1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
|
Return-Path: <adrian@coinbase.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id CCF59BC9
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 15 Jul 2015 17:01:57 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-qg0-f43.google.com (mail-qg0-f43.google.com
[209.85.192.43])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 0047A15B
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 15 Jul 2015 17:01:56 +0000 (UTC)
Received: by qget71 with SMTP id t71so20998472qge.2
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 15 Jul 2015 10:01:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coinbase.com; s=google;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:cc:content-type;
bh=2O6k8GZHcyvbrMCKz4NwLttLEE8zbuhaIPJK7GOFsZs=;
b=LHGycJYiEmfqqqUypqq94mfNaxNPAe6P31e9cI+STBs1K5L9lXLkG0EZj8uKaAC7HZ
Kw5+/tiiSxqhZL2Ald6LS2TIAy2eIeevafRWhFPhuBaNkM3jY84Li9uTEHO4XMXAsskN
9olAM8/Bwsr7K++lZa71xa+ZbZWH2p9XJaqdI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:date
:message-id:subject:from:to:cc:content-type;
bh=2O6k8GZHcyvbrMCKz4NwLttLEE8zbuhaIPJK7GOFsZs=;
b=M2/jSdbzPrbRtiLuYQIBXRoCOyx/weW8fQWJqw6QoYm/DSICvYKO2CkS9QpKmm3NQE
vHJDrcHfgamC7bH//JMN5CxBtSIoe8Bv5p+mHGgcvWqK6thXP377cgm00fqgfIadC2S2
u+YT7Z/9zLCQJyCUQBGzUEAUE2F0ARtDtVsMHccav+aDL9UkYCRU3RQzfE+Mpw4y18eR
WkeSkbBJG6cn1kzrW/1wjC3vvjgte1zBGENueL4q9iUGXgtd+s9l3+Y9bcPrR4nQ2Wck
1NEqAMZaCKXTKBNYKC0pMNur/XQoF14X2LDl5OoY+rblen7zn3iQza21bDbLWPowsKBt
FycA==
X-Gm-Message-State: ALoCoQmbG+AwflbqBv9Fc8GekFtYwdK4MJZWw/u2XmahpAN7EPN3ruFqBqAdV6u6iD7/Rl/9tb5t
MIME-Version: 1.0
X-Received: by 10.140.234.1 with SMTP id f1mr3185099qhc.48.1436979716131; Wed,
15 Jul 2015 10:01:56 -0700 (PDT)
Received: by 10.96.48.164 with HTTP; Wed, 15 Jul 2015 10:01:56 -0700 (PDT)
In-Reply-To: <24662b038abc45da7f3990e12a649b8a@airmail.cc>
References: <24662b038abc45da7f3990e12a649b8a@airmail.cc>
Date: Wed, 15 Jul 2015 10:01:56 -0700
Message-ID: <CAMK47c91-4FSAWhBaGvAtDZhxWt4ZyKAOKnZO2tC4iewmfYyYA@mail.gmail.com>
From: Adrian Macneil <adrian@coinbase.com>
To: simongreen@airmail.cc
Content-Type: multipart/alternative; boundary=001a11353af687a318051aece9e6
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham
version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] Significant losses by double-spending unconfirmed
transactions
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2015 17:01:57 -0000
--001a11353af687a318051aece9e6
Content-Type: text/plain; charset=UTF-8
> With my white hat on
> Shapeshift.io lost ~3 BTC this week in multiple txs
I assume as a self proclaimed "white hat", you contacted the relevant
companies and returned their funds? Theft is still theft, regardless of
whether you are doing it for research or not.
On Tue, Jul 14, 2015 at 8:29 PM, simongreen--- via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> With my black hat on I recently performed numerous profitable double-spend
> attacks against zeroconf accepting fools. With my white hat on, I'm warning
> everyone. The strategy is simple:
>
> tx1: To merchant, but dust/low-fee/reused-address/large-size/etc. anything
> that miners don't always accept.
>
> tx2: After merchant gives up valuable thing in return, normal tx without
> triggering spam protections. (loltasticly a Mike Hearn Bitcoin XT node was
> used to relay the double-spends)
>
> Example success story: tx1 paying Shapeshift.io with 6uBTC output is not
> dust under post-Hearn-relay-drop rules, but is dust under
> pre-Hearn-relay-drop rules, followed by tx2 w/o the output and not paying
> Shapeshift.io. F2Pool/Eligius/BTCChina/AntPool etc. are all miners who have
> reverted Hearn's 10x relay fee drop as recommended by v0.11.0 release notes
> and accept these double-spends. Shapeshift.io lost ~3 BTC this week in
> multiple txs. (they're no longer accepting zeroconf)
>
> Example success story #2: tx1 with post-Hearn-relay drop fee, followed by
> tx2 with higher fee. Such stupidly low fee txs just don't get mined, so
> wait for a miner to mine tx2. Bought a silly amount of reddit gold off
> Coinbase this way among other things. I'm surprised that reddit didn't
> cancel the "fools-gold" after tx reversal. (did Coinbase guarantee those
> txs?) Also found multiple Bitcoin ATMs vulnerable to this attack. (but
> simulated attack with tx2s still paying ATM because didn't want to go to
> trouble of good phys opsec)
>
> Shoutouts to BitPay who did things right and notified merchant properly
> when tx was reversed.
>
> In summary, every target depending on zeroconf vulnerable and lost
> significant sums of money to totally trivial attacks with high probability.
> No need for RBF to do this, just normal variations in miner policy.
> Shapeshift claims to use Super Sophisticated Network Sybil Attacking
> Monitoring from Blockcypher, but relay nodes != miner policy.
>
> Consider yourself warned! My hat is whiter than most, and my skills not
> particularly good.
>
> What to do? Users: Listen to the experts and stop relying on zeroconf.
> Black hats: Profit!
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>
--001a11353af687a318051aece9e6
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div><span style=3D"font-size:12.8000001907349px">>=C2=
=A0</span><span style=3D"font-size:12.8000001907349px">With my white hat on=
</span><br></div><div><br></div>>=C2=A0<span style=3D"font-size:12.80000=
01907349px">Shapeshift.io lost ~3 BTC this week in multiple txs</span><div>=
<br></div><div><div><span style=3D"font-size:12.8000001907349px">I assume a=
s a self proclaimed "white hat", you contacted the relevant compa=
nies and returned their funds? Theft is still theft, regardless of whether =
you are doing it for research or not.</span></div></div></div><div class=3D=
"gmail_extra"><br><div class=3D"gmail_quote">On Tue, Jul 14, 2015 at 8:29 P=
M, simongreen--- via bitcoin-dev <span dir=3D"ltr"><<a href=3D"mailto:bi=
tcoin-dev@lists.linuxfoundation.org" target=3D"_blank">bitcoin-dev@lists.li=
nuxfoundation.org</a>></span> wrote:<br><blockquote class=3D"gmail_quote=
" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">W=
ith my black hat on I recently performed numerous profitable double-spend a=
ttacks against zeroconf accepting fools. With my white hat on, I'm warn=
ing everyone. The strategy is simple:<br>
<br>
tx1: To merchant, but dust/low-fee/reused-address/large-size/etc. anything =
that miners don't always accept.<br>
<br>
tx2: After merchant gives up valuable thing in return, normal tx without tr=
iggering spam protections. (loltasticly a Mike Hearn Bitcoin XT node was us=
ed to relay the double-spends)<br>
<br>
Example success story: tx1 paying Shapeshift.io with 6uBTC output is not du=
st under post-Hearn-relay-drop rules, but is dust under pre-Hearn-relay-dro=
p rules, followed by tx2 w/o the output and not paying Shapeshift.io. F2Poo=
l/Eligius/BTCChina/AntPool etc. are all miners who have reverted Hearn'=
s 10x relay fee drop as recommended by v0.11.0 release notes and accept the=
se double-spends. Shapeshift.io lost ~3 BTC this week in multiple txs. (the=
y're no longer accepting zeroconf)<br>
<br>
Example success story #2: tx1 with post-Hearn-relay drop fee, followed by t=
x2 with higher fee. Such stupidly low fee txs just don't get mined, so =
wait for a miner to mine tx2. Bought a silly amount of reddit gold off Coin=
base this way among other things. I'm surprised that reddit didn't =
cancel the "fools-gold" after tx reversal. (did Coinbase guarante=
e those txs?) Also found multiple Bitcoin ATMs vulnerable to this attack. (=
but simulated attack with tx2s still paying ATM because didn't want to =
go to trouble of good phys opsec)<br>
<br>
Shoutouts to BitPay who did things right and notified merchant properly whe=
n tx was reversed.<br>
<br>
In summary, every target depending on zeroconf vulnerable and lost signific=
ant sums of money to totally trivial attacks with high probability. No need=
for RBF to do this, just normal variations in miner policy. Shapeshift cla=
ims to use Super Sophisticated Network Sybil Attacking Monitoring from Bloc=
kcypher, but relay nodes !=3D miner policy.<br>
<br>
Consider yourself warned! My hat is whiter than most, and my skills not par=
ticularly good.<br>
<br>
What to do? Users: Listen to the experts and stop relying on zeroconf. Blac=
k hats: Profit!<br>
<br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
<br>
</blockquote></div><br></div>
--001a11353af687a318051aece9e6--
|
