Bitcoin Forum
December 03, 2016, 07:01:17 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Here we go again: BTCServ hacked, BTC gone  (Read 6064 times)
runeks
Legendary
*
Offline Offline

Activity: 924



View Profile WWW
February 04, 2012, 02:52:01 PM
 #21

That said, I'll for sure switch to P2Pool as soon as I have a better understanding.
It's actually quite simple. P2Pool creates a new block chain in which the difficulty adjusted so a new block is found every 10 seconds. So the blocks that get into the P2Pool block chain (called the "share chain") are the same blocks that would get into the Bitcoin block chain, only they have a lower difficulty target (currently around 200 vs. Bitcoin's ~1.4M). Whenever a peer announces a new share found (new block in the P2Pool block chain) it sends it around to the other peers, and the other peers verify that this block contains payouts for all the previous miners who found a share (and announced it) that made it into the P2Pool share chain. This continues until some peer finds a block that has a difficulty that meets the Bitcoin network's difficulty target. This peer announces this block to the Bitcoin network and miners who have submitted shares for this block are paid in the generation transaction of this block, proportionally to how many shares they have found since the last Bitcoin block was found.

cant we just sit wait for the coins to move and follow them everywhere they go?

if the go and pay for goods ... ask the merchant where he shipped to.

compile some evidence, and then egg his house.. or something
Verification must be done at receive time. Ideally there should be a public black-list of addresses to be checked against before a transaction is confirmed.

I remember such ideas popped up when allinvain got his 25k BTCs stolen, but didn't follow.
Be careful with that. There's only one thing that's worse than getting hacked and getting your coins stolen, and that's punishing an innocent Bitcoin user.

If the thief uses one of those Bitcoin scramblers (where he sends his coins to a service that charges a fee, and sends back someone else's money to the thief) then we could be unjustly accusing some Silk Road user (or whoever might use such a service) for being a thief.

Also, if someone were to steal 10,000 BTC, he could just create 900 Bitcoin addresses for himself, send 10 BTC to each of these addresses and send the remaining 1000 BTC to publicly available Bitcoin addresses. We would then have no way of knowing which addresses belonged to the thief, and which were legimitate Bitcoin users who have published their address. Sacrificing 10% of the loot in order to avoid not being able to spend the coins seems like it would be worth it for a thief.
1480748477
Hero Member
*
Offline Offline

Posts: 1480748477

View Profile Personal Message (Offline)

Ignore
1480748477
Reply with quote  #2

1480748477
Report to moderator
1480748477
Hero Member
*
Offline Offline

Posts: 1480748477

View Profile Personal Message (Offline)

Ignore
1480748477
Reply with quote  #2

1480748477
Report to moderator
1480748477
Hero Member
*
Offline Offline

Posts: 1480748477

View Profile Personal Message (Offline)

Ignore
1480748477
Reply with quote  #2

1480748477
Report to moderator
Each block is stacked on top of the previous one. Adding another block to the top makes all lower blocks more difficult to remove: there is more "weight" above each block. A transaction in a block 6 blocks deep (6 confirmations) will be very difficult to remove.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480748477
Hero Member
*
Offline Offline

Posts: 1480748477

View Profile Personal Message (Offline)

Ignore
1480748477
Reply with quote  #2

1480748477
Report to moderator
1480748477
Hero Member
*
Offline Offline

Posts: 1480748477

View Profile Personal Message (Offline)

Ignore
1480748477
Reply with quote  #2

1480748477
Report to moderator
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
February 04, 2012, 06:50:24 PM
 #22

Can't find it Sad
It was an irc conversation with MagicalTux pasted here on forums, if anyone recalls it, please confirm.
Here you go: http://pastebin.com/Enm7Qr78

See the discussion with "deego" and MagicalTux.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
BitcoinBug
Full Member
***
Offline Offline

Activity: 196


View Profile
February 04, 2012, 07:09:52 PM
 #23

Thank you very much!
Now I found the thread too.
stcupp
Full Member
***
Offline Offline

Activity: 196


View Profile
February 05, 2012, 03:58:21 AM
 #24

blockchain.info says the transaction was sent by 68.58.218.245

http://www.dnsstuff.com/tools/ipall/?tool_id=67&ip=68.58.218.245

this may or may not be the actual sender or it could just be a node that relayed the tx
 they could be behind a proxy....

the IP leads to Charleston, SC
traceroute:

Code:
68.58.218.245 is from United States(US) in region North America


TraceRoute to 68.58.218.245 [c-68-58-218-245.hsd1.sc.comcast.net]

Hop (ms) (ms) (ms)      IP Address Host name
1   0   0   0      206.123.64.154 jbdr2.0.dal.colo4.com 

2   0   0   0      64.124.196.225 xe-4-2-0.er2.dfw2.us.above.net 
3   0   0   0      64.125.29.121 xe-3-0-0.er1.dfw2.us.above.net 
4   1   3   3      64.125.13.186 above-comcast.dfw2.us.above.net 
5   0   0   0      68.86.85.25 pos-2-5-0-0-cr01.dallas.tx.ibone.comcast.net 
6   21   21   21      68.86.86.130 pos-0-10-0-0-cr01.atlanta.ga.ibone.comcast.net 
7   25   25   25      68.86.85.226 pos-1-5-0-0-cr01.charlotte.nc.ibone.comcast.net 
8   45   35   35      68.86.93.174 te-0-3-0-1-ar02.westside.fl.jacksvil.comcast.net 
9   40   40   40      68.86.168.210 te-7-3-ar02.savannah.ga.savannah.comcast.net 
10   42   42   42      68.86.250.98 te-2-3-ar02.charleston.sc.chrlstn.comcast.net 
11   43   43   43      68.86.144.18 te-9-3-ur02.charleston.sc.chrlstn.comcast.net 
12   54   59   59      68.85.123.26   - 
13   Timed out   Timed out   Timed out         - 
14   Timed out   Timed out   Timed out         - 
15   Timed out   Timed out   Timed out         - 
16   Timed out   Timed out   Timed out         - 

Trace aborted.

dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
February 05, 2012, 08:23:19 AM
 #25

That said, I'll for sure switch to P2Pool as soon as I have a better understanding.
It's actually quite simple. [...] miners who have submitted shares for this block are paid in the generation transaction of this block, proportionally to how many shares they have found since the last Bitcoin block was found.

Not quite.  It's like this:

Each share contains a generation transaction that pays to the previous n shares, where n is the number of shares whose total work is equal to 3 times the average work required to solve a block, or 8640, whichever is smaller. Payouts are weighted based on the amount of work each share took to solve, which is proportional to the p2pool difficulty at that time.

zefir
Donator
Hero Member
*
Offline Offline

Activity: 917



View Profile
February 05, 2012, 09:21:28 PM
 #26

[...]
Verification must be done at receive time. Ideally there should be a public black-list of addresses to be checked against before a transaction is confirmed.

I remember such ideas popped up when allinvain got his 25k BTCs stolen, but didn't follow.
Be careful with that. There's only one thing that's worse than getting hacked and getting your coins stolen, and that's punishing an innocent Bitcoin user.

If the thief uses one of those Bitcoin scramblers (where he sends his coins to a service that charges a fee, and sends back someone else's money to the thief) then we could be unjustly accusing some Silk Road user (or whoever might use such a service) for being a thief.

I remember watching a talk (guess it was http://www.youtube.com/watch?v=hlWyTqL1hFA) that proved that there is basically no anonymity with Bitcoins for the simple fact that the blockchain keeps track on any single transaction - forever. Remaining anonymous requires very precautious and continuous line of action, otherwise with the described methods one's addresses can be easily identified.

Those Bitcoin laundry services seem to be the only reliable method to cover the tracks to some degree. And like in real live, it is of questionable use -- the majority of their users might turn out not to be the typical Joe who wants to conceal his payments to porn sites.

Bitcoin does not claim to be anonymous at all, and like http://en.bitcoin.it/wiki/Anonymity#Legality suspects, Bitcoin laundry services are potentially illegal. Not all existing laws are bad, and in this case the community should consider avoiding such services. I even suppose that we need to accept transaction traceability by design, since irreversibility combined with anonymity won't work for too long.

Quote
Also, if someone were to steal 10,000 BTC, he could just create 900 Bitcoin addresses for himself, send 10 BTC to each of these addresses and send the remaining 1000 BTC to publicly available Bitcoin addresses. We would then have no way of knowing which addresses belonged to the thief, and which were legimitate Bitcoin users who have published their address. Sacrificing 10% of the loot in order to avoid not being able to spend the coins seems like it would be worth it for a thief.

Here I don't see the point. If one did those 900 transactions to new addresses, they are still visible and traceable from the blockchain. One could even set up some ping-pong or loop transaction scheme to move the BTCs between new addresses many times, but in the very end the BTCs need to be spent and as soon as the thief does a payment to someone checking the black-list, bad guy is bust.

This requires the black-list to be updated with each block and might turn out difficult to handle (DoS by spreading 100 stolen coins to 1 million addresses). Is this what your 10% sacrifice is meant for?

dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
February 05, 2012, 10:34:14 PM
 #27

Is this what your 10% sacrifice is meant for?

No.  I have 10,000 stolen BTC.  I divide it up into 1,000 lumps of 10 BTC.  I send 100 of those lumps to 100 different donation addresses I collect from the forum, and the other 900 to 900 different new addresses I create for myself.

When I later spend one of those 10 BTC lumps and someone questions me about it, I say "I don't know who sent it to me - it just turned up one day", and checking the blockchain they can see that the same amount "just turned up" in lots of other well known addresses at the same time, lending evidence to my story that the thief just randomly distributed his ill-gotten gains to strangers.

BitcoinBug
Full Member
***
Offline Offline

Activity: 196


View Profile
February 05, 2012, 10:46:32 PM
 #28

The pioneer of sacrifice is ofcourse MyBitcoin. Well done, Tom!
zefir
Donator
Hero Member
*
Offline Offline

Activity: 917



View Profile
February 06, 2012, 08:12:46 AM
 #29

Is this what your 10% sacrifice is meant for?

No.  I have 10,000 stolen BTC.  I divide it up into 1,000 lumps of 10 BTC.  I send 100 of those lumps to 100 different donation addresses I collect from the forum, and the other 900 to 900 different new addresses I create for myself.

When I later spend one of those 10 BTC lumps and someone questions me about it, I say "I don't know who sent it to me - it just turned up one day", and checking the blockchain they can see that the same amount "just turned up" in lots of other well known addresses at the same time, lending evidence to my story that the thief just randomly distributed his ill-gotten gains to strangers.

True that. But you can deny it once, twice, maybe three times, then it becomes obvious.

As said before, the use of laundry services impedes traceability - for both, honest ppl and thieves. Crackers do not need to invent sophisticated mechanisms to hide their tracks, they're already available.

runeks
Legendary
*
Offline Offline

Activity: 924



View Profile WWW
February 08, 2012, 06:49:40 PM
 #30

^ Let's say I like marijuana and I want to buy some from Silk Road. I use a scrambling service to make the bitcoins non-linkable to my exchange account. What on earth is wrong with that?

I honestly think you're missing the bigger picture. Thieves will always exist no matter how much every honest person limits him or herself. We're not mitigating theft by doing this, we're just making life harder for ourselves, the honest ones. If you're willing to sacrifice your privacy to achieve some goal, good for you. I respect that. But I think it becomes problematic when we request that others do what we feel is right, just because we feel it's right.
zefir
Donator
Hero Member
*
Offline Offline

Activity: 917



View Profile
February 08, 2012, 08:37:06 PM
 #31

This is going too far off-topic, so lets close it here with.
^ Let's say I like marijuana and I want to buy some from Silk Road. I use a scrambling service to make the bitcoins non-linkable to my exchange account. What on earth is wrong with that?
Nothing. Never said its wrong, just that you can not have anonymity for Joe and traceability against the thief at the same time.
Quote
I honestly think you're missing the bigger picture. Thieves will always exist no matter how much every honest person limits him or herself. We're not mitigating theft by doing this, we're just making life harder for ourselves, the honest ones. If you're willing to sacrifice your privacy to achieve some goal, good for you. I respect that. But I think it becomes problematic when we request that others do what we feel is right, just because we feel it's right.
In an ideal world you would be right, but as you depict, the real one is different. This is how I see the big picture: ask yourself how often you would use your credit card for online payments, if it was neither reversible nor traceable?

So far, we basically do not have a dissent. But I disagree with your last sentence. I feel there is a misinterpretation of freedom as anarchy in that statement. Freedom does not mean no rules, free beer, and anyone is allowed to do what he wants, right? There are reasons why speed limits exist, even if some feel restricted in their personal freedom. And guess what, there for sure are solid reasons why our society tries to hinder people taking drugs. Freedom is good, and as such is what society is constantly increasing in its evolution (you might disagree, but the world had never seen more cumulated freedom than today).

So to close the loop: if we or they or some majority decides that it is bad for Bitcoin to use laundry services, I won't use them. Even if I feel restricted in my personal freedom, all that counts is the overall cumulative freedom and satisfaction of the community.


That said, I'm going for some beer now. Enjoy your bong Wink

muyuu
Donator
Legendary
*
Offline Offline

Activity: 924



View Profile
February 08, 2012, 10:20:37 PM
 #32

This is going too far off-topic, so lets close it here with.
^ Let's say I like marijuana and I want to buy some from Silk Road. I use a scrambling service to make the bitcoins non-linkable to my exchange account. What on earth is wrong with that?
Nothing. Never said its wrong, just that you can not have anonymity for Joe and traceability against the thief at the same time.


Right. Anonymity for both.

That was one of the main points of bitcoin in the first place, if you read Satoshi's paper.

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
tonto
Hero Member
*****
Offline Offline

Activity: 668


BubblesBit.com


View Profile WWW
February 09, 2012, 03:34:01 AM
 #33

Here I don't see the point. If one did those 900 transactions to new addresses, they are still visible and traceable from the blockchain. One could even set up some ping-pong or loop transaction scheme to move the BTCs between new addresses many times, but in the very end the BTCs need to be spent and as soon as the thief does a payment to someone checking the black-list, bad guy is bust.

This requires the black-list to be updated with each block and might turn out difficult to handle (DoS by spreading 100 stolen coins to 1 million addresses). Is this what your 10% sacrifice is meant for?



Once a transaction makes it's way to more, then it becomes harder with each iteration.  Who's to say that the next person (or three or eight) knows that they're stolen?  As far as they know, they receive coins (or perhaps purchased/traded them) from legit means, not knowing they're stolen.. would you blame each one?  I'd guess that once it reaches 10 iterations, it's all but lost.

.
.......
.......
.......
.......
.......
.......
..........
.....
.....
.....
.....
.....
.
runeks
Legendary
*
Offline Offline

Activity: 924



View Profile WWW
February 09, 2012, 08:09:37 AM
 #34

So to close the loop: if we or they or some majority decides that it is bad for Bitcoin to use laundry services, I won't use them. Even if I feel restricted in my personal freedom, all that counts is the overall cumulative freedom and satisfaction of the community.
And that's what it all comes down to, in my opinion. You are free to follow that advice, while others are free to not. If we were to impose this on non-consenting Bitcoin users, a technology would simply pop up that circumvents it.

My original point was never about the law and whether it is fair or effective or not. My point was simply that giving up personal freedom in the name of public good simply does not work in the long run. We might benefit from it in the short run, but it doesn't solve the fundamental problem that made us give up the freedom in the first place (theft, terrorism, etc.).
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
February 09, 2012, 08:46:51 AM
 #35

But why was the pool operator even keeping the miners reward? Couldn't he pay his miners immediately from the generation transaction, with a send to many?

...

Before posting the question I decided to take a look in the blockchain.info... and even deepbit and Slush are attributing the generation coins to a single address, possibly to transfer them after the 120 blocks maturation period. Why? This is risky... Just send them immediately to the miners.

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
February 09, 2012, 09:29:54 AM
 #36

But why was the pool operator even keeping the miners reward? Couldn't he pay his miners immediately from the generation transaction, with a send to many?

...

Before posting the question I decided to take a look in the blockchain.info... and even deepbit and Slush are attributing the generation coins to a single address, possibly to transfer them after the 120 blocks maturation period. Why? This is risky... Just send them immediately to the miners.

I'd think the big ones might want to avoid a bunch of .000004 sends, since they have so many miners and such frequent blocks, but the smaller ought put payments right in the generate since they have less trust and the payments would tend to be larger and fewer I'd think.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
February 09, 2012, 09:50:57 AM
 #37

I'd think the big ones might want to avoid a bunch of .000004 sends, since they have so many miners and such frequent blocks,

Well, if they are sending frequent transactions with all these .000004 spends, it would be the same, wouldn't it?

Otherwise, if they don't want to create huge transactions so frequently, they can aggregate. At each block they pay 10% of their miners, for ex. The math might get complicated, but it should be possible.

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
February 09, 2012, 12:49:01 PM
 #38

Before posting the question I decided to take a look in the blockchain.info... and even deepbit and Slush are attributing the generation coins to a single address, possibly to transfer them after the 120 blocks maturation period. Why? This is risky... Just send them immediately to the miners.

As a miner I would prefer that the pool sends the generated coins to itself and pays me in mature coins.  That way I don't have to wait for 120 blocks before I can spend the coins.

caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
February 09, 2012, 12:57:58 PM
 #39

Before posting the question I decided to take a look in the blockchain.info... and even deepbit and Slush are attributing the generation coins to a single address, possibly to transfer them after the 120 blocks maturation period. Why? This is risky... Just send them immediately to the miners.

As a miner I would prefer that the pool sends the generated coins to itself and pays me in mature coins.  That way I don't have to wait for 120 blocks before I can spend the coins.

It doesn't make sense. You'll have to wait anyway. Either you wait with the money in your wallet, or you wait with it in the wallet of the pool operator. I find the former more secure.

It's true that pool operators could also be eWallets, protecting the coins of miners that do not feel safe to do it themselves. But I assume miners to be fairly technical people who don' t really need an eWallet.

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
zefir
Donator
Hero Member
*
Offline Offline

Activity: 917



View Profile
February 09, 2012, 07:34:32 PM
 #40

[...]
Quote
Nothing. Never said its wrong, just that you can not have anonymity for Joe and traceability against the thief at the same time.


Right. Anonymity for both.

That was one of the main points of bitcoin in the first place, if you read Satoshi's paper.
Sure you did not skip through the talk I was referring. Then please read just the first sentence of https://en.bitcoin.it/wiki/Anonymity:
Quote
While the Bitcoin technology can support strong anonymity, the current implementation is usually not very anonymous.
Fact is: with the current implementation you must add additional efforts and precautions to stay anonymous. Watch the talk and understand: since the blockchain is eternal during Bitcoin's existence, you can just sit and wait until the target person makes one single mistake to loose his carefully built up anonymity.

Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!