ocminer



Offline



Activity: 2520

Merit: 1236









LegendaryActivity: 2520Merit: 1236 Network Attack on XVG / VERGE April 04, 2018, 02:14:28 PM

Last edit: April 10, 2018, 01:58:14 PM by ocminer Merited by jackielove4u (50), gjhiggins (20), JJ12880 (10), aciddude (6), bitbollo (5), ChekaZ (5), pwpwpw (5), suchmoon (4), ebliever (4), malevolent (3), AdolfinWolf (3), antantti (2), wojteks102 (2), xandry (1), Lafu (1), psycodad (1), fitraok09 (1), Zombie123 (1), muf18 (1), Fuzzbawls (1), revenant2017 (1), BlackPrapor (1), ACP (1), dgmon (1), oxonhu (1), maleemk (1), art3dsm (1), kilwar (1) #1



There's currently a >51% attack going on on XVG which exploits a bug in retargeting in the XVG code.



Usually to successfully mine XVG blocks, every "next" block must be of a different algo.. so for example scrypt,then x17, then lyra etc.



Due to several bugs in the XVG code, you can exploit this feature by mining blocks with a spoofed timestamp. When you submit a mined block (as a malicious miner or pool) you simply

set a false timestamp to this block one hour ago and XVG will then "think" the last block mined on that algo was one hour ago.. Your next block, the subsequent block

will then have the correct time.. And since it's already an hour ago (at least that is what the network thinks) it will allow this block to be added to the main chain as well.



This is what is going on since about 06:00 UTC of 04.04.2018:



The first block which was (successfully) exploited seems to be 2007365



Code: SetBestChain: new best=00000000049c2d3329a3 height=2009406 trust=2009407 date=04/04/18 13:50:09

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000a307b54dfcf height=2009407 trust=2009408 date=04/04/18 12:16:51

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=00000000196f03f5727e height=2009408 trust=2009409 date=04/04/18 13:50:10

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000010b42973b6ec height=2009409 trust=2009410 date=04/04/18 12:16:52

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000e0655294c73 height=2009410 trust=2009411 date=04/04/18 12:16:53

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000013490372b825 height=2009411 trust=2009412 date=04/04/18 12:16:54

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000017192ea8924b height=2009412 trust=2009413 date=04/04/18 13:50:13

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000007f75f237b3b height=2009413 trust=2009414 date=04/04/18 12:16:55

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000006ecb5753261 height=2009414 trust=2009415 date=04/04/18 13:50:14

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000019eb5bfd2f76 height=2009415 trust=2009416 date=04/04/18 12:16:56

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000018d5b80c0ee9 height=2009416 trust=2009417 date=04/04/18 13:50:15

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=00000000159ca0701894 height=2009417 trust=2009418 date=04/04/18 12:16:57

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000ad1a8cd6b44 height=2009418 trust=2009419 date=04/04/18 13:50:16

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000001002986218fc height=2009419 trust=2009420 date=04/04/18 12:16:58

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000b58e4fed470 height=2009420 trust=2009421 date=04/04/18 13:50:17

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000d9f0707d83f height=2009421 trust=2009422 date=04/04/18 12:16:59

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000007283d98dbb0 height=2009422 trust=2009423 date=04/04/18 12:17:00

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000002ec7b8a6e80 height=2009423 trust=2009424 date=04/04/18 12:17:01

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000001f359a8f2f4a height=2009424 trust=2009425 date=04/04/18 13:50:20

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000293a6723940 height=2009425 trust=2009426 date=04/04/18 12:17:02

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000001397927ec69d height=2009426 trust=2009427 date=04/04/18 13:50:21

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000efb6e062c02 height=2009427 trust=2009428 date=04/04/18 12:17:03

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000001e181a0d0f4a height=2009428 trust=2009429 date=04/04/18 13:50:22

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000008ca5848691b height=2009429 trust=2009430 date=04/04/18 12:17:04

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=00000000066a216ac27b height=2009430 trust=2009431 date=04/04/18 13:50:23

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000001874a45f28c7 height=2009431 trust=2009432 date=04/04/18 12:17:05

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000005bc0408b8ca height=2009432 trust=2009433 date=04/04/18 13:50:24

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000005feb2b45e5d height=2009433 trust=2009434 date=04/04/18 12:17:06

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000000c211ba04de height=2009434 trust=2009435 date=04/04/18 12:17:07

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000001402dc20ae5f height=2009435 trust=2009436 date=04/04/18 12:17:08

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000001e73181cf91c height=2009436 trust=2009437 date=04/04/18 13:50:27

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=00000000062720b222ea height=2009437 trust=2009438 date=04/04/18 12:17:09

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000e10aeecf7f1 height=2009438 trust=2009439 date=04/04/18 13:50:28

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000b41ab258a8f height=2009439 trust=2009440 date=04/04/18 12:17:10

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000001136b924f67b height=2009440 trust=2009441 date=04/04/18 13:50:29

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000a1c1af529cd height=2009441 trust=2009442 date=04/04/18 12:17:11

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000007f1d1f8d921 height=2009442 trust=2009443 date=04/04/18 13:50:30

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000ca0a1bc6b0e height=2009443 trust=2009444 date=04/04/18 12:17:12

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=00000000003075b7a580 height=2009444 trust=2009445 date=04/04/18 13:50:31

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000001c9f43fd7305 height=2009445 trust=2009446 date=04/04/18 12:17:13

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000009129b024a height=2009446 trust=2009447 date=04/04/18 12:17:14

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000008e180f24f15 height=2009447 trust=2009448 date=04/04/18 12:17:15

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=00000000084eb6c59c6d height=2009448 trust=2009449 date=04/04/18 13:50:34

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000d8510f41c9a height=2009449 trust=2009450 date=04/04/18 12:17:16

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000011df91a1ab87 height=2009450 trust=2009451 date=04/04/18 13:50:35

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000001ba92e976854 height=2009451 trust=2009452 date=04/04/18 12:17:17

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000364bf981384 height=2009452 trust=2009453 date=04/04/18 13:50:36

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000012d88fa3db27 height=2009453 trust=2009454 date=04/04/18 12:17:18

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000305cd62b1f2 height=2009454 trust=2009455 date=04/04/18 13:50:37

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000011300c4f86cb height=2009455 trust=2009456 date=04/04/18 12:17:19

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000001487b026dd4 height=2009456 trust=2009457 date=04/04/18 13:50:38

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000001c8532ef2df height=2009457 trust=2009458 date=04/04/18 12:17:20

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000001c17ae6efeeb height=2009458 trust=2009459 date=04/04/18 12:17:21

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000002bf168f5eab height=2009459 trust=2009460 date=04/04/18 12:17:22

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000001a23e2c283bc height=2009460 trust=2009461 date=04/04/18 13:50:41

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000014ecd97066c4 height=2009461 trust=2009462 date=04/04/18 12:17:23

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000001643a1c4a3bb height=2009462 trust=2009463 date=04/04/18 13:50:42

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000008ec0214e6c2 height=2009463 trust=2009464 date=04/04/18 12:17:24

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000009b069fcd1cc height=2009464 trust=2009465 date=04/04/18 13:50:43

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000001722adbca417 height=2009465 trust=2009466 date=04/04/18 12:17:25

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000a9e8d58c86b height=2009466 trust=2009467 date=04/04/18 13:50:44

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000010f27ab0a452 height=2009467 trust=2009468 date=04/04/18 12:17:26

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000479c982db76 height=2009468 trust=2009469 date=04/04/18 13:50:45

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000001f8be1b4066c height=2009469 trust=2009470 date=04/04/18 12:17:27

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000b05233d5ad7 height=2009470 trust=2009471 date=04/04/18 12:17:28

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000007a9c6cdba5d height=2009471 trust=2009472 date=04/04/18 12:17:29

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000622e29e4307 height=2009472 trust=2009473 date=04/04/18 13:50:48

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000001a8d80324a57 height=2009473 trust=2009474 date=04/04/18 12:17:30

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000001eddc0154526 height=2009474 trust=2009475 date=04/04/18 13:50:49

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000ac0a256f263 height=2009475 trust=2009476 date=04/04/18 12:17:31

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=00000000040f83b5ee2f height=2009476 trust=2009477 date=04/04/18 13:50:50

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000001827966aa60b height=2009477 trust=2009478 date=04/04/18 12:17:32

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000012d0d1501121 height=2009478 trust=2009479 date=04/04/18 13:50:51

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000032868a4c74 height=2009479 trust=2009480 date=04/04/18 12:17:33

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=00000000092675395f6e height=2009480 trust=2009481 date=04/04/18 13:50:52

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000001f95a9a174d4 height=2009481 trust=2009482 date=04/04/18 12:17:34

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000017503fc3dc13 height=2009482 trust=2009483 date=04/04/18 12:17:35

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=00000000007c61b36c76 height=2009483 trust=2009484 date=04/04/18 12:17:36

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=00000000070810d5a6e5 height=2009484 trust=2009485 date=04/04/18 13:50:55

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=00000000068467683637 height=2009485 trust=2009486 date=04/04/18 12:17:37

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=00000000041dc83f0978 height=2009486 trust=2009487 date=04/04/18 13:50:56

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=00000000011fb17203f4 height=2009487 trust=2009488 date=04/04/18 12:17:38

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000a96b38de1a0 height=2009488 trust=2009489 date=04/04/18 13:50:57

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=00000000121e7a285719 height=2009489 trust=2009490 date=04/04/18 12:17:39

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000348e668204f height=2009490 trust=2009491 date=04/04/18 13:50:58

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000012766d85cab4 height=2009491 trust=2009492 date=04/04/18 12:17:40

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=00000000181a0c1be275 height=2009492 trust=2009493 date=04/04/18 13:50:59

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000015c05593e210 height=2009493 trust=2009494 date=04/04/18 12:17:41

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000719cb24d9c0 height=2009494 trust=2009495 date=04/04/18 12:17:42

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000015d9b853834d height=2009495 trust=2009496 date=04/04/18 12:17:43

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=00000000115e68a6d447 height=2009496 trust=2009497 date=04/04/18 13:51:02

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000004d9233f19c6 height=2009497 trust=2009498 date=04/04/18 12:17:44

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=00000000141ab049fe19 height=2009498 trust=2009499 date=04/04/18 13:51:03

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000001b91344fa33c height=2009499 trust=2009500 date=04/04/18 12:17:45

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=0000000001d112440f7b height=2009500 trust=2009501 date=04/04/18 13:51:04

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000001bf2c8a073c6 height=2009501 trust=2009502 date=04/04/18 12:17:46

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=00000000116863c0157c height=2009502 trust=2009503 date=04/04/18 13:51:05

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000ec5da17852e height=2009503 trust=2009504 date=04/04/18 12:17:47

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=000000000d7cd87c5e53 height=2009504 trust=2009505 date=04/04/18 13:51:06

ProcessBlock: ACCEPTED (scrypt)

--

SetBestChain: new best=00000000156becbf42cd height=2009505 trust=2009506 date=04/04/18 12:17:48

ProcessBlock: ACCEPTED (scrypt)





As you can see in the text above, those blocks are all subsequent, so one miner gets them all and you see there's 90 min difference between all the blocks, thats one bug the miner is

exploiting. You also see the correct time is the latter time.. so the last block ended on 13:51:06 and the block before was 12:17:47 and the block with the correct time before that one

was at 13:51:05 .. That means the hacker is mining one block per second !



The vergeDEV @ Discord says "everything is okay - there's nothing to fix".. I apologize for that, he didn't say it exactly in this way, but there was no further immediate action taken at all after I've posted at discord. The only thing I got as an answer was "It seems to stabilize now" - which was when the first attack ended.



Since about 99% blocks by legit pools are rejected - and the dev team is not able to understand this problem, i'm closing and removing all VERGE pools from suprnova.





Here's a incomplete list of the malicious addresses:



https://verge-blockchain.info/address/DKE3tKrXJJ2s7nCPYtE5vntBKBZKGLb2kB

https://verge-blockchain.info/address/DBbZgu2eeZfxdUiqtf1dbG3H5kExDTqzCM

https://verge-blockchain.info/address/DTnxUQ476HWeSqm5hct2astEp2EB8BQBMD

https://verge-blockchain.info/address/DMK8aqjFGUNVQibv7i3qu4pyUyXcnSHHcC

https://verge-blockchain.info/address/DN4rx2gKm7Lepa6kyZx62zJtWVLAxNBc15

https://verge-blockchain.info/address/DFSnNgjEyYkfDVJGR8BG2LdFLYbJgdtFRa

https://verge-blockchain.info/address/DAf5YdtmvTaq2gySAPtfPzv86jC9nGY1RR

https://verge-blockchain.info/address/DUCtin38xfPWvLvkAtWMJoUDefg3mu1rYQ

https://verge-blockchain.info/address/D5Gz63joDNteuMJSMuiD153hQHPN626ryw





EDIT: More addresses:



From what I see there are a lot more









EDIT: On 05. April the attacker started again and mined about 12k blocks again:



I skimmed the logs and saw the attacker started the new attack at around block 2014060 and stopped just now at block 2026196



..



12k blocks this time Lets say 10k... so additional 10.000 + 1560 = 15.600.000

























================================







STATEMENT #2 5. April:



















Okay guys, as the shit keep hitting the fan harder and harder here I need to take a few steps to actually end that drama for me:



Suprnova will not reopen any of it's XVG/Verge pools for mining whatsoever. You can mine it freely on any different pool if you like. Withdrawals are possible of course.



The background is that the "fix" promoted by the devs simply won't fix the problem. It will just make the timeframe smaller in which the blocks can be mined / spoofed and the attack

will still work, just be a bit slower.



Also the over 20 Million XVG which were instamined by the attacker won't be blacklisted, reverted, filtered or rolled-back in anyway according to the verge-dev, so in my opinion you all (the miners and investors) got betrayed about that 20 M coins .. For some it might be only a few coins, for some it might be a lot.. For some this might all be drama for them, I see you there of course..



Just to clarify a few last things:



1. The fix won't fix it. The problem is not alone the drifttime, but also the algo variance. You have to make sure that not X blocks get mined on one algo.

Myriad and digibyte had the same issues - they fixed it.



Here's a possible fix for the issues:



Please DON'T just merge the code like you see it in that commit, you need to actually find the right places in your code and merge it. It's a slightly different codebase, so it won't work

with just copy & paste, you actually have to understand and rewrite it to fit to your needs.





2. It's possible to blacklist certain addresses within the blockchain. So if you know on which addresses hacked funds reside, you can simply "blacklist" them directly in the codebase of the coin.

For example you know that the attacker has used address "123abc123acb123abc" as the root for his hacked funds. You can now - at anytime - update your wallet code and just say

"orphan all transactions with the root address "123abc123acb123abc". So even if the hacker moves the funds NOW or in one year, it won't happen as you've blacklisted the originating address.

This was done previously also, not on myriad but on another coin - I can also find that commit for you.





3. I was getting blamed for "judging" too early and posting this info publicly on bitcointalk. I've mixed feelings about this.. Yes, I could have spoken silently to the devs at first and tell them "hey,

something weird is going on on your blockchain" - however in the same time my miners were asking why the pool wasn't finding blocks and I already saw the first tweets about "skimming" and

stuff.. So.. What to do ? Keep the info about the hacker silent with the devs and wait 3-4 days for a (non-working) fix and get my reputation killed totally or just go for a public post about it

and shutdown the pools ? I know, it's a difficult decision and my decision might have been wrong, but hey, I'm neither the attacker nor am I the guy responsible for the coin.. Also I was a bit

astonished that I was actually the first to report the problem.. I was expecting devs watch their coin closely and come up with fixes upfront.. or at least know about what happend.



In my opinion the optimal handling for this problem probably would have been something like this:



1. Contact pools and exchanges to shutdown mining and trading

1a. Tweet/Inform miners about the problem and tell them it's been worked on but takes it's time.

2. Talk about possible problems and mitigation practices with devs/exchanges and pools.. Create a "conference room" for this for example and invite all necessary people there.

3. Find a resolution, roll back the chain or at least filter the malicious coins (as someone as a (big) advantage here which he shouldn't, or?? So some others have a big disadvantage, or not ?)

4. Go back online with the resolution and back to mining.







Least but not last here's a chatlog from a few moments ago, sorry for posting the drama but I just can't let it stand like it is at the moment.. If you don't want to read drama, just skip the part:

And yes, I might be a bit upset there as well, sorry, next time I'll be more precise and "nice"





...

[16:08:43] <vergeDEV> yes i put it in both branches

[16:10:11] ed__ (319465d0@gateway/web/freenode/ip) joined the channel

[16:12:43] <ocminer> hmm no filtering/rollback of the attackers coins ?

[16:12:55] <ocminer> thats over 20 mills for him...

[16:13:08] <vergeDEV> we dont do rollbacks.

[16:13:16] <vergeDEV> we roll forward

[16:13:17] <@Epsylon3> i imagine the mess :p

[16:13:31] <@Epsylon3> the only this you can do is tracking the coins

[16:13:38] <vergeDEV> ocminer, would have been great if you contacted someone from our team. by you putting this on bitcointalk, you invited a ton of other people to attack as well.

[16:13:39] <@Epsylon3> talking with exchanges

[16:14:01] <vergeDEV> also your quote The vergeDEV @ Discord says "everything is okay - there's nothing to fix"..

[16:14:03] <vergeDEV> thats bullshit.

[16:14:05] <vergeDEV> i never said that

[16:14:15] <vergeDEV> why are you quoting me saying something i never said?

[16:14:18] <ocminer> -.-

[16:14:25] <vergeDEV> i already talked to bittrex and binance, theyre updated

[16:14:55] <ocminer> you just don't understand what this is all about

[16:16:02] <vergeDEV> how so?

[16:16:14] <vergeDEV> i do understand. we are having blocks injected with spoofed timestamps.

[16:16:20] <@Epsylon3> what the amount mined per day ?

[16:16:22] <@Epsylon3> is*

[16:16:24] <vergeDEV> and i never said "everything is okay - there's nothing to fix"

[16:16:46] <@Epsylon3> i need to add a script command for that :p

[16:16:54] <ocminer> also your commit won't fix it

[16:16:57] <ocminer> but ..

[16:17:12] <ocminer> go ahead and "move forward"

[16:17:14] <vergeDEV> ~4mill/day

[16:17:17] <@Epsylon3> XVG: current block_time set in the db 0mn35 (35 sec)

[16:17:18] <@Epsylon3> XVG: avg time for the last 2048 blocks = 0mn13 (13 sec)

[16:17:18] <@Epsylon3> XVG: avg time for the last 1024 blocks = 0mn31 (31 sec)

[16:17:35] <@Epsylon3> my script dont go so far :p

[16:17:51] <ocminer> 12000 * 1560 = 18.7 mills already

[16:17:53] <@Epsylon3> XVG need 20x that :p

[16:18:30] <vergeDEV> yeah it wasnt that bad until ocminer posted it on bitcointalk, and then everyone and their mother joined in.

[16:18:51] <vergeDEV> and also misquoted me completely

[16:19:00] <ocminer> lol, now you're blaming me for an attack on your blockchain ? srsly ?

[16:19:07] <vergeDEV> did i blame you?

[16:19:09] <@Epsylon3> 2026860 now... 2000000 was 2018-04-01 17:39:37

[16:19:11] <vergeDEV> i said the attack wasnt as bad

[16:19:14] <ocminer> [16:18:30] <vergeDEV> yeah it wasnt that bad until ocminer posted it on bitcointalk, and then everyone and their mother joined in.

[16:19:15] <vergeDEV> it was worse after

[16:19:20] <@Epsylon3> 3 days..

[16:19:25] <@Epsylon3> 4

[16:19:27] <vergeDEV> yes that is correct. congrats, you got a quote correct

[16:20:03] <@Epsylon3> so yep, maybe not 12000 blocks

[16:20:14] <@Epsylon3> i may create a script to check :p

[16:20:49] <@Epsylon3> Height: 2010000

[16:20:49] <@Epsylon3> Time: 2018-04-04 14:22:01

[16:21:03] <@Epsylon3> after first hack so

[16:21:31] <@Epsylon3> will do the script, i like right numbers

[16:26:22] <ocminer> listen.. kid... you have a absolutely trashy shitcoin pumped in heaven through that tweet from john mcafee back in that day.. you probably made a lof of money by that idiot tweeting xvg to the moon.. you should have used the chance and invested some of that money and invest it into a decent dev team, as seriously, and everyone knows that, you have not the slightest idea of coding whatsoever... If you've had done that, you could have patched your

[16:26:22] <ocminer> super-old codebase already to a super-recent codebase like myriad or digibyte and wallets would't have memory leaks all over, wouldn't take >30 mins until they startup and also those two drama's with the earlier tor hardforks wouldn't have happen. I'm not the guy who "keeps bullshit silent" - when I see something is happening, I report it - immediately and from my POV your users/miners have been betrayed by over 20 M coins which were injected

[16:26:22] <ocminer> maliciously into the blockchain... This is not a kiddo script hack and my post didn't change anyhting but just revealing what is happening at the moment (as you didn't notice yourself until I came into your hostile discord) and it's not a bad thing to post that publicly. You know see me as your enemy or whatever - I don't care, if you want to continue with your coin, go ahead, surely without me, but this should be your utmost last warning - think

[16:26:22] <ocminer> about yourself, think about how you make decisions and maybe come down a bit from your emperor throne and get help from professionals if you can't handle it alone... You'll see what happens after your HF - nothing, guaranteed, because you don't fix the root cause of this.

[16:26:27] vergeDEV (~sunerok@unaffiliated/sunerok) left IRC (Ping timeout: 240 seconds)

[16:26:50] <ocminer> And Epsylon3 ... you

[16:27:04] <@Epsylon3> i slept

[16:27:09] <@Epsylon3> :p

[16:27:22] <phm87> Hi, sorry I come back late

[16:27:23] <ocminer> 're not much better than him.. only looking for the profits here.. .your miners also lost a lof of coins during the network was stalled and the 15k blocks mined...

[16:27:34] <phm87> I am running unimining where there is XVG

[16:27:36] <@Epsylon3> you are wrong

[16:27:38] <phm87> (on blake2s)

[16:27:39] <ocminer> if you'd be honest, you'd shutdown the pool and let him fix his shit up

[16:27:41] <@Epsylon3> i stopped the pool the whole day

[16:28:02] <@Epsylon3> and answered everyone why

[16:28:08] <ocminer> it's up and running already, without any fix for the malicious coins

[16:28:10] <@Epsylon3> lot of spam

[16:28:16] <@Epsylon3> took the whole day

[16:28:37] <@Epsylon3> i pasted the fix i made this morning

[16:28:38] <phm87> sorry I will read what you said few minutes ago, I am late but I'll shut the pool if coin dev say so then I can explain to my miners that I follow coin dev orders

[16:28:52] <phm87> when a coin explodes randomly and coin dev don't care then I delist it

[16:28:58] <@Epsylon3> which is the commit, with proper knowledge and amount of seconds

[16:29:04] <phm87> but XVG risk is high for Uni so I may delist it

[16:29:07] <ocminer> that fix from him is just bullshit, it changes nothing, just the timespan of which they do the attacks.. .they will be slowed down a bit, but that's all



....







This will be my last dealing with XVG. I don't like to get cheated and blamed. As a miner myself I care for what I mine and I care for others as well - you can take it or leave it.



Rest assured there will be lots of pools you can still mine on, no problem at all will occur.





Also Congratulations to the Hacker - you've chosen the right coin for your hack (which was invented in 2014 btw:)) - don't buy too many Lambos with your > 20M Verge... so what.. About 1 Million $ now ?









EDIT 10. April:



Well from what I see at least they now followed my advice and integrated the mentioned MAX_BLOCKS_PER_ALGO commit from myriad:



https://github.com/vergecurrency/VERGE/commit/80c81aef63272231fc39c2af4b8db9f3f2e9d328



This should fix at least the issue to "takeover" the chain by abusing one algo.. If it actually works.



However of course there's still damage done, the abusers funds are mined and in the chain, that guy is pretty rich now I guess Smiley





Posted here for reference as the other Topic is self-moderated and this will probably get deleted:There's currently a >51% attack going on on XVG which exploits a bug in retargeting in the XVG code.Usually to successfully mine XVG blocks, every "next" block must be of a different algo.. so for example scrypt,then x17, then lyra etc.Due to several bugs in the XVG code, you can exploit this feature by mining blocks with a spoofed timestamp. When you submit a mined block (as a malicious miner or pool) you simplyset a false timestamp to this block one hour ago and XVG will then "think" the last block mined on that algo was one hour ago.. Your next block, the subsequent blockwill then have the correct time.. And since it's already an hour ago (at least that is what the network thinks) it will allow this block to be added to the main chain as well.This is what is going on since about 06:00 UTC of 04.04.2018:The first block which was (successfully) exploited seems to be 2007365 https://verge-blockchain.info/block/0000000000003ee2332ac70d69d9f6ba2e49ebca25c92435b3f53e53311becbb As you can see in the text above, those blocks are all subsequent, so one miner gets them all and you see there's 90 min difference between all the blocks, thats one bug the miner isexploiting. You also see the correct time is the latter time.. so the last block ended on 13:51:06 and the block before was 12:17:47 and the block with the correct time before that onewas at 13:51:05 ..I apologize for that, he didn't say it exactly in this way, but there was no further immediate action taken at all after I've posted at discord. The only thing I got as an answer was "It seems to stabilize now" - which was when the first attack ended.Since about 99% blocks by legit pools are rejected - and the dev team is not able to understand this problem, i'm closing and removing all VERGE pools from suprnova.Here's a incomplete list of the malicious addresses:EDIT: More addresses: https://pastebin.com/K7L1G5FE From what I see there are a lot moreEDIT: On 05. April the attacker started again and mined about 12k blocks again:I skimmed the logs and saw the attacker started the new attack at around block 2014060 and stopped just now at block 2026196..12k blocks this time Lets say 10k... so additional 10.000 + 1560 = 15.600.000================================STATEMENT #2 5. April:Okay guys, as the shit keep hitting the fan harder and harder here I need to take a few steps to actually end that drama for me:The background is that the "fix" promoted by the devs simply won't fix the problem. It will just make the timeframe smaller in which the blocks can be mined / spoofed and the attackwill still work, just be a bit slower.Also the over 20 Million XVG which were instamined by the attacker won't be blacklisted, reverted, filtered or rolled-back in anyway according to the verge-dev, so in my opinion you all (the miners and investors) got betrayed about that 20 M coins .. For some it might be only a few coins, for some it might be a lot.. For some this might all be drama for them, I see you there of course..Just to clarify a few last things:1. The fix won't fix it. The problem is not alone the drifttime, but also the algo variance. You have to make sure that not X blocks get mined on one algo.Myriad and digibyte had the same issues - they fixed it.Here's a possible fix for the issues: https://github.com/digibyte/digibyte/pull/15 Please DON'T just merge the code like you see it in that commit, you need to actually find the right places in your code and merge it. It's a slightly different codebase, so it won't workwith just copy & paste, you actually have to understand and rewrite it to fit to your needs.2. It's possible to blacklist certain addresses within the blockchain. So if you know on which addresses hacked funds reside, you can simply "blacklist" them directly in the codebase of the coin.For example you know that the attacker has used address "123abc123acb123abc" as thefor his hacked funds. You can now - at anytime - update your wallet code and just say"orphan all transactions with the root address "123abc123acb123abc". So even if the hacker moves the funds NOW or in one year, it won't happen as you've blacklisted the originating address.This was done previously also, not on myriad but on another coin - I can also find that commit for you.3. I was getting blamed for "judging" too early and posting this info publicly on bitcointalk. I've mixed feelings about this.. Yes, I could have spoken silently to the devs at first and tell them "hey,something weird is going on on your blockchain" - however in the same time my miners were asking why the pool wasn't finding blocks and I already saw the first tweets about "skimming" andstuff.. So.. What to do ? Keep the info about the hacker silent with the devs and wait 3-4 days for a (non-working) fix and get my reputation killed totally or just go for a public post about itand shutdown the pools ? I know, it's a difficult decision and my decision might have been wrong, but hey, I'm neither the attacker nor am I the guy responsible for the coin.. Also I was a bitastonished that I was actually the first to report the problem.. I was expecting devs watch their coin closely and come up with fixes upfront.. or at least know about what happend.In my opinion the optimal handling for this problem probably would have been something like this:1. Contact pools and exchanges to shutdown mining and trading1a. Tweet/Inform miners about the problem and tell them it's been worked on but takes it's time.2. Talk about possible problems and mitigation practices with devs/exchanges and pools.. Create a "conference room" for this for example and invite all necessary people there.3. Find a resolution, roll back the chain or at least filter the malicious coins (as someone as a (big) advantage here which he shouldn't, or?? So some others have a big disadvantage, or not ?)4. Go back online with the resolution and back to mining.Least but not last here's a chatlog from a few moments ago, sorry for posting the drama but I just can't let it stand like it is at the moment.. If you don't want to read drama, just skip the part:And yes, I might be a bit upset there as well, sorry, next time I'll be more precise and "nice"...[16:08:43] yes i put it in both branches[16:10:11] ed__ (319465d0@gateway/web/freenode/ip) joined the channel[16:12:43] hmm no filtering/rollback of the attackers coins ?[16:12:55] thats over 20 mills for him...[16:13:08] we dont do rollbacks.[16:13:16] we roll forward[16:13:17] i imagine the mess :p[16:13:31] the only this you can do is tracking the coins[16:13:38] ocminer, would have been great if you contacted someone from our team. by you putting this on bitcointalk, you invited a ton of other people to attack as well.[16:13:39] talking with exchanges[16:14:01] also your quote The vergeDEV @ Discord says "everything is okay - there's nothing to fix"..[16:14:03] thats bullshit.[16:14:05] i never said that[16:14:15] why are you quoting me saying something i never said?[16:14:18] -.-[16:14:25] i already talked to bittrex and binance, theyre updated[16:14:55] you just don't understand what this is all about[16:16:02] how so?[16:16:14] i do understand. we are having blocks injected with spoofed timestamps.[16:16:20] what the amount mined per day ?[16:16:22] is*[16:16:24] and i never said "everything is okay - there's nothing to fix"[16:16:46] i need to add a script command for that :p[16:16:54] also your commit won't fix it[16:16:57] but ..[16:17:12] go ahead and "move forward"[16:17:14] ~4mill/day[16:17:17] XVG: current block_time set in the db 0mn35 (35 sec)[16:17:18] XVG: avg time for the last 2048 blocks = 0mn13 (13 sec)[16:17:18] XVG: avg time for the last 1024 blocks = 0mn31 (31 sec)[16:17:35] my script dont go so far :p[16:17:51] 12000 * 1560 = 18.7 mills already[16:17:53] XVG need 20x that :p[16:18:30] yeah it wasnt that bad until ocminer posted it on bitcointalk, and then everyone and their mother joined in.[16:18:51] and also misquoted me completely[16:19:00] lol, now you're blaming me for an attack on your blockchain ? srsly ?[16:19:07] did i blame you?[16:19:09] 2026860 now... 2000000 was 2018-04-01 17:39:37[16:19:11] i said the attack wasnt as bad[16:19:14] [16:18:30] yeah it wasnt that bad until ocminer posted it on bitcointalk, and then everyone and their mother joined in.[16:19:15] it was worse after[16:19:20] 3 days..[16:19:25] 4[16:19:27] yes that is correct. congrats, you got a quote correct[16:20:03] so yep, maybe not 12000 blocks[16:20:14] i may create a script to check :p[16:20:49] Height: 2010000[16:20:49] Time: 2018-04-04 14:22:01[16:21:03] after first hack so[16:21:31] will do the script, i like right numbers[16:26:22] listen.. kid... you have a absolutely trashy shitcoin pumped in heaven through that tweet from john mcafee back in that day.. you probably made a lof of money by that idiot tweeting xvg to the moon.. you should have used the chance and invested some of that money and invest it into a decent dev team, as seriously, and everyone knows that, you have not the slightest idea of coding whatsoever... If you've had done that, you could have patched your[16:26:22] super-old codebase already to a super-recent codebase like myriad or digibyte and wallets would't have memory leaks all over, wouldn't take >30 mins until they startup and also those two drama's with the earlier tor hardforks wouldn't have happen. I'm not the guy who "keeps bullshit silent" - when I see something is happening, I report it - immediately and from my POV your users/miners have been betrayed by over 20 M coins which were injected[16:26:22] maliciously into the blockchain... This is not a kiddo script hack and my post didn't change anyhting but just revealing what is happening at the moment (as you didn't notice yourself until I came into your hostile discord) and it's not a bad thing to post that publicly. You know see me as your enemy or whatever - I don't care, if you want to continue with your coin, go ahead, surely without me, but this should be your utmost last warning - think[16:26:22] about yourself, think about how you make decisions and maybe come down a bit from your emperor throne and get help from professionals if you can't handle it alone... You'll see what happens after your HF - nothing, guaranteed, because you don't fix the root cause of this.[16:26:27] vergeDEV (~sunerok@unaffiliated/sunerok) left IRC (Ping timeout: 240 seconds)[16:26:50] And Epsylon3 ... you[16:27:04] i slept[16:27:09] :p[16:27:22] Hi, sorry I come back late[16:27:23] 're not much better than him.. only looking for the profits here.. .your miners also lost a lof of coins during the network was stalled and the 15k blocks mined...[16:27:34] I am running unimining where there is XVG[16:27:36] you are wrong[16:27:38] (on blake2s)[16:27:39] if you'd be honest, you'd shutdown the pool and let him fix his shit up[16:27:41] i stopped the pool the whole day[16:28:02] and answered everyone why[16:28:08] it's up and running already, without any fix for the malicious coins[16:28:10] lot of spam[16:28:16] took the whole day[16:28:37] i pasted the fix i made this morning[16:28:38] sorry I will read what you said few minutes ago, I am late but I'll shut the pool if coin dev say so then I can explain to my miners that I follow coin dev orders[16:28:52] when a coin explodes randomly and coin dev don't care then I delist it[16:28:58] which is the commit, with proper knowledge and amount of seconds[16:29:04] but XVG risk is high for Uni so I may delist it[16:29:07] that fix from him is just bullshit, it changes nothing, just the timespan of which they do the attacks.. .they will be slowed down a bit, but that's all....This will be my last dealing with XVG. I don't like to get cheated and blamed. As a miner myself I care for what I mine and I care for others as well - you can take it or leave it.Rest assured there will be lots of pools you can still mine on, no problem at all will occur.Also Congratulations to the Hacker - you've chosen the right coin for your hack (which was invented in 2014 btw:)) - don't buy too many Lambos with your > 20M Verge... so what.. About 1 Million $ now ?EDIT 10. April:Well from what I see at least they now followed my advice and integrated the mentioned MAX_BLOCKS_PER_ALGO commit from myriad:This should fix at least the issue to "takeover" the chain by abusing one algo.. If it actually works.However of course there's still damage done, the abusers funds are mined and in the chain, that guy is pretty rich now I guess Smiley

- FOLLOW us @ Twitter ! twitter.com/SuprnovaPools suprnova pools - reliable mining pools - #suprnova on freenet https://www.suprnova.cc - FOLLOW us @ Twitter ! twitter.com/SuprnovaPools