[XMR] Monero - A secure, private, untraceable cryptocurrency

[Nekomata]

XMR is the future.

[shojayxt]

Good news!

Seems that CryptoNote fixed flaw with merkle hash!
Fix is already on github, new Boolberry build is coming soon.


Well.... it seems that it was pretty hard day for many people here

Hmmmm they already got a fix for this?
Pretty weird if you ask me

What's weird about it?  Every cryptonote dev was likely working on it.  


This was an attack not just on XMR but cryptonote itself.  XMR is the biggest so cutting off the head so to speak would be the best tactic for those wishing to take down the up and coming protocol.  

[smooth]

Good news!

Seems that CryptoNote fixed flaw with merkle hash!
Fix is already on github, new Boolberry build is coming soon.


Well.... it seems that it was pretty hard day for many people here

Hmmmm they already got a fix for this?
Pretty weird if you ask me

It's also a load of shit. rfreeman_w (one of the Monero contributing developers) and I debugged it and sent exact same fix to Crypto Zoidberg for his review. That was well before (almost an hour) the "Cryptonote" scammers sent out the amazing fix they just happened to have. We also have a slightly different fix that cleans up the code.

If he is honest Zoidberg will confirm this.

EDIT: tacotime also deserves credit for pointing to the tree-hash function based on the transaction count in the poison block used for the attack. It was a great intuition.

[xulescu]

oda.krell is right about the "don't fight FUD with FUD because you shoot yourself in the foot" thing. This approach is counterproductive because it makes people turn against you and what you say, instinctively.

The FUD on this thread is irrelevant anyway, we'll keep copy-pasting standard courteous responses and calling out provable shills. The most important thing we as community can do in crises like this is help information flow INSIDE the community as friction-less as possible. For example, answering noob or "just woke up, what's up" questions with pertinent explanations, or spending some time on IRC explaining things as far as we know and always linking to the most recent official information.

What we do here is, like aminorex keeps hinting, not a zero-sum game. That's the stuff of pumps and dumps. We win if we manage to COOPERATE efficiently (even if we don't trust each other - that's the whole point of the Byzantine Generals problem).

[smooth]

oda.krell is right about the "don't fight FUD with FUD because you shoot yourself in the foot" thing. This approach is counterproductive because it makes people turn against you and what you say, instinctively.

The FUD on this thread is irrelevant anyway, we'll keep copy-pasting standard courteous responses and calling out provable shills. The most important thing we as community can do in crises like this is help information flow INSIDE the community as friction-less as possible. For example, answering noob or "just woke up, what's up" questions with pertinent explanations, or spending some time on IRC explaining things as far as we know and always linking to the most recent official information.

What we do here is, like aminorex keeps hinting, not a zero-sum game. That's the stuff of pumps and dumps. We win if we manage to COOPERATE efficiently (even if we don't trust each other - that's the whole point of the Byzantine Generals problem).

I am anti FUD and I said so (repeatedly). But I'm also not happy when our team does good work and it gets credited to a bunch of lying scammers.

[me755]

Hm, seems like XMR crew had fix all the way but waited for someone else to come upfront with it. Interesting.

[tacotime]

Good morning.

It looks like the code I called into question within an hour after this happened last night was indeed the problem code. So, within an hour or so of the attack, I'd narrowed it down to about a page of code, and it looks like we have the first fix this morning.

Now the CN "saviours" have flown in and magically have a similar fix, who knew? The code was obviously orchestrated by someone with an intimate knowledge of the codebase, to the point where:
1) Txs to expand the blockchain were made to emulate pool payout tx so not to raise suspicion.
2) The tx used as inputs for the block that broke consensus was 4 days old so we couldn't find it easily.
3) The mempool was not filled up so as to also give the impression a spam attack was not going on.

There are more notes here:
https://bitcointalk.org/index.php?topic=583449.msg8665829#msg8665829

Here's what happened with us:
We caught the bullshit going on in the network despite efforts to conceal it and caught the fork immediately. We had Poloniex shut down deposit withdrawal as soon as the fork arose, so no one lost their money.

[iCEBREAKER]

im sick of ppl talking about bbr on monero thread

XMR and BBR are the Cryptonote Wonder Twins.  Their devs collaborate frequently, especially in an emergency.  The XMR mothership thread will no more be free of BBR references than BTC ones. 

Don't like it?  Too bad!   

[smooth]

Hm, seems like XMR crew had fix all the way but waited for someone else to come upfront with it. Interesting.

I can assure you given the number of hours of sleep that our team has forgone in order to address this attack and eventually figure out how to fix it that we did not have a fix all the way.

[rpietila]

We win if we manage to COOPERATE efficiently (even if we don't trust each other - that's the whole point of the Byzantine Generals problem).

Something related to this is coming to Monero. No other coins currently have it. Expect to hear more from it in a few days even..

[iCEBREAKER]

Good morning.

It looks like the code I called into question within an hour after this happened last night was indeed the problem code. So, within an hour or so of the attack, I'd narrowed it down to about a page of code, and it looks like we have the first fix this morning.

Now the CN "saviours" have flown in and magically have a similar fix, who knew? The code was obviously orchestrated by someone with an intimate knowledge of the codebase, to the point where:
1) Txs to expand the blockchain were made to emulate pool payout tx so not to raise suspicion.
2) The tx used as inputs for the block that broke consensus was 4 days old so we couldn't find it easily.
3) The mempool was not filled up so as to also give the impression a spam attack was not going on.

There are more notes here:
https://bitcointalk.org/index.php?topic=583449.msg8665829#msg8665829

Here's what happened with us:
We caught the bullshit going on in the network despite efforts to conceal it and caught the fork immediately. We had Poloniex shut down deposit withdrawal as soon as the fork arose, so no one lost their money.

Awesome detective/repair work TT & Co!  I'm donating in appreciation as soon as it's safe.

Can the standard client be used to prepare and construct another such 'Troll Block' or did the attacker use custom tools?

[smooth]

Good morning.

It looks like the code I called into question within an hour after this happened last night was indeed the problem code. So, within an hour or so of the attack, I'd narrowed it down to about a page of code, and it looks like we have the first fix this morning.

Now the CN "saviours" have flown in and magically have a similar fix, who knew? The code was obviously orchestrated by someone with an intimate knowledge of the codebase, to the point where:
1) Txs to expand the blockchain were made to emulate pool payout tx so not to raise suspicion.
2) The tx used as inputs for the block that broke consensus was 4 days old so we couldn't find it easily.
3) The mempool was not filled up so as to also give the impression a spam attack was not going on.

There are more notes here:
https://bitcointalk.org/index.php?topic=583449.msg8665829#msg8665829

Here's what happened with us:
We caught the bullshit going on in the network despite efforts to conceal it and caught the fork immediately. We had Poloniex shut down deposit withdrawal as soon as the fork arose, so no one lost their money.

Awesome detective/repair work TT & Co!  I'm donating in appreciation as soon as it's safe.

Can the standard client be used to prepare and construct another such 'Troll Block' or did the attacker use custom tools?

The block was custom-created. It used things like transactions with no output at all, 1 tacoshi inputs, etc. Some of the blocks used for the attack were put in the block chain four days ago. This was highly premeditated.

[rdnkjdi]

Now I realize what was the reason for the mid-move turn back at 510 and the quite strong selling towards 400, which was not supported by fundamentals or anything.

The attackers have taken a short position during the decline (causing the decline), and when they run out of coins, the price also stopped declining. When it started going up, it was the time to attack.

Now if the holders sell their coins so that the price drops to below 400, without corresponding buyers except the attackers, then the attackers have won financially, fleecing the community. (The community has also won, because the bug was fixed and attack repelled.)

I pledge 1000 XMR to the devs for their ongoing good work, and BTC100 will be used to buy moneros in the exchange without further warning if I deem that the scamattackers are about to get too fat a profit from their attack.

I will use another ~BTC10 to buy XMR once the time has come (/ trading continues).

I'll put at least 5 BTC on the table for buying and I'll donate at least 25 XMR when problem is solved to the devs.

OK investors and traders. Let''s put up a buy wall at 0.004 and find a floor there. Anyone selling will have to buy back in more expensive if successful.
By putting your order at 0.004 you are supporting the floor.
I will chip in some myself.

I pledge BTC5 in buy support, and will also make a contribution to the dev team.

I wonder why you guys are expecting a dump 

Wouldn't it be best to let weak hands dump and long term believers buy at discounted prices than artificially holding the price up?

[Quicken]

Great news on the fix Dev's. I see my main mining pool has just resumed payments, but Polo is still frozen. A few questions:

1) Will the fix require a new build for everyone?
2) I think someone (smooth or fluffy) said the Windows blockchain download hadn't been checked yet a few hours ago. Is it safe to download the new Windows chain yet?
3) Any other guidance on what to do to get going again?

Thanks,
Q

[GreekBitcoin]

Oh well price will obviously fall. Price will obviously come back. The time frame that this will happen is unclear. One things is sure. Panic sellers and panic buyers will lose...

[klee]

Oh well price will obviously fall. Price will obviously come back. The time frame that this will happen is unclear. One things is sure. Panic sellers and panic buyers will lose...

How they can both lose??

[nexern]

it is embarrassing to see how some parts of the this community blaming just reflexively others (many see them as competitor) attacking monero.
what a nonsense. until the devs haven't analysed the sources and more details are published, this looks just like a flaw (better now than later btw),
no matter what language the source is written in.

i also don't understand why this should have any real effect on the price except that some scared speculators are jumping out but so what?
either monero is usefull and operational at a certain point or not. this is what counts. just fix the flaw and go on, there is still a need for monero but
no need to concern much about speculators, only interested in making some quick cash, without any real interest in what monero is made for.

this tech is new, just expect problems and don't draw an armageddon from every single event on negativ price-action.

ot: interesting how quick people are starting to worship the blockchain, viewed as an untouchable entity from above. i tought this tech was made to
give us, the people, the power back to decide. what sense does it make if we don't use this power but replacing the authority enslavement by an
blockchain enslavement?

[whap]

Good job to the devs. I wish i was equally talented with girls as they are with coding. I'm donating some beloved XMR as soon as this incident is safely withstood.

[mechanikalk]

Can people please stop talking about Dingleberry (BBR) on the Monero thread.

[cAPSLOCK]

I hold both XMR and BBR (until something better may arise) - I don't see any reason for hostility between the two projects...

It is both annoying and intriguing actually.