[XMR] Monero - A secure, private, untraceable cryptocurrency

[smooth]

Sorry, I didn't explain myself correctly.

I didn't mean to suggest that the fork could have been accidental. I was wondering if the intention was to test out double spending in order to keep doing it, but he was caught out by an accidental fork.

I think the analysis is right, this was intended to create a fork and cause as much mayhem as possible.

In some sense we can only speculate at the intent.

But more broadly the intent was clearly for no one to notice right away. The attacker spammed slowly, and made the spams look like pool payouts. This had the effect of slowly increasing the block size and not filling up the mempool which would have delayed other transactions and caused alarm (as with the previous spam attack).

If it were purely to cause a chain fork -- and do nothing else -- there was no need for stealth. It could have done more crudely and probably more quickly. So very likely the intent was to cause far more damage in some unknown manner, but that was prevented since we detected the attack immediately and alerted the community.

[TheKoziTwo]

Likewise from my side: My big thank you goes to all the Monero devs!

For the sake of simplicity, please post your XMR/BTC/XYZ adresses here, so everyone can quickly send you some goodies.

Here:

Donations for general development

XMR:

Code:

46BeWrHpwXmHDpDEUmZBWZfoQpdc6HaERCNmx1pEYL2rAcuwufPN9rXHHtyUA4QVy66qeFQkn6sfK8aHYjA3jk3o1Bv16em

viewkey: e422831985c9205238ef84daf6805526c14d96fd7b059fe68c7ab98e495e5703

BTC:

Code:

1FhnVJi2V1k4MqXm2nHoEbY5LV7FPai7bb

Monero Community Hall of Fame

It's also in first post.

[coins101]

So how did the attacker know both how to exploit AND have enough firepower to submit consecutive blocks?

Must be some mighty sophisticated malicious agents.

If I'm reading tacotime's analysis correctly, it's not clear that the *attacker* would have had to solve the second block(s) after finding the first one.  To wit:

If half the network accepted the block with TX_1 and TX_2 (block A, accepted by set 1),  and the other half had accepted TX_3 and TX_4 (block B, accepted by set 2),

then couldn't the attacker simply generate the corresponding *transactions*, and let some other miner(s) generate blocks that contained them?  The fork happened as soon as the nodes in the network had accepted conflicting sets of transactions.  Block A would not be accepted by nodes in set 2, because they had a double-spend and so those nodes would keep trying to mine their own block.  Those nodes in set 2 would only include TX_3 and TX_4 in a block they tried to mine, because TX_1 and TX_2 are invalid.

Correct.

edit: Though I will note that these tx had non-standard fees of 0.000000000001, which no mining node on the network would have included using any version of the reference code, so the attacker did for some reason mine the second block on both forks (to what end I'm not sure, maybe just to impress us).

How was he able to mine the next block?

Is Smooth correct, that there is another possible and non-obvious purpose here? I don't want to start a conspiracy chain of discussion, but you have just added another dimension which, in the context of the sophistication of the attack, might suggest something else is going on?

[Atrides]

So, I have also researched this fork from pool side.

I think the attacker doesn't need so much power because they used power from existing pools.

I have found that 202614 on both forks were found by my servers:

Erebor1: (height,difficulty,bhash,timesec)

Code:

202614,1237676319,'ed4eea6109a1b662cf4a3bb372ed4bdee588160b0ac371c2ad78c5e603b8f2ac',1409805725

Moria:

Code:

202614,1237676319,'c29e3dc37d8da3e72e506e31a213a58771b24450144305bcba9e70fa4d6ea6fb',1409804768

And time difference is ca. 15 minutes, so therefore forks happens before. After that Erebor1 was on wrong chain some time.

But how he has organized bad TX's I don't known. And who found blocks 202612?

[Mumbles]

Really glad to see this statement. Based on the code I have seen, the only way to be 100% safe is to rewrite the critical functions in modern code, with clear variables and functions, and well documented with comments. The current core code is indeed horrible. That predates Monero of course. Current devs are doing the best they can with what they have inherited, but in the end the only way to really be safe is to rewrite the major pieces. That happened with BTC over the years as well.

Further we will be restructuring, refactoring, and/or replacing some of the code in order to further increase its robustness and trustworthiness (removing obfuscation for example).

[Rias]

Congratulations to Monero devs and community and well done! I guess aside from all the stress, you've made a really great step forward today.

[smooth]

And who found blocks 202612?

We had assumed they mined themselves but with your revelation one must ask the question of whether they somehow used a pool. We're investigating.

[Febo]

I cannot create an account.
The website is stuck at:
https://poloniex.com/signup_validate.php

Am I under personal attack or something?

I remember when i registred on Poloniex everything also worked so slow, like it will never load. But then i realized it is only their home page such, when you move to exchange tab is was and it is all fine.

[jl777]

So how did the attacker know both how to exploit AND have enough firepower to submit consecutive blocks?

Must be some mighty sophisticated malicious agents.

If I'm reading tacotime's analysis correctly, it's not clear that the *attacker* would have had to solve the second block(s) after finding the first one.  To wit:

If half the network accepted the block with TX_1 and TX_2 (block A, accepted by set 1),  and the other half had accepted TX_3 and TX_4 (block B, accepted by set 2),

then couldn't the attacker simply generate the corresponding *transactions*, and let some other miner(s) generate blocks that contained them?  The fork happened as soon as the nodes in the network had accepted conflicting sets of transactions.  Block A would not be accepted by nodes in set 2, because they had a double-spend and so those nodes would keep trying to mine their own block.  Those nodes in set 2 would only include TX_3 and TX_4 in a block they tried to mine, because TX_1 and TX_2 are invalid.

Correct.

edit: Though I will note that these tx had non-standard fees of 0.000000000001, which no mining node on the network would have included using any version of the reference code, so the attacker did for some reason mine the second block on both forks (to what end I'm not sure, maybe just to impress us).

The scope of this attack clearly makes it an organized effort. While it is possible that some lone guy is figuring out the flaw and how to take advantage of it, the fact we are needing more than one skillset and resources more indicates a team is involved.

Theoretically if you guys didnt notice the strange stuff on the blockchain and polo went on a fork, could they have just made many small withdraws over a week and drained the polo acct? The timeframe and resources required for this doesnt seem like some statment attack to cause a fork and go "ha ha", but where financial gain is involved.

If so, the list if suspects as being involved in this would be polo accts that were involved in accumulating recently (which I remember seeing talked about) and probably these were also trying to do the double spend while on the fork.

So, maybe the attack was against polo?

James

[fluffypony]

The scope of this attack clearly makes it an organized effort. While it is possible that some lone guy is figuring out the flaw and how to take advantage of it, the fact we are needing more than one skillset and resources more indicates a team is involved.

Theoretically if you guys didnt notice the strange stuff on the blockchain and polo went on a fork, could they have just made many small withdraws over a week and drained the polo acct? The timeframe and resources required for this doesnt seem like some statment attack to cause a fork and go "ha ha", but where financial gain is involved.

If so, the list if suspects as being involved in this would be polo accts that were involved in accumulating recently (which I remember seeing talked about) and probably these were also trying to do the double spend while on the fork.

So, maybe the attack was against polo?

James

Nope - bear in mind that basically without any action from us the "bad" fork died after 35 minutes. It still exists, it's just stuck at block 202647 and won't proceed. This would have happened even if we hadn't noticed it, so there's little they could have done to have any long-lived attack.

[darkota]

Forking a coin is so stupid Lol. Why would anyone would waste their own money just to fork a coin? Makes no sense...but this is cryptoland, where people waste their entire life savings on stupid shit.

[coins101]

So, I have also researched this fork from pool side.

I think the attacker doesn't need so much power because they used power from existing pools.

I have found that 202614 on both forks were found by my servers:

Erebor1: (height,difficulty,bhash,timesec)

Code:

202614,1237676319,'ed4eea6109a1b662cf4a3bb372ed4bdee588160b0ac371c2ad78c5e603b8f2ac',1409805725

Moria:

Code:

202614,1237676319,'c29e3dc37d8da3e72e506e31a213a58771b24450144305bcba9e70fa4d6ea6fb',1409804768

And time difference is ca. 15 minutes, so therefore forks happens before. After that Erebor1 was on wrong chain some time.

But how he has organized bad TX's I don't known. And who found blocks 202612?

How many blocks have your servers found since the attack, relative to an average of what they normally find?

[jl777]

The scope of this attack clearly makes it an organized effort. While it is possible that some lone guy is figuring out the flaw and how to take advantage of it, the fact we are needing more than one skillset and resources more indicates a team is involved.

Theoretically if you guys didnt notice the strange stuff on the blockchain and polo went on a fork, could they have just made many small withdraws over a week and drained the polo acct? The timeframe and resources required for this doesnt seem like some statment attack to cause a fork and go "ha ha", but where financial gain is involved.

If so, the list if suspects as being involved in this would be polo accts that were involved in accumulating recently (which I remember seeing talked about) and probably these were also trying to do the double spend while on the fork.

So, maybe the attack was against polo?

James

Nope - bear in mind that basically without any action from us the "bad" fork died after 35 minutes. It still exists, it's just stuck at block 202647 and won't proceed. This would have happened even if we hadn't noticed it, so there's little they could have done to have any long-lived attack.

then this makes no rational sense....
They clearly really understand the codebase
This indicates they wrote it or they have studied it extensively, I cant see anyone just randomly finding this and making elaborate attack.

Is there some "cascade" issue that having this fork could trigger?
Like dominos, the fork is the first and that makes an opening for another edge case?

It just seems like 100x more effort for just making a temporary fork. Any chance that a many blocks could have been mined consecutively without actually mining due to this fork, directly or indirectly.

There just has to be a financial motive for this. only thing makes sense

James

[smooth]

The scope of this attack clearly makes it an organized effort. While it is possible that some lone guy is figuring out the flaw and how to take advantage of it, the fact we are needing more than one skillset and resources more indicates a team is involved.

Theoretically if you guys didnt notice the strange stuff on the blockchain and polo went on a fork, could they have just made many small withdraws over a week and drained the polo acct? The timeframe and resources required for this doesnt seem like some statment attack to cause a fork and go "ha ha", but where financial gain is involved.

If so, the list if suspects as being involved in this would be polo accts that were involved in accumulating recently (which I remember seeing talked about) and probably these were also trying to do the double spend while on the fork.

So, maybe the attack was against polo?

James

Nope - bear in mind that basically without any action from us the "bad" fork died after 35 minutes. It still exists, it's just stuck at block 202647 and won't proceed. This would have happened even if we hadn't noticed it, so there's little they could have done to have any long-lived attack.

then this makes no rational sense....
They clearly really understand the codebase
This indicates they wrote it or they have studied it extensively, I cant see anyone just randomly finding this and making elaborate attack.

Is there some "cascade" issue that having this fork could trigger?
Like dominos, the fork is the first and that makes an opening for another edge case?

It just seems like 100x more effort for just making a temporary fork. Any chance that a many blocks could have been mined consecutively without actually mining due to this fork, directly or indirectly.

There just has to be a financial motive for this. only thing makes sense

James

I think its possible it didn't quite work right. As you point out it was elaborate and had a lot of parts. Maybe it malfunctioned a bit. That would fit with the stealthiness that doesn't really serve any other purpose other than to exploit something once it kicked in.

Or it wasn't (directly) economically motivated to attack an exchange, perhaps to simply attack the coin directly (especially if they underestimated us and didn't think we could fix it).

But we are still just guessing.

As for the fork it is completely dead. We will put in a checkpoint on the valid fork so no chance of ever bringing that one back to life.

As for other bugs/exploits, as I said a page or two back, we can never rule that out. All we can do is work to improve the code.

[equipoise]

W h a t   a   g r o s s   i r o n y that the most legitimate and economic initial distribution of any cryptocoin existing (and therefore the most potential #2 coin in the months and years to come) happens to be a coin with an unbelievably messy codebase, intentionally made scammy, buggy, unoptimized, crippled and obfuscated by the (B)CN scamdevs.

XMR is not the most legitimate and economic initial distribution of any cryptocoin existing. There are other people(myself included) who have gone to great lengths to attempt to create the fairest possible initial distribution for a cryptocurrency.

Hah, contradiction already in the second line. Sorry to say but your logic has been going down since last year.  

There have been other currencies that have been launched with no premine, no instamine, no IPO, with development entirely funded by donations. And that didn't have a crippled hash function at launch.

Monero has had a relatively fair launch. But to make a claim as grand as you just did is quite strong. There are many other positive aspects of Monero that are based in fact and can be proudly trumped instead. One of which is the solid dev team that takes an honest approach to communication and doesn't sugar coat the issues. This is rare and exceptional in my opinion.

edit: attempt and succeed btw.

I've reed some of your posts, but I'll click on the ignore link for some time in order to filter non-useful posts - nothing personal. I could miss a lot while most of this thread posts are ignored users, but at least It'll take me reasonable time to read this thread. Anyone - feel free to update me in PM if you have a life changing event to share - I have some too.

[wachtwoord]

There just has to be a financial motive for this. only thing makes sense

I agree. What about using foreknowledge of this to trade (assuming people will panic).

[smooth]

There just has to be a financial motive for this. only thing makes sense

I agree. What about using foreknowledge of this to trade (assuming people will panic).

rpitilla did say something about what he described as unusual trading that day. i don't know the details.

[coins101]

There just has to be a financial motive for this. only thing makes sense

I agree. What about using foreknowledge of this to trade (assuming people will panic).

Forks cause exchanges to freeze up. That would be too risky.

[dEBRUYNE]

There just has to be a financial motive for this. only thing makes sense

I agree. What about using foreknowledge of this to trade (assuming people will panic).

rpitilla did say something about what he described as unusual trading that day. i don't know the details.

He stated this:

Wouldn't it be best to let weak hands dump and long term believers buy at discounted prices than artificially holding the price up?

With price-discovery in the markets, the definition of "artificial" is vague. In one sense, the decline from 510 to 400 and below was "artificial" (if we assume it was, at least partly, a product of preknowledge of the coming attack and speculation that it would further hurt the price). In the other sense, the essence of markets is that all knowledge is taken into account, information is not perfect, and seldom even the best informed players have access to many information that some of the others have, in turn.

If we discount the last week downturn altogether, the price should be much higher by now. The attack failed - it could not damage the confidence towards XMR, it exposed the old scammers more, and proved how capable the devteam is. "Rolling back" the preparation of the attack from price history would lift us to 600 by tomorrow.

But if the market collectively decides that a selloff is in order, we might find ourselves at 300 instead. That some buyers openly like XMR at 400, is no more artificial than others vowing in the trollbox that they will sell every one of theirs, at whatever price they can get once the trading starts. Depending who will prevail, buying at 400 may be the last opportunity to buy at 400, or the last opportunity to sell at 400. Most likely, given the meager actual effect of the attack, it won't be neither, and anyone making decisions based on what others have already done, is just impoverishing himself as a result.

I have a largish number of XMR and BTC in the exchange, ready to react. But my reaction will be to buy if the price goes down, and sell if it goes up. This is my way of making slow and steady profit. Others have their way, and without panickers, my income would be significantly lower.

[Atrides]

How many blocks have your servers found since the attack, relative to an average of what they normally find?

The usually count +/-, nothing unusual

But found another interesting thing.
They are some hidden pool with ca. 7-9 Mhs (easy to find, just network-hashrate - all known pool speeds)
And daily difficulty waves depends on this hidden pool.
What now? Today wave is broken (see diff-picture on my pool) and all pools found more blocks this time )))
I think hidden pool on the wrong chain.