Greg Schvey [ARCHIVE] on Nostr: 📅 Original date posted:2015-07-16 📝 Original message:Simon - tx hashes or it ...
📅 Original date posted:2015-07-16
📝 Original message:Simon - tx hashes or it didn't happen
Kidding aside, would be great if you could share the confirmed and
double-spent hashes so the rest of us can dive in and learn from this.
On Thu, Jul 16, 2015 at 7:50 AM, Me via bitcoin-dev <
bitcoin-dev at lists.linuxfoundation.org> wrote:
> minrelaytxfee setting proposed in the 0.11.0 release notes
>
> my guess, he is talking about this
> https://bitcoin.org/en/glossary/minimum-relay-fee - slam dunk technique
> for doublespend
>
>
>
> Related: is there somewhere a chart that plots `estimatefee` over
> time? Would be interesting to see how the fee market evolved over
> these past weeks.
>
>
> I find this useful
> https://bitcoinfees.github.io/
>
>
>
>
>
> On Jul 16, 2015, at 7:30 AM, Arne Brutschy via bitcoin-dev <
> bitcoin-dev at lists.linuxfoundation.org> wrote:
>
> Hello,
>
> What are these pre- and post-Hearn-relay drop rules you are speaking
> about? Can anybody shed some light on this? (I am aware of the
> minrelaytxfee setting proposed in the 0.11.0 release notes, I just
> don't see what this has to do with Mike Hearn, BitcoinXT, and whether
> there's a code change related to this that I missed).
>
> Related: is there somewhere a chart that plots `estimatefee` over
> time? Would be interesting to see how the fee market evolved over
> these past weeks.
>
> Regards
> Arne
>
> On 15/07/15 05:29, simongreen--- via bitcoin-dev wrote:
>
> With my black hat on I recently performed numerous profitable
> double-spend attacks against zeroconf accepting fools. With my
> white hat on, I'm warning everyone. The strategy is simple:
>
> tx1: To merchant, but dust/low-fee/reused-address/large-size/etc.
> anything that miners don't always accept.
>
> tx2: After merchant gives up valuable thing in return, normal tx
> without triggering spam protections. (loltasticly a Mike Hearn
> Bitcoin XT node was used to relay the double-spends)
>
> Example success story: tx1 paying Shapeshift.io <http://shapeshift.io>
> with 6uBTC output
> is not dust under post-Hearn-relay-drop rules, but is dust under
> pre-Hearn-relay-drop rules, followed by tx2 w/o the output and not
> paying Shapeshift.io <http://shapeshift.io>.
> F2Pool/Eligius/BTCChina/AntPool etc. are all
> miners who have reverted Hearn's 10x relay fee drop as recommended
> by v0.11.0 release notes and accept these double-spends.
> Shapeshift.io <http://shapeshift.io> lost ~3 BTC this week in multiple
> txs. (they're no
> longer accepting zeroconf)
>
> Example success story #2: tx1 with post-Hearn-relay drop fee,
> followed by tx2 with higher fee. Such stupidly low fee txs just
> don't get mined, so wait for a miner to mine tx2. Bought a silly
> amount of reddit gold off Coinbase this way among other things. I'm
> surprised that reddit didn't cancel the "fools-gold" after tx
> reversal. (did Coinbase guarantee those txs?) Also found multiple
> Bitcoin ATMs vulnerable to this attack. (but simulated attack with
> tx2s still paying ATM because didn't want to go to trouble of good
> phys opsec)
>
> Shoutouts to BitPay who did things right and notified merchant
> properly when tx was reversed.
>
> In summary, every target depending on zeroconf vulnerable and lost
> significant sums of money to totally trivial attacks with high
> probability. No need for RBF to do this, just normal variations in
> miner policy. Shapeshift claims to use Super Sophisticated Network
> Sybil Attacking Monitoring from Blockcypher, but relay nodes !=
> miner policy.
>
> Consider yourself warned! My hat is whiter than most, and my skills
> not particularly good.
>
> What to do? Users: Listen to the experts and stop relying on
> zeroconf. Black hats: Profit!
>
> _______________________________________________ bitcoin-dev mailing
> list bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>
> --
> Arne Brutschy <abrutschy at xylon.de>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150716/127ff899/attachment-0001.html>
📝 Original message:Simon - tx hashes or it didn't happen
Kidding aside, would be great if you could share the confirmed and
double-spent hashes so the rest of us can dive in and learn from this.
On Thu, Jul 16, 2015 at 7:50 AM, Me via bitcoin-dev <
bitcoin-dev at lists.linuxfoundation.org> wrote:
> minrelaytxfee setting proposed in the 0.11.0 release notes
>
> my guess, he is talking about this
> https://bitcoin.org/en/glossary/minimum-relay-fee - slam dunk technique
> for doublespend
>
>
>
> Related: is there somewhere a chart that plots `estimatefee` over
> time? Would be interesting to see how the fee market evolved over
> these past weeks.
>
>
> I find this useful
> https://bitcoinfees.github.io/
>
>
>
>
>
> On Jul 16, 2015, at 7:30 AM, Arne Brutschy via bitcoin-dev <
> bitcoin-dev at lists.linuxfoundation.org> wrote:
>
> Hello,
>
> What are these pre- and post-Hearn-relay drop rules you are speaking
> about? Can anybody shed some light on this? (I am aware of the
> minrelaytxfee setting proposed in the 0.11.0 release notes, I just
> don't see what this has to do with Mike Hearn, BitcoinXT, and whether
> there's a code change related to this that I missed).
>
> Related: is there somewhere a chart that plots `estimatefee` over
> time? Would be interesting to see how the fee market evolved over
> these past weeks.
>
> Regards
> Arne
>
> On 15/07/15 05:29, simongreen--- via bitcoin-dev wrote:
>
> With my black hat on I recently performed numerous profitable
> double-spend attacks against zeroconf accepting fools. With my
> white hat on, I'm warning everyone. The strategy is simple:
>
> tx1: To merchant, but dust/low-fee/reused-address/large-size/etc.
> anything that miners don't always accept.
>
> tx2: After merchant gives up valuable thing in return, normal tx
> without triggering spam protections. (loltasticly a Mike Hearn
> Bitcoin XT node was used to relay the double-spends)
>
> Example success story: tx1 paying Shapeshift.io <http://shapeshift.io>
> with 6uBTC output
> is not dust under post-Hearn-relay-drop rules, but is dust under
> pre-Hearn-relay-drop rules, followed by tx2 w/o the output and not
> paying Shapeshift.io <http://shapeshift.io>.
> F2Pool/Eligius/BTCChina/AntPool etc. are all
> miners who have reverted Hearn's 10x relay fee drop as recommended
> by v0.11.0 release notes and accept these double-spends.
> Shapeshift.io <http://shapeshift.io> lost ~3 BTC this week in multiple
> txs. (they're no
> longer accepting zeroconf)
>
> Example success story #2: tx1 with post-Hearn-relay drop fee,
> followed by tx2 with higher fee. Such stupidly low fee txs just
> don't get mined, so wait for a miner to mine tx2. Bought a silly
> amount of reddit gold off Coinbase this way among other things. I'm
> surprised that reddit didn't cancel the "fools-gold" after tx
> reversal. (did Coinbase guarantee those txs?) Also found multiple
> Bitcoin ATMs vulnerable to this attack. (but simulated attack with
> tx2s still paying ATM because didn't want to go to trouble of good
> phys opsec)
>
> Shoutouts to BitPay who did things right and notified merchant
> properly when tx was reversed.
>
> In summary, every target depending on zeroconf vulnerable and lost
> significant sums of money to totally trivial attacks with high
> probability. No need for RBF to do this, just normal variations in
> miner policy. Shapeshift claims to use Super Sophisticated Network
> Sybil Attacking Monitoring from Blockcypher, but relay nodes !=
> miner policy.
>
> Consider yourself warned! My hat is whiter than most, and my skills
> not particularly good.
>
> What to do? Users: Listen to the experts and stop relying on
> zeroconf. Black hats: Profit!
>
> _______________________________________________ bitcoin-dev mailing
> list bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>
> --
> Arne Brutschy <abrutschy at xylon.de>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150716/127ff899/attachment-0001.html>