Bitcoin Forum
October 22, 2018, 10:24:46 AM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 [650] 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 ... 2010 »
  Print  
Author Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency  (Read 4303762 times)
findftp
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000


Delusional crypto obsessionist


View Profile
September 04, 2014, 09:27:04 PM
 #12981

Just made my first ever XMR purchase - 5 minutes of XMR dev time for attack mitigation and security.

Thanks, devs!!



This kind of post is such good news.  Today made the coin, and community, incalculably stronger :-)

Well, I also just made my first purchase, but they are locked on BTER because I can't withdraw.
Very good first impression!


(1) Don't buy XMR on BTER, and
Too late, I just deposit some satoshis, did a market buy monero and went for withdrawal, basically a hit and run.

Quote
(2) if it made a great first impression, then you would not be buying them this cheap Smiley
The impression came when everything else already happened.



1FdwDuV2qgsw2w1Lza8nsea7L6mQxsc7g3
1540203886
Hero Member
*
Offline Offline

Posts: 1540203886

View Profile Personal Message (Offline)

Ignore
1540203886
Reply with quote  #2

1540203886
Report to moderator
1540203886
Hero Member
*
Offline Offline

Posts: 1540203886

View Profile Personal Message (Offline)

Ignore
1540203886
Reply with quote  #2

1540203886
Report to moderator
1540203886
Hero Member
*
Offline Offline

Posts: 1540203886

View Profile Personal Message (Offline)

Ignore
1540203886
Reply with quote  #2

1540203886
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1540203886
Hero Member
*
Offline Offline

Posts: 1540203886

View Profile Personal Message (Offline)

Ignore
1540203886
Reply with quote  #2

1540203886
Report to moderator
1540203886
Hero Member
*
Offline Offline

Posts: 1540203886

View Profile Personal Message (Offline)

Ignore
1540203886
Reply with quote  #2

1540203886
Report to moderator
findftp
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000


Delusional crypto obsessionist


View Profile
September 04, 2014, 09:29:21 PM
 #12982

Just made my first ever XMR purchase - 5 minutes of XMR dev time for attack mitigation and security.

Thanks, devs!!



This kind of post is such good news.  Today made the coin, and community, incalculably stronger :-)

Well, I also just made my first purchase, but they are locked on BTER because I can't withdraw.
Very good first impression!


(1) Don't buy XMR on BTER, and
Too late, I just deposit some satoshis, did a market buy monero and went for withdrawal, basically a hit and run.


Can someone advise me on a place where I can do a hit and run which actually works? I don't want to have them locked up somewhere online.

edit: never did a personal transaction through this forum but I think I might want to try this as well, or shouldn't I?

1FdwDuV2qgsw2w1Lza8nsea7L6mQxsc7g3
darlidada
Hero Member
*****
Offline Offline

Activity: 723
Merit: 503


View Profile
September 04, 2014, 09:31:11 PM
 #12983

Just made my first ever XMR purchase - 5 minutes of XMR dev time for attack mitigation and security.

Thanks, devs!!



This kind of post is such good news.  Today made the coin, and community, incalculably stronger :-)

Well, I also just made my first purchase, but they are locked on BTER because I can't withdraw.
Very good first impression!


(1) Don't buy XMR on BTER, and
Too late, I just deposit some satoshis, did a market buy monero and went for withdrawal, basically a hit and run.


Can someone advise me on a place where I can do a hit and run which actually works? I don't want to have them locked up somewhere online.

how come it doesnt work? i think bter make you pay a 1% fee on withdrawal so that may be the reason why you cant withdraw? maybe you're withdrawing too much? otherwise, whats the error msg?

for hit and runs, i recommend mintpal and bter, but you can only hit small as the volume is very low there. most volume happens on poloniex and hitbtc
Anon136
Legendary
*
Offline Offline

Activity: 1624
Merit: 1178



View Profile
September 04, 2014, 09:31:25 PM
 #12984

Just made my first ever XMR purchase - 5 minutes of XMR dev time for attack mitigation and security.

Thanks, devs!!



This kind of post is such good news.  Today made the coin, and community, incalculably stronger :-)

Well, I also just made my first purchase, but they are locked on BTER because I can't withdraw.
Very good first impression!


(1) Don't buy XMR on BTER, and
Too late, I just deposit some satoshis, did a market buy monero and went for withdrawal, basically a hit and run.


Can someone advise me on a place where I can do a hit and run which actually works? I don't want to have them locked up somewhere online.

Poloniex has worked great for me.

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
wachtwoord
Legendary
*
Offline Offline

Activity: 1708
Merit: 1003


View Profile
September 04, 2014, 09:31:35 PM
 #12985

Just made my first ever XMR purchase - 5 minutes of XMR dev time for attack mitigation and security.

Thanks, devs!!



This kind of post is such good news.  Today made the coin, and community, incalculably stronger :-)

Well, I also just made my first purchase, but they are locked on BTER because I can't withdraw.
Very good first impression!


(1) Don't buy XMR on BTER, and
Too late, I just deposit some satoshis, did a market buy monero and went for withdrawal, basically a hit and run.


Can someone advise me on a place where I can do a hit and run which actually works? I don't want to have them locked up somewhere online.

Poloniex. I never hold funds on exchanges.
BoscoMurray
Sr. Member
****
Offline Offline

Activity: 450
Merit: 250


View Profile
September 04, 2014, 09:34:19 PM
 #12986

I downloaded the Windows x64 blockchain yesterday and have synced up to 202656. Stuck there for hours now so I must be on the wrong chain.

I downloaded it again this evening, but the file size suggests to me it's the same as yesterdays and I don't want to end up in the same position again.

Could the OP be updated with the correct Windows blockchain ASAP please! Ta
findftp
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000


Delusional crypto obsessionist


View Profile
September 04, 2014, 09:35:15 PM
 #12987


how come it doesnt work? i think bter make you pay a 1% fee on withdrawal so that may be the reason why you cant withdraw? maybe you're withdrawing too much? otherwise, whats the error msg?

XMR deposit is disabled 因技术维护,虚拟币充值暂停,感谢您谅解和支持。

translated:
XMR deposit is disabled due to technical maintenance, the virtual currency recharge pause, thank you for your understanding and support.

I'm trying to withdraw 2 digits of XMR.

1FdwDuV2qgsw2w1Lza8nsea7L6mQxsc7g3
EGStrategies
Member
**
Offline Offline

Activity: 80
Merit: 10


View Profile
September 04, 2014, 09:39:16 PM
 #12988

Seems polo is trading, huge volumes over last hour back to the low mid 400s after taking a dive.

Wonder why Bittrex is still down?

O well, been working all day and didn't worry once as a holder of XMR here. I did expect to lose more liq. value though, the market looks really strong. I'm not thinking about the short term either way with XMR but I'd be lying to say I'm not happy to see the market response on polo after trading resumed.

Great job monero dev(s) with the way you handled this

binaryFate
Legendary
*
Offline Offline

Activity: 1358
Merit: 1001


Still wild and free


View Profile
September 04, 2014, 09:40:27 PM
 #12989

Kudos to all those who were involved in the quick investigation&fix, core team of course but also the few programmers revolving around. Thank you guys, really!

Kudos to the whole XMR community for the way it reacted, especially considering the amount of trolling against us. In cryptoland, we look like one of the few wise grown-up adults communities in a world of stupid children.

I find it extremely funny to think that the suckers behind the attack were trying to obtain a financial gain from it, and at this point it seems to be a *complete* fail. Grin

Monero's privacy and therefore fungibility are MUCH stronger than Bitcoin's. 
This makes Monero a better candidate to deserve the term "digital cash".
findftp
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000


Delusional crypto obsessionist


View Profile
September 04, 2014, 09:44:18 PM
 #12990

Just made my first ever XMR purchase - 5 minutes of XMR dev time for attack mitigation and security.

Thanks, devs!!



This kind of post is such good news.  Today made the coin, and community, incalculably stronger :-)

Well, I also just made my first purchase, but they are locked on BTER because I can't withdraw.
Very good first impression!


(1) Don't buy XMR on BTER, and
Too late, I just deposit some satoshis, did a market buy monero and went for withdrawal, basically a hit and run.


Can someone advise me on a place where I can do a hit and run which actually works? I don't want to have them locked up somewhere online.

Poloniex. I never hold funds on exchanges.

I cannot create an account.
The website is stuck at:
https://poloniex.com/signup_validate.php

Am I under personal attack or something? Smiley

1FdwDuV2qgsw2w1Lza8nsea7L6mQxsc7g3
tacotime
Legendary
*
Offline Offline

Activity: 1484
Merit: 1000



View Profile
September 04, 2014, 09:45:09 PM
 #12991

So, I think figured out today how the attack worked.

Throughout the day, the chain was spammed with "mimic" pool payout transactions. This was to enlarge the median blocksize.

Then, when the block size hit the required size for the attack, the merkle tree hashing code was overflowed by including >511 tx (these were tiny tx with one input and no outputs) followed by two unique transactions with inputs and outputs. The last two transaction hashes in the tx merkle tree (512, 513) could be replaced with anything so long as they were valid tx hashes, as they didn't actually factor into the block hash. This was due to a bug in tree-hash.c. This was block 202612.

The net effect of this was that you could swap in any tx into the block at positions 512 and 513 so long as they were the same size and were valid.

Here's the interesting part: When the attacker mined 202612, he transmitted two different blocks to the network, both of which had valid block headers, and both of which contained different transactions in index 512 and 513.

Block 202612
Fork 1 (monerochain):
Code:
index 512 2a58f802202db09cbd1377630ae73becff1eaff52e8969980672496dc39a5f6f 1.999999999999 622
index 513 57ce3aab446d75726221c908a4bf6ac2f67485cab80a2e2bedfe5519cabd8848 1.999999999999 622

Fork 2 (chainradar, minergate):
Code:
index 512 d59297784bfea414885d710918c1b91bce0568550cd1538311dd3f2c71edf570 1.999999999999 622
index 513 d2d714c86291781bb86df24404754df7d9811025f659c34d3c67af3634b79da6 1.999999999999 622

Note that both of these above blocks have the same header hash, because the merkle tree code simply ignored including these tx into the tree. If it had, the block header hash would have been different.

So, now half the network had one block, and half had the other, but they both thought they were valid and exactly the same even though they weren't.

Now, here's how the attacker forked the network. Two blocks later, at height 202614, the attacker generated and submitted two new blocks. These blocks contained the transactions below:

Block 202614
Fork 1 (monerochain):
Code:
index 2 d59297784bfea414885d710918c1b91bce0568550cd1538311dd3f2c71edf570 1.999999999999 622
index 3 d2d714c86291781bb86df24404754df7d9811025f659c34d3c67af3634b79da6 1.999999999999 622

Fork 2 (chainradar, minergate):
Code:
index 2 2a58f802202db09cbd1377630ae73becff1eaff52e8969980672496dc39a5f6f 1.999999999999 622
index 3 57ce3aab446d75726221c908a4bf6ac2f67485cab80a2e2bedfe5519cabd8848 1.999999999999 622

Noticed that these two new blocks both contain tx which the other chain already had -- at this point the network forked, because for each network one of these blocks would be invalid because it contained a doublespend of transactions that were already included.

Here's some output from a daemon on the forked network (fork 1, monerochain), from exactly when it hit the fork point:
Code:
[P2P6]Block with id: <c29e3dc37d8da3e72e506e31a213a58771b24450144305bcba9e70fa4d6ea6fb>have at least one unknown transaction with id:\ <57ce3aab446d75726221c908a4bf6ac2f67485cab80a2e2bedfe5519cabd8848>
[P2P6]Removed transaction from blockchain history:<e0d8f60983f90bbf8030f166cfe151c9ee45fe2e5bdc19abb32d80bfeaf1b368>
[P2P6]Removed transaction from blockchain history:<227ec7670f47107c45a8d096510d385ffbd09aa59f47f60f98f915b079f48d8e>
[P2P6]Block verification failed, dropping connection

This has been the most elaborate attack on a cryptocurrency I've ever seen -- it required incredible coordination and took great lengths to hide itself from being see from casual users of the network until it was too late. Of course, we were watching and could tell something was up, so we caught the fork immediately and were able to protect our users by notifying them and the exchanges of it. Still, I'm frankly amazed at the lengths the attackers went to to conduct this attack, and the complexity of it.

Code:
XMR: 44GBHzv6ZyQdJkjqZje6KLZ3xSyN1hBSFAnLP6EAqJtCRVzMzZmeXTC2AHKDS9aEDTRKmo6a6o9r9j86pYfhCWDkKjbtcns
coins101
Legendary
*
Offline Offline

Activity: 1456
Merit: 1000



View Profile
September 04, 2014, 09:53:11 PM
 #12992

This has been the most elaborate attack on a cryptocurrency I've ever seen -- it required incredible coordination and took great lengths to hide itself from being see from casual users of the network until it was too late. Of course, we were watching and could tell something was up, so we caught the fork immediately and were able to protect our users by notifying them and the exchanges of it. Still, I'm frankly amazed at the lengths the attackers went to to conduct this attack, and the complexity of it.

But the fork, was that the purpose of the attack or accidental? Was he relying on the fact that it would be a while before anyone noticed?

Sounds to me as though mayhem was the intention.

Xdragon
Hero Member
*****
Offline Offline

Activity: 537
Merit: 500


View Profile
September 04, 2014, 09:53:42 PM
 #12993

Is it OK to use latest wallet?  Do we have to update something?
fluffypony
Donator
Legendary
*
Offline Offline

Activity: 1260
Merit: 1019


GetMonero.org / MyMonero.com


View Profile WWW
September 04, 2014, 09:56:43 PM
 #12994

But the fork, was that the purpose of the attack or accidental? Was he relying on the fact that it would be a while before anyone noticed?

Sounds to me as though mayhem was the intention.

The fork was the intention and the net-effect. They would have had to mine two of those blocks in parallel and dump them both on the network. It's such a bizarre, unknown, unidentified edge-case that I can't imagine someone stumbling across this AND figuring out how to exploit it (and to what end??). There's no monetary gain to the attacker, and with the hike in fees to mitigate the previous attack I can only imagine that this would've cost them a pretty penny.

tacotime
Legendary
*
Offline Offline

Activity: 1484
Merit: 1000



View Profile
September 04, 2014, 09:59:24 PM
 #12995

But the fork, was that the purpose of the attack or accidental? Was he relying on the fact that it would be a while before anyone noticed?

Sounds to me as though mayhem was the intention.

The intention was to fork the blockchain, and possibly to cause a doublespend at poloniex as busoni had noted several suspicious deposits earlier in the day.

The fork was as intentional as it could possibly be -- everything going into this was very, very precise.

Code:
XMR: 44GBHzv6ZyQdJkjqZje6KLZ3xSyN1hBSFAnLP6EAqJtCRVzMzZmeXTC2AHKDS9aEDTRKmo6a6o9r9j86pYfhCWDkKjbtcns
TheKoziTwo
Legendary
*
Offline Offline

Activity: 1546
Merit: 1000



View Profile
September 04, 2014, 09:59:33 PM
 #12996

This has been the most elaborate attack on a cryptocurrency I've ever seen -- it required incredible coordination and took great lengths to hide itself from being see from casual users of the network until it was too late. Of course, we were watching and could tell something was up, so we caught the fork immediately and were able to protect our users by notifying them and the exchanges of it. Still, I'm frankly amazed at the lengths the attackers went to to conduct this attack, and the complexity of it.
I'm very impressed by how you guys dealt with this, from notifying the exchanges to solving the attack. Will be making a donation today. Thanks for your great work.

coins101
Legendary
*
Offline Offline

Activity: 1456
Merit: 1000



View Profile
September 04, 2014, 10:01:01 PM
 #12997

But the fork, was that the purpose of the attack or accidental? Was he relying on the fact that it would be a while before anyone noticed?

Sounds to me as though mayhem was the intention.

The fork was the intention and the net-effect. They would have had to mine two of those blocks in parallel and dump them both on the network. It's such a bizarre, unknown, unidentified edge-case that I can't imagine someone stumbling across this AND figuring out how to exploit it (and to what end??). There's no monetary gain to the attacker, and with the hike in fees to mitigate the previous attack I can only imagine that this would've cost them a pretty penny.

So they were testing the dev team?

If that is the case, the attack has simply proved to be an advert for the devs.

Congratulations, XMR community.

canonsburg
Full Member
***
Offline Offline

Activity: 133
Merit: 100


View Profile
September 04, 2014, 10:01:18 PM
 #12998

So how did the attacker know both how to exploit AND have enough firepower to submit consecutive blocks?

Must be some mighty sophisticated malicious agents.
findftp
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000


Delusional crypto obsessionist


View Profile
September 04, 2014, 10:02:56 PM
 #12999

But the fork, was that the purpose of the attack or accidental? Was he relying on the fact that it would be a while before anyone noticed?

Sounds to me as though mayhem was the intention.

The fork was the intention and the net-effect. They would have had to mine two of those blocks in parallel and dump them both on the network. It's such a bizarre, unknown, unidentified edge-case that I can't imagine someone stumbling across this AND figuring out how to exploit it (and to what end??). There's no monetary gain to the attacker,

No monetary gain for the attacker?
What if they consider monero to be a potential bitcoin killer and they have vast interest in the succes of bitcoin?


Quote
and with the hike in fees to mitigate the previous attack I can only imagine that this would've cost them a pretty penny.

Same as the above

1FdwDuV2qgsw2w1Lza8nsea7L6mQxsc7g3
Bittrex-Rami
Newbie
*
Offline Offline

Activity: 46
Merit: 0


View Profile WWW
September 04, 2014, 10:05:24 PM
 #13000

Ok, just caught up.  The analysis makes sense and we are comfortable enough to bring XMR back online.  Crisis averted, happy trading!

R.
Pages: « 1 ... 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 [650] 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 ... 2010 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!