inifinity of chains, all of them claiming to be the best.
But only a selected few will garner enough market capitalization to make it to the real world economy.
These got to be bullet proof by the time they are picked by the financial industry.

So, yes, ArtForz attacked SolidCoin, and yes, that laid waste in the chain, and that looked bad for you.
But you have got to admit that your chain wasn't fit. In fact you already admitted it by creating SC2.
ArtForz deserves credit for wasting time, efforts and resources for the only purpose of proving you wrong.
He paid his duty to the selection process.

Now you have got an original idea with SC2 when you decided to pick a more CPU friendly hash function.
ArtForz shamelessly copied you but improved on it by changing the hash function with a whitepaper backed memory-hard hash one, and that is good.
And someone already copied ArtForz, stripped the premined 7M, and rebranded it as FairCoin. Lame but effective.

It's jungle here, man.
So welcome to pick back stuff from *Brix, put it in SolidCoin and, yes, even bitch as much as you want about other currencies.
That's all within the rules, because there are no rules.

[bulanula]

Doesn't matter though, artforz could 51% attack bitcoin and he'd still be lauded by people around here it seems.
SolidCoin 2.0 will have none of this drama with the hackers, and it will be the only chain that businesses can rely on to not get robbed.

You have got to understand what natural selection means.
There can (and will) exist an inifinity of chains, all of them claiming to be the best.
But only a selected few will garner enough market capitalization to make it to the real world economy.
These got to be bullet proof by the time they are picked by the financial industry.

So, yes, ArtForz attacked SolidCoin, and yes, that laid waste in the chain, and that looked bad for you.
But you have got to admit that your chain wasn't fit. In fact you already admitted it by creating SC2.
ArtForz deserves credit for wasting time, efforts and resources for the only purpose of proving you wrong.
He paid his duty to the selection process.

Now you have got an original idea with SC2 when you decided to pick a more CPU friendly hash function.
ArtForz shamelessly copied you but improved on it by changing the hash function with a whitepaper backed memory-hard hash one, and that is good.
And someone already copied ArtForz, stripped the premined 7M, and rebranded it as FairCoin. Lame but effective.

It's jungle here, man.
So welcome to pick back stuff from *Brix, put it in SolidCoin and, yes, even bitch as much as you want about other currencies.
That's all within the rules, because there are no rules.

Nice describing Tenebrix, Fairbrix and Solidcoin 2. Hopefully I can mine other stuff than Tenecrap because ATM Solidcoin 2 and Fairbrix is down due to attack by Artforz and his buddy lolcust ( maybe same person too ? ) which cannot understand "competition" when it comes to CPU mining etc.

[Lolcust]

Okay, any evidence to back up the libelous claim ?

BTW, FYI, I helped make and launch FBX ^__^

[ArtForz]

Nice describing Tenebrix, Fairbrix and Solidcoin 2. Hopefully I can mine other stuff than Tenecrap because ATM Solidcoin 2 and Fairbrix is down due to attack by Artforz and his buddy lolcust ( maybe same person too ? ) which cannot understand "competition" when it comes to CPU mining etc.

I see, the SC shills are again out in force making libelous claims about their "competition".
Guess they have to distract everyone from "2.0 Public Beta Testnet this weekend" followed by a whole lot of nothing...

[bulanula]

Nice describing Tenebrix, Fairbrix and Solidcoin 2. Hopefully I can mine other stuff than Tenecrap because ATM Solidcoin 2 and Fairbrix is down due to attack by Artforz and his buddy lolcust ( maybe same person too ? ) which cannot understand "competition" when it comes to CPU mining etc.

I see, the SC shills are again out in force making libelous claims about their "competition".
Guess they have to distract everyone from "2.0 Public Beta Testnet this weekend" followed by a whole lot of nothing...

Yep back in force once their master and them noticed CPUs are not immune from attack either throwing a monkey wrench in the plans.

Just a FYI, I am not a SC troll but it seems like you are trolling SC without reason. If you actually took some time to see the new SC2 release, you would have seen it certainly is the best CPU mining chain ATM. It has some clever features not even bitcoin has and hopefully it can launch and we can test it really is the first chain that is 51% proof etc.

[Lolcust]

Just a FYI, I am not a SC troll but it seems like you are trolling SC without reason. If you actually took some time to see the new SC2 release, you would have seen it certainly is the best CPU mining chain ATM.

Where can one download that pile of ossom ^__~ ?

[bulanula]

Nice describing Tenebrix, Fairbrix and Solidcoin 2. Hopefully I can mine other stuff than Tenecrap because ATM Solidcoin 2 and Fairbrix is down due to attack by Artforz and his buddy lolcust ( maybe same person too ? ) which cannot understand "competition" when it comes to CPU mining etc.

I see, the SC shills are again out in force making libelous claims about their "competition".
Guess they have to distract everyone from "2.0 Public Beta Testnet this weekend" followed by a whole lot of nothing...

Yep back in force once their master and them noticed CPUs are not immune from attack either throwing a monkey wrench in the plans.

Just a FYI, I am not a SC troll but it seems like you are trolling SC without reason. If you actually took some time to see the new SC2 release, you would have seen it certainly is the best CPU mining chain ATM. It has some clever features not even bitcoin has and hopefully it can launch and we can test it really is the first chain that is 51% proof etc.

Go drink so more of that coolaid, I know your master RealSolid has yet to every put any of his great code to the test not once in a month has he backed up any of his claims so I don't believe his BS for a minute until proven otherwise.

Even if the code is not done yet, the ideas are better than bitcoin and any other chain out there. You just cannot see it because of you inherent hate towards any other chain that beats bitcoin.

[Lolcust]

Here I must concede.

The idea to manufacture abstract quasi-value constructs for yourself on the hardware of other people using other people's electricity is indeed pure genius.

[ArtForz]

Even if the code is not done yet, the ideas are better than bitcoin and any other chain out there. You just cannot see it because of you inherent hate towards any other chain that beats bitcoin.

Yes, and I have an idea for a chain that will be completely fair, immune to all known attacks, any possible unknown attack and even impossible unknown attacks! Mining it will also produce more power than it consumes. So not only will it revolutionize the global financial economy, it'll also fix the energy crisis, cure cancer and shit rainbows! And it'll be done Real Soon Now(tm).

[bulanula]

Even if the code is not done yet, the ideas are better than bitcoin and any other chain out there. You just cannot see it because of you inherent hate towards any other chain that beats bitcoin.

Yes, and I have an idea for a chain that will be completely fair, immune to all known attacks, any possible unknown attack and even impossible unknown attacks! Mining it will also produce more power than it consumes. So not only will it revolutionize the global financial economy, it'll also fix the energy crisis, cure cancer and shit rainbows! And it'll be done Real Soon Now(tm).

Look, he is not promising to do all this. Let us just give him a chance to prove what he is saying then we can troll him.

[CoinHunter]

Yes, and I have an idea for a chain that will be completely fair, immune to all known attacks, any possible unknown attack and even impossible unknown attacks! Mining it will also produce more power than it consumes. So not only will it revolutionize the global financial economy, it'll also fix the energy crisis, cure cancer and shit rainbows! And it'll be done Real Soon Now(tm).

You? Have an idea?  Please, you take copying to a whole new level. You ruined the comedy act when you started it with "I have an idea". And for what it's worth, when you and your playground chums don't manage to inflict any damage on SC2.0 what then? Going to crawl back into your little house built with failbrix? It's going to be hilarious.

[bulanula]

Yes, and I have an idea for a chain that will be completely fair, immune to all known attacks, any possible unknown attack and even impossible unknown attacks! Mining it will also produce more power than it consumes. So not only will it revolutionize the global financial economy, it'll also fix the energy crisis, cure cancer and shit rainbows! And it'll be done Real Soon Now(tm).

Going to crawl back into your little house built with failbrix? It's going to be hilarious.

I seriously do not understand what some of you personally seem to have against the guy. He is damn funny as well LOL made my day.

[ArtForz]

Yes, and I have an idea for a chain that will be completely fair, immune to all known attacks, any possible unknown attack and even impossible unknown attacks! Mining it will also produce more power than it consumes. So not only will it revolutionize the global financial economy, it'll also fix the energy crisis, cure cancer and shit rainbows! And it'll be done Real Soon Now(tm).

You? Have an idea?  Please, you take copying to a whole new level. You ruined the comedy act when you started it with "I have an idea". And for what it's worth, when you and your playground chums don't manage to inflict any damage on SC2.0 what then? Going to crawl back into your little house built with failbrix? It's going to be hilarious.

Nah I'm not like artforz, copying other code to solve problems which are simple. Take a look at my block init for example.

Code:

void BlockHash_Init()
{
    static unsigned char SomeArrogantText1[]="Back when I was born the world was different. As a kid I could run around the streets, build things in the forest, go to the beach and generally live a care free life. Sure I had video games and played them a fair amount but they didn't get in the way of living an adventurous life. The games back then were different too. They didn't require 40 hours of your life to finish. Oh the good old days, will you ever come back?";
    static unsigned char SomeArrogantText2[]="Why do most humans not understand their shortcomings? The funny thing with the human brain is it makes everyone arrogant at their core. Sure some may fight it more than others but in every brain there is something telling them, HEY YOU ARE THE MOST IMPORTANT PERSON IN THE WORLD. THE CENTER OF THE UNIVERSE. But we can't all be that, can we? Well perhaps we can, introducing GODria, take 2 pills of this daily and you can be like RealSolid, lord of the universe.";
    static unsigned char SomeArrogantText3[]="What's up with kids like artforz that think it's good to attack other's work? He spent a year in the bitcoin scene riding on the fact he took some other guys SHA256 opencl code and made a miner out of it. Bravo artforz, meanwhile all the false praise goes to his head and he thinks he actually is a programmer. Real programmers innovate and create new work, they win through being better coders with better ideas. You're not real artforz, and I hear you like furries? What's up with that? You shouldn't go on IRC when you're drunk, people remember the weird stuff.";
    BlockHash_1_MemoryPAD8 = new unsigned char[BLOCKHASH_1_PADSIZE+8];  //need the +8 for memory overwrites
    BlockHash_1_MemoryPAD32 = (uint32*)BlockHash_1_MemoryPAD8;

    BlockHash_1_Q[0] = 0x6970F271;
    BlockHash_1_Q[1] = 0x6970F271 + PHI;
    BlockHash_1_Q[2] = 0x6970F271 + PHI + PHI;
    for (int i = 3; i < 4096; i++)  BlockHash_1_Q[i] = BlockHash_1_Q[i - 3] ^ BlockHash_1_Q[i - 2] ^ PHI ^ i;
    BlockHash_1_c=362436;
    BlockHash_1_i=4095;

    int count1=0,count2=0,count3=0;
    for(int x=0;x<(BLOCKHASH_1_PADSIZE/4)+2;x++)  BlockHash_1_MemoryPAD32[x] = BlockHash_1_rand();
    for(int x=0;x<BLOCKHASH_1_PADSIZE+8;x++)
    {
        switch(BlockHash_1_MemoryPAD8[x]&3)
        {
            case 0: BlockHash_1_MemoryPAD8[x] ^= SomeArrogantText1[count1++]; if(count1>=sizeof(SomeArrogantText1)) count1=0; break;
            case 1: BlockHash_1_MemoryPAD8[x] ^= SomeArrogantText2[count2++]; if(count2>=sizeof(SomeArrogantText2)) count2=0; break;
            case 2: BlockHash_1_MemoryPAD8[x] ^= SomeArrogantText3[count3++]; if(count3>=sizeof(SomeArrogantText3)) count3=0; break;
            case 3: BlockHash_1_MemoryPAD8[x] ^= 0xAA; break;
        }
    }
}

BlockHash_1_c=362436;
BlockHash_1_i=4095;
...
BlockHash_1_rand();

hmmm...
http://school.anhb.uwa.edu.au/personalpages/kwessen/shared/Marsaglia03.html

Hope you didn't forget to credit Mr. Marsaglia for the CMWC4096 RNG

[CoinHunter]

hmmm...
http://school.anhb.uwa.edu.au/personalpages/kwessen/shared/Marsaglia03.html

Hope you didn't forget to credit Mr. Marsaglia for the CMWC4096 RNG

Aww how cute artforz. Actually try wikipedia for a simple CWC, it's amazing how bad your google searching skills are, shouldn't be a surprise given you poor programming/copying skills though?

[ArtForz]

hmmm...
http://school.anhb.uwa.edu.au/personalpages/kwessen/shared/Marsaglia03.html

Hope you didn't forget to credit Mr. Marsaglia for the CMWC4096 RNG

Aww how cute artforz. Actually try wikipedia for a simple CWC, it's amazing how bad your google searching skills are, shouldn't be a surprise given you poor programming/copying skills though?

[ ] I realize that "simple CWC" on wikipedia *is* CMWC4096.

[OneMINER]

At first I was happy to see that so many responses were posted.

Please stay on topic. If you read back a few posts I'm sure everyone will notice that the conversation has drifted far from the original subject matter. If you gentlemen would like to talk to each other I suggest using personal messages or starting a new thread. Possibly in the off topic sub forum, here is a link to it https://bitcointalk.org/index.php?board=9.0

So it seems clear to me that the blocks that were invalidated were stolen in a purposeful way (no accident). Is it possible to gain clues from the chain about who did this? Or could there be some way to undo the damage? I don't think there is a way to identify people from the chain or to roll it back to the beginning.

What now? Should people keep on mining? I have heard some anecdotal opinions that the hash rate is increasing. That would make it harder for a second attack. The big question in my mind is how much power does the thief have now? The thief had 51% or greater (probably much more than 51% because a whole new chain was created) hash power than the entire network. So presumably our thief is still hashing away with his CPU farm AND on top of that has the 40,000 coins that were involved with the theft.

Fairbirx was created because some people felt they shouldn't have to trust Lolcust to do only good things with the premined coins. Now here with fairbrix we have the situation where WE KNOW that an unscrupulous person has a majority of the coins in existence and will most likely do others harm with the power they wield.

I'll say that again. A known thief has most of the FBX in existence and most of the hashing power too. That is plenty to control markets (if one is ever created for FBX) and mess with the network. If these new coins were created because Lolcust might do something wrong, how can we support them when we KNOW that something worse has already happened?

Thank you for reading. I appreciate your responses but I ask you to please KEEP IT ON TOPIC. Thank you.

[Lolcust]

Is it possible to gain clues from the chain about who did this?

Chain analysis should reveal whether they were stolen (lend evidence against "some kinda accident" hypothesis) and, methinks, how they are distributed in terms of keys.


Identifying the attacker "to IP" is unlikely to be possible, especially if IRC chan logs are not available.

Rollback is highly problematic.

If there is indeed a thief, it is quite likely that he is still connected to FBX and that a significant (if not outright dominant) portion of the net hashrate is actually him (that would also be consistent with how few blocks my core2duo lappie has been able to find since the attack).

It seems to me that whether the attacker is still "in charge" might become more or less apparent through block chain inspection if he didn't take precautions

[ArtForz]

Well, back on topic then, picking apart my local fbx nodes blk0001, ... doesn't look very accidental.
I have a 1327 block chain that was orphaned starting at block 58.
There's a ~4h24m gap from block 57 to what now is the current block 58, and block timestamps after that look "reasonable enough" without huge gaps or long runs of minimum-time-increment blocks, so I'm guessing the attacker didn't fake block timestamps.
By block timestamps, the orphaned chain was mined over 5h57m, the new chain spans 1h33m over the same block #s.
taking hashes/time... the oprhaned original chain was mined at about 65kH/s, the same blocks in the new chain 250kH/s.
And there's something decidedly odd about the block nonces in the new chain, they're ... too high.
Orig chain had nonces averaging out to ~4000 (which is hinting at how many hashes one cpuminer instance is roughly doing between getworks...)
New chain nonces average... about 235000
so either a single cpuminer instance was doing ~60 times what your average cpu does, or they had something like a custom getwork proxy splitting workitems into noncranges and handing the same work with different starting nonces out to a whole bunch of machines (possibly to reduce getwork load?)
but at "only" 250kH/s, why bother with that? pushpool can handle a few 100 mining boxes just fine.
hrrrm... "single cpuminer instance doing 60 times your average hashrate" ... massive NUMA system? single system image cluster? My phenomII X6 @ 3.6GHz does ~3.25kH/s/core and new xeons are probably getting into similar ranges... 64-core server?
Of course this is all pure speculation as I'm only assuming block timestamps weren't faked. If they were, there's no telling how much hashrate it really was.
After that the "odd-noncey" blocks are still appearing for quite a while, noticeably drop off in count after 2016 and nearly completely stop after 4032, there's only 9 blocks with nonce > 100k but not obviously byteswapped after 4032.
Thats another oddity, there's at least one other miner creating "weird" nonces, they're obviously doing em byteswapped (but appears slow-ish, only 32 of those byteswapped nonces in ~600 blocks since 4032).
So overall... yeah, looks like someone with ~250kH/s deliberately orphaned blocks from 57 on to about 1400, then switched to mining legit and got about half of the remaining blocks up to 2016, slowed down for the next 2016 (looks like he went down to about 1-in-5 blocks) and completely stopped after block 4032.
Wild-ass guess... someone had access to a pretty damn massive box or 2, was late to the party and decided to "get all them easy early coins"
Or he might have noticed the weird nonces his setup generates and fixed it somehow.
But my money is on "asshat with access to a large NUMA box (at work?)"

[michaelmclees]

Thank you for looking into this.  From what you're saying, it doesn't look like different build conflicting with each other, but rather an intentional fork.

Do you believe that another relaunch, this time with proper announcements and builds for everyone, would crack the nut against potential attackers?  Or is this proof that new chains are so subject to attack that it just isn't worth it?

[bulanula]

Or is this proof that new chains are so subject to attack that it just isn't worth it?

Most likely answer.

[ArtForz]

Well, the most recent 100 fbx blocks took ~63 sec average at diff 0.00390625, that's about 266kH/s. so someone with a bit more hashrate than our forker could pull pretty much the same stunt even now.
Any relaunch would start with way less miners on it, so it could potentially be fucked with the same way by the same guy(s), unless it's *started* with well > 250kH/s, or block acceptance rules are changed to make orphaning a existing decently-length chain a lot harder (did anyone ever do this? it'd make giving a fresh node a "fake" chain a lot easier, as in that case the main chain has to be the one with a lot more work than the fake one. But it'd also mean a rogue miner would need to have several times (3? 4?) the network hashrate to pull off a "fork the chain".
I'm imagining something simple along the lines of "only accept a new block as the best if it's a direct descendant of the current best block, or if it's total work since the last common ancestor with the current "best" chain is 2 (3? 4?) times higher than the work done in the current best since that common ancestor." *could* work.
It'd also mean network efficency would drop, as miners happening to mine a orphan would get stuck mining completely pointless children of it until the main  chain got ahead at least 4 blocks... and if they're > 25% of total network hashrate, their client won't *ever* notice as their fork keeps growing fast enough so the main chain work-since-fork would never hits the 4-times reorg trigger limit.

[Bobnova]

Would some sort of automatic timestamp trigger work?
A sudden 5h gap in block times after block times best measured in seconds is blindingly obvious to a human, seems like it could work.  It'd depend on the miners getting a standardized time somewhere though.

[ArtForz]

Would some sort of automatic timestamp trigger work?
A sudden 5h gap in block times after block times best measured in seconds is blindingly obvious to a human, seems like it could work.  It'd depend on the miners getting a standardized time somewhere though.

Well, relying on block timestamps seems somewhat pointless, there's no reason the attacker couldn't fake the timestamps in his forkblocks to be "close enough" to the real chain to leave no obvious gaps.
So... how do you figure out which chain was "first"... if your node is live at the time it's pretty easy, but what if it was off for a while and when it gets back there's now 2 similar-length chains? Solving the 51% problem in the general case without creating single points of failure or new vectors to mislead nodes is ... hard.

[ArtForz]

Contemplating this some more... the "pure fork" part had ~4.2s/block, average nonce was ~235k, unless I'm missing something and assuming cpuminers algo for nonce generation, average hashrate/box should be simply avg nonce / avg time ... that'd come out to about 55kH/s/box...  need to do a test to see if this assumptions holds, if yes it looks closer to 4-5 high end quad-cpu boxes. At least that'd be a lot less "weird" than a single cpuminer instance running on like 80 cores.

edit: nope, stock cpuminer, tbx-miner and my cpuminer fork keep one workitem *per worker thread*, so those nonce values would mean someone was running 4-5 *threads* at about 55kH/s each... very odd.
Hmmm, or using a patch that does the "split single workitem into chunks of nonces to hand off to miner threads" thing, pretty sure there's already a fork of stock cpuminer doing just that and merging that with tbx-miner should be trivial.
So with that scenario... our attacker has access to at least few beefy servers, some understanding of bitcoin, can apply patches and recompile. (iirc there's like a 3-line patch to bitcoin to implement a stupid "fork existing chain after block X" floating about on the forum somewhere...). Sounds like your run of the mill BOFH. *ducks*

[freequant]

Thank you for looking into this.  From what you're saying, it doesn't look like different build conflicting with each other, but rather an intentional fork.

Do you believe that another relaunch, this time with proper announcements and builds for everyone, would crack the nut against potential attackers?  Or is this proof that new chains are so subject to attack that it just isn't worth it?

Enough relaunches.
The chain is doing ok now and the attacker has got a vested interest in playing it easy if he doesn't want to loose the benefit of his loot. I would even expect that he keeps mining with enough power to protect the chain so as to make sure that his coins make it to the next stage.
It's like if this chain started with 30k coins premined. Irritating but not overly so. That is still way under the 7M+ in Tenebrix.

[freequant]

Contemplating this some more... the "pure fork" part had ~4.2s/block, average nonce was ~235k, unless I'm missing something and assuming cpuminers algo for nonce generation, average hashrate/box should be simply avg nonce / avg time ... that'd come out to about 55kH/s/box...  need to do a test to see if this assumptions holds, if yes it looks closer to 4-5 high end quad-cpu boxes. At least that'd be a lot less "weird" than a single cpuminer instance running on like 80 cores.

Like 4~5 EC2 quad-cpu cluster nodes...

[ArtForz]

Contemplating this some more... the "pure fork" part had ~4.2s/block, average nonce was ~235k, unless I'm missing something and assuming cpuminers algo for nonce generation, average hashrate/box should be simply avg nonce / avg time ... that'd come out to about 55kH/s/box...  need to do a test to see if this assumptions holds, if yes it looks closer to 4-5 high end quad-cpu boxes. At least that'd be a lot less "weird" than a single cpuminer instance running on like 80 cores.

Like 4~5 EC2 quad-cpu cluster nodes...

Didn't think of that, if the avg hashrate fits it'd be a "duh" case. Also "decently cheap" to pull off. *and* it would explain why he scaled down after block 2016 and completely stopped after 4032.

[Lolcust]

Thank you for looking into this.  From what you're saying, it doesn't look like different build conflicting with each other, but rather an intentional fork.

Do you believe that another relaunch, this time with proper announcements and builds for everyone, would crack the nut against potential attackers?  Or is this proof that new chains are so subject to attack that it just isn't worth it?

Enough relaunches.
The chain is doing ok now and the attacker has got a vested interest in playing it easy if he doesn't want to loose the benefit of his loot. I would even expect that he keeps mining with enough power to protect the chain so as to make sure that his coins make it to the next stage.
It's like if this chain started with 30k coins premined. Irritating but not overly so. That is still way under the 7M+ in Tenebrix.

While I don't care much either way (all them fricks my lappie mined are gone in both cases) the situation of "explicit malicious agent has about 30 000" and situation of  "a dude who does alt-chains for fun and a slightly pie-esque laundry project has about 7 mils" is different in more ways than just the numbers.

[iopq]

there's no point in mining fairbrix because they are not fair anymore
forget it, there should only be ONE gpu blockchain and that's bitcoin (namecoin can stay through merged mining)
and the cpu blockchains will fight it out and only one will survive

[freequant]

there's no point in mining fairbrix because they are not fair anymore
forget it, there should only be ONE gpu blockchain and that's bitcoin (namecoin can stay through merged mining)
and the cpu blockchains will fight it out and only one will survive

Who said that life was fair?
If merge mining can do the trick for gpu mined currency, it can also do the trick for CPU mined ones.

[OneMINER]

+1

I've already stated how I feel about the current state of fairbrix. I think a far more interesting and useful topic might be to talk about starting up merged mining for CPU mined coins. If that was done would it be easy for a person starting a coin type to add theirs to the other coins being merged mined? <--- lol

[ArtForz]

there's no point in mining fairbrix because they are not fair anymore
forget it, there should only be ONE gpu blockchain and that's bitcoin (namecoin can stay through merged mining)
and the cpu blockchains will fight it out and only one will survive

Who said that life was fair?
If merge mining can do the trick for gpu mined currency, it can also do the trick for CPU mined ones.

Namebrix?

[Lolcust]

Let's rename fairbrix into Hax since a hacker now controls the biggest stash (and possibly still has quite a share in net performance)

BTW, that would give the rebranded fairbrix a ready-made mascot

[superfastkyle]

I'll say that again. A known thief has most of the FBX in existence and most of the hashing power too. That is plenty to control markets (if one is ever created for FBX) and mess with the network. If these new coins were created because Lolcust might do something wrong, how can we support them when we KNOW that something worse has already happened?

This made me laugh. Right now if the reported 1600 blocks "stolen" in the attack is true that is only 26% of the coins in existence now.... Lolcust has over 95% of tenebrix

[Lolcust]

I'll say that again. A known thief has most of the FBX in existence and most of the hashing power too. That is plenty to control markets (if one is ever created for FBX) and mess with the network. If these new coins were created because Lolcust might do something wrong, how can we support them when we KNOW that something worse has already happened?

This made me laugh. Right now if the reported 1600 blocks "stolen" in the attack is true that is only 26% of the coins in existence now.... Lolcust has over 95% of tenebrix

But I didn't steal them from some third party - feel the difference  (since TBX has no upper limit on coin mining, you can't even say I squatted them from future generations of minerdom )

[freequant]

Why are you all considering that forerunning the chain and trigger a reorg = stealing?
It is allowed by the protocol, therefore it is legit.
It happens sometime at a small scale: when two miners find a block at the same time, but one gets a first confirmation quicker, would that be stealing if the miner who is behind catches up and orphans the blocks of the first miner? Why should he resign if protocol allows him to fight back and he knows he has got enough hash power to do that? Tuning his client to continue on the same chain no matter what is a rational strategy knowing that his chain will be the longest at some point in the future.   
Now what if it takes him two blocks to catch up?
What if it takes him three? ten? one thousand?
When does it become stealing?

Let's face it : attacking or locked-mining the same chain when one knows that he has more power is a valid and profitable mining strategy, so it is bound to happen over and over again until it is ruled out by the protocol.

[Matoking]

BitcoinEXpress admitted to doing the attack here :
https://bitcointalk.org/index.php?topic=45667.msg558154#msg558154

Makes me wonder if he does anything else than attack alternate block chains.

[Bobnova]

He certainly claimed to have done it.
That doesn't mean he did, though.

[bulanula]

BitcoinEXpress admitted to doing the attack here :
https://bitcointalk.org/index.php?topic=45667.msg558154#msg558154

Makes me wonder if he does anything else than attack alternate block chains.

Everybody knows he is an idiot. He attacks Namecoin then SC then Fairbrix BUT why not Tenecrapix !? Because he is artforz which is also known as lolcust and they have interest to not attack tenecrapix !!!

Seriously, somebody should give crapple a call and bait this vandal out.

[EskimoBob]

BitcoinEXpress admitted to doing the attack here :
https://bitcointalk.org/index.php?topic=45667.msg558154#msg558154

Makes me wonder if he does anything else than attack alternate block chains.

Everybody knows he is an idiot. He attacks Namecoin then SC then Fairbrix BUT why not Tenecrapix !? Because he is artforz which is also known as lolcust and they have interest to not attack tenecrapix !!!

Seriously, somebody should give crapple a call and bait this vandal out.

No problem, we can start over. You know what, but this little ugly turd of man it is going to be a loser for rest of his shitty life.
He can prance around here and do attacks left and right, but nothing changes. In real life, the one that actually matters, hes is still a human turd.

[bulanula]

BitcoinEXpress admitted to doing the attack here :
https://bitcointalk.org/index.php?topic=45667.msg558154#msg558154

Makes me wonder if he does anything else than attack alternate block chains.

Everybody knows he is an idiot. He attacks Namecoin then SC then Fairbrix BUT why not Tenecrapix !? Because he is artforz which is also known as lolcust and they have interest to not attack tenecrapix !!!

Seriously, somebody should give crapple a call and bait this vandal out.

No problem, we can start over. You know what, but this little ugly turd of man it is going to be a loser for rest of his shitty life.
He can prance around here and do attacks left and right, but nothing changes. In real life, the one that actually matters, hes is still a human turd.

Well put. He is a disgraceful and pathetic moron. Why not attack Tenecrapix too, mr apple employee !?

[dust]

Why are you all considering that forerunning the chain and trigger a reorg = stealing?
It is allowed by the protocol, therefore it is legit.
It happens sometime at a small scale: when two miners find a block at the same time, but one gets a first confirmation quicker, would that be stealing if the miner who is behind catches up and orphans the blocks of the first miner? Why should he resign if protocol allows him to fight back and he knows he has got enough hash power to do that? Tuning his client to continue on the same chain no matter what is a rational strategy knowing that his chain will be the longest at some point in the future.   
Now what if it takes him two blocks to catch up?
What if it takes him three? ten? one thousand?
When does it become stealing?

Let's face it : attacking or locked-mining the same chain when one knows that he has more power is a valid and profitable mining strategy, so it is bound to happen over and over again until it is ruled out by the protocol.

It is stealing because it was done with malicious intent.  Small reorgs caused by honest miners are neither intentional nor malicious. 

[phelix]

I'll say that again. A known thief has most of the FBX in existence and most of the hashing power too. That is plenty to control markets (if one is ever created for FBX) and mess with the network. If these new coins were created because Lolcust might do something wrong, how can we support them when we KNOW that something worse has already happened?

This made me laugh. Right now if the reported 1600 blocks "stolen" in the attack is true that is only 26% of the coins in existence now.... Lolcust has over 95% of tenebrix

and most the remaining 5% of tenebrix are probably also concentrated in a few hands. bitcoinexpress, art and a couple more

I wonder how long it will take until someone will hack the tbx faucet...     

[Lolcust]

I'll say that again. A known thief has most of the FBX in existence and most of the hashing power too. That is plenty to control markets (if one is ever created for FBX) and mess with the network. If these new coins were created because Lolcust might do something wrong, how can we support them when we KNOW that something worse has already happened?

This made me laugh. Right now if the reported 1600 blocks "stolen" in the attack is true that is only 26% of the coins in existence now.... Lolcust has over 95% of tenebrix

and most the remaining 5% of tenebrix are probably also concentrated in a few hands. bitcoinexpress, art and a couple more

I wonder how long it will take until someone will hack the tbx faucet...    

1) ya know, there is no such thing as "remaining 5% of tenebrix" since there is no such thing as tenebrix upper limit. Or rather, there is  -136 billions, give or take something.

I'll leave it up to you to calculate how much of "total possible TBX I've squatted.

2) hacking tenebrix faucet's wallet will give you 500 TBX at most - the whole point of fueling it in batches of 500 is to make it less lucrative target for break-ins

3) I've just noticed that your site mildly implies that efficient FPGA implementations of TBX are likely. This is not true, see "scaling questions" thread.

[BitcoinPorn]

Everybody knows he is an idiot. He attacks Namecoin then SC then Fairbrix BUT why not Tenecrapix !? Because he is artforz which is also known as lolcust and they have interest to not attack tenecrapix !!!

I see the Art as Lolcust, but then BitcoinXpress too.   I don't know.

[Lolcust]

I am Satoshi.

I thought it's quite obvious, really.

[phelix]

I'll say that again. A known thief has most of the FBX in existence and most of the hashing power too. That is plenty to control markets (if one is ever created for FBX) and mess with the network. If these new coins were created because Lolcust might do something wrong, how can we support them when we KNOW that something worse has already happened?

This made me laugh. Right now if the reported 1600 blocks "stolen" in the attack is true that is only 26% of the coins in existence now.... Lolcust has over 95% of tenebrix

and most the remaining 5% of tenebrix are probably also concentrated in a few hands. bitcoinexpress, art and a couple more

I wonder how long it will take until someone will hack the tbx faucet...    

1) ya know, there is no such thing as "remaining 5% of tenebrix" since there is no such thing as tenebrix upper limit. Or rather, there is  -136 billions, give or take something.

I'll leave it up to you to calculate how much of "total possible TBX I've squatted.

2) hacking tenebrix faucet's wallet will give you 500 TBX at most - the whole point of fueling it in batches of 500 is to make it less lucrative target for break-ins

3) I've just noticed that your site mildly implies that efficient FPGA implementations of TBX are likely. This is not true, see "scaling questions" thread.

1) how much % of currently mined coins do you have, does the 51% dude have?
2) I knew you would say that. Damn. So let's say your wallet would be stolen. Would TBX be destroyed?
3) check
4) Is the scrypt algorithm secure btw?

Isn't everyone a little bit satoshi? Some should be much more satoshi.