Simon - tx hashes or it didn't happen Kidding aside, would be great if you could share the confirmed and double-spent hashes so the rest of us can dive in and learn from this. On Thu, Jul 16, 2015 at 7:50 AM, Me via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > minrelaytxfee setting proposed in the 0.11.0 release notes > > my guess, he is talking about this > https://bitcoin.org/en/glossary/minimum-relay-fee - slam dunk technique > for doublespend > > > > Related: is there somewhere a chart that plots `estimatefee` over > time? Would be interesting to see how the fee market evolved over > these past weeks. > > > I find this useful > https://bitcoinfees.github.io/ > > > > > > On Jul 16, 2015, at 7:30 AM, Arne Brutschy via bitcoin-dev < > bitcoin-dev@lists.linuxfoundation.org> wrote: > > Hello, > > What are these pre- and post-Hearn-relay drop rules you are speaking > about? Can anybody shed some light on this? (I am aware of the > minrelaytxfee setting proposed in the 0.11.0 release notes, I just > don't see what this has to do with Mike Hearn, BitcoinXT, and whether > there's a code change related to this that I missed). > > Related: is there somewhere a chart that plots `estimatefee` over > time? Would be interesting to see how the fee market evolved over > these past weeks. > > Regards > Arne > > On 15/07/15 05:29, simongreen--- via bitcoin-dev wrote: > > With my black hat on I recently performed numerous profitable > double-spend attacks against zeroconf accepting fools. With my > white hat on, I'm warning everyone. The strategy is simple: > > tx1: To merchant, but dust/low-fee/reused-address/large-size/etc. > anything that miners don't always accept. > > tx2: After merchant gives up valuable thing in return, normal tx > without triggering spam protections. (loltasticly a Mike Hearn > Bitcoin XT node was used to relay the double-spends) > > Example success story: tx1 paying Shapeshift.io > with 6uBTC output > is not dust under post-Hearn-relay-drop rules, but is dust under > pre-Hearn-relay-drop rules, followed by tx2 w/o the output and not > paying Shapeshift.io . > F2Pool/Eligius/BTCChina/AntPool etc. are all > miners who have reverted Hearn's 10x relay fee drop as recommended > by v0.11.0 release notes and accept these double-spends. > Shapeshift.io lost ~3 BTC this week in multiple > txs. (they're no > longer accepting zeroconf) > > Example success story #2: tx1 with post-Hearn-relay drop fee, > followed by tx2 with higher fee. Such stupidly low fee txs just > don't get mined, so wait for a miner to mine tx2. Bought a silly > amount of reddit gold off Coinbase this way among other things. I'm > surprised that reddit didn't cancel the "fools-gold" after tx > reversal. (did Coinbase guarantee those txs?) Also found multiple > Bitcoin ATMs vulnerable to this attack. (but simulated attack with > tx2s still paying ATM because didn't want to go to trouble of good > phys opsec) > > Shoutouts to BitPay who did things right and notified merchant > properly when tx was reversed. > > In summary, every target depending on zeroconf vulnerable and lost > significant sums of money to totally trivial attacks with high > probability. No need for RBF to do this, just normal variations in > miner policy. Shapeshift claims to use Super Sophisticated Network > Sybil Attacking Monitoring from Blockcypher, but relay nodes != > miner policy. > > Consider yourself warned! My hat is whiter than most, and my skills > not particularly good. > > What to do? Users: Listen to the experts and stop relying on > zeroconf. Black hats: Profit! > > _______________________________________________ bitcoin-dev mailing > list bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > > -- > Arne Brutschy > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > >