\[Bushstar Response Incl\] Fork and 51% the chain of event, including 33000
-
Developer Response:
"I saw that. Someone put huge sell orders on to suppress the price. I bought as many as I could :p
Back to business. Someone is “testing” our chain and this is expected. This is nothing new and is something that all coins have had to suffer. Orphan chains do occur naturally in block chains and resolve themselves. WorldCoin with 15 second block targets generates many orphans, apparently it saw a 300+ chain orphan on one pool. An attack of that size would be incredibly hard to sustain and prove costly to the attacker.
I’m not sure what the motives are but perhaps we could piece some information together to investigate what is going on. We already know that they must have around 2.25GH/s to create blocks as fast as they do. This could explain why some complained about confirms resetting to zero, if your transactions end up in an orphaned block they have to be resent in a new block.
I will bring zerodrama into this conversation." - Bushstar
[b]=====[/b]
Hi all,
i have investigate the block 33000 and 33001 a bit. What I have found is someone have repeatedly done 51% attack on the feathercoin network. the 33001 was one of them (probably 33000 is the same source, but i can’t confirm that)First let’s introduce 51%. any mining crypto coins is vulnerable to this attack. as one person (person include solo, pool or colluding pool group) has control of more then 50% of the hash rate. so it can reverse a previous block by making an alternate chain that is longer the the original one so it invalidate the original one. that is exactly what append on block 33000 and 33001. (for the 33000 address it possibly isn’t a valid address just a show. it probably belongs to the same person as 33001).
now why I’m sure of that! he does it several time in the past, but not for the same purpose. In the other case it was a double spend reversal of transactions. So he send money for some confirm usually 5 confirm) and then transfer back to himself in a longer chain to invalidate the transaction in the now orphan chain.the longer chain is [i]hold[/i] to let the confirm propagate and then release to invalidate the other chain
I spotted this in several fork. For the one occurring between 32900 and 33000 the attacker had an average time between blocks of 6 minutes.
so according to the 6 minutes between block at 188 difficulty it would take in my estimation 2-2.5Gh/s (thep33t on [url=http://forum.feathercoin.com/index.php?topic=786.0]http://forum.feathercoin.com/index.php?topic=786.0[/url] suggest 2.25Gh/s)First point: nothing prove that the reversed transaction are real transaction reversed and have made someone lost money, nothing also prove that it was not real and that someone get scam in the process and lost a lot of money.
second point: he wanted to be spotted as between 32900 and 33000 he always use the same address and also made sure we see him on very followed block 33000
now the fact:
The address to follow is [url=http://explorer.feathercoin.com/address/71mKxLX5RXeWFG61DZHfknStWC5RSf8hUb]http://explorer.feathercoin.com/address/71mKxLX5RXeWFG61DZHfknStWC5RSf8hUb[/url] mining (if this address had change at each bloc, as many miner do I would not have been able to trace it back! )32900 a 3 path fork
this one is very complicate and irrelevant to analyze in detail here but involved many split-consolidation in the 3 chains at least 300k split in 6 50K in orphan
[url=http://explorer.feathercoin.com/tx/353716edd6d2aca361f39f8118a550a3902c5dd080efbb1e16180ba122007728#i1]http://explorer.feathercoin.com/tx/353716edd6d2aca361f39f8118a550a3902c5dd080efbb1e16180ba122007728#i1
[/url]32910
at 19h10 in 32911 split 600K to 4 address for 150K each in the orphan chain that go until block 32916 at 20:25 he even mine some block at the end)
detail [url=http://explorer.feathercoin.com/tx/4221ad8fad043fffdea2ef6ad96a6f52f41f12f0b25251021beae0c91849c3d0]http://explorer.feathercoin.com/tx/4221ad8fad043fffdea2ef6ad96a6f52f41f12f0b25251021beae0c91849c3d0[/url]
at 18h40 in 32911 send to self 600K (mine 32916 at 19h10 and then mine block until 32918 at 19h42)
detail [url=http://explorer.feathercoin.com/tx/5a570ed0cb97d96a7740530eacdfeb8b03681a53e04f75d03c257ab0cb056137]http://explorer.feathercoin.com/tx/5a570ed0cb97d96a7740530eacdfeb8b03681a53e04f75d03c257ab0cb056137
[/url]32917
at 21h38 in 32918 split 600K in 3 200K in orphan chain (chain go to 32922 at 23h41)
detail [url=http://explorer.feathercoin.com/tx/be262f798338dd0d59db1761762de9897fb7445307b842bee4a3aa2c57a60a90]http://explorer.feathercoin.com/tx/be262f798338dd0d59db1761762de9897fb7445307b842bee4a3aa2c57a60a90 [/url]
at 21h48 in 32918 send back to self 600k and generate block until 33026 at 22h37
detail [url=http://explorer.feathercoin.com/tx/1f7789291154e6f1eb3b545b8050cac40ef5c342d07953389a6c937d916803ea]http://explorer.feathercoin.com/tx/1f7789291154e6f1eb3b545b8050cac40ef5c342d07953389a6c937d916803ea
[/url]32944 3 path chain
at 20h44 spend 650K in 4 162.5K each in orphan transaction 32946 (that go to 32951 at 21h16)
details: [url=http://explorer.feathercoin.com/tx/3427b872a28bad9fc67157897cc67c5e7b537d4968c4ca7c9f1ececb1f92970a]http://explorer.feathercoin.com/tx/3427b872a28bad9fc67157897cc67c5e7b537d4968c4ca7c9f1ececb1f92970a[/url]
but already confirm transfer to self at 19h45 in 32945 (32951 20h25 and he stop mining chain 32953 at 20h29)
detail [url=http://explorer.feathercoin.com/tx/bfc1235955a9191863bccd8e65d420c26d6c3fd4733a6c1c65a9b6d20d42ce3a]http://explorer.feathercoin.com/tx/bfc1235955a9191863bccd8e65d420c26d6c3fd4733a6c1c65a9b6d20d42ce3a
[/url]
the third chain was mined and have 2 block at 20h01 and 20h45. without any of those transaction in it32957
at 1:12 himself mine the orphan block 32959
detail [url=http://explorer.feathercoin.com/tx/144173640fd7fd252cb83e07f80479cbc19369e121909fa60273c70bd50af91d#i0]http://explorer.feathercoin.com/tx/144173640fd7fd252cb83e07f80479cbc19369e121909fa60273c70bd50af91d#i0[/url]
transfer to self already confirm in chain at 32860 at 0:36 (probably a hold to release block)
detail [url=http://explorer.feathercoin.com/tx/4c3e028c055fadbc7c9c6c9101a7d8971399d756f2c62f96c059d7645e824b86#i0]http://explorer.feathercoin.com/tx/4c3e028c055fadbc7c9c6c9101a7d8971399d756f2c62f96c059d7645e824b86#i0[/url]their is another fork at 33017 for 600K FTC split in 3 200K FTC
in orphan chain at 21h38- it splitted the 600K to 3 address for 200K each
details: [url=http://explorer.feathercoin.com/tx/be262f798338dd0d59db1761762de9897fb7445307b842bee4a3aa2c57a60a90]http://explorer.feathercoin.com/tx/be262f798338dd0d59db1761762de9897fb7445307b842bee4a3aa2c57a60a90[/url]
in the new chain at 21h48- it send back the fund to himself at same address:
details: [url=http://explorer.feathercoin.com/address/6dxYyTAnvdNXMqViM7MRQPNsPQeKNFRnvo]http://explorer.feathercoin.com/address/6dxYyTAnvdNXMqViM7MRQPNsPQeKNFRnvo[/url]
it made all block between 33018 and 33026 in 50 minutestheir is other similar before 32900 i find at least 2 (one 150K and another 50K) but I think this is enough to prove the case!
note: depending on the exchange rate. an attack of 600K FTC can have give value between 50K$ to 100K$ if the output address are to anyone accepting FTC with low number of confirmations.
How can someone have this hash power. Any of the top 5 LTC mining pool redirect to FTC can do it, a non listed LTC pool can also have this hash rate. An alt coin with high hype can also do it with pool redirect. (redirect can be for one or more alt coins pools that use script redirect to the target coins)
Amazon, azure, Google cloud can be used to make it but is unlikely as price and size. But can be added to other method to reach the required hash.
see this for detail on how it can be done with amazon in this specific FTC case (2.25Ghz) it requires 11000 instances so 50000$ per hour to do so
[url=https://bitcointalk.org/index.php?topic=96204.0]https://bitcointalk.org/index.php?topic=96204.0[/url]Any alt coins that use the same miner as one or many establish one is subject to pool transfer for a 51% attack by pool operator. (miner in the pool need to really been able notice they are mining the other alt, miner mine don’t look at what is displayed unless it give them a lot less then expected)
I’m sorry to say that as the community was great and I was enthusiast to participate, but I personally think all scrypt sha256 alt coins can’t survive with the 51% ghost of LTC and bitcoin. So i’m out :-(
-
Thank you for the analysis, Bushstar will continue to investigate. We take all security concerns seriously and address the issue accordingly.
-
waiting nervously for bushstar comment.
Is this some of the reason why ftc has dropped like a rock to 0.0009 btc/ftc. sell order of over 2mill ftc -
So I was so happy I found block 32,911 then it came back as an orphan… i was pissed. Now your telling me it was intentional.
if your theory is right someone could redirect one of the new alt-alt coins for about an hour and break something. i remember seeing a WDC pool and for abit ryc pool above 400M hash rate… heck the wdc pool was at 966mhashs… it was a few day old pool at that.
What’s the actual solution to something like this? Excuse me if I’m not as informed as others. I treat this as a hobby.
-
Ignore him he wants even cheaper coins :D
Oh and for the record, I have never changed my mining address, so that’s your FACT out of the window :), I’ll leave bush to explain the rest! 8)
You only joined on the 21st, stating that you are basically an expert in Cryptography/Security ::), my guess is:
You SIR are A FUD merchant! >:(
-
If someone or somegroup is willing to go to all that trouble,
that means only one thing,
they are scared of feathercoin.That fact alone makes me dig in even more, hope they enjoy throwing money at us. :P
-
Any way to track back the source?
-
[quote name=“UKMark” post=“6239” timestamp=“1369434818”]
Ignore him he wants even cheaper coins :DYou only joined on the 21st, stating that you are basically an expert in Cryptography/Security ::), my guess is:
You SIR are A FUD merchant! >:(
[/quote]`+1!! -
I wouldn’t start to panic just yet. :) We know there are groups that would LOVE to see Feathercoin disappear. Bushstar will do the analysis and we’ll make any corrections as needed.
In the meantime, back to work for me.
-
Don’t panic :)
[quote name=“svennand” post=“6237” timestamp=“1369434490”]
waiting nervously for bushstar comment.
Is this some of the reason why ftc has dropped like a rock to 0.0009 btc/ftc. sell order of over 2mill ftc
[/quote]I saw that. Someone put huge sell orders on to suppress the price. I bought as many as I could :P
Back to business. Someone is “testing” our chain and this is expected. This is nothing new and is something that all coins have had to suffer. Orphan chains do occur naturally and resolve themselves. WorldCoin with 15 second block targets generates many orphans, apparently it saw a 300+ chain orphan on one pool. An attack of that size would be incredibly hard to sustain and prove costly to the attacker.
I’m not sure what the motives are but perhaps we could piece some information together to investigate what is going on. We already know that they must have around 2.25GH/s to create blocks as fast as they do. This could explain why some complained about confirms resetting to zero, if your transactions end up in an orphaned block they have to be resent in a new block.
I will bring zerodrama into this conversation.
-
First off this concern isn’t about cheap coins but about breaking something. If you break something someone has to benefit from you using the non-broken thing.
I’m only about a month or so into the crypto-community. i remember jumping around to different mining pools to figure the stuff out and see results. There were so many that had some what high hash rate that I didn’t really anything from. i really learned more about crypto by using an honest stable pool done by BigVern because I could see actual results and attribute it to what people were talking about in many different forums. This makes me go back and literally question those other pools on whether for a day or two they were breaking stuff.
I wouldn’t call this a panic but a reasonable concern. Does this take effort? yes. Stability is FTCs future best friend. This would threaten it or deeply delay it.
-
Quick point to note is that the best way to protect ourselves is to grow bigger. All our efforts on development and adoption will bring value, volume and miners to the coin. The larger the hashrate the harder we are to attack. All coins can suffer from these attacks, but the larger ones have less concern.
Then again Bitcoin could experience this again with the rise of ASICs in the hands of the few.
-
First of all, a 51% attack is actually half of an attack.
51% takes control of the network, you still need to create false transactions, orphan your target chain so it ends, all sorts of other business.
The interesting thing in this thread is the idea of jumping orphan chains. This is interesting because it could be a means of fraud or a means of destroying your own trail (not necessarily a bad thing).
Still, 51% isn’t a death sentence. It just means shields are down, prepare to for pirates, if we’re to use a Star trek metaphor.
-
Groll - should be troll :)
-
Even a few consecutive 51% attacks can be reverted through a hard fork invalidating all blocks mined after a known good one. This is the last resort though.
It would be good to know who attacked our blockchain. If it is a large public LTC pool, then disclosure of this information is going to hurt their reputation badly.
UPD: BTC-e seems to know something. They have increased the number of confirmations for FTC deposits from 5 to 50.
-
You think an LTC pool redirected work toward FTC? (6FeathercoinSucks C T B (btc backwards) seems more of a BTC ONE TRUE COIN tard attack).
-
Could be. I remember the lethal 51% attack on CoiledCoin executed by Luke Jr using Eligius hash power, though it was rather easy due to merged mining with BTC. Need to investigate further.
UPD: Seems we’re still under attack. Someone moves millions of FTC.
http://explorer.feathercoin.com/address/6dxYyTAnvdNXMqViM7MRQPNsPQeKNFRnvo
http://explorer.feathercoin.com/address/6shZk4374LBcdWCEyHrNkateK754BXeCgx[url=http://explorer.feathercoin.com/block/10c8205bd7d63fa382d1564ae7f68a86a43afa8a44a8cc2551b511f45dd772b6]#33062[/url] is fake with 1 million FTC, the following #33063, #33064, #33065 and #33066 are empty of the same origin. [url=http://explorer.feathercoin.com/block/bb4218886e90d7c6bf114060f137e860101cbc8570def661c0c6469ac7455a7b]#33067,[/url] [url=http://explorer.feathercoin.com/block/84949d92dd66250a6dedaf44f480ab48622aa385901a0e29bdbc70a41cb90536]#33068[/url], [url=http://explorer.feathercoin.com/block/61ad1a86282247e26ce70be0458ee18cc9a45594d1f5a113a26eb8d0ecc56781]#33069[/url] are also very suspicious, though many transactions included in these blocks are valid most likely.
That’s all for now, I’m falling asleep.
-
okay this is someone with a grudge.
i take this as a compliment.
we should give BTC-e a pat on the back for acting even without being asked.
1000x more trustworthy than mtgox.
-
[quote]You think an LTC pool redirected work toward FTC? (6FeathercoinSucks C T B (btc backwards) seems more of a BTC ONE TRUE COIN tard attack).[/quote]
your probably right about the BTC lover type, but that means he control all the hash power himself as he need to make it scrypt not sha256.
[quote]UPD: BTC-e seems to know something. They have increased the number of confirmations for FTC deposits from 5 to 50.[/quote]
humm that don’t sound good :-[, i was about to ask if their was someone that accept after 5 confirm, this answer it and is exactly the answer i didn’t want to get: BTC-Eso this one is speculation but I think:
he send to BTC-E then revert it. Sell all in BTC-E and then transfer to a BTC wallet before BTC-E can get anything back(if he is not so stupid to keep money at BTC-E will trying to fraud them ;) ). so this can be a 500K$ lost for BTC-E :(I can be wrong on this but I will not bet against that speculation ;)
for 33062 to 33069 their was move of coin. Block mine by he, but only a 33062 orphan as of now without anything very suspicious in my eyes at least. this seems just a i get out as fast as i can (would be a good thing in fact)
or he can try to make a 50 transactions fork :'(edited their is a fork but at 33057. 1M FTC. Back in chain for 33062 was in fact making the orphan. a bit weird
For the one that call me troll or wrong please at least find some argument (BTW: many don’t mean all. my english is not very good but at least i know that :) )
-
[quote]
How can someone have this hash power. Any of the top 5 LTC mining pool redirect to FTC can do it, a non listed LTC pool can also have this hash rate. [b]An alt coin with high hype can also do it with pool redirect.[/b] (redirect can be for one or more alt coins pools that use script redirect to the target coins)
[/quote]I have to admit I mined quite a few of the new alt-coins in the last weeks.
New pools spring up like mushrooms these days. No one knows for sure if they are legit or not. And no one cares, as long as they mine the coin of the hour.
Not all of the pools have paid out correctly. I remember a pool (won’t say which one) where I mined for 24h and got only paid a fraction of what I should have got.
So the idea would be:
- Open a pool for the most popular coin.
- Payout correctly for a day or two to build up lots of hashing power.
- Redirect to Feathercoin and screw up the chain
- Users start to complain … let the pool die …
- goto 1)
