[ANN][C2.1] Coin2 | Pow/PoS | ChainOfConflict[FPS] The Future of Gaming is Now

[venmo]

This advice

This time around we all need to keep our coins staking in our wallets and not leaving them on the exchanges waiting to sell them or on sell orders.

That was the main problem here.

Let's keep them staking in our wallet until the game is released and the general public start buying the coins.

conflicts with this advice

UPDATE:

A FEW WORDS FROM ME (THE HEAD DEV):

........

2. We are setting up a db to allow people to send in their old coins.  IF YOU HAVE COINS ON AN EXCHANGE, LEAVE THEM THERE.

I used "this time around" to mean this time around with the new coin.

[belmonty]

I used "this time around" to mean this time around with the new coin.

Sorry, I misinterpreted your advice. The swap from c2 to c3 is unexpected and confusing to say the least.

Are other PoS coins vulnerable to this attack?

[dotcoin.info]

we need a rich list  "this time around" ?

[JDS1000]

I like the plan.  What if we rename it to Phoenix Coin - Once again rising from the ashes!

[gts476]

I used "this time around" to mean this time around with the new coin.

Sorry, I misinterpreted your advice. The swap from c2 to c3 is unexpected and confusing to say the least.

Are other PoS coins vulnerable to this attack?

Fundamentally yes. PoS requires users to stake their coins in order to secure the blockchain. Not enough people staked their coins, they left them in exchanges. This caused the blockchain to become insecure and allowed an attack to happen.

Moral of the story is stake your coins, never leave on exchanges.

Also,

exchanges must impliment the staking of coins deposited in order to secure the blockchain for all PoS coins. Any exchange that does not do this should not be permitted to act as a platform for the trading of PoS crypto as they will fundimentally undermine the security of the blockchain.

As always, the decentralisation of the network and the security of the blockchain must be maintained!

edit* a lower coin maturity will also help.

edit** an upper limit on coinage allowance for wallets would also help.

[belmonty]

Is the only defense to have enough people staking their coins?

If it is then could the dev counter this attack by creating a massive amount of the new c3 coins to keep continually staking in his own wallet?

I know we would then have to trust the dev not to dump, but it might be a possible defense.

[venmo]

Is the only defense to have enough people staking their coins?

If it is then could the dev counter this attack by creating a massive amount of the new c3 coins to keep continually staking in his own wallet?

I know we would then have to trust the dev not to dump, but it might be a possible defense.

I actually preferred this option myself as the team could have signed a legally binding document stating the coins could not be sold. Ever.

They could have been kept in a public wallet which would stake 24/7.

Wouldn't be dilution as they would never have hit the market.

problem is most disagreed.

I think 60m would have done myself.

It is not happening now due to opposition.

[stormia]

Could somebody fill me in on what happened here? How did the attacker pull it off? Is the vulnerability they took advantaged of ubiquitous to pure PoS coins or were there special circumstances?

Bump. Anybody?

Double spend on Mintpal by an attacker using a 51% attack.

How did they pull a 51% attack off?? How was the network weight that low/how did they manage to get 51% of the network weight?

Is there a max coin age for this coin?

[dotcoin.info]

so now when can we start coin swapping and when can we get back on mintpal?

maybe some guidance in pipeline

[42coin fever]

I was once told, over spending 51% hack in PoS coins only hurt the perpetuator but not affected others.
Could someone please explain this to me why Coin2 isn't the case

[DeathAndTaxes]

I was once told, over spending 51% hack in PoS coins only hurt the perpetuator but not affected others.
Could someone please explain this to me why Coin2 isn't the case

Who told you that?  A double spend always hurts the receiver.  The coins they thought they "had" are reversed.  In this case mintpal lost 22M coins.  Anyone telling you different is lying or lacks the basic knowledge of crypto currencies to be giving advice.

[gts476]

I was once told, over spending 51% hack in PoS coins only hurt the perpetuator but not affected others.
Could someone please explain this to me why Coin2 isn't the case

It would not hurt others because others wallets are encrypted (can't touch your c2 because of your personal key). A 51% double spend only works when the scam artist 'spends' the coins, which then 'pop' back into his wallet.

In this case, a double spend was sent to mintpal, so mintpal accounted for coins which they did not have, at this point in time, the attacker had a few million coins in his wallet and mintpal also beleived that they had those coins.

The scam artist then spends those coin credits (given to him by mintys internal accounting system) by trading them for BTC before anyone @ mintpal picks up that they (mintpal) don't really have these coins.

In our case, this actually happened several times allowing the scam artists to make mintpal beleive that he deposited 22 million coins on their exchange.

If we assume before the scam, mintpal had 10 million coins, then after the scam, mintpal beleived they had 32 million!

What would of happened then is that people would of withdrew over time all 10 million real coins from mintpal, then, someone would try to withdraw some more but there would be non to withdraw!

Mintpal would have 0 real coins but their accounting systems would show a value of +22 million.

Alarm bells ring etc etc etc.

Double spend can not affect your coins in your wallet, ever.

Double spend is exactly that, a merchant thinks he has recived payment in c2 for something and gives you what he thinks you paid for and BOOM! blockchain syncs up, double spend obliterated and the c2 isn't there.

Think of it like a credit card charge back or someone paying you then picking your pocket.

This didn't happen on BTER because they wait for 100 confirmations before any deposit.

Mintpal waits for 3.

so....... it can only happen if we don't secure the block chain by leaving coins on exchanges

and it can only WORK if exchanges have fucking stupid low confirmation times like mintpal when compaired to BTER.

[brightlight]

I was once told, over spending 51% hack in PoS coins only hurt the perpetuator but not affected others.
Could someone please explain this to me why Coin2 isn't the case

It would not hurt others because others wallets are encrypted (can't touch your c2 because of your personal key). A 51% double spend only works when the scam artist 'spends' the coins, which then 'pop' back into his wallet.

In this case, a double spend was sent to mintpal, so mintpal accounted for coins which they did not have, at this point in time, the attacker had a few million coins in his wallet and mintpal also beleived that they had those coins.

The scam artist then spends those coin credits (given to him by mintys internal accounting system) by trading them for BTC before anyone @ mintpal picks up that they (mintpal) don't really have these coins.

In our case, this actually happened several times allowing the scam artists to make mintpal beleive that he deposited 22 million coins on their exchange.

If we assume before the scam, mintpal had 10 million coins, then after the scam, mintpal beleived they had 32 million!

What would of happened then is that people would of withdrew over time all 10 million real coins from mintpal, then, someone would try to withdraw some more but there would be non to withdraw!

Mintpal would have 0 real coins but their accounting systems would show a value of +22 million.

Alarm bells ring etc etc etc.

Double spend can not affect your coins in your wallet, ever.

Double spend is exactly that, a merchant thinks he has recived payment in c2 for something and gives you what he thinks you paid for and BOOM! blockchain syncs up, double spend obliterated and the c2 isn't there.

Think of it like a credit card charge back.

This didn't happen on BTER because they wait for 100 confirmations before any deposit.

Mintpal waits for 3.

so....... it can only happen if we don't secure the block chain by leaving coins on exchanges

and it can only WORK if exchanges have fucking stupid low confirmation times like mintpal when compaired to BTER.

Thanks for pretty good description!

Actually you calmed down me regarding Bter. I am still waiting their reply.

[gts476]

No worries, bter is safe as houses.

Mintpal with 3 confirmations? Cowboys.

edit* it's 3 confirmations for BTC, not sure how many for c2. BC atm is 10 confirmations and CINNI 15. Clearly, not enough, but minty wants trading fees!

edit** well, FairCoin is 3 confirmations, if you look now @ c2 it has been changed to 100 confirmations, but it was probably @ 3 previously.

edit*** well, if I was scam artist, I would hit faircoin on minty next!

edit**** CINNI from 38k to 9k back to 15k. wtflol.

[brightlight]

No worries, bter is safe as houses.

Mintpal with 3 confirmations? Cowboys.

edit* it's 3 confirmations for BTC, not sure how many for c2. BC atm is 10 confirmations and CINNI 15. Clearly, not enough, but minty wants trading fees!

edit** well, FairCoin is 3 confirmations, if you look now @ c2 it has been changed to 100 confirmations, but it was probably @ 3 previously.

edit*** well, if I was scam artist, I would hit faircoin on minty next!

edit**** CINNI from 38k to 9k back to 15k. wtflol.

Double spend, but not detected yet 

[gts476]

No worries, bter is safe as houses.

Mintpal with 3 confirmations? Cowboys.

edit* it's 3 confirmations for BTC, not sure how many for c2. BC atm is 10 confirmations and CINNI 15. Clearly, not enough, but minty wants trading fees!

edit** well, FairCoin is 3 confirmations, if you look now @ c2 it has been changed to 100 confirmations, but it was probably @ 3 previously.

edit*** well, if I was scam artist, I would hit faircoin on minty next!

edit**** CINNI from 38k to 9k back to 15k. wtflol.

Double spend, but not detected yet  

Could be, i mean, minty clearly has low confirmations and if it has algorithms automated to audit its account that does not occur regularly enough.

+ CINNI is just a pump and dump BC clone at heart, low interest and HUGE volatility, why mint (read, why secure the blockchain)?

[biggus dickus]

This didn't happen on BTER because they wait for 100 confirmations before any deposit.

I had some extremely long waits for my coins to deposit on bter. Now I understand why and it's a good thing. At the time people were complaining about bter and saying how much faster mintpal deposits were.

[DeathAndTaxes]

This didn't happen on BTER because they wait for 100 confirmations before any deposit.

This is not true when the attacker has 51% of the resource (either computing power for PoW or stake for PoS).  With >50% of the critical resource it is a mathematical certainty the attacker will eventually build the longest chain.  10 confirms, 100 confirms, 20,000 confirms isn't sufficient to guarantee the attack can't double spend.  This is the basic security assumption which forms the foundation for all decentralized crypto currencies.

The attacker picked the weaker of the two exchanges however if both mintpal and bter used 100 confirmations the attacker could have double spend both by building an parallel chain containing the double spends that resulting in a 101+ block reorg.  At block X the attacker has >50% of the network stake.  At block X+1 the transactions depositing funds to both exchanges are confirmed.  At block X+101 the funds are available for trading.  Attacker sells for another crypto currency, and withdraws.   Meanwhile the attacker has been building an alternate chain which double spends the deposits in block X+1.  At some point after block X+101 and once the traded coins have cleared and the attacker has the longer chain he publishes this alternate chain and the network reorgs to to the new longer chain and the deposit transactions to both exchanges become orphaned and invalid.

[baare]

On BTER or Mintpal.  Bter has raised confirm times to over 100 confirms.  It will show up but I have asked them to freeze the market.  Dont worry.  They are there.

I have 80000 C2.0 in my local my local wallet. Should I send them to Bter?

[gts476]

This didn't happen on BTER because they wait for 100 confirmations before any deposit.

This is not true when the attacker has 51% of the resource (either computing power for PoW or stake for PoS).  With >50% of the critical resource it is a mathematical certainty the attacker will eventually build the longest chain.  10 confirms, 100 confirms, 20,000 confirms isn't sufficient to guarantee the attack can't double spend.

The attacker simply picked the weaker of the two exchanges however if both mintpal and bter used 100 confirmations the attacker could have double spend both by building an parallel chain containing the double spends that resulting in a 101+ block reorg.

Whilst it is a mathematical certanity that an attacker would build the longest chain, it is not a mathematical certanity that the attacker would be able to build a chain of required length.

Probabilisticly, if you consider a case where our would be attack holds 80% of coin age at any give point in time and if we assume that this holding of coin age does not dimminish after he finds a block, then the probability of the attacker creating a blockchain in which he can take the piss is;

proability of finding next block aprox 80% = 0.8

proability of creating block chain of length n = 0.8^n

ie. the probability of attacker creating a block chain of length 3 to deposit on mintpal is

P(attack chain length 3) = 0.8^3 = 0.512 or 51%

so if we observe 100 individual 3 block creations where our attacker holds 80% of coin age 100 times we would expect the attacker to be able to create a 3 chain block 51 times out of 100.

ergo, mintpal is fucking amateur hour.

lets compair the case with bter.

chain length require is now 100, so n = 100

P(attack chain length 100) = 0.8^100 = 2.0 x 10^(-10) = 0.00000000002

so we would expect our attacker to be able to create a blockchain capable of double spending bter aproximetly 1 in every 10 billion instences of a 100 block long chain being created.

Of course if the attacker has more than 80% total coin age this again increases, however, I must point out than once coinage has been used to secure 1 block, it is nulled, and so it is not accurate to assume that the probability is discrete.

More likley the same calculation would look something like this for whatever blocks....

P(attack chain of length whatever) = 0.8x0.79x0.78 etc etc etc.

Clearly,there will be no significant difference for a attack chain of length 3, but there will for an attack chain of length 100 (but it is already very, very small).

tl;dr, yes, but mostly hell no, more confirms make a HUGE difference, mintpal fucked up.

-----------------------------------------------------------

edit* also, this would be nulled if the fucking exchange staked.