Warning from Bitcoin Org on Invalid Block Chains

Discussion in 'Virtual Money Scams' started by arrana, Jul 6, 2015.

  1. arrana

    arrana Samurai

    The Bitcoin Organization suggests that Bitcoin users visit the alert link below for any latest updates in the next few days.


    Alert from: https://bitcoin.org/en/alert/2015-07-04-spv-mining

    Some Miners Generating Invalid Blocks
    4 July 2015



    Note: this alert is on-going: the situation has not yet been resolved. (Update #1)

    Summary
    Your bitcoins are safe if you received them in transactions confirmed before 2015-07-06 00:00 UTC.

    However, there has been a problem with a planned upgrade. For bitcoins received later than the time above, confirmation scores are significantly less reliable then they usually are for users of certain software:

    • Lightweight (SPV) wallet users should wait an additional 30 confirmations more than you would normally wait. Electrum users, please see this note.
    • Bitcoin Core 0.9.4 or earlier users should wait an additional 30 confirmations more than you would normally wait or upgrade to Bitcoin Core 0.10.2.
    • Web wallet users should wait an additional 30 confirmations more than you would normally wait, unless you know for sure that your wallet is secured by Bitcoin Core 0.9.5 or later.
    • Bitcoin Core 0.9.5 or later users are unaffected. (Note: upgrade to 0.10.2 is recommended due to denial-of-service vulnerabilities unrelated to this alert.)
    Miners
    If you pool mine, please switch to a pool that properly validates blocks. The Wiki Mining Pool Comparison page currently contains a list of known (or suspected) good and bad pools.

    If you solo mine, please switch to Bitcoin Core 0.10.2.

    When Will Things Go Back To Normal?
    The problem is miners creating invalid blocks. Some software can detect that those blocks are invalid and reject them; other software can't detect that blocks are invalid, so they show confirmations that aren't real.

    • Bitcoin Core 0.9.5 and later never had any problems because it could detect which blocks were invalid.
    • Bitcoin Core 0.9.4 and earlier will never provide as much security as later versions of Bitcoin Core because it doesn't know about the additional BIP66 consensus rules. Upgrade is recommended to return to full node security.
    • Lightweight (SPV) wallets are not safe for less than 30 confirmations until all the major pools switch to full validation.
    • Web wallets are very diverse in what infrastructure they run and how they handle double spends, so unless you know for sure that they use Bitcoin Core 0.9.5 or later for full validation, you should assume they have the same security as the lightweight wallets described above.
    What's Happening
    Summary: Some miners are currently generating invalid blocks. Almost all software (besides Bitcoin Core 0.9.5 and later) will accept these invalid blocks under certain conditions.

    So far, the following forks of two or more blocks have occurred:

    The paragraphs that follow explain the cause more throughly.

    For several months, an increasing amount of mining hash rate has been signaling its intent to begin enforcing BIP66 strict DER signatures. As part of the BIP66 rules, once 950 of the last 1,000 blocks were version 3 (v3) blocks, all upgraded miners would reject version 2 (v2) blocks.

    Early morning on 4 July 2015, the 950/1000 (95%) threshold was reached. Shortly thereafter, a small miner (part of the non-upgraded 5%) mined an invalid block--as was an expected occurrence. Unfortunately, it turned out that roughly half the network hash rate was mining without fully validating blocks (called SPV mining), and built new blocks on top of that invalid block.

    Note that the roughly 50% of the network that was SPV mining had explicitly indicated that they would enforce the BIP66 rules. By not doing so, several large miners have lost over $50,000 dollars worth of mining income so far.

    All software that assumes blocks are valid (because invalid blocks cost miners money) is at risk of showing transactions as confirmed when they really aren't. This particularly affects lightweight (SPV) wallets and software such as old versions of Bitcoin Core which have been downgraded to SPV-level security by the new BIP66 consensus rules.

    The recommended fix, which was attempted, was to get all miners off of SPV mining and back to full validation (at least temporarily). If this happens, Bitcoin.org will reduce its current recommendation of waiting 30 extra confirmations to a lower number.

    Updates
    6 July 04:00: A new fork occurred starting 5 July at 21:30 with three blocks before the valid chain again became the strongest chain. See the recently-added list of forks. Reports that the situation has passed are not correct. Please continue to wait 30 more confirmations than you usually would wait before accepting a transaction
     
  2. arrana

    arrana Samurai

    List of Invalid Fork hashes from the Bitcoin Organization Wiki at https://en.bitcoin.it/wiki/July_2015_Forks#Invalid_Block_Hashes

    Invalid Block Hashes

    From the July 4th fork:

    1. 0000000000000000009cc829aa25b40b2cd4eb83dd498c12ad0d26d90c439d99 mined by BTC Nuggets (98 non-coinbase transactions)
    2. 0000000000000000155f2519d35cd5d2869900bcc5093594b27763a0315390b4 mined by F2Pool (0 non-coinbase transactions)
    3. 00000000000000000cb7a20ee4e199e347ad7369936abae53a1518efa531ec61 mined by F2Pool (0 non-coinbase transactions)
    4. 00000000000000000966d65e0fd87d1d5a8f154a2c955816c28e2006e381aa18 mined by AntPool (0 non-coinbase transactions)
    5. 00000000000000001301bfd6f566a421c7eeba103d09b312032ca065cb185de7 mined by F2Pool (0 non-coinbase transactions)
    6. 000000000000000013fe26675faa8f7dccd55ce5485bb6d0373fa66345901436 mined by F2Pool (0 non-coinbase transactions)
    From the July 5th fork:

    1. 000000000000000003ae1223f4926ec86100885cfe1484dc52fd67e042a19b12 mined by MegaBigPower (255 non-coinbase transactions)
    2. 00000000000000000063f97f292fb559773437fb3558c474efec6053a7b0d5a2 mined by an unknown miner (0 non-coinbase transactions)
    3. 000000000000000012dbd422d7bf1c4b55982c37b390d4613dcee00d31741c6a mined by an unknown miner (1,597 non-coinbase transactions)

    (Note: Bitcoin Organization recommends comparing bitcoin mining pools to determine which mining pools are cooperating in validation at https://en.bitcoin.it/wiki/Comparison_of_mining_pools#SPV_Mining_.2F_Old_Bitcoin_Core
     

Share This Page