Return-Path: <jimmyjack@gmail.com> Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id E845FAC1 for <bitcoin-dev@lists.linuxfoundation.org>; Thu, 16 Jul 2015 14:50:16 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pd0-f182.google.com (mail-pd0-f182.google.com [209.85.192.182]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 6EAE3137 for <bitcoin-dev@lists.linuxfoundation.org>; Thu, 16 Jul 2015 14:50:15 +0000 (UTC) Received: by pdjr16 with SMTP id r16so45704410pdj.3 for <bitcoin-dev@lists.linuxfoundation.org>; Thu, 16 Jul 2015 07:50:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=9pP03FIh6vSqri7g1Z+tdJG8wAYg2INYKKnXedJKjts=; b=BU4zhM0Kq1rA4zqAvW/0m++7FGoxQvkvydlsOyVztdiKpHyMf4BP/Zp4UmleK2R3Vr b0H5r6FCmkMVDi+aF8USzbOpa6+5E4habLmyVptluImSF2au6wieHNbwkjjtVCm1+Vi5 OuCFcdLnv3N2DlqEqkWqVz92Dk8Sct9vbPxqcTv9P/W1E5JY8P2XCZIuwV7kd6zG3Rn+ impuC20Yufph010+jDQZZYorKKs6Ts/R+7qrA288aNL7MAfYnPbhXb58H0IjXeyqH08D xwnpkItDaH0NVeZhZ0ufu7M6Ctjpj3Ztfpv5aoGiBVg5KEmhoVFRTHKBvxuzAigoBqof WZiw== X-Received: by 10.68.238.39 with SMTP id vh7mr19807098pbc.12.1437058215159; Thu, 16 Jul 2015 07:50:15 -0700 (PDT) Received: from [10.237.243.222] ([50.141.34.174]) by smtp.gmail.com with ESMTPSA id ml6sm8220019pdb.69.2015.07.16.07.50.13 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 16 Jul 2015 07:50:14 -0700 (PDT) Content-Type: multipart/alternative; boundary="Apple-Mail=_3B38068F-99E3-4FD8-87FE-8E546A2C52B7" Mime-Version: 1.0 (Mac OS X Mail 9.0 \(3067\)) From: Me <jimmyjack@gmail.com> In-Reply-To: <55A7BFF7.2050608@xylon.de> Date: Thu, 16 Jul 2015 07:50:16 -0700 Message-Id: <57C28E34-7B1C-4501-BB9C-5727862023F3@gmail.com> References: <24662b038abc45da7f3990e12a649b8a@airmail.cc> <55A7BFF7.2050608@xylon.de> To: Arne Brutschy <abrutschy@xylon.de> X-Mailer: Apple Mail (2.3067) X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: bitcoin-dev@lists.linuxfoundation.org Subject: Re: [bitcoin-dev] Significant losses by double-spending unconfirmed transactions X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org> List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> X-List-Received-Date: Thu, 16 Jul 2015 14:50:17 -0000 --Apple-Mail=_3B38068F-99E3-4FD8-87FE-8E546A2C52B7 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > minrelaytxfee setting proposed in the 0.11.0 release notes my guess, he is talking about this = https://bitcoin.org/en/glossary/minimum-relay-fee = <https://bitcoin.org/en/glossary/minimum-relay-fee> - slam dunk = technique for doublespend > Related: is there somewhere a chart that plots `estimatefee` over > time? Would be interesting to see how the fee market evolved over > these past weeks. I find this useful https://bitcoinfees.github.io/ <https://bitcoinfees.github.io/> > On Jul 16, 2015, at 7:30 AM, Arne Brutschy via bitcoin-dev = <bitcoin-dev@lists.linuxfoundation.org> wrote: >=20 > Hello, >=20 > What are these pre- and post-Hearn-relay drop rules you are speaking > about? Can anybody shed some light on this? (I am aware of the > minrelaytxfee setting proposed in the 0.11.0 release notes, I just > don't see what this has to do with Mike Hearn, BitcoinXT, and whether > there's a code change related to this that I missed). >=20 > Related: is there somewhere a chart that plots `estimatefee` over > time? Would be interesting to see how the fee market evolved over > these past weeks. >=20 > Regards > Arne >=20 > On 15/07/15 05:29, simongreen--- via bitcoin-dev wrote: >> With my black hat on I recently performed numerous profitable=20 >> double-spend attacks against zeroconf accepting fools. With my >> white hat on, I'm warning everyone. The strategy is simple: >>=20 >> tx1: To merchant, but dust/low-fee/reused-address/large-size/etc.=20 >> anything that miners don't always accept. >>=20 >> tx2: After merchant gives up valuable thing in return, normal tx >> without triggering spam protections. (loltasticly a Mike Hearn >> Bitcoin XT node was used to relay the double-spends) >>=20 >> Example success story: tx1 paying Shapeshift.io with 6uBTC output >> is not dust under post-Hearn-relay-drop rules, but is dust under=20 >> pre-Hearn-relay-drop rules, followed by tx2 w/o the output and not=20 >> paying Shapeshift.io. F2Pool/Eligius/BTCChina/AntPool etc. are all=20 >> miners who have reverted Hearn's 10x relay fee drop as recommended >> by v0.11.0 release notes and accept these double-spends. >> Shapeshift.io lost ~3 BTC this week in multiple txs. (they're no >> longer accepting zeroconf) >>=20 >> Example success story #2: tx1 with post-Hearn-relay drop fee, >> followed by tx2 with higher fee. Such stupidly low fee txs just >> don't get mined, so wait for a miner to mine tx2. Bought a silly >> amount of reddit gold off Coinbase this way among other things. I'm >> surprised that reddit didn't cancel the "fools-gold" after tx >> reversal. (did Coinbase guarantee those txs?) Also found multiple >> Bitcoin ATMs vulnerable to this attack. (but simulated attack with >> tx2s still paying ATM because didn't want to go to trouble of good >> phys opsec) >>=20 >> Shoutouts to BitPay who did things right and notified merchant >> properly when tx was reversed. >>=20 >> In summary, every target depending on zeroconf vulnerable and lost=20 >> significant sums of money to totally trivial attacks with high=20 >> probability. No need for RBF to do this, just normal variations in >> miner policy. Shapeshift claims to use Super Sophisticated Network >> Sybil Attacking Monitoring from Blockcypher, but relay nodes !=3D >> miner policy. >>=20 >> Consider yourself warned! My hat is whiter than most, and my skills >> not particularly good. >>=20 >> What to do? Users: Listen to the experts and stop relying on >> zeroconf. Black hats: Profit! >>=20 >> _______________________________________________ bitcoin-dev mailing >> list bitcoin-dev@lists.linuxfoundation.org=20 >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >=20 > --=20 > Arne Brutschy <abrutschy@xylon.de> > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev --Apple-Mail=_3B38068F-99E3-4FD8-87FE-8E546A2C52B7 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html = charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" = class=3D""><div class=3D""><blockquote type=3D"cite" = class=3D"">minrelaytxfee setting proposed in the 0.11.0 release = notes</blockquote></div><div class=3D"">my guess, he is talking about = this <a href=3D"https://bitcoin.org/en/glossary/minimum-relay-fee" = class=3D"">https://bitcoin.org/en/glossary/minimum-relay-fee</a> - = slam dunk technique for doublespend</div><div class=3D""><br = class=3D""></div><div class=3D""><br class=3D""></div><div class=3D""><br = class=3D""></div><div class=3D""><blockquote type=3D"cite" = class=3D"">Related: is there somewhere a chart that plots `estimatefee` = over<br class=3D"">time? Would be interesting to see how the fee market = evolved over<br class=3D"">these past weeks.</blockquote><br = class=3D""></div><div class=3D"">I find this useful</div><a = href=3D"https://bitcoinfees.github.io/" = class=3D"">https://bitcoinfees.github.io/</a><div class=3D""><br = class=3D""></div><div class=3D""><br class=3D""></div><div class=3D""><br = class=3D""></div><div class=3D""><br class=3D""></div><div class=3D""><br = class=3D""><div><blockquote type=3D"cite" class=3D""><div class=3D"">On = Jul 16, 2015, at 7:30 AM, Arne Brutschy via bitcoin-dev <<a = href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" = class=3D"">bitcoin-dev@lists.linuxfoundation.org</a>> wrote:</div><br = class=3D"Apple-interchange-newline"><div class=3D""><div = class=3D"">Hello,<br class=3D""><br class=3D"">What are these pre- and = post-Hearn-relay drop rules you are speaking<br class=3D"">about? Can = anybody shed some light on this? (I am aware of the<br = class=3D"">minrelaytxfee setting proposed in the 0.11.0 release notes, I = just<br class=3D"">don't see what this has to do with Mike Hearn, = BitcoinXT, and whether<br class=3D"">there's a code change related to = this that I missed).<br class=3D""><br class=3D"">Related: is there = somewhere a chart that plots `estimatefee` over<br class=3D"">time? = Would be interesting to see how the fee market evolved over<br = class=3D"">these past weeks.<br class=3D""><br class=3D"">Regards<br = class=3D"">Arne<br class=3D""><br class=3D"">On 15/07/15 05:29, = simongreen--- via bitcoin-dev wrote:<br class=3D""><blockquote = type=3D"cite" class=3D"">With my black hat on I recently performed = numerous profitable <br class=3D"">double-spend attacks against zeroconf = accepting fools. With my<br class=3D"">white hat on, I'm warning = everyone. The strategy is simple:<br class=3D""><br class=3D"">tx1: To = merchant, but dust/low-fee/reused-address/large-size/etc. <br = class=3D"">anything that miners don't always accept.<br class=3D""><br = class=3D"">tx2: After merchant gives up valuable thing in return, normal = tx<br class=3D"">without triggering spam protections. (loltasticly a = Mike Hearn<br class=3D"">Bitcoin XT node was used to relay the = double-spends)<br class=3D""><br class=3D"">Example success story: tx1 = paying <a href=3D"http://shapeshift.io" class=3D"">Shapeshift.io</a> = with 6uBTC output<br class=3D"">is not dust under post-Hearn-relay-drop = rules, but is dust under <br class=3D"">pre-Hearn-relay-drop rules, = followed by tx2 w/o the output and not <br class=3D"">paying <a = href=3D"http://shapeshift.io" class=3D"">Shapeshift.io</a>. = F2Pool/Eligius/BTCChina/AntPool etc. are all <br class=3D"">miners who = have reverted Hearn's 10x relay fee drop as recommended<br class=3D"">by = v0.11.0 release notes and accept these double-spends.<br class=3D""><a = href=3D"http://shapeshift.io" class=3D"">Shapeshift.io</a> lost ~3 BTC = this week in multiple txs. (they're no<br class=3D"">longer accepting = zeroconf)<br class=3D""><br class=3D"">Example success story #2: tx1 = with post-Hearn-relay drop fee,<br class=3D"">followed by tx2 with = higher fee. Such stupidly low fee txs just<br class=3D"">don't get = mined, so wait for a miner to mine tx2. Bought a silly<br = class=3D"">amount of reddit gold off Coinbase this way among other = things. I'm<br class=3D"">surprised that reddit didn't cancel the = "fools-gold" after tx<br class=3D"">reversal. (did Coinbase guarantee = those txs?) Also found multiple<br class=3D"">Bitcoin ATMs vulnerable to = this attack. (but simulated attack with<br class=3D"">tx2s still paying = ATM because didn't want to go to trouble of good<br class=3D"">phys = opsec)<br class=3D""><br class=3D"">Shoutouts to BitPay who did things = right and notified merchant<br class=3D"">properly when tx was = reversed.<br class=3D""><br class=3D"">In summary, every target = depending on zeroconf vulnerable and lost <br class=3D"">significant = sums of money to totally trivial attacks with high <br = class=3D"">probability. No need for RBF to do this, just normal = variations in<br class=3D"">miner policy. Shapeshift claims to use Super = Sophisticated Network<br class=3D"">Sybil Attacking Monitoring from = Blockcypher, but relay nodes !=3D<br class=3D"">miner policy.<br = class=3D""><br class=3D"">Consider yourself warned! My hat is whiter = than most, and my skills<br class=3D"">not particularly good.<br = class=3D""><br class=3D"">What to do? Users: Listen to the experts and = stop relying on<br class=3D"">zeroconf. Black hats: Profit!<br = class=3D""><br class=3D"">_______________________________________________ = bitcoin-dev mailing<br class=3D"">list <a = href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" = class=3D"">bitcoin-dev@lists.linuxfoundation.org</a> <br class=3D""><a = href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" = class=3D"">https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev<= /a><br class=3D""></blockquote><br class=3D"">-- <br class=3D"">Arne = Brutschy <<a href=3D"mailto:abrutschy@xylon.de" = class=3D"">abrutschy@xylon.de</a>><br = class=3D"">_______________________________________________<br = class=3D"">bitcoin-dev mailing list<br class=3D""><a = href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" = class=3D"">bitcoin-dev@lists.linuxfoundation.org</a><br = class=3D"">https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev<= br class=3D""></div></div></blockquote></div><br = class=3D""></div></body></html>= --Apple-Mail=_3B38068F-99E3-4FD8-87FE-8E546A2C52B7--