Bitcoin Exploit

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Mad Science Bitcoin C++ P2P Cryptocurrency

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • dogecoin

    very currency

    • > that's actually not correct. apples and oranges. we're talking about mining rigs - not websites and apps maintained by sysadmins who can apply a simple fix or waf during an upstream overage attack.

    Bitcoin mining rigs don't even use bitcoin p2p protocol themselves, they typically use stratum protocol(https://braiins.com/stratum-v1/docs) and don't accept incoming connections from the public internet generally. They usually connect to mining pool servers which have long had various forms of ddos attack mitigation systems in place.

    > if this was a non-issue they wouldn't be patching it https://github.com/dogecoin/dogecoin/issues/3243

    They added an integrated basic bandwidth limiter from the looks of it, one can do something like that using external tools already. Hardly a real vulnerability.

  • Bitcoin

    Bitcoin Core integration/staging tree

    • This script asks a node for the 2000 headers between block 783,569 and 785,568.

    It's normal for a node to request headers in chunks of 2000, either as part of syncing the entire chain from scratch, or when catching up after being offline for more than two weeks.

    https://github.com/bitcoin/bitcoin/blob/fc06881f13495154c888...

    It's not the most efficient (asymmetric) way to waste bandwidth either. For each ~100 byte header request you get a 160 KB reply. You can instead ask for a block using a shorter message and get up to 4 MB. This way you can download the entire blockchain at 500+ GB multiple times.

    Those with limited upload bandwidth (and for some reason not behind a NAT) can use -maxuploadtarget to limit the total upload.

    I'm not sure how the available bandwidth is distributed between peers, but it's generally quite hard to dominate all connections of all nodes (search for "eclipse attacks"), even with a botnet.

    So that leaves CPU draining as a possible goal (or stealing Bitcoin from random script kiddies who run untrusted code and dependencies from the internet).

    = which isn't free, probably not their most economic use case and some of their operators may not like it when you attack a cryptocurrency they themselves may want to use

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts