[XMR] Monero - A secure, private, untraceable cryptocurrency

[iCEBREAKER]

Soon, no mixing service will be able to "hide" BTC transactions.

Moreover, all of those past transactions through mixers are going to redflag you.  The cows already left the barn.  I am hoping you used a non-cooperating, un-penetrated, exchange as a cut-out, because otherwise your coinbase/circle accounts are going to get locked down, and your PII goes on a DHS/DOJ/DOT/JTF/FinCen red letter list.  No security clearance for you.  (Oh and that non-cooperation and un-penetrated status has to persist until your death.)

Fortunately the U.S. doesn't usually apply hereditary taint domestically, so your children will be okay.  For now.  Until the U.S. and Chinese systems converge more fully.  They are tending to converge pretty strongly lately, though.

It's not paranoia when they really are out to get you.

Relevant:  http://www.youtube.com/watch?v=_WTBkj8gFfI

[vphen]

https://mymonero.com/  ever compromised?
I deposited  more than 10K xmr on mymonero last year, I forgot the last time I logged-in my wallet, it's been a long time.
but today,  I logged-in and found all xmr was stolen on yesterday,
I have no idea how the hacker steal my xmr...
Any advice for me?

[Anon136]

https://mymonero.com/  ever compromised?
I deposited  more than 10K xmr on mymonero last year, I forgot the last time I logged-in my wallet, it's been a long time.
but today,  I logged-in and found all xmr was stolen on yesterday,
I have no idea how the hacker steal my xmr...
Any advice for me?

Its probably not stolen. You just need to request for the server to re-scan the blockchain. You have to pay because its resource intensive. But its cheap.

First fund your account with a couple of monero. Then click on "account" at the top. Next click "import transactions". And "Ok, Thanks!".

If I just put your heart back in your chest. I accept donations.

46kFsHLTpi7JDC8iFfkFaw1kGyTkbxL4xh3oRUCXGHycEz4xBBiGJeTbMDnLMC66ozVFb8vdZ51KLYk cRgJCybHvTTiL3Hg

[vphen]

https://mymonero.com/  ever compromised?
I deposited  more than 10K xmr on mymonero last year, I forgot the last time I logged-in my wallet, it's been a long time.
but today,  I logged-in and found all xmr was stolen on yesterday,
I have no idea how the hacker steal my xmr...
Any advice for me?

Its probably not stolen. You just need to request for the server to re-scan the blockchain. You have to pay because its resource intensive. But its cheap.

First fund your account with a couple of monero. Then click on "account" at the top. Next click "import transactions".

If I just put your heart back in your chest. I accept donations.

46kFsHLTpi7JDC8iFfkFaw1kGyTkbxL4xh3oRUCXGHycEz4xBBiGJeTbMDnLMC66ozVFb8vdZ51KLYk cRgJCybHvTTiL3Hg

i dont understand, there is a txid showes the xmr moved out

[Anon136]

https://mymonero.com/  ever compromised?
I deposited  more than 10K xmr on mymonero last year, I forgot the last time I logged-in my wallet, it's been a long time.
but today,  I logged-in and found all xmr was stolen on yesterday,
I have no idea how the hacker steal my xmr...
Any advice for me?

Its probably not stolen. You just need to request for the server to re-scan the blockchain. You have to pay because its resource intensive. But its cheap.

First fund your account with a couple of monero. Then click on "account" at the top. Next click "import transactions".

If I just put your heart back in your chest. I accept donations.

46kFsHLTpi7JDC8iFfkFaw1kGyTkbxL4xh3oRUCXGHycEz4xBBiGJeTbMDnLMC66ozVFb8vdZ51KLYk cRgJCybHvTTiL3Hg

i dont understand, there is a txid showes the xmr moved out

well... thats... very strange...

how did you store your private key? are you on a windows machine? did you ever access mymonero through a hyperlink?

[vphen]

https://mymonero.com/  ever compromised?
I deposited  more than 10K xmr on mymonero last year, I forgot the last time I logged-in my wallet, it's been a long time.
but today,  I logged-in and found all xmr was stolen on yesterday,
I have no idea how the hacker steal my xmr...
Any advice for me?

Its probably not stolen. You just need to request for the server to re-scan the blockchain. You have to pay because its resource intensive. But its cheap.

First fund your account with a couple of monero. Then click on "account" at the top. Next click "import transactions".

If I just put your heart back in your chest. I accept donations.

46kFsHLTpi7JDC8iFfkFaw1kGyTkbxL4xh3oRUCXGHycEz4xBBiGJeTbMDnLMC66ozVFb8vdZ51KLYk cRgJCybHvTTiL3Hg

i dont understand, there is a txid showes the xmr moved out

well... thats... very strange...

how did you store your private key? are you on a windows machine? did you ever access mymonero through a hyperlink?

in txt encrypted by openssl on macbook,
i visit mymonero carefully everytime, should not have visited a fake site

[Anon136]

https://mymonero.com/  ever compromised?
I deposited  more than 10K xmr on mymonero last year, I forgot the last time I logged-in my wallet, it's been a long time.
but today,  I logged-in and found all xmr was stolen on yesterday,
I have no idea how the hacker steal my xmr...
Any advice for me?

Its probably not stolen. You just need to request for the server to re-scan the blockchain. You have to pay because its resource intensive. But its cheap.

First fund your account with a couple of monero. Then click on "account" at the top. Next click "import transactions".

If I just put your heart back in your chest. I accept donations.

46kFsHLTpi7JDC8iFfkFaw1kGyTkbxL4xh3oRUCXGHycEz4xBBiGJeTbMDnLMC66ozVFb8vdZ51KLYk cRgJCybHvTTiL3Hg

i dont understand, there is a txid showes the xmr moved out

well... thats... very strange...

how did you store your private key? are you on a windows machine? did you ever access mymonero through a hyperlink?

in txt encrypted by openssl on macbook,
i visit mymonero carefully everytime, should not have visited a fake site

Ok than you almost certainly downloaded a keylogger with some sort of bitcoin or alt coin related software. Still not that likely of an explanation. But when all else fails unlikely becomes likely.

[Bobo81]

By the way, how prevent to not have a key logger in the computer?

[novag]

https://mymonero.com/  ever compromised?
I deposited  more than 10K xmr on mymonero last year, I forgot the last time I logged-in my wallet, it's been a long time.
but today,  I logged-in and found all xmr was stolen on yesterday,
I have no idea how the hacker steal my xmr...
Any advice for me?

Please lay out screenshots, for without them, little hard to believe.

[singalone]

NASDAQ.com: Darknet Customers Are Demanding Bitcoin Alternative Monero

http://www.nasdaq.com/article/darknet-customers-are-demanding-bitcoin-alternative-monero-cm671031

amazing news, and now more and more persons will know monero, to da pluto!

[dloghwak]

I read a while ago, that it's no longer possible to see the date of the incoming funds, if you don't have the password.
Is that 'feature' already implemented?
I got some wallets where I have only the key,viewkey and mnemonic seed and it would suck tax wise if I am not able to proof the date I got the coins.

[fluffypony]

https://mymonero.com/  ever compromised?
I deposited  more than 10K xmr on mymonero last year, I forgot the last time I logged-in my wallet, it's been a long time.
but today,  I logged-in and found all xmr was stolen on yesterday,
I have no idea how the hacker steal my xmr...
Any advice for me?

Please lay out screenshots, for without them, little hard to believe.

vphen is in contact with me, can confirm that it appears his Monero was swiped. This is not the first time this has happened, previous instances have resulted from bad Tor exit nodes, rootkits, private keys stored in Word documents, and other malware that targets Monero. Suffice it to say, if the DNMs are waking up to Monero's usefulness now, malware authors have been aware of it for a while (see: the botnets that have been mining Monero for a couple of years already).

PLEASE treat MyMonero as you would a normal wallet. If you would only carry $150 comfortably in cash in your actual wallet, then you should only keep like 40 XMR in your MyMonero wallet. For cold storage, use MoneroAddress or simplewallet offline on an air-gapped computer, and follow the instructions that have been detailed before.

[fluffypony]

And I thought that this was replacing remote communication as well. Which is a VERY BIG DEAL. But after listening to the Podcast you linked I see that it is intended for interprocess communication currently but Fluffy did say it can be extended for wiring protocol replacement.

In terms of "dev notes", a lot of this stuff goes down on IRC in #monero-dev and sometimes even #monero. The bi-weekly dev meetings are the culmination of these discussions that span thousands of lines of text over many days.

Could you post those logs on pastebin?

0MQ is a trivial decision to make, because it's a backend change as you've observed. Our only option is either a messaging system (of which 0MQ is unequivocally the most battle-tested, with the largest number of implementations) or replacing the current HTTP server with something far more performant. Obviously, short of forking nginx, the latter is not really an option.

I don't quite understand why there needs to be any wrapper at all for local communication, why not use direct input and add the daemon functionality to say the gui? Is there any reason these need to be separate for end users? I just see this as a injection point where one doesn't need to be.

To speak to your other concern: we are definitely looking at replacing the wire protocol. Since we'll have 0MQ in already, and since we want to enable developers to build consensus-compatible implementations in whatever language they'd like, the logical choice is ZMTP (http://zmtp.org). This is, again, something that is battle-hardened and has implementations in tons of languages. Our other option is picking one of the Tor pluggable transports, something like obfs4, but that's somewhat less desirable for cross-implementation purposes.

I do remember this discussion being touched on in this thread I think but I don't remember a decision being announced. Making the product more accessible to a larger is base is laudable as I said I just want to make sure it is not at the cost of security. Especially with the vultures hovering looking for any attack vector they can find.

The current home-grown Boost::ASIO wire protocol is significantly more risky than switching to something that is standard. It's entirely possible that there's some weirdness under the hood that we haven't uncovered yet, so swapping it out for something that is well-known and widely used in FOSS projects is extremely desirable. Complexity is the enemy of good security, and in this case custom protocols way worse than well-known standards.

Perhaps more importantly, though, the wire protocol is hardly an attack surface. The major risk it represents is an MITM attack revealing what transactions you were the first to broadcast (mitigated by end-to-end encryption in ZMTP), and fingerprinting attacks being able to correlate your clearnet IP with your i2p address (mitigated by introducing some execution randomness to the i2p connectivity, and completely separating the information shared with nodes on both interfaces). Beyond that, a compromised or poisoned wire protocol won't be able to "do" anything particularly bad. The daemon has no idea what your private keys are. It has some information about your transactions you send out, and the ones you're interested in, but if it were revealing that it would be spotted very quickly.

This is actually my top concern, I want to see how this has been vetted. Call me paranoid but changing a core protocol with off hand remarks is worrisome and I just want to verify that we are not just taking anyone's word on the fact that the crypto in 0MQ is sound and safe when it comes to a currency that cannot be checked for manipulation.

http://arstechnica.com/security/2014/01/how-the-nsa-may-have-put-a-backdoor-in-rsas-cryptography-a-technical-primer/

BTW we are very close to losing beta status correct? How long will this be tested within the beta phase?

I don't know anything about this so I wanted to see a peer review or a word from our scientists that they have verified this is bulletproof.
Looking into ZeroMq I see it uses Curve25519 correct?

http://zeromq.org/topics:encryption

ZeroMQ 4.x has extensible encryption, and comes with CurveZMQ as a built-in security mechanism. Pieter Hintjens has some articles that explain how this works. The only extra dependency is libsodium, which provides the Curve25519 security functions.

https://www.reddit.com/r/programming/comments/1ms5fu/new_zeromq_4_does_strong_encryption_and_perfect/

CURVE - secure authentication and encryption based on elliptic curve cryptography, using the Curve25519 algorithm from Daniel Bernstein and based on CurveCP's security handshake. See http://rfc.zeromq.org/spec:25, http://rfc.zeromq.org/spec:26, and http://curvecp.org.

https://en.wikipedia.org/wiki/Curve25519

   I no longer trust the constants. I believe the NSA has manipulated them through their relationships with industry
    — Bruce Schneier, The NSA Is Breaking Most Encryption on the Internet (2013)

***********************************************************************************************************

Will Monero pitch to Anchor into Factom blockchain after they do Ethereum?


Ethereum is for smart contracts Factom is for data and Dash or Monero is for privacy.

Actually I don't know who's better between Dash or Monero and I know there is heated debate about this so not opening that pandoras box because I don't have a horse in the race. Anyway both are experimental technologies in field worthy of pursuit.

Well just looking at XMR's rich list should tell you something.
http://moneroblocks.info/richlist

It could be worse, but there's a hint of smugness to the writing on that page.

As there should be, this project is headed by some of the smartest and capable people I've ever seen, they are so advanced they take for granted that we as a community know the things I ask in this thread. I feel like the kid in class that asked the question because others are lost and afraid to. Not to say I don't get lost, my brain is on life support these days. Lol

This project gets the hardest scrutiny and has never to my knowledge lied, misled or deceived the community, how many other ones can you say that about?

Sorry I never got to answering this - extreme lack of time atm.

Bottom line: 0MQ, and in future ZMTP, are extremely well-known, well-used, and well-reviewed software libraries. Our aim is to replace lots of components (eg. the web server used for JSON RPC API access) with standard, well-known, secure libraries.

Why?

Because epee is *not* known-good, *not* well-reviewed, *not* used anywhere except Monero. It is much higher risk to keep epee around, or to roll our own stuff, than to replace it with stuff that is widely reviewed.

PS. Curve25519 / Ed25519 is an integral part of Monero's cryptography. If it's broken we are in a much bigger toilet bowl than just 0MQ. Thankfully, Curve25519 is likely the most secure curve we have today, as Peter Gutmann begrudgingly affirmed recently: http://www.metzdowd.com/pipermail/cryptography/2016-March/028824.html

Edit: btw, the Bruce Schneier quote you include is him explaining why the NIST's P curve constants were purposely broken by the NSA, which is what has led to such an uptake in Curve25519 use. See SafeCurves for details: https://safecurves.cr.yp.to

[dEBRUYNE]

https://mymonero.com/  ever compromised?
I deposited  more than 10K xmr on mymonero last year, I forgot the last time I logged-in my wallet, it's been a long time.
but today,  I logged-in and found all xmr was stolen on yesterday,
I have no idea how the hacker steal my xmr...
Any advice for me?

Please lay out screenshots, for without them, little hard to believe.

vphen is in contact with me, can confirm that it appears his Monero was swiped. This is not the first time this has happened, previous instances have resulted from bad Tor exit nodes, rootkits, private keys stored in Word documents, and other malware that targets Monero. Suffice it to say, if the DNMs are waking up to Monero's usefulness now, malware authors have been aware of it for a while (see: the botnets that have been mining Monero for a couple of years already).

PLEASE treat MyMonero as you would a normal wallet. If you would only carry $150 comfortably in cash in your actual wallet, then you should only keep like 40 XMR in your MyMonero wallet. For cold storage, use MoneroAddress or simplewallet offline on an air-gapped computer, and follow the instructions that have been detailed before.

Hijacking this to post the guide link:

https://www.reddit.com/r/Monero/comments/48cgmd/an_extensive_guide_for_securely_generating_an/

[bbc.reporter]

Why does the light wallet not save the state after it has fully synced? After syncing I close the light client and the opened it again and it was syncing again starting from 0.

[GingerAle]

Why does the light wallet not save the state after it has fully synced? After syncing I close the light client and the opened it again and it was syncing again starting from 0.

can u provide more info? light client? version number? os?

[bvalis]

Why does the light wallet not save the state after it has fully synced? After syncing I close the light client and the opened it again and it was syncing again starting from 0.

did you use command prior to closing it?

[bbc.reporter]

Why does the light wallet not save the state after it has fully synced? After syncing I close the light client and the opened it again and it was syncing again starting from 0.

can u provide more info? light client? version number? os?

I used version 0.2 that I have downloaded here https://getmonero.org/getting-started/choose

I am using Windows 7 64bit. Do you have any idea what is going wrong with it?

[dEBRUYNE]

Why does the light wallet not save the state after it has fully synced? After syncing I close the light client and the opened it again and it was syncing again starting from 0.

can u provide more info? light client? version number? os?

I used version 0.2 that I have downloaded here https://getmonero.org/getting-started/choose

I am using Windows 7 64bit. Do you have any idea what is going wrong with it?

You have to exit simplewallet gracefully by typing

Code:

exit

as command. If you don't do this the "state" will not be saved into the wallet cache.

[cAPSLOCK]

https://mymonero.com/  ever compromised?
I deposited  more than 10K xmr on mymonero last year, I forgot the last time I logged-in my wallet, it's been a long time.
but today,  I logged-in and found all xmr was stolen on yesterday,
I have no idea how the hacker steal my xmr...
Any advice for me?

Please lay out screenshots, for without them, little hard to believe.

vphen is in contact with me, can confirm that it appears his Monero was swiped. This is nb?ot the first time this has happened, previous instances have resulted from bad Tor exit nodes, rootkits, private keys stored in Word documents, and other malware that targets Monero. Suffice it to say, if the DNMs are waking up to Monero's usefulness now, malware authors have been aware of it for a while (see: the botnets that have been mining Monero for a couple of years already).

PLEASE treat MyMonero as you would a normal wallet. If you would only carry $150 comfortably in cash in your actual wallet, then you should only keep like 40 XMR in your MyMonero wallet. For cold storage, use MoneroAddress or simplewallet offline on an air-gapped computer, and follow the instructions that have been detailed before.

Perhaps implementing 2 factor would mitigate some of this.  Is the code on github?