Suggested to not buy Bytecoin, DashCoin, DigitalNote (Bug in CryptoNote found)

in #bitcoin8 years ago (edited)

For start to keep things clean and not scare people dont dont know whats up - DashCoin is NOT DASH
Monero, Bytecoin, DashCoin, DigitalNote are coins based on CryptoNote, they are forks.

XMR team has found a bug in the code some time ago allowing to create unlimited free coins in this technology.

They patched it and let other coins know. Aeon, Boolberry and Forknote are updated now along with XMR.

BCN DSH XDN still didnt update and news of the vulnerability are now public.

Mitigation (quote if the original article gets edited)

Several options exist for mitigation. The simplest, least invasive is noted below.

To mitigate, check key images for correctness by multiplying by the curve order l. Check that the result is the identity element.

Hexadecimal values of each:

Identity element = "0100000000000000000000000000000000000000000000000000000000000000"
Curve order (little endian) = "edd3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010"
For each transaction key image, check ((key image * curve order) == (identity element)); reject transaction if false.Several options exist for mitigation. The simplest, least invasive is noted below.
To mitigate, check key images for correctness by multiplying by the curve order l. Check that the result is the identity element.
Hexadecimal values of each:
Identity element = "0100000000000000000000000000000000000000000000000000000000000000"
Curve order (little endian) = "edd3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010"
For each transaction key image, check ((key image * curve order) == (identity element)); reject transaction if false.

Mentioned Coins Pumping



I suggest waiting for patches to be confirmed by devs.

Follow, Resteem and VOTE UP @kingscrown creator of http://fuk.io blog for 0day cryptocurrency news and tips!

Sort:  

In addition to the updated coins mentioned in the quote, Dashcoin (not Dash, which is unaffected) was already updated and Bytecoin released an update yesterday.

Great to know! Upped so people see your comment

That's great @smooth. I'll make a note on my post on about this issue.

Thanks for update

Lol - I used her yesterday.... hard hacking kittie :)
https://steemit.com/story/@hastla/thinkings-ransomware-wannacry-i-wanna-cry

cute kitty hacking the bitcoin ....... ha ha

kitty will be rich in minutes and forget where he stores money :D

HA HA ........ :D

This is literally me at work lol

Congratulations @kingscrown!
Your post was mentioned in my hit parade in the following categories:

  • Upvotes - Ranked 4 with 479 upvotes
  • Pending payout - Ranked 2 with $ 396,18

Create unlimited free coins on all coins forked from CryptoNote before the fix?

The exploit allows double-spends. It allows anyone to create an infinite amount of coins in a way that is impossible to detect (unless you write special code to look for it)

Monero claims their chain is safe and they've already checked it.

Who has checked Monero's test? How can you look for these inflated coins?

Basically it means you could use your wallet to "pump up" other wallet balances with double spends. You could then sell these fake created coins on exchanges or stock pile them.

You basically have to edit every transaction on the entire chain.

I personally will not be buying any CryptoNote forked coin including Monero until more information is available. :(

This is a massive problem.

Who has checked Monero's test? How can you look for these inflated coins?

The detection is built into the standard node (and the code for that is in github, in case you want to check it). If you are using any recent version and you have synced from scratch then you have checked that the entire chain is devoid of any use of the exploit.

EXCELLENT. This info needs to be on the Monero website. Makes a lot of sense.

The method is core::check_tx_inputs_keyimages_domain(const transaction& tx) const. If you do hack and dump, send a tip my way. :)

let's try bytecoin

Awesome - bought em yesterday... : )

you miss the train , bug has already solve since april now coin has a lot of progress.

Is it? It seems also rather old, as often it happens.

Conjecture no evident at all, it's just clam to ruin reputation

Really appreciate you taking the time to share this! There is so much to keep up with in this crypto world!

Dam the hackers are making it more and more scary... Anything related to internet is becoming scary.

just only bug , technology base on blockchain now a day can not hack

Good to know. I'll transfer more fund to steem... :)

They already fix for 2 month sir , just error on node in process double spend