fed Posted August 13, 2015 Report Share Posted August 13, 2015 Merchants with zeroconf:With my black hat on I recently performed numerous profitable double-spend attacks against zeroconf accepting fools. With my white hat on, I'm warning everyone. The strategy is simple:tx1: To merchant, but dust/low-fee/reused-address/large-size/etc. anything that miners don't always accept.tx2: After merchant gives up valuable thing in return, normal tx without triggering spam protections. (loltasticly a Mike Hearn Bitcoin XT node was used to relay the double-spends)Example success story: tx1 paying Shapeshift.io with 6uBTC output is not dust under post-Hearn-relay-drop rules, but is dust under pre-Hearn-relay-drop rules, followed by tx2 w/o the output and not paying Shapeshift.io. F2Pool/Eligius/BTCChina/AntPool etc. are all miners who have reverted Hearn's 10x relay fee drop as recommended by v0.11.0 release notes and accept these double-spends. Shapeshift.io lost ~3 BTC this week in multiple txs. (they're no longer accepting zeroconf)Example success story #2: tx1 with post-Hearn-relay drop fee, followed by tx2 with higher fee. Such stupidly low fee txs just don't get mined, so wait for a miner to mine tx2. Bought a silly amount of reddit gold off Coinbase this way among other things. I'm surprised that reddit didn't cancel the "fools-gold" after tx reversal. (did Coinbase guarantee those txs?) Also found multiple Bitcoin ATMs vulnerable to this attack. (but simulated attack with tx2s still paying ATM because didn't want to go to trouble of good phys opsec)Shoutouts to BitPay who did things right and notified merchant properly when tx was reversed.In summary, every target depending on zeroconf vulnerable and lost significant sums of money to totally trivial attacks with high probability. No need for RBF to do this, just normal variations in miner policy. Shapeshift claims to use Super Sophisticated Network Sybil Attacking Monitoring from Blockcypher, but relay nodes != miner policy.Consider yourself warned! My hat is whiter than most, and my skills not particularly good.What to do? Users: Listen to the experts and stop relying on zeroconf. Black hats: Profit! https://www.mail-archive.com/bitcoin-dev%40lists.linuxfoundation.org/msg00500.htmlBrainwallets:Released on 7th August at DEF CON 23, one of the world's largest annual hacker conventions, Castellucci's brainwallet cracker, called Brainflayer, is capable of guessing 130,000 passwords a second. Running on more powerful computers, $1 can be used to check 560 million passphrases, according to its creator.When this firepower is applied to ASCII passwords, ones constructed from US keyboard characters, and XKCD passwords, those comprised of four common words, Castellucci suggested a botnet could check every bitcoin address that has ever received funds in a single day....prototype Brainflayer had retrieved 250 BTC, then worth $20,000 from cracked brainwallets.Castellucci said he was put into a difficult ethical situation as a result. He had two options – take some bitcoins as part of an effort to alert the wallet user that their security is vulnerable, or try to contact them through other means. Ultimately, he said he wasn't sure what to do.New Cracking Tool Exposes Major Flaw in Bitcoin Brainwalletshttps://rya.nc/defcon-brainwallets.htmlhttps://github.com/ryancdotorg/brainflayer/ Quote Link to comment Share on other sites More sharing options...
