<system> file 1000007931.jpg too big to download (1797207 > allowed size: 1000000)

<h​undehausen:monero.social> 1000007931.jpg

<c​trej:matrix.org> Comparing the amount of nodes to the total network worth is stupid, and you know it.

<c​trej:matrix.org> The sales pitch for running a node is not that the network becomes 1/20000th stronger. Quite a few public nodes are kinda shit (running on a raspberry or with an HDD) and slow mobile wallet down significantly, when connected to it. Also random nodes may serve shit tx fees and may log IP or other usage data.

<c​trej:matrix.org> When running your own node on proper hardware, you always get top notch performance. But so do your family, friends and community, if you offer them to use your node as well.

<c​trej:matrix.org> Then, there's the psychological aspect that running a part of the network makes it feel more important to you, simply because you are contributing. Invested people are more likely to talk to others about it, and because they have some experience with it, they are better to help with monero related questions.

<1​23bob123:matrix.org> Tldr😬

<i​nstrumental_only:matrix.org> What's the best place like tutorial wise from decent hardware to proper instructions for starting up your own node?

<i​nstrumental_only:matrix.org> What's the best place like tutorial wise from decent hardware to proper instructions for starting up your own node?

<c​trej:matrix.org> Currently running a node based on Seth's guide. For the hardware side we do not have a guide I like, so I'm in the process of writing one :P Very brief summory so far:

<c​trej:matrix.org> IMO best value for your money are currently used mini PCs with a i5-6500T bundled with 8GB ram and 256gb sata SSD. Got all my three test samples (HP 600G3, Lenovo M710q, Dell 7040) for about 100€ inkl. shipping on sale.

<c​trej:matrix.org> You'll also need an M.2 SSD with ASPM (=low power mode) support, but DRAM on the drive is not strictly needed. Not sure yet if dual channel RAM improves performance.

<c​trej:matrix.org> With a bit of tweaking you can push power consumption below 3W (4W from the wall) and remove the CPU fan for silent operation.

<i​nstrumental_only:matrix.org> OK, maybe you can share a few links, I'm interested. Also do I have to run the node bare metal, or can I run it with maybe proxmox if I get better hardware?

<i​nstrumental_only:matrix.org> OK, maybe you can share a few links to hardware, I'm interested. Also do I have to run the node bare metal, or can I run it with maybe proxmox if I get better hardware?

<c​trej:matrix.org> Mine runs bare metal. Extra layers (Proxmox, Docker, VMs) don't require much extra performance, but may prevent the box from entering package sleep states, increasing power consumption

<c​trej:matrix.org> Search for the mini PCs based on the processor name

<c​trej:matrix.org> Just "6500t" on eBay is enough

<i​nstrumental_only:matrix.org> OK, is that minimum base processor power right?

<c​trej:matrix.org> A good SSD price/performance wise is a Samsung 980, their controller supports ASPM and the drive is relatively cheap. Better drives from the same series work as well

<c​trej:matrix.org> On the 6500T the average load caused by monerod is 2-3%

<c​trej:matrix.org> there is plenty of headroom if you want to run other stuff as well

<c​trej:matrix.org> but even low tier processors are rarely cheaper, so it doesn't make sense to save 10€ but get half the performance

<c​trej:matrix.org> going higher performance also doesn't help much, the 8500T is like 60% better, but costs twice as much

<i​nstrumental_only:matrix.org> It kinda sucks for me right now, I might be only able to get some of this stuff on amazon if they have it. Is the price that much different right now from used on amazon to eBay you think?

<c​trej:matrix.org> amazon is shit for used goods

<i​nstrumental_only:matrix.org> Do they have eBay gift cards or codes you can buy with XMR?

<i​nstrumental_only:matrix.org> OK I see

<c​trej:matrix.org> I am pretty sure that somebody would be reshipping a PC intended for use as a node for you

<i​nstrumental_only:matrix.org> They have a Dell Optiplex 3060 Micro 6-Core i5- for little over 100 bucks

<i​nstrumental_only:matrix.org> On eBay I see

<i​nstrumental_only:matrix.org> Its got a 8500T

<1​23bob123:matrix.org> Why did allark change to an exchange?

<1​23bob123:matrix.org> It had all products a studd

<1​23bob123:matrix.org> It had all products a stuff

<c​trej:matrix.org> Good deal. Used prices in the EU are usually much higher (8500T based 170€ the lowest I have seen)

<i​nstrumental_only:matrix.org> OK I see, I am having trouble with bank so can't open another account on eBay and buy, do they allow gift cards?

<i​nstrumental_only:matrix.org> Well I will look into it, I been busy with work and wanted to learn more on how to setup my own node. Just need the time. I hope you can make that tutorial soon. I will definitely check it out. 👍

<c​trej:matrix.org> I'll ping you when its ready

<m​onerobull:matrix.org> instrumental_only: i can do it for you, no fee but you have to buy a monerochan standee for 10€ that will be included with the PC 😄

<m​onerobull:matrix.org> i should open a reshipping service that is entirely based on this model lmao

<s​hermand100:matrix.org> If you get a mini pc and run the Ubuntu server LTS then you can install PiNodeXMR on it for your full node.

<s​hermand100:matrix.org> That'd give you a full monero node, monero blockexplorer, P2Pool, Eth XMR atomic swaps, Monero-LWS and some other tools. It's been around for years, and all FOSS.

<s​hermand100:matrix.org> Just saying...

<s​hermand100:matrix.org> github.com/monero-ecosystem/PiNode-XMR

<s​hermand100:matrix.org> pinode.co.uk

<s​hermand100:matrix.org> It was initially designed for Raspberry Pi about 6 years ago, but since then with its move to Ubuntu server OS it runs on anything.

<p​lowsof:matrix.org> the pending payments / locked liquidity pool of the CCS is now over 600 xmr, the first milestone completion of a proposal that hasn't been moved to funding happened today, what a time to be alive!

<m​onerobull:matrix.org> that sounds like a you problem /s

<p​lowsof:matrix.org> remember when bitmain didnt pay people for a month lol

<m​onerobull:matrix.org> did anything new happen?

<m​onerobull:matrix.org> also, that was like 2 weeks ago

<p​lowsof:matrix.org> CCS Wallet Incident ^ will repost to reddit shortly

<s​hermand100:matrix.org> wtf

<s​hermand100:matrix.org> that's nuts

<p​lowsof:matrix.org> monerobull reddit.com/r/Monero/comments/17m6w9e/psa_ccs_wallet_incident

<p​lowsof:matrix.org> pinging those awaiting payouts currently selsta geonic j-berman boog900 jeffro256 vostoemisio tobtoht v1docq47 dangerousfreedom escapethe3ra tobtoht

<b​usyboredom:monero.social> Oh wow. Is multisig in good enough shape yet that we could use a 2/2 multisig wallet between luigi & another community member (maybe binaryfate?) going forward?

thanks plowsof. I didn't want to make any payments (tho we are way over 244 XMR now so it's not possible anymore) until this was released

wtf

"tops it up from the CCS Wallet (via SSH)" <- this is where the breach happened, my bet

SSH into a sensitive server from Windwos?

i have no idea what a css wallet is but it looks like somebody somewhere got scammed out of 2.6k moneros

CCS

fucktop

yes that's what i said css

css |= ccs

it is possible, though the Windows computer has and had significant value on it that is untouched. The logs look as expected on server.

logs could've been cleared after

although timing doesn't add up. If you last SSH'd in May and it was drained in September

windows...? who uses a privacy coin on a spyware os and why

jesus

nioc: community funding... yup i figured from context it was something along those lines

so this kinda sucks major ass then, no?

p​lowsof: bro you sleeping on work again

the overfunding of 244~ xmr, and several abandoned proposals in the work in progress list (im sure) will have contirbuted to a large proportion of that stolen monero

244 is not overfunding, it's just the balance of the hot wallet

its just a coincidence the values are similar github.com/plowsof/scrape_ccs_fr/tree/main

<j​ohn_r365:monero.social> What's the General Fund balance?

spading_slider: yes it sucks major ass, and it really sucks because it's stolen from people who may be relying on the CCS funding to literally eat, so it's doubly uncool

john_365: around 8k XMR

john_r365*

<p​lowsof:matrix.org> so currently 600 xmr ~ awaiting payout, i think people need time to digest this before discussing solutions

<p​lowsof:matrix.org> fix it so they can survive , somehow

I'm now worried about the general fund

we have 2 general fund wallets

<l​ordx3nu:matrix.org> Wow

<p​lowsof:matrix.org> more details here reddit.com/r/Monero/comments/11fslu…fund_transparency_report_march_2023

sech1: the first thing we did was make sure that was safe

but I do think one of the larger questions is how do we make sure this can't happen in future

hmm, maybe don't keep thousands of XMR in one basket in the first place?

luigi1111w: can we remove possibility of malicious datacenter sweep? Windows 10 Pro desktop is local laptop, where hot wallet funds were drained from?

MajesticBank separate computer in my house

somebody mentioned something about somebody using windows somewhere in the process

<k​inghat:matrix.org> windows was only hot wallet

So both Windows laptop and Ubuntu server were in your house?

<k​inghat:matrix.org> still..

luigi1111w: was the PC encrypted and was hot wallet password present on that pc?

Hot wallet wasn't hacked

sech1> So both Windows laptop and Ubuntu server were in your house? <= yes

neither hot wallet nor ccs wallet password were present (key logger negates this obviously, but I've found none)

can you assume the possibility of someone breaking in and tinkering with the Ubunutu machine?

Physical access to the machine opens up a lot of attacks

it's sad we don't have CCS wallet watchdog, probably in 12 span hours, we could do something

It was drainged within minutes

oh yeah AM, so 9 minutes

how old are the computers? very unlikely but it could've just been some kid in the nsa running across a bunch of xmr while spying on people via ime/psp backdoors... i mean that's a lot of fucking xmr

The key to finding out how it was hacked, is the difference between how CCS wallet and CCS hot wallet were stored (and General Fund wallet, for that matter)

Out of those 3, only 1 was drained

*were stored and accessed

MajesticBank> oh yeah AM, so 9 minutes <= I believe it was swept and the time was just block confirmations

they were very large transactions

<k​inghat:matrix.org> spading_slider: not if it was cold

sech1: we explored that, the problem is that we're assuming it was drained as soon as they had the keys, but that's not necessarily the case

they could have the keys for a long time, but they had a "queue" of keys to check probably

You can't check a key quickly

Unless they noticed that this seed create a well-known wallet address

right, which means they *could* have other keys, which is why luigi1111w / binaryFate etc. have moved funds to other wallets

kinghat: was it cold...? if so then it must've been physical, no?

CCS wallet wasn't cold, but it was on a dedicated machine

sech1> can you assume the possibility of someone breaking in and tinkering with the Ubunutu machine? <= I think this is highly unlikely, it would imply (to me) someone was specifically targeting CCS wallet

but accessing it via SSH from Windows is too dangerous

ight that settles it, we sue microsoft for damages

<sech1> but accessing it via SSH from Windows is too dangerous <= agree going forward any solution should be as airtight as possible

but then again, if SSH/Windows combo was compromised, it took them 4 months to drain the wallet???

the balance has almost always been in the 1000s of xmr

so to sit on it for years is just weird

there's also this hack that started in April and is ongoing (there were more sweeps a few weeks ago), and includes XMR

Damn, even I don't have a proper "cold" wallet for my savings, but I never access it other than physically

and without a wireless keyboard :D

hehe

i think we'll all be raising our wallet security standards at least one notch after today

<k​inghat:matrix.org> how long would it take to figure out half of the seed? assuming a wire leak.

too long

hmm...

lots of wallets use only 12 words to start with

it depends on how it was split in 2 halves

it was first 12/last 13 or the other way

A seed encodes a private spend key, so it still leaves 100-120 bits of brute force search

yeah it should be like 126ish

another vector of attack is the node

maybe it has some 0-day RCE vulnerability

and someone found a wallet next to it, then installed keylogger or some other spyware

Don't run node and wallet on the same machine

Wallet PC is only wallet PC, there should be nothing there. Only naked console and monero-wallet-cli

<h​into.janaiyo:matrix.org> isn't the CCS wallet essentially hot in this scheme? both for fluffy and luigi - why is it not completely cold? signed transfers via raw_tx files on usb/sd/qr only, take out any ethernet or wifi chips

yeah, running it 24/7 with Monero node is asking for trouble

<h​into.janaiyo:matrix.org> if the CCS wallet has SSH open to a hot machine, then its essentially hot as well no?

<r​afaelrsanches:monero.social> Could it be related to this microsoft.com/en-us/security/blog/2…targeted-by-openssh-trojan-campaign ?

O javem

yes, both CCS wallets were essentially hot

"The threat actors initiate the attack by attempting to brute force various credentials on misconfigured internet-facing Linux devices."

this seems impossible

hinto.janaiyo: I haven't had access to any of these wallets in some time, I nuked all of that stuff after my release from custody precisely because I was worried about what might happen next

Minimal Linux installation, monero-wallet-cli and all ports closed for incoming connections

no browsers, nothing

And saved address for the real "hot" wallet

pretty much a pc hardware wallet

This is def lesson, expensive one tho

monero-wallet-cli must of course be sha256-verified before updating it

and update it 1-2 months after the official release, to make sure it wasn't compromised

and probably configure firewall to not only close all incoming, but only allow connect it to your node :D

It's even more scary if its crypto weakness

Not likely

Only 1 wallet was hacked

are some of these 2.6k from really old CCS / FFS proposals?

or why are there so much unpaid funds?

sechl on top of that i'd still keep the bulk of it in cold storage and only move to networked wallet pc periodically as needed

<m​onerobull:matrix.org> the one monero wallet where you know something will be inside

selsta yeah there are some invalid ones in there

or some invalid ones in WIP still. There is a lot of XMR in active props tho

How is twitter.com/tayvano_/status/1696222660013998407 related to this, I don't understand

Did anyone use LastPass?

ew centralized

sech1: not all of those have been LastPass, there are lots of unknowns with them

I did unfortunately. I'm still mad about it. CCS stuff was never anywhere near it tho

ccs wallet view keys are published? so no one noticed this until now ?

So, to summarize: the wallet seed could've been only compromised when the wallet was accessed and loaded into memory. Because it wasn't drained before, so I don't think it was compromised when you generated it.

viewkeys don't show outgoing without some tricks MajesticBank

MajesticBank: viewkeys aren't always hugely helpful with spotting outgoing txs unless there's change coming in

Which leaves a keylogger on either of 2 PCs, or a 0-day in monerod and then a keylogger on an Ubuntu machine

and please don't say SSH was accessible from outside your LAN

sech1: it's not necessarily the case that just because it wasn't drained before the attackers didn't have the keys, it's entirely possible there was something on the Qubes VM on my side during creation

I'm away from that Ubuntu machine until thanksgiving, will run whatever scans I can find then

sech1> and please don't say SSH was accessible from outside your LAN <= it wasn't

with Monero you know how painful it is to restore a wallet, it might just have taken them some time to get to it

yeah but 3 years?

and they can always check the restored wallet's address against known Monero wallet addresses

and then prioritize

I could also have screwed something up when sending it to luigi1111w

it can be done in milliseconds

lots of moving parts on both sides

sech1: I know, it's unclear how sophisticated the attackers in that attack (or any) are with Monero, if they had a "trove" of keys they might have just deprioritised it and focused on more accessible / easier chains

*more expensive chains like BTC/ETH :D

<s​gp:magicgrants.org> for the swept transactions, were ANY of the outputs change, or were they all 2 outs with presumably one 0-value output?

no change

sweep transactions don't produce change

<s​gp:magicgrants.org> okay, just double checking

someone just restored the wallet from seed and did sweep_all, from the looks of it

you can check those transactions

Hmm, but keylogger on Windows machine could only compromise wallet password, not its seed

If you only have wallet password, you also need wallet files

<p​lowsof:matrix.org> the ccs viewkey / primary address has been public for some time, at least since april 2022

<sech1> If you only have wallet password, you also need wallet files <= right

Unless it wasn't just a keylogger, but a full scale trojan with remote access

most RATs include the ability to keylog

then someone could use it to login to Windows machine on September 1st, then clear logs

Was it on at that time?

yes

both PCs?

yes

then I can't exclude this option (compromised Windows PC)

it's probably the most realistic option

all other options are James Bond level stuff

why leave the windows wallets alone? Why wait from May till September? It's possible

Maybe the keylogged only one of password?

why use windows at all with a PRIVACY coin...

*they

hmm, the least frequently used password...

<p​lowsof:matrix.org> spading_slider thanks for the input

from my experience, someone running simple RAT and removing all indicators of compromise is not likely

<spading_slider> why use windows at all with a PRIVACY coin... <= just what I've always done

Did you save full disk images from both PCs the moment you discovered the hack?

To search for traces later

MajesticBank it's possible they didn't remove all indicators, I don't know how to look for them all

sech1 no, but I found it almost a month later, so if they were going to clean up, they surely would've already

When you synced the wallet, did it sync from Monero height that it had in May?

yes

bash history is also all my commands, at least from May

Hmm, if it synced from May height, then it wasn't used to steal funds. I mean this instane of the wallet

<m​onerobull:matrix.org> could have copied the wallet file?

if they were smart, yes

<m​onerobull:matrix.org> and synced on their own machine

<m​onerobull:matrix.org> its what a smart actor would do if they dont know how long they have inside the system

well May to September is not a short time

<m​onerobull:matrix.org> i doubt theyd sit there with a shell and just waiting for the wallet to sync, hoping the connection doesnt die

<h​into.janaiyo:matrix.org> f​luffypony: what software generated the CCS keys?

hinto.janaiyo: monero-wallet-cli

<o​frnxmr:monero.social> I have an idea

<o​frnxmr:monero.social> We have 2500 monero from a donation for a wwebsite

<o​frnxmr:monero.social> Insurance? Haha

<o​frnxmr:monero.social> Pay the workers

<p​lowsof:matrix.org> an unplanned refund event

<o​frnxmr:monero.social> This is what generalfun is for

I doubt there is much resistance to paying existing CCS from gen fund, but wanted to get discussion underway before doing taht

<p​lowsof:matrix.org> we have a work in progress list (600~xmr awaiting to be paid out in the immediate short term)

May to September, and then 4 weeks until any measures were taken. I think it's safe to assume only 1 wallet was compromised

"Luigi logs into CCS wallet to top up hot wallet, finding (after syncing from May 10th as expected) a balance of ~4.6 XMR" <-- they didn't even monitor it for future incoming funds?

apparently not

or didn't care about that much

<p​lowsof:matrix.org> other miscellaneous issues (where some proposals have been resolved e.g. acceptXMR pre-funded with an abandoned proposal, and, we where planning to do the same for svandras video proposal).. resolving the outreach proposal didnt go through

general fund can probably bridge those too, either way that's a small amount of xmr right

to me this seems more targeted, people with a large amount of hacked wallets likely have scripts that auto drain them

it's def important to find root of this, regardless it's amount we can recover from

whoever did this is not a hero in any way

<o​frnxmr:monero.social> Whiever did this is a bum

<o​frnxmr:monero.social> Coukd have at least payed the devs

selsta: generally wallets that get drained don't receive future funds, and monitoring multiple Monero wallets is painful if you're not super sophisticated

%temp% and %appdata% are most common folders where RAT things are dropped

I would look for .lnk files (they often spread using USB drives)

They start with windows using .lnk in Startup folder in start menu and also Registry entires for Run, RunOnce

Windows services also

Data recovery software can't recover files often but can find metadata from years back

temp files, memory dumps, chkdsc file fragments, windows error reports, dns cache,

event logs, old prefect data

<o​frnxmr:monero.social> Is this even the corref room?

yes, but it was muddied by 4 weeks of that Windows PC running after the hack

<o​frnxmr:monero.social> #malware response etc?

or maybe even more, if it was hacked before that

<o​frnxmr:monero.social> I havent read entire backlog. Was wallet drained a long time ago?

september 1

full timeline: reddit.com/r/Monero/comments/17m6w9e/psa_ccs_wallet_incident

<o​frnxmr:monero.social> Ty

sech1> or maybe even more, if it was hacked before that <= had to be at least May if that was the method of breach

was the SSH password secure enough?

Someone who hacked Windows PC, could've just cracked it

For example, a day before

you need SSH password and CCS password

you'd need a keylogger

I think they are 13-14 chars

<o​frnxmr:monero.social> plowsof @plowsof:matrix.org: does it time up with any meetings

well, maybe they're on haveibeenpwned.com/Passwords and this is how they were hacked

fwiw, I've been involved in investigations on multiple exchanges that got hacked (plus Mintpal which was just a straight rug), and hackers sat on compromised boxes / keys for ages before sweeping (as in we were able to actually identify the exact time they compromised it). Sometimes they hope that there will be more funds, and then for whatever reason just decide that today is the day they're sweeping, and there's much less available to

them than there was weeks or months before then. They're operating on incomplete information, ultimately.

I just don't want to detract from the fact that the compromise could have happened on my side even before I sent the seed to luigi1111w

September 1st, back to school season. "Today is the day" :D

<p​lowsof:matrix.org> it was a Friday too

<k​inghat:matrix.org> fluffy how would they not be aware of what they've stolen? is what you just said above why?

he's saying they might have huge lists of keys that they go through whenever

yes that

<m​onerobull:matrix.org> if you have a wallet that belongs to someone else, you never know if they might deposit more

<m​onerobull:matrix.org> nice that they didn't wait for monerokon

<o​frnxmr:monero.social> Or fcmp

<sech1> well, maybe they're on haveibeenpwned.com/Passwords and this is how they were hacked <= these keys aren't used on any services

monerobull: exactly - they might not be part of the Monero community and know when the wallet might have more or less funds, so there's no way to necessarily link the time of the sweep to the time of the compromise

they might have swept it the day they got the keys, or months or years after they did

<o​frnxmr:monero.social> So ultimately, it doesnt appear that your system was breached

<o​frnxmr:monero.social> Luigis

<k​inghat:matrix.org> i guess i dont understand the tay situation.

kinghat: they identified a bunch of wallet sweeps (past and some more recent) that link the same attacker because they go to the same wallet

<o​frnxmr:monero.social> No signs of the transfer coming from your system, only thing we know is that spend key/ seed was compromised somehow

or wallet files stolen together with the password

the way the keys are generated for these affected wallets is all over the place, eg. Eth pre-sale wallets and hardware wallet keys

they think many of these are because of LastPass, but there are a whole set that never used LastPass but have been swept by the same attackers (since they went to the same destination)

and some people who were affected also lost XMR

<h​into.janaiyo:matrix.org> can't that attack be ruled out if monero-wallet-cli was used to generate the keys? otherwise this would be happening to many wallets

<o​frnxmr:monero.social> So ultimately, it doesnt appear that your system was breached <= I haven't found any evidence of anything besides the wallet being empty. I will do some more research on the ubuntu machine when I'm back

<m​onerobull:matrix.org> north korea achieved good quantum computing 💀

first target acquired!

satoshi? NO

does it make sense to setup 2/3 multisig for future funds? I can understand why it wasn't used in the past but it's a bit more mature now

hinto.janaiyo: no, because we don't know how every affected user in that breach was compromised - like I said, it's possible the Qubes VM that was used in generating that was compromised (however unlikely)

or just hardware wallet

selsta: that's where my head's at for sure

<m​onerobull:matrix.org> pretty counter-productive for them to target our CCS wallet 😭

WE MUST STOP MONERO DEVELOPMENT

<o​frnxmr:monero.social> 100

selsta yes open to any and all ideas

<o​frnxmr:monero.social> We should put up a bounty on finding them

<o​frnxmr:monero.social> DataHoarder @DataHoarder:libera.chat: DataHoarder @datahoarder:monero.social: can you track the sweeps

ummmm...no

I don't want to be snarky, but that's the point of a privacy-enhancing cryptocurrency

which sweeps, unless it's tagged the way p2pool does not much can be done

<o​frnxmr:monero.social> Fluffy, depends on how / if they try to offload it

yeah which is why we put this up as well, maybe they sent funds to a service / someone

and didn't churn

if they reswept in one tx later it would be statistically kinda obvious. Easy to hide tho if they pay attention

reason why stuff like this is done is because they don't do minimal effort p2pool.observer/transaction-lookup?…881e850bce33852cfb71d142e60a76e982e

and as luigi says

txids are there if someone wants to try. I can see the news headline now

Most we can do, is to find a tx that sweeps those 9 outputs into 1

and then the trail gets cold

it's a lot of time in between events, otherwise forensic dump of memory + disk would be good to have before doing anything, VM snapshots etc.. Otherwise any tracking can be done after the fact, if there are any statistical outliers

and yeah it's not a p2pool source where they are continuously re-sweeping into the same entities, that is why in p2pool it's so effective even when sweeps happen

<sech1> and then the trail gets cold <= yep. Unless you have access to exchange data. Much harder.

<o​frnxmr:monero.social> Trocador might lol

basically they would've actively had to screw it up

<o​frnxmr:monero.social> (If he wanted to)

<4​rkal:monero.social> Anyone know where they dumped it?

<o​frnxmr:monero.social> No

we have no idea if they did

one could do volume analyses tho that would just be a guess

<4​rkal:monero.social> If they're smart they'll dump it slowly

<o​frnxmr:monero.social> well

<o​frnxmr:monero.social> The wallet could have been worth a lot more

<o​frnxmr:monero.social> Some of that xmr was jet fund anyway

<o​frnxmr:monero.social> Stole my jet fund..

<o​frnxmr:monero.social> (a lot of purgatory ccs)

<o​frnxmr:monero.social> Ie, xmr for projects that died. Ie, surplus

<m​onerobull:matrix.org> now plowsofs job got a lot easier

<o​frnxmr:monero.social> Yep

<m​onerobull:matrix.org> "sorry, money gone."

<k​inghat:matrix.org> luigi, was the ssh bidirectional?

<4​rkal:monero.social> Any merit to this? nitter.net/pokkst/status/1720138325334335497

<o​frnxmr:monero.social> Merit?

<o​frnxmr:monero.social> Thats what were currently discussing

<4​rkal:monero.social> Oh ok lol

4rkal thanks for your input

<k​inghat:matrix.org> also, i guess it doesnt matter now that the funds are gone, but what would have happened to them if you were attacked by bus?

<o​frnxmr:monero.social> Or are you talking about pokksts decoy acanner?

<o​frnxmr:monero.social> > I'm not in there, but can someone tell them they can use my monero-decoy-scanner tool to see when outputs are used as a ring member in a transaction Someone just brought up trying to somewhat follow the coins (they're hoping for a sweep tx one hop away from the theft txs)

<o​frnxmr:monero.social> From pokkst

<4​rkal:monero.social> Yeag

<4​rkal:monero.social> Yeah

<o​frnxmr:monero.social> kinghat: the seed is known by 2 people

any chance somebody just accidentally clicked the "max" button on their wallet while sending? then maybe they went to sleep

<g​orillaquest:matrix.org> time to store the wallet keys in a google pixel

<k​inghat:matrix.org> oh right. they were moved back to the same ccs wallet.

wait what? really? LOL

looks like it

funds were moved to the hot wallet, and then moved back

One more source of compromise are the feds

in this case

I though it was "by default" to never use that wallet again after the arrest

damn

<j​effro256:monero.social> Me too...

<k​inghat:matrix.org> and if youre not going to be back at that machine again in a month, how can you be sure there wasnt physical access?

That's quite a bit of XMR they got away with.

<j​effro256:monero.social> Since the CCS was hacked and luigi1111 has write access to the repositories, I believe we should thoroughly double-check that all merge commits by luigi1111 are exactly that: merge commits.

is there a git command for this?

I'm not a git expert

Yes good.

git good?

wait...

lol

<s​gp:magicgrants.org> this is the main suspect tx:

<s​gp:magicgrants.org> xmrchain.net/tx/bb77d03cae08942f43c…05a1c9435470a4a2cabfa5e26d2c93d1a58

<o​frnxmr:monero.social> selsta: can you contact partners at exchanges :)

<s​gp:magicgrants.org> 9 flagged enotes (there will be false positives because of the 0-output)

<s​gp:magicgrants.org> matrix.monero.social/_matrix/media/…0f692ea7864630121720144524757434368

<o​frnxmr:monero.social> (hypothetically, not asking you to do it)

<system> file picture2.png too big to download (1454500 > allowed size: 1000000)

<s​gp:magicgrants.org> picture2.png

So this is most likely a second sweep transaction

Too low probability that all 9 output would be used there

<s​gp:magicgrants.org> that's for a scan window of 2965023 to 3009430

But it has 11 outputs? It's unusual

<s​gp:magicgrants.org> yes, that transaction, with only 13 inputs, if unlikely to have included 9 of those outputs by chance. It's a good lead

<s​gp:magicgrants.org> sorry 17, not 13

<k​inghat:matrix.org> oh right. they were moved back to the same ccs wallet. <= no, they were just spent as normal

<s​gp:magicgrants.org> that's the transaction to ask around about. I'd ask about all of these while you're at it:

<k​inghat:matrix.org> and if youre not going to be back at that machine again in a month, how can you be sure there wasnt physical access? <= my house isn't in the habit of being broken into. Of course it is possible. I would expect there to be a trail then too. Unless somehow targeted only towards that machine.

<s​gp:magicgrants.org> bb77d03cae08942f43cccd759ade505a1c9435470a4a2cabfa5e26d2c93d1a58 (9)

<s​gp:magicgrants.org> 32baff7fbe031dd673942061a0a20fd9615fbaccf06a6d4cd8d30e65376e12cd (4)

<s​gp:magicgrants.org> 968a24397d3efc60c916810002d373d09d3be570c8c054f5d5b457ca35755706 (2)

<s​gp:magicgrants.org> 17e502cf9e3886d99f79b8c40789b8b759df0f51da2830d3cdd1128549fd8d72 (2)

<s​gp:magicgrants.org> 7486df2589ffc7c9edf23e8b9177131f8953a983af8400ddd8e198b8abfa0efc (2)

<s​gp:magicgrants.org> f6efef0e091bca24f89de8101d9b10d07c0af85db78af305e82c710c0fadb103 (2)

<s​gp:magicgrants.org> 9e4e7e4c77f0523848a51f927a17a640117ff2cdeb7201933c69fe2daf7be06f (2)

2 and 4 ones can happen by chance, but not 9

and 9 happened the very next day

so the good news is that XMR has a strong community so just do a community fund raiser and you'll have this back in no time

dsc_ our resident optimist :)

its true though

:P

as a user I would be willing to donate, could even implement some banner inside the wallet

Did you at least send requests to exchanges asking if anyone deposited this exact or similar amount in September? Long shot, but still...

sech1> I though it was "by default" to never use that wallet again after the arrest <= this was a mistake on my part. Although, fluffy has/d other wallets that are also not compromised, as far as I understand

Exchanges can find deposits 1-2 hops away from this second sweep transaction

This hack has brought us all together, priceless

go team

didn't some guy say earlier he had enough to refund the ccs himself?

or am i trippin

I don't remember seeing that

...anybody know how to scroll up in weechat?

<s​gp:magicgrants.org> 32baff7fbe031dd673942061a0a20fd9615fbaccf06a6d4cd8d30e65376e12cd has 99 inputs, so there is a high likelihood for false positives. And for the 2 transactions, those aren't likely to match in this case. It's really just the first tx with 9 matches

nvm i got it, hang on

<x​mrscott:monero.social> OWASP has a pretty good primer on Order of Volatility if you're wanting to collect data, although since it's a month+ old there's probably not a whole lot that can be preserved at this point unless you have long log retention on your networking devices and other systems. owasp.org/www-pdf-archive//NetSecur…tileData-TechnoForensics-102908.pdf

nvm i misread what he said

<s​gp:magicgrants.org> 11 outputs is highly unusual though. Is anyone aware of any services that would correlate with this activity?

<s​gp:magicgrants.org> I will re-run the test with these 11 outputs

<o​frnxmr:monero.social> Rucknium:

<j​effro256:monero.social> PocketChange?... but probably not applicable here

<m​onerobull:matrix.org> lmao

<r​brunner7:monero.social> Had the same immediate thought :)

<r​brunner7:monero.social> 11 outputs in the CLI wallet is hard, I guess

<r​brunner7:monero.social> Gives an awfully long command

<j​effro256:monero.social> I don't know why you would consolidate 17 outputs then split it into 11 unless it was a group of individuals that were you paying out to

<j​effro256:monero.social> Maybe we could look for other 11 output transactions in the same time span?

<j​effro256:monero.social> Or its an artifact of a poorly written churner

<s​gp:magicgrants.org> possibly an attempt at structuring

it was a team of 11 007 agents. They needed to split the winnings. ok I'll stop

<o​frnxmr:monero.social> Ofrn and his 11 alts

<o​frnxmr:monero.social> 10 alts*

<k​inghat:matrix.org> 711 agents*

<r​ucknium:monero.social> sgp: What software are you using to make those graph images?

<r​brunner7:monero.social> Well, a certain sense of despair slowly creeps into my mind if not even Monero core team members can manage to stay safe against whatever type of attack that was

<r​brunner7:monero.social> "Be your own back". Yeah, right. Bank robbers please line up here.

<r​brunner7:monero.social> *bank

<j​ohn_r365:monero.social> rbrunner7: but aren't we talking about a wallet that is effectively hot? with no passphrase, no multisig, no hardware device

<j​ohn_r365:monero.social> it was running on an ubuntu machine that was running a node? and has a windows 10 desktop, that is definitely hot, SSH'ing into it occasionally

it had a passphrase, but the rest is right

<r​brunner7:monero.social> Hard to say. It does seem one can hardly be too paranoid as soon as the amount at stake goes over a certain limit

<j​effro256:monero.social> luigi1111w: was the remaining 4.6 XMR saved ?

<m​onerobull:matrix.org> what

<m​onerobull:matrix.org> how was the passphrase shared, together with the seed?

244 remains iirc

<o​frnxmr:monero.social> Seed was split in 2

the wallet file had a password, the seed did not have a passphrase

<j​effro256:monero.social> Sorry from the main wallet

<m​onerobull:matrix.org> ah

all of lovera's was saved. I moved the 4.6 then the remaining 5.4 or whatever in small chunks

<s​gp:magicgrants.org> next transaction they swept to is: 2c5b45bf398dcae482019a46fb2d06d334bf4260484dc4857fc35db3689ad5ec

<o​frnxmr:monero.social> Lovera: 🥳

<o​frnxmr:monero.social> drinks on you?

<s​gp:magicgrants.org> matrix.monero.social/_matrix/media/…f89f01e99b8367ba1720151588539990016

<s​gp:magicgrants.org> not suspicious at all

monerobull: oh maybe a "seed passphrase" was meant? In that case no

sgp "Breaking monero part 420" :D

<j​ohn_r365:monero.social> right - i did mean seed passphrase, as opposed a passworded wallet file

yes, generating a seed with passphrase is much safer

<o​frnxmr:monero.social> Maybe irs wants to donate the 625k to us if we can track this

<o​frnxmr:monero.social> we double up

IIRC it's called "offset passphrase" in CLI wallet

<s​gp:magicgrants.org> I'll let the report finish, but I think, since there are only 2 outputs, that this one might have been deposited at an exchange

right. I don't think that would help against keylogger

<o​frnxmr:monero.social> Ty sgp

<r​ucknium:monero.social> sgp: What software are you using?

<m​onerobull:matrix.org> not if they have the file no

Keylogger no, but seed with passphrase is easier to split, and passphrase can be sent via 3rd independent secure channel

I refer to the original wallet creation

sgp 2 outputs only mean we can't trace reliably anymore

But you could look for 1 in/2out transactions that use it

If it was a single output and they tried to churn it multiple times

<s​gp:magicgrants.org> my own, not public sorry

then, if you find a chain of 1in/2out transactions that start with it, it's their churn

<s​gp:magicgrants.org> yeah, will keep scanning the graph from there if needed

rucknium weren't you working on safe/unsafe churning recommendations?

<s​gp:magicgrants.org> but from here on, it may get dicey

<s​gp:magicgrants.org> in some ways, it's a miracle we were even able to trace forward 2 hops

not a miracle

combining multiple outputs is a known weakness

<r​ucknium:monero.social> s​ech1: No, that is Nathan Borggren (compdec): monerofund.org/projects/eae_attack_and_churning

<s​gp:magicgrants.org> ngl, I will LOL if the reason they got caught it because of pocket change, that would be too funny

<s​gp:magicgrants.org> ngl, I will LOL if the reason they got caught is because of pocket change, that would be too funny

<o​frnxmr:monero.social> Lmao

<r​ucknium:monero.social> Ok I will make one myself. A little competition :)

<s​gp:magicgrants.org> anhdres: does pocket change sometimes split funds into 11 outputs? Would that be behavior that could be accounted for?

<o​frnxmr:monero.social> spackle_xmr:

<r​ucknium:monero.social> I think PocketChange number of outputs is a little randomized now.

<o​frnxmr:monero.social> reddit.com/r/Monerujo/comments/164t…d_an_updated_version_of_monerujo_on

I doubt they'd use anything but CLI wallet

<o​frnxmr:monero.social> 64 days ago

<o​frnxmr:monero.social> So, they coukd have been using old version

<o​frnxmr:monero.social> Hack was 62 days ago?

<s​packle_xmr:matrix.org> Yes, they released an update on August 29 that changed the number.

<s​packle_xmr:matrix.org> I don't think I am the correct person to speak on this, but since I was tagged it is my understanding that the original version of PocketChange would have 11 outputs for a very large balance. It fills 10 pockets, and has a standard address output for a total of 11.

<1​23bob123:matrix.org> Ans still don’t know how they gained access?

<x​mrscott:monero.social> Hack was around Sept 1st

<1​23bob123:matrix.org> And*

how often does android auto update apps?

<m​onerobull:matrix.org> do we really think these guys loaded the wallet into monerujo with pocketchange enabled lol

<o​frnxmr:monero.social> Ty spackle, thats what i was trying to remember

<o​frnxmr:monero.social> Sometimes i have over 50 apps pending

It doesn't auto update, I think

<o​frnxmr:monero.social> Wirh autoupdates enabled

At least on my phone, I have to click "update"

<s​gp:magicgrants.org> it's reasonable to believe they might have been on the old version then

<s​gp:magicgrants.org> not a guarantee ofc, but a reasonable assumption to consider

It only sends notifications that "you have N apps ready to update"

<o​frnxmr:monero.social> matrix.monero.social/_matrix/media/…ero.social/KjAVNHUcyDenkAeKeEhDIDfr

<o​frnxmr:monero.social> Nah. It will autoupdate if enabled

<l​ouis.signet:monero.social> matrix.monero.social/_matrix/media/…ero.social/ilChkftpWdKkNcVVkWWGsAOw

<r​ucknium:monero.social> Could it not have been an exchange payout?

<s​gp:magicgrants.org> pocket change would explain why deposits would be swept into 11 outputs, then the sender (possibly unaware) would re-merge them

<l​ouis.signet:monero.social> This is the same observation I had in Monerokon. Other chains may have 'privacy tech' but they will never have the balls to implement it properly like Monero.

<o​frnxmr:monero.social> matrix.monero.social/_matrix/media/…ero.social/vTYHwRpWyMEgouYyUHmlfSSm

Even with auto-update and wi-if connected, it doesn't happen often

<o​frnxmr:monero.social> Right

<h​ycide:matrix.org> android definitely does autoupdate, from the official google play docs site: By default, apps are updated automatically when the following constraints are met:

<h​ycide:matrix.org> The device is connected to a Wi-Fi network.

<h​ycide:matrix.org> The device is charging.

<h​ycide:matrix.org> The device is idle (not actively used).

<h​ycide:matrix.org> The app to be updated is not running in the foreground.

<h​ycide:matrix.org> Google Play typically checks for app updates once a day, so it can take up to 24 hours before an app update is added to the update queue. After an app is added to the queue, it will be automatically updated the next time the constraints above are met.

My update queue had 19 apps, just checked

And I charged my phone today

On wi-fi the whole day

<s​gp:magicgrants.org> everyone should ask around to see if any exchanges or services received this deposit

sgp which one? tx id?

<o​frnxmr:monero.social> Same. google play is weird. It doesnt even oush updates to everyone at the same time

<o​frnxmr:monero.social> selsta: ?

<s​gp:magicgrants.org> 2c5b45bf398dcae482019a46fb2d06d334bf4260484dc4857fc35db3689ad5ec

<o​frnxmr:monero.social> next transaction they swept to is: 2c5b45bf398dcae482019a46fb2d06d334bf4260484dc4857fc35db3689ad5ec

damn

I should've enabled logs on p2pool explorer :D

<o​frnxmr:monero.social> Morpheus: did you get this one?

Then I could check who viewed that tx :D

<o​frnxmr:monero.social> Or autodeleted already

o​frnxmr: I only have contact to one exchange and core also has contact to that one

<1​23bob123:matrix.org> I’m curious how they breached and if there still in the system

Is there anyone with some official relation to exchanges to ask them about this tx?

<h​ycide:matrix.org> do we know what os was used on qubes during wallet creation?

<o​frnxmr:monero.social> Ok, would you do the honors, selsta?

<1​23bob123:matrix.org> It was qubes?

That'd be weird if they get caught. Lose-lose situation :D

<1​23bob123:matrix.org> I thought it was ubuntu

<o​frnxmr:monero.social> :D

Either we lose 2.5k XMR, or everyone says "but it was supposed to be untraceable, right"?

What are the tx id? 2c5b45bf398dcae482019a46fb2d06d334bf4260484dc4857fc35db3689ad5ec and which other one?

<o​frnxmr:monero.social> sgp:

<h​ycide:matrix.org> probably ubuntu vm inside qubes i guess

<s​packle_xmr:matrix.org> PocketChange would be an extremely odd choice. It is the sort of thing that someone would do to laugh at tracing attempts.

<1​23bob123:matrix.org> I suspect it would of come from m$

<s​gp:magicgrants.org> xmrchain.net/tx/bb77d03cae08942f43c…05a1c9435470a4a2cabfa5e26d2c93d1a58, which then appears to have been spent in xmrchain.net/tx/2c5b45bf398dcae4820…6d334bf4260484dc4857fc35db3689ad5ec

<1​23bob123:matrix.org> Not qubes

bb77... is the first sweep after the hack, and 2c5b... is the second sweep, right?

<s​gp:magicgrants.org> yes

and bb77... is suspected to be PocketChange

<s​gp:magicgrants.org> correct. we don't know for sure of course, but it's currently my best guess

did you find any 1/2 transactions after 2c5b... ?

1in/2out

<j​effro256:monero.social> 450K USD is hardly "pocket change" tho...

<s​gp:magicgrants.org> that will take me time to check. Might be tomorrow with the Monero meetup later today

<s​gp:magicgrants.org> there will likely be several candidates that are 1/2 after 2c5b... But I can get you the exact ones later

<p​olar9669:matrix.org> So we can trace it 👀

<1​23bob123:matrix.org> Checking journalctl please hold

<1​23bob123:matrix.org> Neg we have logrotate on

<p​olar9669:matrix.org> We will soon find a swap done to a shitcoin and press will be all over it monero devs traced it and its not that anonymous 😂

<1​23bob123:matrix.org> Pen test

<v​ikrants:monero.social> Justin maybe you can say a few things about this at the meetup tonight

<a​nhdres:matrix.org> yes, it will do it randomly between 6 and 14. So if the random number is 11 it will create those outputs IF the wallet doesn't have 11 already filled, otherwise it'll be less. m2049r/xmrwallet #914

<p​olar9669:matrix.org> Or sabotage 😅

<m​onerobull:matrix.org> have fun guys :)

<p​olar9669:matrix.org> Tari mainnet is close 🫢

<a​nhdres:matrix.org> we'll meet soon (Monerujo) and try to help shine a light on this

<d​iego:cypherstack.com> As I said in my github comment on the issue, I think there should be an expiration on CCS collection. There's XMR there going back YEARS and it just ends up a liability

<d​iego:cypherstack.com> ccs.getmonero.org/proposals/xmrhaelan-monero-outreach-round-3.html

<d​iego:cypherstack.com> has anyone seen or heard from xmrhaelen and/or Monero Outreach in a long time? That's just liability money forever

<1​23bob123:matrix.org> Brb

<d​iego:cypherstack.com> Also, if the GF is not multisig, it should be made so immediately

<1​23bob123:matrix.org> Where very reactive here, not proactive

<s​iren:kernal.eu> Instead of analyzing txes perhaps it's time to do some computer forensics?

<1​23bob123:matrix.org> Here why i asked how and if there still in the system

<1​23bob123:matrix.org> Hence why i asked how and if there still in the system

<s​iren:kernal.eu> What a horrible way to store large funds. You're too quick to call it a hack.

<1​23bob123:matrix.org> Maybe they’re looking at the response to tracing?

<1​23bob123:matrix.org> That too

<1​23bob123:matrix.org> Yubikey for ssh , key rotation etc normal opsec

what about an evil maid attack

<o​frnxmr:monero.social> Yes. hence: Jet fund

lol

<o​frnxmr:monero.social> plowsof @plowsof:matrix.org: youre fired. Jk

<1​23bob123:matrix.org> Nooooooo

<1​23bob123:matrix.org> No more jet!

My severance package can be the 0.2 xmr left over for the archive proposal

<o​frnxmr:monero.social> tldr: jet fund = closing old / dead ccs and collecting funds from those as well as overpayments to current ccs. And using it as a rainy day fund

<p​olar9669:matrix.org> Someone will trace it as it’s all done just stupidly convinent

<o​frnxmr:monero.social> Stolen

<o​frnxmr:monero.social> > <p​lowsof> My severance package can be the 0.2 xmr left over for the archive proposal

<o​frnxmr:monero.social> Stolen*

<s​gp:magicgrants.org> matrix.monero.social/_matrix/media/…8aaa3005fbcfcddf1720164635522367488

<system> file picture2.png too big to download (1615209 > allowed size: 1000000)

<s​gp:magicgrants.org> picture2.png

<p​olar9669:matrix.org> Wasn’t the rugpull on roadmap 🤪

<1​23bob123:matrix.org> If they had qubes on baremetal and rotated the qube it wouldn’t be such an issue

<m​onerobull:matrix.org> april 2023

2023 exit scam

but yeah wrong month

<o​frnxmr:monero.social> 123123, last day of the yr

<s​gp:magicgrants.org> xmrchain.net/tx/06550272cdfa1eea98d…72b5c52a2b195b4f808c8c03422a58ca47b is also suspicious, since the 2 matching enotes are distinct; they aren't present in the matches with the other 2c5b... transaction

<p​olar9669:matrix.org> Bad actor or a bad joke with funds getting sent back 😂

<s​iren:kernal.eu> So where's the windows host? Is it running on a server? Is it a physical device that they had access too? Also what kind of a virtualizer was used for the Ubuntu VM?

<p​olar9669:matrix.org> We will see

no VMs, just 2 separate computers

<1​23bob123:matrix.org> You are asking to many questions sir !

polar9669: do u know if there are any mining pools planned? i can't solo mine kek

for tari i mean

<s​gp:magicgrants.org> running again with these 2 transactions

<j​effro256:monero.social> Why make 11 outputs if you're gonna spend 6 in one transaction? I think that they had a cursory knowledge of churning and tried to do it themselves but failed miserably

<4​rkal:monero.social> Imagine the attacker reading this...

<4​rkal:monero.social> Prolly shitting their pants rn

<4​rkal:monero.social> Lol

as far as breaking into my house, I would've hoped they would steal my silver stash. It turns out even thieves don't want to own silver. Er, I mean silver? That was tragically lost on a boat 7 years ago.

<1​23bob123:matrix.org> Sank the boat

<p​olar9669:matrix.org> It can be merged mined with monero, so yes there will be pools

<s​packle_xmr:matrix.org> 4rkal: Or laughing.

any word where the pools will be when they're available?

<p​olar9669:matrix.org> Too easy isn’t it

<4​rkal:monero.social> Yeah most probably someone who got access there is pretty intelligent and has some good opsec

<o​frnxmr:monero.social> @spadin_spider please move to #monero-offtopic

<s​gp:magicgrants.org> that's all the updates from me today. I will need to organize some thoughts more

<1​23bob123:matrix.org> Lets ask the chain anal company that says they can trace monero

<o​frnxmr:monero.social> Were better than they are, but theyll want the credit if we can give em a lead

<o​frnxmr:monero.social> 🎣

mf called me spadin spider xD

<p​lowsof:matrix.org> thanks sgp

<p​lowsof:matrix.org> but you have now challenged Rucknium to a duel

<o​frnxmr:monero.social> Suggestion:

<o​frnxmr:monero.social> We raise a bounty

<s​gp:magicgrants.org> I need to make trivia for the meetup today. Priorities :p

<p​lowsof:matrix.org> yo ucan ask how many monero was stolen from the ccs wallet

<o​frnxmr:monero.social> Dead or alive

<o​frnxmr:monero.social> i mean, found or recovered

<k​inghat:matrix.org> sexy evil maid attack*

<s​iren:kernal.eu> luigi1111w: have you inspected the logs on both devices? Ubuntu had many high/critical CVEs in the recent months. Windows event logs can also help if the initial compromise happened there.

<j​effro256:monero.social> Will their be a recording of any parts of the meetup?

<j​effro256:monero.social> It was sgp, jberman, and kayaba!

<m​onerobull:matrix.org> impromptu workshop, welcome to breaking monero

<1​23bob123:matrix.org> Too soon

<p​lowsof:matrix.org> will we appear on rekt.news :(

<1​23bob123:matrix.org> If it was evil maid i reckon it was luke he had a maids dress on at kon

<m​onerobull:matrix.org> we barely make the list

<m​onerobull:matrix.org> grafik.png

<p​lowsof:matrix.org> top 100 :(

<m​onerobull:matrix.org> the list only goes to 67

<p​lowsof:matrix.org> its over 400k

siren: SSH log was as expected. Bash history as expected. On windows side there was huge gap between last access and hack so I'm not sure what to look for. Same could apply to Ubuntu if they broke in long before hand

<s​iren:kernal.eu> Those can be easily wiped. SIEM would have helped.

<j​effro256:monero.social> Luigi was password access by SSH allowed on the Ubuntu machine?

<s​iren:kernal.eu> Have you updated ever since the hack? It would be useful to know the installed package versions at that time.

<1​23bob123:matrix.org> What about looking at the server with wallet?

<s​iren:kernal.eu> If auditd was enabled you can try checking there github.com/wagga40/Zircolite

i got hacked not long ago for having open ssh port & password access lol; always use private keys boys

password was from password manager too

<s​iren:kernal.eu> Yeah could be that someone placed the seed or the password (to SSH or to wallet file or anything that would grant an attacker access) on a SaaS password manager

<s​iren:kernal.eu> So many ways

<1​23bob123:matrix.org> Ssh allows totp or fido2

<s​iren:kernal.eu> That's good practice, we don't do that here :D

Seed and passwords were not ever in any managers. Doesn't really matter if a keylogger was present tho. It would be really odd to clean up everything and also leave other wallets alone.

<j​effro256:monero.social> So you had other wallets on that machine ? Anything related to the General Fund ?

No I don't have that

<s​iren:kernal.eu> There doesn't need to be a keylogger, it can be [dumped from the process](jm33.me/sshd-injection-and-password-harvesting.html) or [memory](nored0x.github.io/penetration%20tes…-Passwords-From-Current-Linux-Users). There are several ways to extract passwords/secrets.

<1​23bob123:matrix.org> Yeah in memory

<1​23bob123:matrix.org> RustOs

You need access to the machine to do that?

<o​frnxmr:monero.social> so ssh was a password? Or keys?

<1​23bob123:matrix.org> Kernel attack?

<o​frnxmr:monero.social> Was password login explicitly disabled in sshd?

<s​iren:kernal.eu> You need access. But it is perfectly possible that this happened afterwards.

<s​iren:kernal.eu> An attacker can attach to a running monerod process and dump credentials if: the attacker is root or the same user who started the monerod process. And this kernel param is set to 0 (often by default) /proc/sys/kernel/yama/ptrace_scope

Dump credentials of what? How would you get access without the credentials in the first place?

It was a password

<s​iren:kernal.eu> It can also be your wallet-cli or whatever program that you passed credentials to

<s​iren:kernal.eu> It can be caught when you start the process and submit the password

<s​iren:kernal.eu> Unlock the wallet

I think Windows generates so-called 'Event IDs', often used for forensic purposes

<1​23bob123:matrix.org> PermitPassword neva!

but that is low hanging fruit that is probably already considered...

So basically a key logger by a different name

<s​iren:kernal.eu> An attacker can attach to a running process and dump credentials if: the attacker is root or the same user who started the monerod process. And this kernel param is set to 0 (often by default) /proc/sys/kernel/yama/ptrace_scope

siren: credentials are not so easily extracted from memory

They would need to be root somehow also

monero has mechanisms in-place to counter that

<s​iren:kernal.eu> They are if you permit ptrace

<s​iren:kernal.eu> And you own the process

its probably not fool proof but there is quite a bit effort done in the underlying code to prevent such a thing

<s​iren:kernal.eu> And it's not a keylogger, it uses ptrace or ld_preload

<s​iren:kernal.eu> You can't really prevent thar

<s​iren:kernal.eu> You can't really prevent that

yes and eBPF is another method

again, monero-wallet-cli has some hardening

but as uid 0 you are pwned yes ;)

<1​23bob123:matrix.org> PermitRootLogin allow always!

<p​lowsof:matrix.org> use my node over tor :(

Like if they are root they already won surely

<s​iren:kernal.eu> So you're saying that the monero wallet cli or gui (whatever you used) was being run by root too?

I think root was disabled on this box

<s​iren:kernal.eu> Because they don't need root to perform ptrace attach if it was started as the same user that was compromised

<s​iren:kernal.eu> Just saying

The user running it was root

<1​23bob123:matrix.org> Anyway get a yubikey use edsca25519-sk

There is only one user. Machine doesn't do anything else

plowsof i recognized your name from your node url xD i be using it

<p​lowsof:matrix.org> hinto has provided a suggestion of "best" opsec on the github issue monero-project/meta #916#issuecomment-1791394073

I have a yubikey. But if I'm doing this again it's just going to be airgapped

<1​23bob123:matrix.org> tinyssh.org. And use this on server

Yeah something like that makes sense

<p​lowsof:matrix.org> spadin_spider i like you

:'D you too man

<s​iren:kernal.eu> Do we have any logs to inspect on the machines? Sysmon, auditd, any more SIEM?

<p​lowsof:matrix.org> we can guess what happened / why but its only guesses, maybe just focus on what the correct method(s) shld be - from wallet creation / sharing to making payouts every other month

<1​23bob123:matrix.org> Guessing is fun

<1​23bob123:matrix.org> Also maybe look at os with fde and selinux

<b​tclovera:matrix.org> Terrible news 😔

<b​tclovera:matrix.org> CCS drained and Justin Tracking Monero ,🫠

<p​lowsof:matrix.org> hola Lovera

<b​tclovera:matrix.org> Hola amigo 👋

btc :|

<s​iren:kernal.eu> This is very convenient if you really stole the funds

people generally dont do petty thievery if they are already loaded

no offense to luigi

who is the loaded party here?

luigi... or so I assume

what motivation would he possibly have

idk seems unlikely

isn’t fluffy the other half of this equation

same for him..

<o​frnxmr:monero.social> Yeu

even the more likely one as the person who generated the wallet?

he’s under house arrest in South Africa with lawyer bills through the roof

<1​23bob123:matrix.org> I blame ofrn too many bans and got revenge

lawyer bills probably not a big deal I would imagine

plenty of motive if you’re looking for one

<s​iren:kernal.eu> Everything told here about the wallet setup makes zero sense. Almost as if you're trying to make us into believing you were hacked lmao.

not after 3 years and different countries

<s​iren:kernal.eu> I refuse to believe you had such poor opsec

<p​lowsof:matrix.org> humans :(

<o​frnxmr:monero.social> Yes

something like this en.wikipedia.org/wiki/Evil_maid_attack is more likely

<1​23bob123:matrix.org> Ai opsec when

us nerds do not consider the human factor because we spend 24/7 behind the PC

<o​frnxmr:monero.social> > Since the CCS was hacked and luigi1111 has write access to the repositories, I believe we should thoroughly double-check that all merge commits by luigi1111 are exactly that: merge commits.

<o​frnxmr:monero.social> ^

<1​23bob123:matrix.org> thenewoil.org

<1​23bob123:matrix.org> ima put this here

I would hope I could come up with a better story than "I was hacked but have no idea how" if I was the thief

:)

<p​lowsof:matrix.org> can filter merges to monero by author on github

<p​lowsof:matrix.org> not seeing anything of note

I’m ruling luigi out on gut instinct. plus fluffypony promised an exit scam in 2023 I believe

<s​iren:kernal.eu> Since the incident the machine was left running for whole 2 months? You destroyed the chances of any forensics findings as well.

<o​frnxmr:monero.social> Why no disclosure til now

<o​frnxmr:monero.social> All this dev, analysis, and statistician power, and we wait and only talk with 2 other ppl

<o​frnxmr:monero.social> The money belongs to hackers

<o​frnxmr:monero.social> Why not tell the hackers "someone stole yur money" the day of

<o​frnxmr:monero.social> And watch that someone get caught the same day

<o​frnxmr:monero.social> We all know one thing that makes trackibf monero hard: time

<1​23bob123:matrix.org> Maybe kyc/log tranaction ip addresses is the way to go🚀

kyc *vomits*

sorry allergies

maybe don’t let people who are under active fraud investigation generate your wallet keys?

I didn't find out for 28 days. Talking with core was hard with people being away and such. Disclosure timeline was far from ideal

<o​frnxmr:monero.social> "short term measure"

<o​frnxmr:monero.social> 2 years later

<o​frnxmr:monero.social> Luigi

<o​frnxmr:monero.social> Ccs coordinator is plowsof. Ty

hey, the world runs on ducttape

some fortune500 companies run their mission-critical apps in `screen`

source: me

<1​23bob123:matrix.org> This is true

<1​23bob123:matrix.org> Look at gov

<1​23bob123:matrix.org> Win98 servers

those are the best

<o​frnxmr:monero.social> At least it wasnt windows xp, right?

<o​frnxmr:monero.social> Plenty of factories using windows xp on their machinery

<o​frnxmr:monero.social> Network connected

xp just works

<1​23bob123:matrix.org> Yeah IBM

<p​lowsof:matrix.org> in an airgapped setup, the machine can happily be running windows xp 32 bit

no string, no bs

<o​frnxmr:monero.social> (network connected)

<1​23bob123:matrix.org> Need 64bit for ultra secure m$ driver signing

<o​frnxmr:monero.social> Win 7 too, no more security updates

<s​iren:kernal.eu> simply don't centralize donations like this, CCS doesn't even need to exist

<j​effro256:monero.social> Then you have to think about USB and other I/O attacks which could allow access for evil maids

<1​23bob123:matrix.org> Yeah multisig

ofrnxmr there's legacyupdate dot net

for xp/7 and others

<1​23bob123:matrix.org> QubesOS fixes this

<1​23bob123:matrix.org> Usbdom please allow

<p​lowsof:matrix.org> ah yes, evil maid, did not consider this

<1​23bob123:matrix.org> I still stand by if it was an evil mad luke had that dress on

<1​23bob123:matrix.org> I still stand by if it was an evil maid luke had that dress on

cool a fellow qubes enjoyer

note to self, put comp in a safe

<j​effro256:monero.social> "Evil maid attack" is a thing: en.wikipedia.org/wiki/Evil_Maid_attack

the really evil maids get into safes np

*refrigerated safe

solder all usb shut

<1​23bob123:matrix.org> matrix.monero.social/_matrix/media/…matrix.org/vMTaQRLqYRpiwpQMJbukYUwE

<1​23bob123:matrix.org> Lol

<1​23bob123:matrix.org> Rav laptop

<p​lowsof:matrix.org> everyone please investigate your cleaning staff

<p​lowsof:matrix.org> the milkman... the windowcleaner... the pool guy... the person who cleans your yacht.... nobody can be trusted right now

<j​effro256:monero.social> The REALLY evil maids move all furniture 3 inches to the left to make you question your sanity

123bob123 that a toshiba?

<1​23bob123:matrix.org> Note too everyone please re-evaluate your opsec stup

<1​23bob123:matrix.org> Note too everyone please re-evaluate  your opsec setup

<o​frnxmr:monero.social> my opsec is olperfect

<o​frnxmr:monero.social> Is perfect

jeffro256: DDR police in soviet times used to do that, enter someones home and move the furniture just to mess with their sanity

<o​frnxmr:monero.social> im on every continent

<o​frnxmr:monero.social> I am 10 people

<1​23bob123:matrix.org> Shamir key

<j​effro256:monero.social> The point is that is that you shouldn't leave devices with really important data unattended with no protections against modifications while you're not looking

<o​frnxmr:monero.social> anonero

<p​lowsof:matrix.org> and if it doesnt exist in 3 places , it doesnt exist

^ and if you do... booby trap it

<o​frnxmr:monero.social> Mine is booby trapped

<o​frnxmr:monero.social> (Gotta get past ofrn)

have a drink buddy

<4​rkal:monero.social> Why isn't a new multisig wallet created for every css. Where the ownership is shared between core and the person creating it. That way you make the attack less profitable and no one person can screw up

it wasn't multisig...?

<1​23bob123:matrix.org> Can keep the wallet password in googledocs!

<4​rkal:monero.social> Essentially "decentralizing" it

"<j​effro256:monero.social> The REALLY evil maids move all furniture 3 inches to the left to make you question your sanity" > Welcome to my world ;-P

<b​tclovera:matrix.org> 😎

<1​23bob123:matrix.org> Reminds of the last two episodes of

<1​23bob123:matrix.org> netflix.com/au/title/81122462

<1​23bob123:matrix.org> Thats how they got into his laptop

does Google sheets work? x.com/fluffypony/status/1720144322937409615?s=46

<1​23bob123:matrix.org> Never got charges at the end cause all the gols and silver made the gov more money then they lost

<1​23bob123:matrix.org> Never got charges at the end cause all the gold and silver made the gov more money then they lost

<1​23bob123:matrix.org> Hmm google

<1​23bob123:matrix.org> Cryptopad or etherpad!

<s​gp:magicgrants.org> matrix.monero.social/_matrix/media/…28ea37cc277282161720187668647641088

<4​rkal:monero.social> Why isn't a new multisig wallet created for every css. Where the ownership is shared between core and the person creating it. That way you make the attack less profitable and no one person can screw up <= this sounds kinda hard to implement

<o​frnxmr:monero.social> He was advocating for more windows users and tracking platform among across node network

<j​effro256:monero.social> Luigi did you see my request for transaction proofs on the Github thread?

<o​frnxmr:monero.social> Taking seriously = hard sometimes. Coming from me, says a lot

<o​frnxmr:monero.social> Tracking platform architecture*

jeffro256: can you even create tx proof when they were sent from a different wallet cache?

<t​obtoht:monero.social> we don't have the tx keys

<l​ordx3nu:matrix.org> Sgp: what tool is that?

<j​effro256:monero.social> Ah good point

<s​gp:magicgrants.org> unless the 0-out is returned back to sender seed (I don't think it is?), then not much that can be done

yeah I don't have txkeys for those txs

you could sign key images for some of the relevant outputs or something

<s​gp:magicgrants.org> if I eliminate the enote that ended up at that other transaction (8949a7dc5279599fc6beec7e7f9e318fb96d428680da9e41d553731b453d4277), then we can focus on these for 1aec83176690ca24ee8b8d5d8d466ab5d6a924941d4f39c5d2cffdcc94efb136:

<s​gp:magicgrants.org> matrix.monero.social/_matrix/media/…6b7a4f676b2b3c691720189950663589888

<r​ucknium:monero.social> If we are suggesting OPSEC improvements: IMHO, HackerOne isn't a good vulnerability reporting platform.

<o​frnxmr:monero.social> 1500 xmr was converted to btc on binance over the last week

<o​frnxmr:monero.social> In 3 trades*

<r​ucknium:monero.social> Too much information available to too many people.

<o​frnxmr:monero.social> matrix.monero.social/_matrix/media/…ero.social/TVruTrMjoEDtKVAXDnOUiIdo

actually the viewkey wallet synced spent command should work I think? there is such a thing

<o​frnxmr:monero.social> The rest is all green

<o​frnxmr:monero.social> If same acct, likely the inputs can be traced back to ccs wallet

<o​frnxmr:monero.social> Sooo, binance?

is it a good idea that details around the investigation are posted here?

it only benefits the attacker

<o​frnxmr:monero.social> Well, i found out here

<o​frnxmr:monero.social> And in secret, seems all the important ppl were left out

i mean the tx graphs

<o​frnxmr:monero.social> Yeah, but who was he to share with?

with #monero-csi

<o​frnxmr:monero.social> (rucknium) haha

financial crime division

idk

sharing earlier doesn't change much for blockchain analytics

if anything it's better to share later after they might've made a mistake

<o​frnxmr:monero.social> if those sells were a week ago, it does

<g​fdshygti53:monero.social> Just did read the buffer 😢

<g​fdshygti53:monero.social> Can we prove to binance that they send the funds there?

<g​fdshygti53:monero.social> If the account is still in use, they could freeze it's funds and/or have details about where the corn went?

<g​fdshygti53:monero.social> It's for what CEX are for.... right?

<m​onerobull:matrix.org> can we hire the fbi

<o​frnxmr:monero.social> Could have followed the btc

<o​frnxmr:monero.social> No, fbi can hire us tho

no collusion with the feds guys cmon what

they hate us

monero financial crime division I meant

<o​frnxmr:monero.social> 400k/650k is only enough for us to work for ourselves

but fair

ofrnxmr alright i'll just take 10k

<o​frnxmr:monero.social> Im not the fbi

<o​frnxmr:monero.social> Or irs, whichever has the bounty

i hope it's the irs... mfs owe me money

wtf? I ask fluffy to resign and he responds with “I literally never want to talk to anyone in the Monero space again”

r u resigning fluffypony or are you playing victim here?

<g​fdshygti53:monero.social> So no hardware wallet, SSH without even basic "ssh key auth"?

<g​fdshygti53:monero.social> Did I understand right?

<g​fdshygti53:monero.social> When was the last time the Ubuntu machine was updated? Got a flow of CVE's recently, There is also a Russian botnet that was killed because of one of theses CVE...

<o​frnxmr:monero.social> Youre moneru_tv?

I started and ran monero tv yes

<o​frnxmr:monero.social> ah Manure_tv

<o​frnxmr:monero.social> the new look

u would know that if u were around for longer than 5 minutes :)

manure is what comes out of your mouth

heyo why are we fighting

because fluffypony doesn’t want to talk to anyone in the Monero community ever again

🥲

Maybe a Q for MRLlounge - in a multisig wallet, can we see which signers, signed a transaction?

<o​frnxmr:monero.social> Thats why were fighting? I thought it was bcuz yur geonic, and im ofrnxmr

anyone wanna go in offtopic and give me the rundown on this fluffypony character? all i know is he's important and in house jail

<o​frnxmr:monero.social> Like mixing oil and fire

plowsof I don't think so. you might be able to prove you helped sign, but you couldn't necessarily prove you didn't

<m​onerobull:matrix.org> why the fuck are you guys accusing fluffy now

<o​frnxmr:monero.social> ..snake oil

I don't know, doesn't seem productive

most people here are accusing luigi

I’m just providing a counterargument

only like 1-2 of actually stealing it myself

<o​frnxmr:monero.social> Who's accusing anyone

<o​frnxmr:monero.social> I see geo accusing fluffy

<o​frnxmr:monero.social> Like bro, go write a reddit post

speculation is pointless anyway

<g​fdshygti53:monero.social> When was the last time the Ubuntu machine was updated? Got a flow of CVE's recently, There is also a Russian botnet that was killed because of one of theses CVE... <= interesting. I don't have access to the machine currently. It also was behind a router with no port forwarding so there's another layer to add to the potential compromised list.

<o​frnxmr:monero.social> posted already

twitter.com/TheDesertLynx/status/1720185126405931128 good old Joel

keep ignoring the obvious if that makes you feel good I guess?

<o​frnxmr:monero.social> We all know it was my alt, Dan r/dark (Is not the man & Braxman Tomsparks Advocate ):

the conclusions are obvious, but unprovable and counterproductive

<o​frnxmr:monero.social> I know, geonic, is your nose for bullshit is fkn terrrrible

<o​frnxmr:monero.social> Thinks shit smells like steak and vice versa

<m​onerobull:matrix.org> kek

<m​onerobull:matrix.org> matrix.monero.social/_matrix/media/…matrix.org/eSjnvbsisMoTwlmYbTNVDyun

the question now is why do we have a core team member who doesn’t want to talk to with anyone in Monero ever again

<1​23bob123:matrix.org> So people accuse the fluffy without knowing how the breach happened?

and why do people keep simping for him

<o​frnxmr:monero.social> Cuz yur movie sux and hes betrer den u

<1​23bob123:matrix.org> Ban without proof

fanboys will

whoa whoa whoa oscars

be fanboys I guess

<1​23bob123:matrix.org> I have theory

<o​frnxmr:monero.social> haha

geonic: could it be because bro's in jail and we *didn't* use te 2.4k xmr to rescue his butt? :I just a thought from outside observer

<1​23bob123:matrix.org> Ofrn hacked it so geonic wouldnt get paid

<o​frnxmr:monero.social> Sis geo get his money before it got stolen?

<o​frnxmr:monero.social> Or is that why he mad

luigi admit you stole it and that will clear fluffy 😆

<o​frnxmr:monero.social> Did*

easy peasy

<o​frnxmr:monero.social> Ill admit im luigi, and i stole it

false confessions have been made before...

<o​frnxmr:monero.social> But im also ofrnxmr

<1​23bob123:matrix.org> I think before any accusations need to find how it happened first breach or otherwise

it’s all fun and games until the wallet gets drained

<o​frnxmr:monero.social> Im still having fun.x

<o​frnxmr:monero.social> Sleeping on new bed sheets 2nite

invertebrates sleep on beds?

<o​frnxmr:monero.social> Yes

hehe

<o​frnxmr:monero.social> Learn something new everyday

<1​23bob123:matrix.org> So going forward what going to happen with css payments?

I know it looks bad to release this without knowing and including how it happened

geonic: this works better with proof :P

<o​frnxmr:monero.social> They all go to geonic's oscar marathon

I’m not accusing anyone. I’m just asking fluffy to resign

but it would need some other reason, no?

i propose we let me hold the ccs next time

<1​23bob123:matrix.org> Because?

<o​frnxmr:monero.social> Ok

Luigi is love luigi is life

<1​23bob123:matrix.org> So going forward what going to happen with css payments? <= not sure. Open to ideas. For existing CCSes, we will use GF to cover unless/until there is an alternative.

<o​frnxmr:monero.social> Luigi1111w is a crazyguy tho

<1​23bob123:matrix.org> Next time multi sig with mario

because he says he doesn’t like us

<o​frnxmr:monero.social> Luigi

<j​ohn_r365:monero.social> This is both off topic and on topic - has there been any recent work to wrap a nice GUI around multisig in 2023? Ie - since the bugs got fixed

<m​onerobull:matrix.org> have a time for when funds go to a coldwallet

<o​frnxmr:monero.social> nvm, ill save for later

<j​ohn_r365:monero.social> It's a slow tedious process using it via CLI - and it's not v user friendly. Which also makes it more error prone.

obv. this is a difficult period for these 2 core members

im not defending them

<o​frnxmr:monero.social> Need geonic to go crazy wondering what i was going to propose

<c​trej:matrix.org> now I understand why plowsof didn't even want to keep a small ccs-coordinator-wallet...

but getting emotional on twitter is not out of the ordinary

john_r365: agreed, this was part of the apprehension to using it. That and bus factor and complexity increases substantially.

<1​23bob123:matrix.org> Yeah

<1​23bob123:matrix.org> Drunk tweets better

KISS only went wrong ONE time

if luigi and fluffy are so loaded as to not be potential suspects, can they not just reimburse the CCS wallet loss between them? then we can all pretend this didn't happen and carry on regardless (hopefully with better opsec this time).

hm yeah good point. maybe fluffy can use the project coral reef xmr for that?

<1​23bob123:matrix.org> I think there should be active ccs funds wallet and inactive ccs.

<o​frnxmr:monero.social> Picture this:

<o​frnxmr:monero.social> 1. We get robbed for 2700xmr on the first

<o​frnxmr:monero.social> 2. The 2500 donor contacts us for refund, and we refund

<o​frnxmr:monero.social> 3. We notice were fkn broke 3-4 weeks later

<o​frnxmr:monero.social> Good thing we didnt do that refund

they probably already considered that

<o​frnxmr:monero.social> and good thing we didnt buy the fuckin domain

<m​onerobull:matrix.org> we have 8k xmr in gf

given the time frame

ok well, enough drama for me today, goodnight :P

<o​frnxmr:monero.social> It would be 5.5k total in gf and ccs instead of 11k

<1​23bob123:matrix.org> Invest 8k into get rich scheme

put it on black

quick double and we're ahead

🎲

easy money

<1​23bob123:matrix.org> Double or nothing

Use it to shoet monero woth 100x leverage

<h​ardenedsteel:monero.social> hey, if you wrote any can you send to me? so i can copy paste to them.

s/shoet/short

<m​onerobull:matrix.org> monero.vegs

<m​onerobull:matrix.org> monero.vegas

<1​23bob123:matrix.org> If we rig it we can make big mulla

<1​23bob123:matrix.org> Is that mean there is emergency community meeting?

<1​23bob123:matrix.org> I can bring the drinks

yes on saturday at the usual time

i got the weed

We where meant to have the weekend off :'(

Release the update on sunday instead

hit that news cycle

<j​effro256:monero.social> For people opening new CCS proposals, who already have some level of community repututation, do you think it would be a good idea for them to fundraise by themselves?

you mean like use the CCS but have it post their own accounts?

XMR accounts*

<j​effro256:monero.social> Just for the immidate future

for some reason people love to donate to CCS proposals and alternatives seem to struggle

<m​onerobull:matrix.org> thats stupid, partially funded proposers would just take the funds and do nothing

i liked the idea someone posted earlier about 2/3 multisigging between 1 guy from monero and 1 guy from the proposal

that UX seems really rough

We are notoriously lazy the be fair

<m​onerobull:matrix.org> just put it on plowsofs ledger

Lol

<m​onerobull:matrix.org> we can use the new recovery service :)

I would prefer if it's still going through the CCS in the future (if possible)

I agree

CCS funds are insured also :)

<j​effro256:monero.social> Well I'm talking about the immediate open proposals *right now*. What do we say to the people who have open proposals rn? "Hang on for a couple more weeks, we're still trying to sort out how to not lose your funds"

<m​onerobull:matrix.org> can we just write off the dead proposals now?

<m​onerobull:matrix.org> like, your funds werent claimed for so long, a hacker took them

Lol

<m​onerobull:matrix.org> there, plowsofs biggest problem solved

jeffro256: just pay from genfund+the 244 I ahve

Sorry Doug, got hacked

<o​frnxmr:monero.social> Nah

<o​frnxmr:monero.social> Need to jet fund em

I did try and warn yas^

<j​effro256:monero.social> Sorry I should've been more specific: the CCS proposals in "Ideas" and "Funding Required" stage

lovera is only one in FR

ideas need some resolution tho yes

please put “hacker” in quotes ktx

Observer has posted milestone 1 update and weve not put it to funding yet

<j​effro256:monero.social> We obviously shouldn't go with the current setup b/c more funds will be lost... so what do we do about *new* proposals in "ideas" and "funding required" stage until we fix the issues?

<1​23bob123:matrix.org> Css is on stop credit

<1​23bob123:matrix.org> Ccs is on stop credit

for everyone who got here 5 minutes ago

<o​frnxmr:monero.social> Who's simping?

<j​effro256:monero.social> Until custody issues are sorted out, we could have the CCS "promote" certain proposals, but have the XMR go to directly to the proposers as a temporary measure. Or we could have an emergency vote to decide on a temporary holder for *new* XMR

<o​frnxmr:monero.social> Ive never wrote some shit like that

<o​frnxmr:monero.social> Sounds like something geonic would write

<o​frnxmr:monero.social> For those of us who project onto others

<1​23bob123:matrix.org> Can i apply to be monero ceo?

<m​onerobull:matrix.org> no

sorry you’re too dimwitted to grasp it

<m​onerobull:matrix.org> direct funding is trash

<j​effro256:monero.social> Alright what's your idea then

who runs the watch wallet for ccs?

<o​frnxmr:monero.social> Kids. Dont do drugs

There isn't one , only the general fund

<s​tnby:kernal.eu> No no no

<m​onerobull:matrix.org> proper hardware wallet?

<s​tnby:kernal.eu> CCS is trash. Always has been

<m​onerobull:matrix.org> anonnero would have prevented this

plowsof is that to me? there is one, the website updates automatically

how many trusted people are we? do like 7/10 multisig on ccs walet

that sounds horrendous

<o​frnxmr:monero.social> 3 maybe 4

<j​effro256:monero.social> That's still "direct" funding ???

<o​frnxmr:monero.social> Haha

<m​onerobull:matrix.org> no, collect the funds like before, just in a proper wallet

<s​tnby:kernal.eu> I am curious who will pay up that half a mil EUR worth of XMR for someones fuckup or theft in plain sight

<o​frnxmr:monero.social> The person who donated for monero.com

<o​frnxmr:monero.social> Then add 200xmr

<j​effro256:monero.social> We haven't been able to rule out fraud / terrible opsec, a hardware wallet would be a bandaid on the issue. Also having a psudonymous contributor run a hardware wallet is unverifiable

<o​frnxmr:monero.social> Robbed right before refund expired

<m​onerobull:matrix.org> so youre saying it was fluffy or luigi?

<m​onerobull:matrix.org> if we cant trust core then we might as well buy bitcoin

<s​tnby:kernal.eu> The post mortem in this case is as good as after getmonero.org was serving binaries with malware.

<s​tnby:kernal.eu> pretty sure core members stole the finds

<o​frnxmr:monero.social> Dont trust, verify

<j​effro256:monero.social> No I'm saying that it would be insane to entrust the keys to them again immediately after what has occurred without any change in structure or oversight

<o​frnxmr:monero.social> I dont trust core, never have

<s​tnby:kernal.eu> pretty sure core members stole the funds

<o​frnxmr:monero.social> Not a prerequisite

<m​onerobull:matrix.org> and im saying direct funding will lead to a thousand cases of soloptxmr

<o​frnxmr:monero.social> Theyre people just like us

We are in the idea stage of how to fix it jeff

<o​frnxmr:monero.social> And i dont know em from a hole in the wall

<c​trej:matrix.org> For direct funding there already is kino

<o​frnxmr:monero.social> And and and

<o​frnxmr:monero.social> Delays

<c​trej:matrix.org> For direct funding there already is kuno

<o​frnxmr:monero.social> dont forget the delays

<o​frnxmr:monero.social> Speaking of

<j​effro256:monero.social> Hence where I said "immediate future" and "who already have some level of community repututation"

<o​frnxmr:monero.social> Have pol been oaid? If not, lets get a move on

<o​frnxmr:monero.social> b4 gf gets drained

<s​tnby:kernal.eu> If CCS did not exist we would have no such thing as soloptxmr

> structure or oversight

The scams that will appear on kuno after this

binaryFate I think is only half around

<l​ordx3nu:matrix.org> Have we tried reaching out to ciphertrace dave?

I feel like there would need to be an implementation of structure and oversight before those things could be changed

<s​iren:kernal.eu> The people you trust to hold the keys to CCS funds take such a huge responsibility to have good opsec, physical security, network security, blue teaming knowledge, proper monitoring. You're better off not centralizing this.

<g​fdshygti53:monero.social> Switch the CSS fund to BTC (and convert contributions automatically), into a multisig wallet...

<g​fdshygti53:monero.social> Until we have multisig that is :D

<g​fdshygti53:monero.social> That way CSS could continue to operate until we have a better way.

<g​fdshygti53:monero.social> Monero have things bitcoin don't have

<g​fdshygti53:monero.social> Bitcoin have things monero don't have..

<g​fdshygti53:monero.social> or

<g​fdshygti53:monero.social> Get rid of CSS and find a better way

<1​23bob123:matrix.org> Add me!

monero has multisig

<1​23bob123:matrix.org> Trust me bruh!

why not dai instead of btc though? stablecoins ftw

<1​23bob123:matrix.org> Bare minimum multi sig

<g​fdshygti53:monero.social> oh well, why it was not used then :/

<m​onerobull:matrix.org> wrapped xmr in a eth multisig

<1​23bob123:matrix.org> Create ccs for it

oh cool a fellow wrapped tokens enjoyer

<1​23bob123:matrix.org> 😬

<j​effro256:monero.social> I don't care who it was... It could be Santa or Obama or Mother Theresa. But if you lose 450K USD doing one thing, then immediately do the exact same thing again, you'd have to be insane or stupid

<s​tnby:kernal.eu> How else will someone steal it?

g​fdshygti53: ccs wallet predates proper multisig support in monero

2/3 multisig , luigi/bF and some untrustworthy fall guy like myself

<g​fdshygti53:monero.social> oh well, why it was not used then :/ <= not sure there is a singular reason, but multisig was beta quality for some time

<k​inghat:matrix.org> couldnt you do a multisig between core, ccs leader, and recipient?

<s​tnby:kernal.eu> It was a design goal of our stupid core members

<g​fdshygti53:monero.social> Obviously

<s​iren:kernal.eu> We can vote on which projects to list on a directory. But funding should be direct, not escrowed. CCS is almost as if it was designed to be rugpulled.

<s​tnby:kernal.eu> Please kill off CCS

<s​tnby:kernal.eu> Direct funding direct responsibility

<1​23bob123:matrix.org> Hmm

<h​ardenedsteel:monero.social> imo we need decentralized development. the monero project doesnt mean monero

<1​23bob123:matrix.org> Less progression?

<c​trej:matrix.org> Getting funding for monero dev work is shaky enough as is. Let's make it even more uncertain for devs

<s​tnby:kernal.eu> Less soloptxmr

<j​effro256:monero.social> No??? The whole point of crypto is you don't have to trust "core". Monero has hard protocol rules, that differ from Bitcoin, such that it doesn't matter if every member of core dies tomorrow, it will keeping on chugging with a higher degree of privacy than Bitcoin

CCS/FFS has paid out 10s of thousands of XMR over the years. There's been lots of problems, but significant positives.

<s​iren:kernal.eu> Yeah then lost everything

<s​tnby:kernal.eu> Dumbest shit I read today

<s​iren:kernal.eu> You could say the same for rugpulled crypto projects

<j​ustverify:matrix.org> read.cash/@flipstarter/introducing-flipstarter-695d4d50

<j​ustverify:matrix.org> We should build something like this

<s​tnby:kernal.eu> its FOSS for a reason. No one trusts core. I trust git diffs tho

<s​iren:kernal.eu> Yeah then lost everything <= technically lost ~92%

<j​ustverify:matrix.org> Trustless, non-custodial assurance contracts

<g​fdshygti53:monero.social> As long as people read and understand them.

<g​fdshygti53:monero.social> But yeah, I assume enough people do read and can understand the code, right?

<g​fdshygti53:monero.social> We do have audits, fortunately

<c​trej:matrix.org> Paid for by the ccs, lol

<s​tnby:kernal.eu> Barely any development going on there, yes you can understand its not as bad as soloptxmr code :D

<s​iren:kernal.eu> We could still raise money for this without the CCS. People would simply donate as usual.

CCS is the best at motivating ppl to donate

yeah I don't understand it but that's the way it's always been

don’t throw the baby out with the bathwater

Nobody would donate to my fake job if i wasnt on the ccs funding required page

<s​tnby:kernal.eu> Where is our Oscar?

<c​trej:matrix.org> withoubthe ccs your fake job wouldn't exist

<s​tnby:kernal.eu> Otherwise refund :D

fluffypony resigning is enough (totally unrelated of course)

<s​iren:kernal.eu> You can have a public directory on getmonero.org of projects to donate. You don't need to escrow funds.

there are some in the Academy museum if you’re eager to see one

<s​iren:kernal.eu> Refund??? :DDD

happy to buy you a ticket? :)

<s​tnby:kernal.eu> In fact we have W.I.P. monerodevs.org

(we’ll know on December 21 if we’re in the shortlist. campaign is actively ongoing)

<s​iren:kernal.eu> geonic did you withdraw funds or are they gone now?

have not withdrawn, am one of the pending ones

<s​iren:kernal.eu> rip

<1​23bob123:matrix.org> IOUs

<s​tnby:kernal.eu> Direct funding would have worked bettet

maybe

<s​tnby:kernal.eu> Direct funding would have worked better

<s​tnby:kernal.eu> Rip money

<1​23bob123:matrix.org> Create a gofundme for css fund

<1​23bob123:matrix.org> Create a gofundme for ccs fund

<s​tnby:kernal.eu> I hope he is not in debt because of Core

<s​iren:kernal.eu> Create separate gofundmes for projects that couldn't receive funds from ccs

<s​iren:kernal.eu> I think you meant separate

<s​iren:kernal.eu> Don't do the same mistake again XD

<r​ucknium:monero.social> justverify: Seraphis-concise and Seraphis-Squashed can do collaborative fundraising on chain: monero-project/research-lab #91#issuecomment-967727906

<r​ucknium:monero.social> But I think development direction went away from those variants. jeffro256 , what is the latest?

<g​fdshygti53:monero.social> Just a proper multisig will work. It resist again one compromised wallet and would require collusion from key holder to steal it.

<1​23bob123:matrix.org> Get all data and give to ruck to trace

<g​fdshygti53:monero.social> If monero support it then there is the solution

<s​tnby:kernal.eu> Keep CCS verification. Except after verification you just list a link to project and done

<g​fdshygti53:monero.social> from now on, CSS could just continue to operate, give the key to many proper people

<s​tnby:kernal.eu> If they fuck up you dont list them again

<m​onerobull:matrix.org> no accountability

<m​onerobull:matrix.org> take the money and run

<s​tnby:kernal.eu> If they fuck up you dont list them again <= a bit rough with anon contributors

<s​iren:kernal.eu> What do you mean no accountability?

<s​tnby:kernal.eu> The CCS acceptance is insanely difficult

<s​iren:kernal.eu> That still happens

<m​onerobull:matrix.org> no milestones

<s​tnby:kernal.eu> Projects need prior history

<1​23bob123:matrix.org> Hmm

<s​iren:kernal.eu> You either delist them or place a warning on their proposal if a milestone isn't met

<s​tnby:kernal.eu> Soloptxmr

<1​23bob123:matrix.org> Milestones stop walking off i think

<s​iren:kernal.eu> People wouldn't be able to donate anymore because there's no address

<1​23bob123:matrix.org> I think the issue here is how the funds are held not how ccs works?

<s​tnby:kernal.eu> At the end we lost half a mil EUR, people wake up we could have funded soloptxmr2-69

<j​effro256:monero.social> IIRC Currently Seraphis-Squashed is what is implemented in the seraphis PoC

<g​fdshygti53:monero.social> Just a proper multisig will work. It resist again one compromised wallet and would require collusion from key holder to steal it. <= could work if the right set of people can be found

<s​tnby:kernal.eu> Multisig across corrupt party

<m​onerobull:matrix.org> if we do direct funding the ccs will have to be way harder to pass than it already is

<s​iren:kernal.eu> Implement multisig all you want but when the participants will all have crappy opsec and no monitoring

<g​fdshygti53:monero.social> Still need more than one compromise.

<g​fdshygti53:monero.social> So it's better and should be standard practice.

<m​onerobull:matrix.org> ill fight everything thats not a known dev or monerokon

<1​23bob123:matrix.org> Yes but it will limit the attack

<s​tnby:kernal.eu> CP Monerochan art in CCS when?

<m​onerobull:matrix.org> xenu is running the artfund for that

<s​iren:kernal.eu> Fun fact we don't need a centralized one wallet for all in the first place.

<m​onerobull:matrix.org> (which didnt get drained btw)

<m​onerobull:matrix.org> ill fight everything thats not a known dev or monerokon <= :)

<s​iren:kernal.eu> You're taking an unnecessary risk.

<s​tnby:kernal.eu> Why not CCS if you are such a supporter?

<s​tnby:kernal.eu> Monero chan art better opsec

<j​ohn_r365:monero.social> I'd like to make a better UX for multisig. I think people saying "just use multisig" might not have played with it much? Horrible is a good adjective for the UX. Anyone interested in creating / wireframing a GUI for it?

<s​tnby:kernal.eu> Lets give them control

<s​iren:kernal.eu> Plus we don't even know what really happened here and we won't know. In case someone from core stole funds, multisig won't prevent that.

<s​iren:kernal.eu> Just like how we didn't know who distributed malware over getmonero.org

<1​23bob123:matrix.org> There is that too.

<s​tnby:kernal.eu> Direct fund or die

<s​iren:kernal.eu> And how.

<1​23bob123:matrix.org> Need to find what happened too plug the hole

<o​frnxmr:monero.social> r they hosting that on windows too lol

the revokation of access was a good call, should've been permanent

fluffy is not involved with the community, just an extra attack surface at this point

<1​23bob123:matrix.org> Millennium edition

geonic I don't think fp has access to anything anymore?

was ccs wallet the only thing?

genfund wallet too, but not the big one

it's kinda hard to rotate the genfund I think, given it's everywhere

<p​olar9669:matrix.org> Was LEA informed ? Ccs funds were stolen it’s a crime which needs investigation

john_r365: i'll pivot to that branch of research since that's what the community needs, plus it'll make good praceice for what i need

<m​onerobull:matrix.org> what would we do if the genfund got drained too?

<o​frnxmr:monero.social> LEA who cant tie their own shoes

<1​23bob123:matrix.org> Give up and go home

<o​frnxmr:monero.social> Nothin

plus i've studied multisig past few days... assuming the code is c++ and not f***ing rust again

<p​olar9669:matrix.org> They can start with waterboarding

yeah. I'd say get rid of the remaining two and just do multisig with someone else from Core (who is not fluffy). binaryfate?

<1​23bob123:matrix.org> Memory safe would of saved cache passwords🚀

<o​frnxmr:monero.social> Then what will i do?

<p​olar9669:matrix.org> You instruct them lol

he's asking for suggestions

glad we could talk about these hard subjects in the open though

<s​tnby:kernal.eu> 2 months in the dark to cover cores dirty job

just so we're all on the same page - what features would a multisig gui need besides basic signing of wallets?

well you need setup wizard thing to gather keys and data for setup rounds

There is a PR adding multisig to the monero gui iirc

multisig in GUIs was a topic 3 years ago

<o​frnxmr:monero.social> Tobtoht? :d

<o​frnxmr:monero.social> :D

we discussed it when creating feather but I think there was some blocker

<s​tnby:kernal.eu> Imo everyone who was in charge of the wallet should cover the stolen funds before CCS is open again

forgot the details

<o​frnxmr:monero.social> New multisig now, maybe no blocker?

response time seems fine for a decentralized org. finding out about the breach could've been quicker.

yeah ill check ofrnxmr

dsc_ you said you were going to bed

<o​frnxmr:monero.social> Ty

geonic: I am in bed and then came to the realization I wanted to read more drama

hehe

Monero TV always here for you. we keep the drama going

luigi1111w: oh cool a fellow wizards enjoyer

<s​iren:kernal.eu> geonic: handled it extremely poorly compared to other FOSS projects. Though, they don't have incidents where they lose money like this.

and do other projects have a bunch of anons running them

<s​iren:kernal.eu> Of course but in a more decentralized manner

guess we have a lot to learn from them

<m​onerobull:matrix.org> huh, projects loose money all the time

spadin_spider> luigi1111w: oh cool a fellow wizards enjoyer <= I just want the paperclip guy from msword

<m​onerobull:matrix.org> we barely make the rekt news tierlist

siren: would you write a postmortem and make suggestions that don't make the whole process 10x more cumbersome?

<s​iren:kernal.eu> I wasn't even about those defi shitcoin scams

<o​frnxmr:monero.social> Very low bar to set

geonic: it has to be anons... public people have soooo many attack vectors. something like monero would get people fbi'd real quick

then feds would steal the project

<s​iren:kernal.eu> geonic: while I can make recommendations. I cannot write you the postmortem as there's no evidence of an hack.

<o​frnxmr:monero.social> But geonic isnt an anon sooo

yeah and I'm not running anything here

<o​frnxmr:monero.social> And a lot of core is doxxed

<o​frnxmr:monero.social> Including fluffy

siren: thanks, I agree there's no evidence of a hack

<s​iren:kernal.eu> No logs/monitoring (should have been) and because of how this incident was handled no luck with forensics.

<s​tnby:kernal.eu> Bet evidence was destroyed by retarded core oh wait they probably stole iy

<o​frnxmr:monero.social> 60 days later lolz

<s​tnby:kernal.eu> > <@siren:kernal.eu> geonic: while I can make recommendations. I cannot write you the postmortem as there's no evidence of an hack.

<s​tnby:kernal.eu> In reply to @siren:kernal.eu

<s​tnby:kernal.eu> geonic: while I can make recommendations. I cannot write you the postmortem as there's no evidence of an hack.

<s​tnby:kernal.eu> Bet evidence was destroyed by retarded core oh wait they probably stole it

we're left with individual suspicions and the best thing we can do is lower the attack surface (fluffy) and spread some responsibility around (multisig)

<o​frnxmr:monero.social> Even trocador has deleted logs by now if swap was same day as theft

<s​tnby:kernal.eu> Cover the funds or no CCS

<s​iren:kernal.eu> geonic: while I can make recommendations I cannot write you the postmortem as there's no evidence of an hack.

<o​frnxmr:monero.social> R u calling him fat?

lol

no it looks like he lost some weight. hopefully not due to his stay in prison

<s​iren:kernal.eu> The thief is probably in this chat lol

<s​tnby:kernal.eu> In core chat as well

in this chatroom I'd say

yea

<m​onerobull:matrix.org> doesnt genfund have a similar security setup

<m​onerobull:matrix.org> why would they go for the small fund

anyone remember the numerous MyMonero phishing sites a.k.a. "hacks"

<s​iren:kernal.eu> Doesn't have the seed to genfund

<s​tnby:kernal.eu> 60 days tho to tell community about community funding system

<s​iren:kernal.eu> Has the seed to CCS fund

fluffypony doesn't have access to the big gen fund

<s​tnby:kernal.eu> I hope the core retires

that narrows it down even more no?

<s​iren:kernal.eu> The incident with getmonero.org malware also had ties with him

hello thief if you're here can i have like 1 xmr? pls

too many incidents have had ties with him

also many good things

<s​tnby:kernal.eu> Hi thief if you are not core member keep it

time to part ways. he seems fine with it. x.com/fluffypony/status/1720196536666030227?s=20

<s​iren:kernal.eu> good idea to not only audit the code but the whole infra (wallets, servers, access controls)

<o​frnxmr:monero.social> Like moneroaddress.org

this my first day here and there was a robbery and now one of the cores is leaving...? is it like this every day around here XD

<s​iren:kernal.eu> y'all paid 92% of CCS funds for an external pentest

<h​bs:matrix.org> There was a giant (1000+ XMR) market sell order on Kraken about 5 weeks ago which took the price down to 113 USDT on the XMR/USDT pair, this was either a mistake or someone really eager to sell. Though Kraken has KYC no?

<o​frnxmr:monero.social> On the paper wallet generatorpage of germonero.org

<o​frnxmr:monero.social> Getmonero.org*

kraken has kyc yes

you should download those pages and run offline

<o​frnxmr:monero.social> luigi, click the link

<o​frnxmr:monero.social> Moneroaddress.org

<1​23bob123:matrix.org> Sus

<o​frnxmr:monero.social> it doesnt direct to the paper wallet.

moneroaddress was never core hosted

it used to

oh

<o​frnxmr:monero.social> It directs to a mymonero phishing site of some sort

saddam used to own that

I'm not sure what happened to him

I guess it expired

oh no another mymonero phishing site

wow

so many of those around

<o​frnxmr:monero.social> Luigi1111w thats what the fuss between me and erc was about

<o​frnxmr:monero.social> Updating the page

<s​iren:kernal.eu> 2 weeks is good enough to swap it little by little

<s​iren:kernal.eu> we didn't know so no one could watch out for that

swap history is all public tho?

<o​frnxmr:monero.social> getmonero.org/resources/user-guides/securely_purchase.html

<s​iren:kernal.eu> or sell

<s​iren:kernal.eu> yeah but not in large sums so

<s​iren:kernal.eu> there was enough time

<o​frnxmr:monero.social> matrix.monero.social/_matrix/media/…ero.social/hlFFpxnpVnHQSbOMfwHVwlri

there was anyway

<o​frnxmr:monero.social> Siren: the rest is all green

<o​frnxmr:monero.social> But again, havent been checking throughout sept and oct

<a​lpharabius:matrix.org> Guys

<a​lpharabius:matrix.org> Is the ccs hack bullish or bearish

<p​lowsof:matrix.org> quotes to not make it to IRC side btw, can be confusing of who is talking to who

<o​frnxmr:monero.social> bull

<m​onerobull:matrix.org> bullish

<m​onerobull:matrix.org> actually

<p​lowsof:matrix.org> uh replies*

it's making monero more decentralized

so I think bullish

<a​lpharabius:matrix.org> W

<1​23bob123:matrix.org> Winrar

<1​23bob123:matrix.org> Non leaky version

<m​onerobull:matrix.org> people who would have sold it over time to fund their work got it stolen and instead it got probably market-dumped

<a​lpharabius:matrix.org> There will be more to come guys

<a​lpharabius:matrix.org> Not that i did it or smth

<o​frnxmr:monero.social> Monero runs on donations

<o​frnxmr:monero.social> We could have 0

<o​frnxmr:monero.social> Wed be fine

alpharabius is the thief?

<o​frnxmr:monero.social> Nah, alpha is A thief

<a​lpharabius:matrix.org> We might have to switch from donations to child labor ngl

<a​lpharabius:matrix.org> I'm not a thief at all

<p​lowsof:matrix.org> but not THE thief

<a​lpharabius:matrix.org> matrix.monero.social/_matrix/media/…matrix.org/sftMJfqdMveUzWEnMpQqYKty

<a​lpharabius:matrix.org> Monero discord is planning to blame it on ms

<a​lpharabius:matrix.org> Me

<s​tnby:kernal.eu> Why did core hide it for 2 months?

<m​onerobull:matrix.org> based. they are right

<o​frnxmr:monero.social> Wasnt discovered for 1

<s​tnby:kernal.eu> Were they dumb enough to cash out using Kraken?

<o​frnxmr:monero.social> And disclosed for another

<o​frnxmr:monero.social> Binance

<o​frnxmr:monero.social> If my screenshot says anything

<a​lpharabius:matrix.org> Linance

<s​tnby:kernal.eu> Both

<m​onerobull:matrix.org> binance kyc is a joke anyways

<a​lpharabius:matrix.org> *Linance

<o​frnxmr:monero.social> No large sales on kraken in the list

<o​frnxmr:monero.social> Only binance, and only those 3

<m​onerobull:matrix.org> if that was north korea, some chinese agent with a fake id registered the account

<m​onerobull:matrix.org> if that was north korea, some agent in china with a fake id registered the account

you can sell with limit orders, don't need to dump

<s​tnby:kernal.eu> I want core to cover 2675.00 XMR otherwise they can go die

<m​onerobull:matrix.org> it will come out of the genfund

<m​onerobull:matrix.org> also, please dont restore everything

<a​lpharabius:matrix.org> I actually have a chinese friend, they can get into the mainframe hardline and retrieve the coins before the chinese festival

<m​onerobull:matrix.org> just the things that are actually still active

<m​onerobull:matrix.org> this is the perfect opportunity to trim the dead projects

I have a full list of WIP

<o​frnxmr:monero.social> 1647 xmr sold on binance, about 1k less than the pot

will bring up some of the older ones soon afa closing

<a​lpharabius:matrix.org> Real

<m​onerobull:matrix.org> tipxmr is a "work in """progress""""

it's almost done ok

<p​lowsof:matrix.org> just another 1000 commits left

<m​onerobull:matrix.org> do it before paying anything out of gf

<a​lpharabius:matrix.org> Why even have a centralized wallet for funding projects

<o​frnxmr:monero.social> Well, if they set limits youd see the walls, or exchanges would know who had massive bots

<a​lpharabius:matrix.org> It don't make sense

<m​onerobull:matrix.org> tipxmr is a for-profit centralized service btw. no idea how that ever got funded

we didn't really have a great option when it started

<h​bs:matrix.org> matrix.monero.social/_matrix/media/…matrix.org/zDRIjQdhVdGpmprSziZKXPpD

<h​bs:matrix.org> about 1000 on kraken on oct 8

alpharabius: apparently nobody trusts multisig enough to use that instead

no I think it's trustworthy enough now, it's just clunky

<h​bs:matrix.org> wouldn't rino be a viable option?

<o​frnxmr:monero.social> Winblows

<m​onerobull:matrix.org> kayabanerve: can you lend us your rust multisig

yea I was about to say isn't that rino's whole schtick?

<m​onerobull:matrix.org> no

<a​lpharabius:matrix.org> Hi jw

<m​onerobull:matrix.org> rino can be restored in cli wallet

hi

<a​lpharabius:matrix.org> Guys i got a good idea

<a​lpharabius:matrix.org> Blame the hack on the bogeyman

<a​lpharabius:matrix.org> Solves all our problems

<r​ecanman:agoradesk.com> Hi, this is absurd

<m​onerobull:matrix.org> already blaming north korea

<r​ecanman:agoradesk.com> I think that there should be a specific set of meetings for discussion on new opsec/investigations

<o​frnxmr:monero.social> Im north korea now too?

<a​lpharabius:matrix.org> Lol

<a​lpharabius:matrix.org> Ofrn is me, plowsof, north korea, just half of the population is him larping atp

<r​ecanman:agoradesk.com> I suggest a new workgroup to be formed (maybe Monero Security Workgroup) that should meet in order to fix this issue

<r​ecanman:agoradesk.com> I suggest a new workgroup to be formed (maybe Monero Security Workgroup) that should meet in order to discuss this issue

<a​lpharabius:matrix.org> Us crypto-neets shall UNITE to find the missing 500k

<r​ecanman:agoradesk.com> I don't think jokes help at all

<r​ecanman:agoradesk.com> Windows machine, password ssh, node running, bad opsec and physec, this is a very serious incident

<r​ecanman:agoradesk.com> Windows machine, password ssh, node running on the same machine, bad opsec and physec, this is a very serious incident

<r​ecanman:agoradesk.com> Overall, current CCS structure is flawed and relies on trust

<a​lpharabius:matrix.org> Imagine the dude who took it is like "I left my fortune in the monero blockchain as an ordinal, but you'll have to find it" and it's just one piece with xmr

<r​ecanman:agoradesk.com> That fluffypony destroyed everything for example

<t​obtoht:monero.social> ofrnxmr: I'd love to add multisig to feather, but I'm hestitant due to its experimental status

<t​obtoht:monero.social> if it's ready for production, the experimental flag should be removed

<o​frnxmr:monero.social> ooo123ooo1234567: ya there?

<a​lpharabius:matrix.org> Fluffypony is the king of monero

I think that one is abandoned

<a​lpharabius:matrix.org> Don't even play

<o​frnxmr:monero.social> Yeah, but hes here

in matrix?

<1​23bob123:matrix.org> Ceo*

<o​frnxmr:monero.social> He came back under that handle a few months ago

<o​frnxmr:monero.social> With bp++ benchmarks

hmmm

that was a year ago or so

or even longer

<a​lpharabius:matrix.org> I thought he died after fleeing south africa and getting shot down by nelson mandela's grandchild

few months, year, 30 days, 60 days, who can tell

<o​frnxmr:monero.social> No way

<o​frnxmr:monero.social> I getting old

<p​lowsof:matrix.org> that was me btw^

May 2022 monero-project/research-lab #101

August 2022 was when he posted the benchmark

just a few 14 months

<o​frnxmr:monero.social> Yeah lmao

<o​frnxmr:monero.social> been a long / short year

<o​frnxmr:monero.social> well then

<p​lowsof:matrix.org> i was so proud about nearly resolving the 36C3 WIP ccs

<o​frnxmr:monero.social> Feels like yesterday

<k​ayabanerve:matrix.org> It's FOSS

needs someone trustworthy? imma here

<k​ayabanerve:matrix.org> Wait, how long ago did plowsof @plowsof:matrix.org: ping me

+1 for nioc

<k​ayabanerve:matrix.org> Oh, sorry, monerobull @monerobull:matrix.org: did 10m ago

<k​ayabanerve:matrix.org> I wouldn't recommend using my multisig impl over Monero's in this use case, mainly for UI and 'core' reasons.

<p​lowsof:matrix.org> tipxmr (at 72 xmr) is the tip of the iceberg

taking any and all ideas for multisig ui's

<o​frnxmr:monero.social> Wdym by "core" reasons

probably part of monero core impl

<m​onerobull:matrix.org> official statement should be: "should have worked faster, get rekt"

<m​onerobull:matrix.org> expecting us to hold onto their coins for like 2 years is insane

<p​lowsof:matrix.org> tipxmr have finished milestone 1 (just didnt claim it yet)

<k​ayabanerve:matrix.org> My multisig only benefits as a backend for interactive environments. This is an interactive environment, yet core needs a user facing solution, and no one has such wrapped monero-serai. Even if someone did, this doesn't have efficiency requirements, so there'd be no reason to use monero-serai, an alternative, compared to the officially supported and more reviewed Monero impl.

<p​lowsof:matrix.org> Doug then, at 240 xmr?

<m​onerobull:matrix.org> oh man

<m​onerobull:matrix.org> why didnt doug claim it

<o​frnxmr:monero.social> Doug said "wtf!!"

he asked once then I asked him to verify address and he never did. IIRC

<o​frnxmr:monero.social> Lol

ey plowsof: you got a link to that multisig pr? i'll try to avoid reinventing any wheels

<p​lowsof:matrix.org> he was warned recently , maybe after september though , ill have to check

<m​onerobull:matrix.org> kek

<m​onerobull:matrix.org> "get your funds. oh. they are gone"

CCS says that he was quitting his job to work on/for monero

<o​frnxmr:monero.social> hey, i lost the most here. My poor jet fund 😕

never happened

market conditions

<p​lowsof:matrix.org> on 7th October i asked in here :(

<p​lowsof:matrix.org> too late

<o​frnxmr:monero.social> Lmao

plowof and before then as well I believe

<o​frnxmr:monero.social> Ccs coordinator left out of the loop

<o​frnxmr:monero.social> Wild

<p​lowsof:matrix.org> libera.monerologs.net/monero-community/20231007#c287402

<p​lowsof:matrix.org> plowsof its all gone, are ya dumb

<k​ayabanerve:matrix.org> When monero-serai is audited, you may argue it has better fundamental theory justifying it. The dkg is the reviewed PedPoP, not Monero's own ECDH-based system with factorial complexity. It hasn't been audited yet.

<m​onerobull:matrix.org> Thank you for the input

<h​ardenedsteel:monero.social> this accident is one of failure of centralized development.

<h​ardenedsteel:monero.social> it wont be last imo

<h​ardenedsteel:monero.social> i would like to hear about decentralized development (without relying on core.)

<h​ardenedsteel:monero.social> like how bitcoin cash does.

<k​ayabanerve:matrix.org> I wouldn't say a trusted group acting as escrows for decentralized development funding is centralized

<k​ayabanerve:matrix.org> Everyone had the option to seek funding outside of the CCS

well it's partially centralized at least

<k​ayabanerve:matrix.org> They could've done so directly or gone with MAGIC