darkcoin exploit found in 2 hours by amateur (why open source matters for anon)

[robinwilliams]

Just now:

<evan82>  I found out what's going on, I'll have an update out in a few minutes

Edit:

<evan82>  props to whoever figured this out, pretty cool hack
<evan82>  I could use some help programming whoever you are

Not interested. I'm not so good at C++, really.
Btw, you should hire some real penetration tester, not me or what was the name of that guy?

Ok, could the person who found the bug post here, I promise no one's gonna hate on you. Would be interesting to hear how long it took to find it, and how did you approach it? And also, would you help testing DRK in the future?

About 6 hours to look through the code to get the main idea of darksend, 2 more hours (got lucky) to find this vulnerability and about 8 hours to code and deploy the exploit.
I will definitely run some more tests with darksend. Will I help or just going to abuse it? Dunno lol. It seems to be more vulnerabilities in darkcoin. Code looks terrible (nothing personal  )

Proof of identity:

Code:

./darkcoind verifymessage XwzmEE1cJ6HG84CgJvAt7ADmJ8W9Wh65Tq \
"ILLG8hT+bkKUDznBD8R+EGowIal/QFVhEJM2HvrAREeE+LXl++HqeI+Go9+976p7iZ7CTgybpTGIucb3ycMwwek=" \
"XwzmEE1cJ6HG84CgJvAt7ADmJ @ bitcointalk.org, darkcoin thread. Signed with XwzmEE1cJ6HG84CgJvAt7ADmJ8W9Wh65Tq"

https://bitcointalk.org/index.php?topic=421615.msg9121343#msg9121343

[1713852783]

1713852783

[1713852783]

1713852783

[1713852783]

1713852783

[1713852783]

1713852783

[robinwilliams]

This is also why you should be open sourced from the beginning

darkcoin is JUST open sourcing.  god only knows what else they're going to find.

xc doesn't really even deserve a mention.

anonymity should always be trusted to open sourced solutions

[shojayxt]

This is exactly what's going to happen when you have a centralized network of nodes and a bunch of convoluted spaghetti code keeping everything running.  The darkcoin masternode network is nothing but an overcomplicated clusterfuck of a mess.  darkcoin is already outdated.  Anonymity on the blockchain is the path forward.  Not a screwed up centralized masternode network which is nothing more than a way for the drk instaminers and other large holders to continue to generate income. 

It won't be long before another exploit is discovered in the darkcoin code.  It's not a matter of if but when.

darkcoins time has come and gone.  This pump and dump scam is running out of gas.

I thought that they paid for a code review?  It is now blatantly obvious that the purpose of the code review was nothing more than a way to try and hype the coin so that people could dump their coins while they claimed they were buying and were working feverishly to get others to buy while at the same time they were dumping what they could.

darkcoin isn't a coin.  darkcoin is a cult.  Just look through the darkcoin thread.  One guy even goes as far as to give the hacker kudos for exposing the bug that allowed him to hack the masternode network and get free drk. 

They don't have a big enough rug to sweep all this shit under.

[shojayxt]

Just now:

<evan82>  I found out what's going on, I'll have an update out in a few minutes

Edit:

<evan82>  props to whoever figured this out, pretty cool hack
<evan82>  I could use some help programming whoever you are

Not interested. I'm not so good at C++, really.
Btw, you should hire some real penetration tester, not me or what was the name of that guy?

Ok, could the person who found the bug post here, I promise no one's gonna hate on you. Would be interesting to hear how long it took to find it, and how did you approach it? And also, would you help testing DRK in the future?

About 6 hours to look through the code to get the main idea of darksend, 2 more hours (got lucky) to find this vulnerability and about 8 hours to code and deploy the exploit.
I will definitely run some more tests with darksend. Will I help or just going to abuse it? Dunno lol. It seems to be more vulnerabilities in darkcoin. Code looks terrible (nothing personal  )

Proof of identity:

Code:

./darkcoind verifymessage XwzmEE1cJ6HG84CgJvAt7ADmJ8W9Wh65Tq \
"ILLG8hT+bkKUDznBD8R+EGowIal/QFVhEJM2HvrAREeE+LXl++HqeI+Go9+976p7iZ7CTgybpTGIucb3ycMwwek=" \
"XwzmEE1cJ6HG84CgJvAt7ADmJ @ bitcointalk.org, darkcoin thread. Signed with XwzmEE1cJ6HG84CgJvAt7ADmJ8W9Wh65Tq"

https://bitcointalk.org/index.php?topic=421615.msg9121343#msg9121343

Spaghetti code

[shojayxt]

Its time for NEOS coin

I don't know much about NEOS but it's obvious that darkcoin is a failure and more and more people are realizing that everyday.

[shojayxt]

lol they are all sucking the hackers dick on the thread lol, with Monero there is not even an exploit and we say fuck you to the "attacker"

It's pathetic isn't it?  They are actually thanking the hacker for finding an exploit that took him two hours to find.  Some even gave him kudos and said he deserved the drk he hacked.  They are working overtime to sweep this under the rug and forget about it but the fact remains that an amateur coder found an exploit in darksend in 2 hours.

What I don't understand is what the code review they paid for accomplished other than a way to try and hype the price of drk.  It's obvious that things were missed in the code review.  I wonder what else is waiting to be exploited.

[robinwilliams]

It's pathetic isn't it?  They are actually thanking the hacker for finding an exploit that took him two hours to find.  Some even gave him kudos and said he deserved the drk he hacked.

no actually that is EXACTLY the attitude that should be had.

Code reviews are useless (except to pump the price).  I don't know why everybody doesn't get it - Microsoft has been hacked thousands of times with hundreds and hundreds of developers pouring over their code.  Whereas linux is much more secure because you have unlimited number of eyes on it via opensource.

Dark should have been opensourced from the beginning.

[nsimmons]

lol they are all sucking the hackers dick on the thread lol, with Monero there is not even an exploit and we say fuck you to the "attacker"

How did that bogus block injection hack work out a month ago? Don't lie about things. Transaction fee is still 0.1xmr.

[shojayxt]

It's pathetic isn't it?  They are actually thanking the hacker for finding an exploit that took him two hours to find.  Some even gave him kudos and said he deserved the drk he hacked.

no actually that is EXACTLY the attitude that should be had.

Code reviews are useless (except to pump the price).  I don't know why everybody doesn't get it - Microsoft has been hacked thousands of times with hundreds and hundreds of developers pouring over their code.  Whereas linux is much more secure because you have unlimited number of eyes on it via opensource.

Dark should have been opensourced from the beginning.

You're right.  They should have skipped the review of their closed source code, open sourced  and offered bounties for anyone finding an exploit.

I'm glad to see that I'm not the only one that thought the code review was nothing more than a way to pump the price.  Too bad for them it failed.  Now all the drk cult wants to do is forget about being hacked and continue talking about the moon and replacing bitcoin.  It's quite hilarious to watch.

[robinwilliams]

lul my point is that no one bow down to the hacker hahaha If they could destroy Monero they would already have. We like the fee being 0.1xmr thank you so much.

dude stfu.

hackers are welcome to any cryptocurrency.  the sooner they destroy it / hurt it / find bugs the better.

even in monero (which i support - BRING IT ON BCX!)

I would suggest you invest in XC.  You would do well there.

[illodin]

Anonymity on the blockchain is the path forward.

And again you're showing your ignorance.

Read this clueless troll: I have come to the conclusion that "on chain anon" defeats the purpose.
And especially read what user TheFascistMind (= AnonyMint) has to say about it.

What ever you've already released to the block chain, is never going to get more secure. It WILL BE CRACKED SOMEDAY.

That is why do not put your anonymity on the block chain. Mix your inputs and outputs off chain, then put that in a transaction on the block chain (i.e. use CoinJoin).

Then the anonymity can never be cracked in the way it can be on chain with Cryptonote's ring signatures and Diffie-Hellman one-time private keys.

I hope I don't have to explain that again and again.

[nsimmons]

lol they are all sucking the hackers dick on the thread lol, with Monero there is not even an exploit and we say fuck you to the "attacker"

How did that bogus block injection hack work out a month ago? Don't lie about things. Transaction fee is still 0.1xmr.

lul my point is that no one bow down to the hacker hahaha If they could destroy Monero they would already have. We like the fee being 0.1xmr thank you so much.

lies...more lies...

[robinwilliams]

lol they are all sucking the hackers dick on the thread lol, with Monero there is not even an exploit and we say fuck you to the "attacker"

How did that bogus block injection hack work out a month ago? Don't lie about things. Transaction fee is still 0.1xmr.

lul my point is that no one bow down to the hacker hahaha If they could destroy Monero they would already have. We like the fee being 0.1xmr thank you so much.

lies...more lies...

the bad part is i like monero (and bbr) in SPITE of the idiot nekomata shill and IN SPITE of shill in chief rptellia.

[illodin]

And for those who don't already know, shojayxt is known to troll who got busted using sock puppet accounts in order to lower the price so he could finally get in with his 0.5 BTC roll.


This is his ad I found on craigslist while randomly searching for troll spray:

[Wulfcastle]

lol they are all sucking the hackers dick on the thread lol, with Monero there is not even an exploit and we say fuck you to the "attacker"

Please, go spread your Shitcoin somewhere else.

[shojayxt]

Anonymity on the blockchain is the path forward.

And again you're showing your ignorance.

Read this clueless troll: I have come to the conclusion that "on chain anon" defeats the purpose.
And especially read what user TheFascistMind (= AnonyMint) has to say about it.

What ever you've already released to the block chain, is never going to get more secure. It WILL BE CRACKED SOMEDAY.

That is why do not put your anonymity on the block chain. Mix your inputs and outputs off chain, then put that in a transaction on the block chain (i.e. use CoinJoin).

Then the anonymity can never be cracked in the way it can be on chain with Cryptonote's ring signatures and Diffie-Hellman one-time private keys.

I hope I don't have to explain that again and again.

I'm flattered that you feel inclined to follow me around like you do.  But you've just proven yourself to be nothing more than a follower.  You copy and paste someone else's post to reply to me.  Can't you think for yourself?

[tx42]

Read this clueless troll: I have come to the conclusion that "on chain anon" defeats the purpose.
And especially read what user TheFascistMind (= AnonyMint) has to say about it.

Anyone who thinks that off chain anon is better than on chain anon doesn't understand cryptography.

I'll leave it at that because if I post a detailed explanation, I'll only be vehemently rebutted by people who don't know what they are talking about.

Instead, I'll invest in ring signature coins and my holdings will validate my understanding over time. I feel no need to convince a bunch of dufuses.

[Cloakko]

Look like the DRK spaghetti code has already made one victim
 





#shitcoin

#SCAM

[shojayxt]

And for those who don't already know, shojayxt is known to troll who got busted using sock puppet accounts in order to lower the price so he could finally get in with his 0.5 BTC roll.


This is his ad I found on craigslist while randomly searching for troll spray:

So you're methodology is to attack me personally rather than address the serious issues that have come to light regarding darkcoin being hacked.

You darkcoin cult members never address the real issue of darkcoin being a clusterfuck of spaghetti code and a centralized masternode network.  You're only response to anything is to make personal attacks and sweep everything under the rug hoping it will go away.  Well it's not going to work this time.  DARKCOIN WAS HACKED.  That's a fact.  AN EXPLOIT WAS FOUND AND USED THAT COMPROMISED THE MASTERNODE NETWORK AND ALLOWED AN ATTACKER TO GET FREE DRK.  

Now continue on with your "To The Moon" and "We'll Replace Bitcoin" chants.

And for the record, I have a better picture than what you're posting.  I had a nose job, a chin tuck, I curled my hair and have blonde highlights.  PM me and I'll send you an updated picture.

[illodin]

I'm flattered that you feel inclined to follow me around like you do.

I'm sorry to be the one to tell you this, but you're delusional - I'm not following you around. I thought you really were gone like you said you'd be until you posted in DRK related threads. I guess you were so embarrassed getting caught using the sock puppet that you stayed away from DRK until now.

But you've just proven yourself to be nothing more than a follower.  You copy and paste someone else's post to reply to me.  Can't you think for yourself?

I feel fine quoting people to you who are much smarter than me and much more knowledgeable than I am, I don't like to make a fool out of myself by "thinking for myself" and spouting clueless crap I've randomly just thought of. Just looking at you doing it should be a prime example of what not to do.