Investors Beware:

• Darkcoin is NOT anonymous.  Every transaction can be automatically traced with a Darkcoin de-anonymizer.
• Darkcoin is prone to several cost-less DOS attacks that can destroy the whole network.
• Darkcoin code was written by amateurs who do not properly understand cryptography.

Source: http://www.reddit.com/r/DRKCoin/comments/2nyifp/darkcoin_seriosuly_flawed_zero_anonymity_and/


From reddit:

hello friends,
please do not get confused by the fact, that I am a fresh user. In fact, I am very actively involed in crypto currencies but remaining anonymous requires certain countermeasures.

IN SHORT
It does not require many words to describe the problem. Darkcoin's code base remembers me of my childhood where I started coding on my AMIGA. Functions that easily can be implemented in O(1) are in fact implemented in polynomial complexity (like O(n5) or something). But this is not the problem.

The biggest problem is, that while indeed being savvy the developers have not much background knowledge about crypto and (in general) the very exact details about the bitcoin/darkcoin/whatever protocol.

After excessively revieweing the code and verifying everything on an offline testbox very scary facts popped up:

• Darkcoin is prone to DOS attacks, there are at least 3 (confirmed) ways you can DOS the complete network at no cost at all. You do not even lose your collateral tx.
• More critical: Darkcoin has no anonymity. There is a very easy and reliable way to link inputs to outputs in every single Darksend (as well as automatic denonimating) transaction.

As I know the open source community, I will not get anything from publishing my ideas and helping to fix them. So I want to inform you, that I will shortly setup a "Darkcoin Deanonymizer" which will for every single darksend transaction be able to link incoming and outcoing transactions.

ALRIGHT, DUE TO EXCESSIVE TROLLING ACCUSATIONS I DISCLOSE ONE OF THREE DOS ATTACKS ON DARKCOIN HERE --- just for a start

Alright, I will disclose one of three DOS attacks right now.

Attack: You can destroy all darksend processes by not signing and not losing any of your collaterals ... sabotage for free basically.

Reason: When you push your collateral to the masternode it is incorrectly checked for validity.

Check: IsCollateralValid() in darksend.cpp - line 874ff

It basically checks:

• are all inputs correct
• are all outputs correct
• wtxCollateral.IsAcceptable(true, false)

however, transaction with a nLockTime in the future are also passing "IsAcceptable". So push a collateral with a locktime 10000 blocks ahead, and you will never lose it because it will not make it into any block thus easily can be replaced by another one with a higher nSequence number.

This is SERIOUS and can destroy the whole network.

3 other DOS points are there as well.

I would think so. The more interesting question here is the "Darkcoin Deanonymizer". There are several possibilities here:
1) This is pure FUD.
2) The OP actually sets up the "Darkcoin Deanonymizer" and it works.
3) The OP provides the exploit to the Darkcoin developers and they provide a fix that preserves Darkcoin anonymity.
4) The OP provides the exploit to the Darkcoin developers and they cannot provide a fix that preserves Darkcoin anonymity.

Care to bet on "odd" or "even" above?

Interesting developments, will BCX break DarkCoin? I guess only time will sell, price is currently at 0.00612000

He is probably being melodramatic about the dead change anonymity issue. See here: https://darkcointalk.org/threads/dead-change-an-anonymity-issue.3019/

It has been discussed at length with the team and a fix posted by DRK dev here: https://darkcointalk.org/threads/change-contracts-using-atomic-transfers.3067/

Nothing to worry about, if there are code bugs, Evan would release a patch within an hour or two. This has happened a few times before.

You meant "only time will tell", or did you wanted to say it is selling time?

Can these servers be shut down by governments?

Put up or shut up, fudder.

You cannot shut down an architecture which is decentralised.

I think you're confusing the word "centralised" with the "2-tier" and trying to make out they're the same thing. They are not the same thing.

A "centralised" network is one that has a single central controlling authority. A decentralised one is a network that does not. (The clue is in the word single.)

Nor is it a question of number. There could be only 2 masternodes in the entire world and it still wouldn't be centralised because those 2 masternodes could not prevent another 50,000 from spouting up elsewhere. In other words those 2 masternodes do not constitute a central controlling authority.

As for "buying them all up", if you properly think it through to its ultimate conclusion then even that doesn't work. Although it's a hypothetical possibility, Darkcoin belongs to a technological generation which is characterised by open source reproducibility. Everything can be reproduced: if masternode ownership gets compromised, new ones will appear. If the entire network gets compromised, a new one can just spring up elsewhere.

It isn't a viable proposition because there isn't one aspect of the Darkcoin network - or for any other cryptocurrency network - that can't be extended or reproduced. The reason for that. again, is that there is no single controlling authority (i.e. it's decentralised).

Far from being a weakness, Darkcoin's masternode network gives it massive redundancy because whatever the merits of its particular mixing algos at any given moment, they can be re-applied many times pre-emptively as opposed to having "only one shot at it" when a user performs a transaction.

IMO, Darkcoin stands at the door of very widescale adoption right now because in addition to all the above, it also retains the legacy commercial interface which makes it readily adoptable by new and existing vendors.

All round - it's the business !

I agree that the "buying darkcoin to destroy darkcoin" is laughable, your absolutely correct! It's a ridicules idea that one entity could even buy the amount needed to subvert the network in that way, thanks for supporting that.

Definition-Centralize

concentrate (control of an activity or organization) under a single authority.

Masternodes are not quite centralized, as the majority of nodes are hosted on 2 VPS providers (Amazon/Vultr).
This is a problem i agree, but at this point its more of proof of concept, if MN become more profitable to run,
the incentive will emerge to setup your own mini "datacenter" and host the node from your own home.

I'm already considering this.

Now if at least 10% of the current network did this, 126 individual nodes would be live. The hacker would need to attack each node individually.
And so what if he did? Darksend's process picks a masternode randomly, how would the attacker know which node to attack at a specific time if the selection process isn't already determined?

In relation to your comment's on security, I use at least 8 round's of mixing 

I normally stay well clear of these debates, for obvious reasons, but I do get frustrated when I see well-articulated responses from people who are clearly intelligent advocating this obviously broken architecture, mostly through much hand-waving and placating each other.

Masternodes have to be available and connected to in real time in order to be used. Mixing is based entirely on their availability. Thus, in order to control a substantial number of masternodes one merely has to own a handful, and make the rest of the masternode network unreachable.

For even a script-kiddie-level attacker these techniques and funds are easily found.

Need to render 1100 masternodes unreachable? No problem - SNMP amplification attacks will let you use a handful of boxes to amplify the bandwidth under your control. When a datacenter sees a clear flood of traffic for a particular IP address at the datacenter their response is always automatic and the same - their upstream data provider blackholes that IP address at the upstream bordergate. This means that you can use SNMP or DNS amplification attacks to render a dedicated machine (never mind a VPS) inoperable and unreachable to the outside world.

The most critical take away for you today is that this problem is unsolvable at the userland level. In other words, no matter how much dev worship there is there isn't a magical line of code that can be written that can prevent amplification attacks from devices and servers that are unrelated to and unconnected to the Darkcoin network. It is something that cannot be controlled or influenced.

The solution would literally be for Darkcoin to scrap masternodes and go back to the proverbial drawing board to find an architecture that uses passive blockchain mixing or similar, but I suspect it is too late and there are too many stubborn heads for that.