19
submitted 4 months ago by joe8961@monero.town to c/monero@monero.town

My first comment here I couldn't get my post to submit on reddit (don't like Tor IP?)

I was browsing X on my phone searching for monero tags to catch up on news and it popped up on my feed no likes no shares. Real or fake? Wth is this antidarknet stuff? Something monero developers should be informed about or nah? anyone tried it?

I couldn't submit to archive.org the link here's what it said

Monero 0-day. The Black Marble Attack. How we did it

https://antidark.net/board/viewtopic.php?t=10

#monero #darknet #darkweb #moretocome

??

top 25 comments
sorted by: hot top controversial new old
[-] HardenedSteel@monero.town 7 points 4 months ago* (last edited 4 months ago)

TLDR; The attacker is trolling or very ignorant or law enforcement.

The attacker;

  • doesn't know;
    • DoS'ing isn't 0day and bug
    • Dynamic block size
    • CIA drug trafficking allegations (which is different from drug selling)
    • Corrupt government structures (such as fiat money and others)
    • Pharmacies also sell hard drugs
  • calls "donation" to collateral damage
  • thinks they're "saving" our children
  • complains official wallet is so slow when 200k sub-accounts used
  • didn't prove they really made the attack
[-] antidarknet@monero.town -1 points 4 months ago
The attacker;

doesn’t know;
        DoS’ing isn’t 0day and bug -- **There is indeed a bug and it has been classified as such by the monero dev team. I'm talking about the fee selection bug that was fixed in the last wallet release. Whether it's 0day or not that's semantics. As it was pointed out on another board this same type of attack was first spotted in 2020 and as I explained there example PDF rendering vulnerabilities exist so when a new vulnerability is found and not reported it is a 0day. Same analogy. Whether you believe it is "0day" or not is irrelevant. No where does it describe how to do the "Black Marble" attack, we described it first.**
        Dynamic block size -- **Do your own research before talking? No? Read the comments here https://www.reddit.com/r/Monero/comments/1ebshvh/we_now_know_who_was_behind_the_recent_spam_attack/ then look at the analysis of the attack. There are ways to bypass it we're not as ignorant as yourself. **
        CIA drug trafficking allegations (which is different from drug selling) -- **Okay? They sell drugs so we selling drugs is okay they kill we kill no problem logic? Hello 14th century.**
        Corrupt government structures (such as fiat money and others) -- **Relevancy? Trash talk.**
        Pharmacies also sell hard drugs -- **More nonsense non-related trash talk.**
    calls “donation” to collateral damage -- **Who was the collateral damage? Darknet market admins? Poor them they only got away with hundreds of thousands when they exited and left their customers and vendors out to dry.**
    thinks they’re “saving” our children -- **Better than doing nothing? What are YOU doing for that then?**
    complains official wallet is so slow when 200k sub-accounts used -- **Using the RPC it is slow and it shouldn't be. Imagine, I know imagination in your simpleton mind not possible but try hard for us here, you run an exchange. You have 10,000 making exchanges every day. 1000 of them use Monero in either direction. 1000 x 30 days that's 30,000 subaccounts for a month. In 3-4 months that wallet will be clogged up and won't be working correctly. And then you cry when shops or other places don't accept Monero. If it can't deal with high volume is it enterprise-ready? Basic logic says no.**
    didn’t prove they really made the attack -- **Take a look at the post once again. Try it out yourself. Post back the results. Really simple for the smoothest of brains to understand.**

Now that I've proven you've got no idea what you're talking about, try again and this time try to use the thing between your ears.

This settles my limit for answering questions with hardened stupidity level for today.

[-] AVincentInSpace@pawb.social 4 points 4 months ago

Am I reading this wrong, or did they just spend 30 grand to cause a temporary denial of service and call it a 0-day?

[-] admin@monero.town 3 points 4 months ago

Partially. For the Monero blockchain itself this is basically it but the spam also enabled them to withdraw funds ($300k) from darknet markets multiple times in a row, since their withdrawal systems didn't account for transactions being this delayed.

[-] AVincentInSpace@pawb.social 2 points 4 months ago

Which is undoubtedly an exploit, but it seems to be one in the exchange rather than one in Monero. Still a massive bug though, and I hate to say this but I kind of agree that any exchange that lets you do that shouldn't be in business

[-] admin@monero.town 3 points 4 months ago* (last edited 4 months ago)

Well, many of the exploited ones are already gone.

[-] jet@hackertalks.com 4 points 4 months ago* (last edited 4 months ago)

It doesn't seem actionable. They spent 30,000 US to generate a bunch of traffic, which slowed down transactions. Well I don't appreciate the sentiment, these attacks help evolve the network infrastructure to become resilient

https://tx.town/v/xmr/launch

If you want a visualization on the transaction backlog

[-] joe8961@monero.town 1 points 4 months ago

How can it be not actionable but slow down transactions too? I remember when i wasn't able to submit transactions for many hours on end. Wasn't the black marble attack exactly slowing down transaction? seems contradictory to say it wasn't actionable if its end result? i am confusion

They claim they've made-off several illegal markets over 300k i mean that's a 10x investment don't know if they care about the initial 30 grand lol

I totally agree resilience is needed on monero and if it's how the attacks were done it could give developers insight how to fix it. Almost seems like a simulation where many more people would use xmr. More confusion should we thank them or tell them to go f themselves??

[-] admin@monero.town 4 points 4 months ago

This attack highlighted several issues that have been addressed. The biggest issue was wallets not automatically raising the default fee which led to transactions getting stuck for hours. Without the bug, you would have paid 2 cents instead of 0.5 for a transaction and it would have been confirmed at regular speed.

[-] joe8961@monero.town 2 points 4 months ago

What you're saying is it's a legitimate attack at the time of executing pre-new build that fixes the bug? Not a fake and they could've really made money exploiting it in badly coded illegal markets? Thanks for clarify

[-] admin@monero.town 2 points 4 months ago

They made money through extortion, not by draining any wallets due to spam. There was spam and it did delay transactions for regular users due to existing wallet bugs that are now fixed. I can't really comment on badly coded markets, I assume they somehow broke their payment systems because they didn't account for long delays when receiving coins or also had the fee selection bug.

[-] antidarknet@monero.town 3 points 4 months ago* (last edited 4 months ago)

Official antidarknet admin here.

You seem very certain the attack has been "patched" and we made money from "extortion"? Where are you getting your information from while answering with such certainty? Really curious. I'm not being offensive here but is really not good especially for a website admin to make high speculation when they don't know the facts.

Let me tell you how it really is and then you and everyone else can draw own conclusions.

Fact #1

Although the bug was patched officially it's still possible to do what we described in the post on our forum. Try it out and see for yourself. Automatically setting the fee doesn't make the problem go away if you're 300 blocks or more backlog. As an attacker setting high fees and spamming it DOES create backlog too albeit slower. We do agree it could've been the case of the market wallets not being updated hence not being able to send transactions and falling under our exploit scope. Some of our attacks were after the patch was deployed evident by the timeline of certain darknet marketplaces collapsing.

Fact #2

We never extorted nobody we simply took it from criminals extortion means something else. You say we "extorted" but in the next sentance you say "they somehow broke their payment systems"? You're absolutely correct we did break their payment systems but not because they didn't account for long delays or because we "extorted" them (we never communicated we just did our exploit). But reason being when markets were executing sending payments functions (withdraw for clients) they hadn't accounted for the sending itself to fail due to the huge backlog we were creating with the spam. Creating an account and depositing then withdrawing while spamming Monero network resulted in getting multiple times the same amount over and over. Simple and honestly newbie programmer mistake not to cover use cases that cost them in total 300k+ and lead to several of them shutting down.

Fact #3

Our mission statement is crystal clear. We never took any profit from these attacks. All money were and are being put back into our new projects and operations which are ongoing targetting darknet markets, forums, fraud shops and so on.

We appreciate the discussion and do hope sincerely the monero devs to be notified, do simulation tests on that stressnet that was build specifically due the attack and see what we're talking about is not theory in any way and still possible today with enough resources (not talking crazy amounts here less than 100k).

As a bonus to the developers if you're reading this is the official wallets are extremely unstable at 200,000 subaccounts if each has had at least one transaction in and one out. Try generating more subaccounts after 200k it takes many times longer to generate rather than when first initializing a wallet. The more accounts you add the slower it gets. Should probably fix that too. Don't take our word for it but test it yourselves.

We fight the illegal use and not against privacy featured coins like Monero that's why we're sharing all of it. We did indeed use it and possibly cost inconvenience to users however taking down illegal markets where hardcore substances are sold is a priority over making a payment now rather than in half a day.

Antinet, AntiDarkNet admin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Official antidarknet admin here.

You seem very certain the attack has been "patched" and we made money from "extortion"? Where are you getting your information from while answering with such certainty? Really curious. I'm not being offensive here but is really not good especially for a website admin to make high speculation when they don't know the facts.

Let me tell you how it really is and then you and everyone else can draw own conclusions.


Fact #1

Although the bug was patched officially it's still possible to do what we described in the post on our forum. Try it out and see for yourself. Automatically setting the fee doesn't make the problem go away if you're 300 blocks or more backlog. As an attacker setting high fees and spamming it DOES create backlog too albeit slower. We do agree it could've been the case of the market wallets not being updated hence not being able to send transactions and falling under our exploit scope. Some of our attacks were after the patch was deployed evident by the timeline of certain darknet marketplaces collapsing. 


Fact #2

We never extorted nobody we simply took it from criminals extortion means something else. You say we "extorted" but in the next sentance you say "they somehow broke their payment systems"? You're absolutely correct we did break their payment systems but not because they didn't account for long delays or because we "extorted" them (we never communicated we just did our exploit). But reason being when markets were executing sending payments functions (withdraw for clients) they hadn't accounted for the sending itself to fail due to the huge backlog we were creating with the spam. Creating an account and depositing then withdrawing while spamming Monero network resulted in getting multiple times the same amount over and over. Simple and honestly newbie programmer mistake not to cover use cases that cost them in total 300k+ and lead to several of them shutting down.


Fact #3

Our mission statement is crystal clear. We never took any profit from these attacks. All money were and are being put back into our new projects and operations which are ongoing targetting darknet markets, forums, fraud shops and so on.


We appreciate the discussion and do hope sincerely the monero devs to be notified, do simulation tests on that stressnet that was build specifically due the attack and see what we're talking about is not theory in any way and still possible today with enough resources (not talking crazy amounts here less than 100k).

As a bonus to the developers if you're reading this is the official wallets are extremely unstable at 200,000 subaccounts if each has had at least one transaction in and one out. Try generating more subaccounts after 200k it takes many times longer to generate rather than when first initializing a wallet. The more accounts you add the slower it gets. Should probably fix that too. Don't take our word for it but test it yourselves.

We fight the illegal use and not against privacy featured coins like Monero that's why we're sharing all of it. We did indeed use it and possibly cost inconvenience to users however taking down illegal markets where hardcore substances are sold is a priority over making a payment now rather than in half a day.


Antinet,
AntiDarkNet admin
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQR/iAQxtllG0fCl//MAuh7Std/C3gUCZqJrvgAKCRAAuh7Std/C
3h8SAQDInTE6L6bmaVEzikzWM/9KwDkWspo0KLAwjQNlDyIQUAD/VkM/wHhEL3Sk
Tzt/c/UW1pQdONhXT5JI2wkFd4FkjA8=
=vFU7
-----END PGP SIGNATURE-----

[-] admin@monero.town 5 points 4 months ago

Yeah sorry, I had not considered draining market wallets as an option. Thanks for the pentest, it greatly pushed FCMPs and high-throughput research forward!

[-] antidarknet@monero.town 4 points 4 months ago

Good to hear we never intended to hurt any legitimate Monero users. That has been said so many times already even on our latest clarification topic (for the thickest of users) https://antidark.net/board/viewtopic.php?t=15 hope you don't mind posting this link twice. We very much like this site better than Reddit.

[-] c0mmando@links.hackliberty.org 4 points 4 months ago

as if dealing with the feds wasn't enough, now we gotta deal with hacktivist bootlickers

[-] antidarknet@monero.town -2 points 4 months ago

Unless you're criminal you shouldn't be worried in any way. We support privacy (disclosure of bug) and agree darknet communities should exist but not when they break the law. No sane person can argue selling h**oin or someones bank account details is something noble and we should all be very upset about it when its disrupted. Unless you are one of them.

[-] blake@monero.town 6 points 4 months ago

hi antidarknet

cool site and nice job stresstesting XMR. look forward to seeing more of your projects in the future!

Makes me wonder about other vulnerabilities there could be - particularly regarding dark markets, xmr escrow services etc.

regarding your point

Unless you’re criminal you shouldn’t be worried in any way.

A criminal is someone defined by the state as having broken a law. Likewise a legal action is one which happens to coincide with a state's edict (law). but libertarian maximalists or anarchists wouldn't agree. hence why you were called a bootlicker.

whilst it's perfectly righteous to fight what you see as harmful, there's an argument for freedom, particularly in the case of drugs where it is usually the user who is the only one at risk of harm (if we follow the harm principle rather than legal/illegal). yes the drug trade can harm too - but that could also be because it is 'illegal' and has to take place in a non-ideal marketplace.

that being said, I have my own limits as to what is moral so I agree that you should pursue yours. but I will do things that are illegal, and I encourage you to do so too. perhaps one day using monero will be 'illegal'! </end philosophical sidebar>

[-] c0mmando@links.hackliberty.org 3 points 4 months ago

Unless you’re criminal you shouldn’t be worried in any way.

I'm not worried.

darknet communities should exist but not when they break the law.

You all just sound like a bunch of wanna-be cops to me.

No sane person can argue selling h**oin or someones bank account details is something noble and we should all be very upset about it when its disrupted.

Actually any sane person could argue that PROHIBITION does not work, and by attacking darknet marketplaces what you're doing is making it so drug addicts need to take even more risk buying random shit from street vendors instead of vetted dark web marketplace vendors.

I don't think any of us support your virtue signaling, go attack some child predators or something.

[-] antidote@monero.town 1 points 4 months ago

As @Blake said, "breaking the law" just means going outside of the boundaries set by your rulers. For anything outside the law, your rulers dislike it, but the majority of people could actually like it.

Take going to the bar with black people as an example. You might be in a place where it's disliked by the ruling political elite, or in a place and time where it's fine. This is the legal/illegal view.It's sometimes quite different from the moral view of things. The same applies to other topics like should women be allowed to drive cars, or should drug addicts be allowed a safe source of drugs free from the influence of "very bad people"?

Please don't let political elites set your personal morality. They are professional liars ( that's how they became political elites) and they have no morality to offer you.

[-] tusker@monero.town 3 points 4 months ago

Thank you for helping to make Monero the best digital cash it can be for me to use on whatever I want.

The publicity you generated with this is worth at least 1000 XMR, keep at it! 😍

[-] joe8961@monero.town 2 points 4 months ago

I'm seriously getting confused here sorry how didn't they make money with the attack but through extortion? Did they break payment systems with monero slowdown or they slowed down monero and extorted money or they extorted money not to attack the monero network? I cant find what you're referencing to

If they were able to use it as attack doesn't that make it actionable and jet who commented wrong?

[-] admin@monero.town 4 points 4 months ago

I was wrong, I didn't consider that their attack could drain badly coded DNM wallets by double-spending withdraw transactions.

[-] h3mlocke@lemm.ee 3 points 4 months ago

Its totally chill brah, hodl

[-] antidarknet@monero.town 2 points 4 months ago

We're adding a clarification topic with answers to comments since Reddit has censored almost all of our responses.

You can read it here https://antidark.net/board/viewtopic.php?t=15

[-] delirious_owl@discuss.online 2 points 4 months ago

Someone please link to the github issue. That will be elucidating for all

this post was submitted on 25 Jul 2024
19 points (85.2% liked)

Monero

1690 readers
45 users here now

This is the lemmy community of Monero (XMR), a secure, private, untraceable currency that is open-source and freely available to all.

GitHub

StackExchange

Twitter

Wallets

Desktop (CLI, GUI)

Desktop (Feather)

Mac & Linux (Cake Wallet)

Web (MyMonero)

Android (Monerujo)

Android (MyMonero)

Android (Cake Wallet) / (Monero.com)

Android (Stack Wallet)

iOS (MyMonero)

iOS (Cake Wallet) / (Monero.com)

iOS (Stack Wallet)

iOS (Edge Wallet)

Instance tags for discoverability:

Monero, XMR, crypto, cryptocurrency

founded 1 year ago
MODERATORS