00:03:44 file 1000007931.jpg too big to download (1797207 > allowed size: 1000000) 00:03:44 1000007931.jpg 05:58:07 Comparing the amount of nodes to the total network worth is stupid, and you know it. 05:58:07 The sales pitch for running a node is not that the network becomes 1/20000th stronger. Quite a few public nodes are kinda shit (running on a raspberry or with an HDD) and slow mobile wallet down significantly, when connected to it. Also random nodes may serve shit tx fees and may log IP or other usage data. 05:58:07 When running your own node on proper hardware, you always get top notch performance. But so do your family, friends and community, if you offer them to use your node as well. 05:58:08 Then, there's the psychological aspect that running a part of the network makes it feel more important to you, simply because you are contributing. Invested people are more likely to talk to others about it, and because they have some experience with it, they are better to help with monero related questions. 06:06:08 <1​23bob123:matrix.org> Tldr😬 06:13:27 What's the best place like tutorial wise from decent hardware to proper instructions for starting up your own node? 06:14:17 What's the best place like tutorial wise from decent hardware to proper instructions for starting up your own node? 06:24:20 Currently running a node based on Seth's guide. For the hardware side we do not have a guide I like, so I'm in the process of writing one :P Very brief summory so far: 06:24:20 IMO best value for your money are currently used mini PCs with a i5-6500T bundled with 8GB ram and 256gb sata SSD. Got all my three test samples (HP 600G3, Lenovo M710q, Dell 7040) for about 100€ inkl. shipping on sale. 06:24:21 You'll also need an M.2 SSD with ASPM (=low power mode) support, but DRAM on the drive is not strictly needed. Not sure yet if dual channel RAM improves performance. 06:24:21 With a bit of tweaking you can push power consumption below 3W (4W from the wall) and remove the CPU fan for silent operation. 06:25:46 OK, maybe you can share a few links, I'm interested. Also do I have to run the node bare metal, or can I run it with maybe proxmox if I get better hardware? 06:26:14 OK, maybe you can share a few links to hardware, I'm interested. Also do I have to run the node bare metal, or can I run it with maybe proxmox if I get better hardware? 06:28:13 Mine runs bare metal. Extra layers (Proxmox, Docker, VMs) don't require much extra performance, but may prevent the box from entering package sleep states, increasing power consumption 06:28:38 Search for the mini PCs based on the processor name 06:29:00 Just "6500t" on eBay is enough 06:29:27 OK, is that minimum base processor power right? 06:30:14 A good SSD price/performance wise is a Samsung 980, their controller supports ASPM and the drive is relatively cheap. Better drives from the same series work as well 06:30:56 On the 6500T the average load caused by monerod is 2-3% 06:31:12 there is plenty of headroom if you want to run other stuff as well 06:32:07 but even low tier processors are rarely cheaper, so it doesn't make sense to save 10€ but get half the performance 06:33:13 going higher performance also doesn't help much, the 8500T is like 60% better, but costs twice as much 06:33:13 It kinda sucks for me right now, I might be only able to get some of this stuff on amazon if they have it. Is the price that much different right now from used on amazon to eBay you think? 06:33:32 amazon is shit for used goods 06:36:48 Do they have eBay gift cards or codes you can buy with XMR? 06:37:21 OK I see 06:39:17 I am pretty sure that somebody would be reshipping a PC intended for use as a node for you 06:40:06 They have a Dell Optiplex 3060 Micro 6-Core i5- for little over 100 bucks 06:40:11 On eBay I see 06:40:20 Its got a 8500T 06:43:06 <1​23bob123:matrix.org> Why did allark change to an exchange? 06:43:23 <1​23bob123:matrix.org> It had all products a studd 06:43:24 <1​23bob123:matrix.org> It had all products a stuff 06:45:03 Good deal. Used prices in the EU are usually much higher (8500T based 170€ the lowest I have seen) 06:48:42 OK I see, I am having trouble with bank so can't open another account on eBay and buy, do they allow gift cards? 06:55:46 Well I will look into it, I been busy with work and wanted to learn more on how to setup my own node. Just need the time. I hope you can make that tutorial soon. I will definitely check it out. 👍 07:07:15 I'll ping you when its ready 09:25:06 instrumental_only: i can do it for you, no fee but you have to buy a monerochan standee for 10€ that will be included with the PC 😄 09:26:05 i should open a reshipping service that is entirely based on this model lmao 11:22:47 If you get a mini pc and run the Ubuntu server LTS then you can install PiNodeXMR on it for your full node. 11:22:47 That'd give you a full monero node, monero blockexplorer, P2Pool, Eth XMR atomic swaps, Monero-LWS and some other tools. It's been around for years, and all FOSS. 11:22:48 Just saying... 11:22:48 https://github.com/monero-ecosystem/PiNode-XMR 11:22:49 https://pinode.co.uk/ 11:22:49 It was initially designed for Raspberry Pi about 6 years ago, but since then with its move to Ubuntu server OS it runs on anything. 13:52:33 the pending payments / locked liquidity pool of the CCS is now over 600 xmr, the first milestone completion of a proposal that hasn't been moved to funding happened today, what a time to be alive! 13:54:19 that sounds like a you problem /s 13:56:06 remember when bitmain didnt pay people for a month lol 14:20:05 did anything new happen? 14:20:13 also, that was like 2 weeks ago 16:00:37 https://github.com/monero-project/meta/issues/916 16:01:07 CCS Wallet Incident ^ will repost to reddit shortly 16:02:36 wtf 16:02:51 that's nuts 16:05:30 monerobull https://www.reddit.com/r/Monero/comments/17m6w9e/psa_ccs_wallet_incident/ 16:08:17 pinging those awaiting payouts currently selsta geonic j-berman boog900 jeffro256 vostoemisio tobtoht v1docq47 dangerousfreedom escapethe3ra tobtoht 16:10:07 Oh wow. Is multisig in good enough shape yet that we could use a 2/2 multisig wallet between luigi & another community member (maybe binaryfate?) going forward? 16:11:44 thanks plowsof. I didn't want to make any payments (tho we are way over 244 XMR now so it's not possible anymore) until this was released 16:12:19 wtf 16:12:37 "tops it up from the CCS Wallet (via SSH)" <- this is where the breach happened, my bet 16:12:50 SSH into a sensitive server from Windwos? 16:14:25 i have no idea what a css wallet is but it looks like somebody somewhere got scammed out of 2.6k moneros 16:14:39 CCS 16:14:54 fucktop 16:14:54 yes that's what i said css 16:15:19 css |= ccs 16:15:24 https://ccs.getmonero.org/ 16:15:29 it is possible, though the Windows computer has and had significant value on it that is untouched. The logs look as expected on server. 16:15:45 logs could've been cleared after 16:16:08 although timing doesn't add up. If you last SSH'd in May and it was drained in September 16:16:14 windows...? who uses a privacy coin on a spyware os and why 16:16:23 jesus 16:17:10 nioc: community funding... yup i figured from context it was something along those lines 16:17:16 so this kinda sucks major ass then, no? 16:19:08 p​lowsof: bro you sleeping on work again 16:21:49 the overfunding of 244~ xmr, and several abandoned proposals in the work in progress list (im sure) will have contirbuted to a large proportion of that stolen monero 16:23:24 244 is not overfunding, it's just the balance of the hot wallet 16:23:59 its just a coincidence the values are similar https://github.com/plowsof/scrape_ccs_fr/tree/main 16:25:07 What's the General Fund balance? 16:26:16 spading_slider: yes it sucks major ass, and it really sucks because it's stolen from people who may be relying on the CCS funding to literally eat, so it's doubly uncool 16:27:07 john_365: around 8k XMR 16:27:19 john_r365* 16:27:38 so currently 600 xmr ~ awaiting payout, i think people need time to digest this before discussing solutions 16:28:20 fix it so they can survive , somehow 16:32:08 I'm now worried about the general fund 16:32:33 we have 2 general fund wallets 16:33:07 Wow 16:33:08 more details here https://www.reddit.com/r/Monero/comments/11fslu9/monero_general_fund_transparency_report_march_2023/ 16:33:09 sech1: the first thing we did was make sure that was safe 16:33:34 but I do think one of the larger questions is how do we make sure this can't happen in future 16:34:24 hmm, maybe don't keep thousands of XMR in one basket in the first place? 16:35:20 luigi1111w: can we remove possibility of malicious datacenter sweep? Windows 10 Pro desktop is local laptop, where hot wallet funds were drained from? 16:35:41 MajesticBank separate computer in my house 16:35:48 somebody mentioned something about somebody using windows somewhere in the process 16:37:32 windows was only hot wallet 16:37:38 So both Windows laptop and Ubuntu server were in your house? 16:37:44 still.. 16:37:47 luigi1111w: was the PC encrypted and was hot wallet password present on that pc? 16:38:05 Hot wallet wasn't hacked 16:39:20 sech1> So both Windows laptop and Ubuntu server were in your house? <= yes 16:40:00 neither hot wallet nor ccs wallet password were present (key logger negates this obviously, but I've found none) 16:41:17 can you assume the possibility of someone breaking in and tinkering with the Ubunutu machine? 16:41:40 Physical access to the machine opens up a lot of attacks 16:41:56 it's sad we don't have CCS wallet watchdog, probably in 12 span hours, we could do something 16:42:27 It was drainged within minutes 16:43:35 oh yeah AM, so 9 minutes 16:43:50 how old are the computers? very unlikely but it could've just been some kid in the nsa running across a bunch of xmr while spying on people via ime/psp backdoors... i mean that's a lot of fucking xmr 16:44:46 The key to finding out how it was hacked, is the difference between how CCS wallet and CCS hot wallet were stored (and General Fund wallet, for that matter) 16:45:01 Out of those 3, only 1 was drained 16:45:12 *were stored and accessed 16:45:21 MajesticBank> oh yeah AM, so 9 minutes <= I believe it was swept and the time was just block confirmations 16:45:28 they were very large transactions 16:45:32 spading_slider: not if it was cold 16:45:34 sech1: we explored that, the problem is that we're assuming it was drained as soon as they had the keys, but that's not necessarily the case 16:46:01 they could have the keys for a long time, but they had a "queue" of keys to check probably 16:46:12 You can't check a key quickly 16:46:32 Unless they noticed that this seed create a well-known wallet address 16:46:38 right, which means they *could* have other keys, which is why luigi1111w / binaryFate etc. have moved funds to other wallets 16:46:49 kinghat: was it cold...? if so then it must've been physical, no? 16:47:14 CCS wallet wasn't cold, but it was on a dedicated machine 16:47:15 sech1> can you assume the possibility of someone breaking in and tinkering with the Ubunutu machine? <= I think this is highly unlikely, it would imply (to me) someone was specifically targeting CCS wallet 16:47:24 but accessing it via SSH from Windows is too dangerous 16:48:09 ight that settles it, we sue microsoft for damages 16:48:36 but accessing it via SSH from Windows is too dangerous <= agree going forward any solution should be as airtight as possible 16:48:49 but then again, if SSH/Windows combo was compromised, it took them 4 months to drain the wallet??? 16:49:05 the balance has almost always been in the 1000s of xmr 16:49:12 so to sit on it for years is just weird 16:49:15 there's also this hack that started in April and is ongoing (there were more sweeps a few weeks ago), and includes XMR 16:49:20 https://twitter.com/tayvano_/status/1696222660013998407 16:49:25 https://twitter.com/tayvano_/status/1696222661809160508 16:49:41 Damn, even I don't have a proper "cold" wallet for my savings, but I never access it other than physically 16:50:07 and without a wireless keyboard :D 16:50:31 hehe 16:50:32 i think we'll all be raising our wallet security standards at least one notch after today 16:51:04 how long would it take to figure out half of the seed? assuming a wire leak. 16:51:13 too long 16:51:26 hmm... 16:51:28 lots of wallets use only 12 words to start with 16:51:33 it depends on how it was split in 2 halves 16:51:49 it was first 12/last 13 or the other way 16:52:24 A seed encodes a private spend key, so it still leaves 100-120 bits of brute force search 16:52:39 yeah it should be like 126ish 16:53:16 another vector of attack is the node 16:53:22 maybe it has some 0-day RCE vulnerability 16:53:38 and someone found a wallet next to it, then installed keylogger or some other spyware 16:53:49 Don't run node and wallet on the same machine 16:54:18 Wallet PC is only wallet PC, there should be nothing there. Only naked console and monero-wallet-cli 16:54:25 isn't the CCS wallet essentially hot in this scheme? both for fluffy and luigi - why is it not completely cold? signed transfers via raw_tx files on usb/sd/qr only, take out any ethernet or wifi chips 16:54:41 yeah, running it 24/7 with Monero node is asking for trouble 16:54:48 if the CCS wallet has SSH open to a hot machine, then its essentially hot as well no? 16:54:54 Could it be related to this https://www.microsoft.com/en-us/security/blog/2023/06/22/iot-devices-and-linux-based-systems-targeted-by-openssh-trojan-campaign/ ? 16:54:57 O javem 16:55:15 yes, both CCS wallets were essentially hot 16:55:49 "The threat actors initiate the attack by attempting to brute force various credentials on misconfigured internet-facing Linux devices." 16:55:54 this seems impossible 16:55:57 hinto.janaiyo: I haven't had access to any of these wallets in some time, I nuked all of that stuff after my release from custody precisely because I was worried about what might happen next 16:56:00 Minimal Linux installation, monero-wallet-cli and all ports closed for incoming connections 16:56:39 no browsers, nothing 16:56:50 And saved address for the real "hot" wallet 16:57:11 pretty much a pc hardware wallet 16:57:30 This is def lesson, expensive one tho 16:58:08 monero-wallet-cli must of course be sha256-verified before updating it 16:58:22 and update it 1-2 months after the official release, to make sure it wasn't compromised 16:58:44 and probably configure firewall to not only close all incoming, but only allow connect it to your node :D 16:59:11 It's even more scary if its crypto weakness 16:59:22 Not likely 16:59:27 Only 1 wallet was hacked 17:03:01 are some of these 2.6k from really old CCS / FFS proposals? 17:03:27 or why are there so much unpaid funds? 17:03:48 sechl on top of that i'd still keep the bulk of it in cold storage and only move to networked wallet pc periodically as needed 17:04:57 the one monero wallet where you know something will be inside 17:05:18 selsta yeah there are some invalid ones in there 17:05:41 or some invalid ones in WIP still. There is a lot of XMR in active props tho 17:05:56 How is https://twitter.com/tayvano_/status/1696222660013998407 related to this, I don't understand 17:07:02 Did anyone use LastPass? 17:07:30 ew centralized 17:08:23 sech1: not all of those have been LastPass, there are lots of unknowns with them 17:08:26 I did unfortunately. I'm still mad about it. CCS stuff was never anywhere near it tho 17:10:11 ccs wallet view keys are published? so no one noticed this until now ? 17:10:24 So, to summarize: the wallet seed could've been only compromised when the wallet was accessed and loaded into memory. Because it wasn't drained before, so I don't think it was compromised when you generated it. 17:10:30 viewkeys don't show outgoing without some tricks MajesticBank 17:10:39 MajesticBank: viewkeys aren't always hugely helpful with spotting outgoing txs unless there's change coming in 17:10:47 Which leaves a keylogger on either of 2 PCs, or a 0-day in monerod and then a keylogger on an Ubuntu machine 17:11:33 and please don't say SSH was accessible from outside your LAN 17:11:34 sech1: it's not necessarily the case that just because it wasn't drained before the attackers didn't have the keys, it's entirely possible there was something on the Qubes VM on my side during creation 17:11:41 I'm away from that Ubuntu machine until thanksgiving, will run whatever scans I can find then 17:12:06 sech1> and please don't say SSH was accessible from outside your LAN <= it wasn't 17:12:06 with Monero you know how painful it is to restore a wallet, it might just have taken them some time to get to it 17:12:16 yeah but 3 years? 17:12:36 and they can always check the restored wallet's address against known Monero wallet addresses 17:12:38 and then prioritize 17:12:47 I could also have screwed something up when sending it to luigi1111w 17:12:53 it can be done in milliseconds 17:12:54 lots of moving parts on both sides 17:13:37 sech1: I know, it's unclear how sophisticated the attackers in that attack (or any) are with Monero, if they had a "trove" of keys they might have just deprioritised it and focused on more accessible / easier chains 17:14:21 *more expensive chains like BTC/ETH :D 17:14:23 * sech1 cries 17:15:07 for the swept transactions, were ANY of the outputs change, or were they all 2 outs with presumably one 0-value output? 17:15:21 no change 17:15:26 sweep transactions don't produce change 17:15:36 okay, just double checking 17:15:45 someone just restored the wallet from seed and did sweep_all, from the looks of it 17:15:54 you can check those transactions 17:16:40 Hmm, but keylogger on Windows machine could only compromise wallet password, not its seed 17:16:49 If you only have wallet password, you also need wallet files 17:17:04 the ccs viewkey / primary address has been public for some time, at least since april 2022 17:17:22 If you only have wallet password, you also need wallet files <= right 17:17:35 Unless it wasn't just a keylogger, but a full scale trojan with remote access 17:17:53 most RATs include the ability to keylog 17:17:55 then someone could use it to login to Windows machine on September 1st, then clear logs 17:18:06 Was it on at that time? 17:18:17 yes 17:18:25 both PCs? 17:18:30 yes 17:18:44 then I can't exclude this option (compromised Windows PC) 17:19:09 it's probably the most realistic option 17:19:22 all other options are James Bond level stuff 17:19:25 why leave the windows wallets alone? Why wait from May till September? It's possible 17:20:17 Maybe the keylogged only one of password? 17:20:24 why use windows at all with a PRIVACY coin... 17:20:25 *they 17:20:36 hmm, the least frequently used password... 17:21:14 spading_slider thanks for the input 17:21:16 from my experience, someone running simple RAT and removing all indicators of compromise is not likely 17:21:32 why use windows at all with a PRIVACY coin... <= just what I've always done 17:21:52 Did you save full disk images from both PCs the moment you discovered the hack? 17:22:04 To search for traces later 17:22:33 MajesticBank it's possible they didn't remove all indicators, I don't know how to look for them all 17:22:56 sech1 no, but I found it almost a month later, so if they were going to clean up, they surely would've already 17:23:28 When you synced the wallet, did it sync from Monero height that it had in May? 17:23:32 yes 17:23:56 bash history is also all my commands, at least from May 17:24:00 Hmm, if it synced from May height, then it wasn't used to steal funds. I mean this instane of the wallet 17:24:28 could have copied the wallet file? 17:24:39 if they were smart, yes 17:24:46 and synced on their own machine 17:25:27 its what a smart actor would do if they dont know how long they have inside the system 17:25:47 well May to September is not a short time 17:26:15 i doubt theyd sit there with a shell and just waiting for the wallet to sync, hoping the connection doesnt die 17:26:50 f​luffypony: what software generated the CCS keys? 17:28:54 hinto.janaiyo: monero-wallet-cli 17:29:49 I have an idea 17:29:57 We have 2500 monero from a donation for a wwebsite 17:30:00 Insurance? Haha 17:30:32 Pay the workers 17:30:33 an unplanned refund event 17:30:40 This is what generalfun is for 17:31:34 I doubt there is much resistance to paying existing CCS from gen fund, but wanted to get discussion underway before doing taht 17:31:36 we have a work in progress list (600~xmr awaiting to be paid out in the immediate short term) 17:31:52 May to September, and then 4 weeks until any measures were taken. I think it's safe to assume only 1 wallet was compromised 17:32:16 "Luigi logs into CCS wallet to top up hot wallet, finding (after syncing from May 10th as expected) a balance of ~4.6 XMR" <-- they didn't even monitor it for future incoming funds? 17:32:24 apparently not 17:32:29 or didn't care about that much 17:32:51 other miscellaneous issues (where some proposals have been resolved e.g. acceptXMR pre-funded with an abandoned proposal, and, we where planning to do the same for svandras video proposal).. resolving the outreach proposal didnt go through 17:33:25 general fund can probably bridge those too, either way that's a small amount of xmr right 17:33:26 to me this seems more targeted, people with a large amount of hacked wallets likely have scripts that auto drain them 17:33:47 it's def important to find root of this, regardless it's amount we can recover from 17:33:57 whoever did this is not a hero in any way 17:34:18 Whiever did this is a bum 17:34:23 Coukd have at least payed the devs 17:34:37 selsta: generally wallets that get drained don't receive future funds, and monitoring multiple Monero wallets is painful if you're not super sophisticated 17:34:51 %temp% and %appdata% are most common folders where RAT things are dropped 17:34:51 I would look for .lnk files (they often spread using USB drives) 17:34:51 They start with windows using .lnk in Startup folder in start menu and also Registry entires for Run, RunOnce 17:34:51 Windows services also 17:34:51 Data recovery software can't recover files often but can find metadata from years back 17:34:53 temp files, memory dumps, chkdsc file fragments, windows error reports, dns cache, 17:34:55 event logs, old prefect data 17:35:26 Is this even the corref room? 17:35:30 yes, but it was muddied by 4 weeks of that Windows PC running after the hack 17:35:40 #malware response etc? 17:35:40 or maybe even more, if it was hacked before that 17:36:06 I havent read entire backlog. Was wallet drained a long time ago? 17:36:14 september 1 17:36:19 full timeline: https://www.reddit.com/r/Monero/comments/17m6w9e/psa_ccs_wallet_incident/ 17:36:27 Ty 17:36:34 sech1> or maybe even more, if it was hacked before that <= had to be at least May if that was the method of breach 17:37:07 was the SSH password secure enough? 17:37:21 Someone who hacked Windows PC, could've just cracked it 17:37:28 For example, a day before 17:37:48 you need SSH password and CCS password 17:37:55 you'd need a keylogger 17:38:17 I think they are 13-14 chars 17:39:04 plowsof @plowsof:matrix.org: does it time up with any meetings 17:39:08 well, maybe they're on https://haveibeenpwned.com/Passwords and this is how they were hacked 17:40:06 fwiw, I've been involved in investigations on multiple exchanges that got hacked (plus Mintpal which was just a straight rug), and hackers sat on compromised boxes / keys for ages before sweeping (as in we were able to actually identify the exact time they compromised it). Sometimes they hope that there will be more funds, and then for whatever reason just decide that today is the day they're sweeping, and there's much less available to 17:40:06 them than there was weeks or months before then. They're operating on incomplete information, ultimately. 17:40:45 I just don't want to detract from the fact that the compromise could have happened on my side even before I sent the seed to luigi1111w 17:41:02 September 1st, back to school season. "Today is the day" :D 17:41:55 it was a Friday too 17:41:59 fluffy how would they not be aware of what they've stolen? is what you just said above why? 17:42:46 he's saying they might have huge lists of keys that they go through whenever 17:42:52 yes that 17:43:16 if you have a wallet that belongs to someone else, you never know if they might deposit more 17:43:18 nice that they didn't wait for monerokon 17:43:29 Or fcmp 17:43:41 well, maybe they're on https://haveibeenpwned.com/Passwords and this is how they were hacked <= these keys aren't used on any services 17:44:06 monerobull: exactly - they might not be part of the Monero community and know when the wallet might have more or less funds, so there's no way to necessarily link the time of the sweep to the time of the compromise 17:44:18 they might have swept it the day they got the keys, or months or years after they did 17:44:20 So ultimately, it doesnt appear that your system was breached 17:44:38 Luigis 17:44:44 i guess i dont understand the tay situation. 17:45:28 kinghat: they identified a bunch of wallet sweeps (past and some more recent) that link the same attacker because they go to the same wallet 17:45:29 No signs of the transfer coming from your system, only thing we know is that spend key/ seed was compromised somehow 17:45:52 or wallet files stolen together with the password 17:45:54 the way the keys are generated for these affected wallets is all over the place, eg. Eth pre-sale wallets and hardware wallet keys 17:46:35 they think many of these are because of LastPass, but there are a whole set that never used LastPass but have been swept by the same attackers (since they went to the same destination) 17:46:44 and some people who were affected also lost XMR 17:47:49 can't that attack be ruled out if monero-wallet-cli was used to generate the keys? otherwise this would be happening to many wallets 17:47:51 So ultimately, it doesnt appear that your system was breached <= I haven't found any evidence of anything besides the wallet being empty. I will do some more research on the ubuntu machine when I'm back 17:48:03 north korea achieved good quantum computing 💀 17:48:21 first target acquired! 17:48:29 satoshi? NO 17:48:48 does it make sense to setup 2/3 multisig for future funds? I can understand why it wasn't used in the past but it's a bit more mature now 17:48:54 hinto.janaiyo: no, because we don't know how every affected user in that breach was compromised - like I said, it's possible the Qubes VM that was used in generating that was compromised (however unlikely) 17:49:00 or just hardware wallet 17:49:00 selsta: that's where my head's at for sure 17:49:10 pretty counter-productive for them to target our CCS wallet 😭 17:49:28 WE MUST STOP MONERO DEVELOPMENT 17:49:39 100 17:50:01 selsta yes open to any and all ideas 17:50:13 We should put up a bounty on finding them 17:50:32 DataHoarder @DataHoarder:libera.chat: DataHoarder @datahoarder:monero.social: can you track the sweeps 17:50:54 ummmm...no 17:51:12 I don't want to be snarky, but that's the point of a privacy-enhancing cryptocurrency 17:51:13 which sweeps, unless it's tagged the way p2pool does not much can be done 17:51:47 Fluffy, depends on how / if they try to offload it 17:52:16 yeah which is why we put this up as well, maybe they sent funds to a service / someone 17:52:19 and didn't churn 17:52:21 if they reswept in one tx later it would be statistically kinda obvious. Easy to hide tho if they pay attention 17:52:27 reason why stuff like this is done is because they don't do minimal effort https://p2pool.observer/transaction-lookup?txid=fd2b22f63dd4a9198661402332103881e850bce33852cfb71d142e60a76e982e 17:52:35 and as luigi says 17:53:12 txids are there if someone wants to try. I can see the news headline now 17:55:49 Most we can do, is to find a tx that sweeps those 9 outputs into 1 17:55:57 and then the trail gets cold 17:56:03 it's a lot of time in between events, otherwise forensic dump of memory + disk would be good to have before doing anything, VM snapshots etc.. Otherwise any tracking can be done after the fact, if there are any statistical outliers 17:56:47 and yeah it's not a p2pool source where they are continuously re-sweeping into the same entities, that is why in p2pool it's so effective even when sweeps happen 17:58:15 and then the trail gets cold <= yep. Unless you have access to exchange data. Much harder. 17:58:48 Trocador might lol 17:58:57 basically they would've actively had to screw it up 17:58:58 (If he wanted to) 17:59:10 <4​rkal:monero.social> Anyone know where they dumped it? 17:59:19 No 17:59:22 we have no idea if they did 17:59:35 one could do volume analyses tho that would just be a guess 17:59:55 <4​rkal:monero.social> If they're smart they'll dump it slowly 18:00:08 well 18:00:43 The wallet could have been worth a lot more 18:02:01 Some of that xmr was jet fund anyway 18:02:13 Stole my jet fund.. 18:02:31 (a lot of purgatory ccs) 18:02:53 Ie, xmr for projects that died. Ie, surplus 18:03:37 now plowsofs job got a lot easier 18:03:38 Yep 18:03:42 "sorry, money gone." 18:03:43 luigi, was the ssh bidirectional? 18:04:05 <4​rkal:monero.social> Any merit to this? https://nitter.net/pokkst/status/1720138325334335497 18:04:30 Merit? 18:04:39 Thats what were currently discussing 18:04:52 <4​rkal:monero.social> Oh ok lol 18:04:53 4rkal thanks for your input 18:04:57 also, i guess it doesnt matter now that the funds are gone, but what would have happened to them if you were attacked by bus? 18:05:11 Or are you talking about pokksts decoy acanner? 18:05:22 > I'm not in there, but can someone tell them they can use my monero-decoy-scanner tool to see when outputs are used as a ring member in a transaction Someone just brought up trying to somewhat follow the coins (they're hoping for a sweep tx one hop away from the theft txs) 18:05:27 From pokkst 18:05:35 <4​rkal:monero.social> Yeag 18:05:44 <4​rkal:monero.social> Yeah 18:06:33 kinghat: the seed is known by 2 people 18:07:45 any chance somebody just accidentally clicked the "max" button on their wallet while sending? then maybe they went to sleep 18:08:06 time to store the wallet keys in a google pixel 18:08:57 oh right. they were moved back to the same ccs wallet. 18:09:13 wait what? really? LOL 18:09:52 looks like it 18:10:03 funds were moved to the hot wallet, and then moved back 18:10:10 One more source of compromise are the feds 18:10:15 in this case 18:11:00 I though it was "by default" to never use that wallet again after the arrest 18:11:05 damn 18:11:26 Me too... 18:12:42 and if youre not going to be back at that machine again in a month, how can you be sure there wasnt physical access? 18:13:18 That's quite a bit of XMR they got away with. 18:19:54 Since the CCS was hacked and luigi1111 has write access to the repositories, I believe we should thoroughly double-check that all merge commits by luigi1111 are exactly that: merge commits. 18:21:03 is there a git command for this? 18:21:07 I'm not a git expert 18:21:11 Yes good. 18:21:40 git good? 18:21:42 wait... 18:21:43 lol 18:21:45 this is the main suspect tx: 18:21:46 https://xmrchain.net/tx/bb77d03cae08942f43cccd759ade505a1c9435470a4a2cabfa5e26d2c93d1a58 18:22:29 selsta: can you contact partners at exchanges :) 18:22:32 9 flagged enotes (there will be false positives because of the 0-output) 18:23:10 https://matrix.monero.social/_matrix/media/v1/download/magicgrants.org/9d9681b399786384f850e8df0f692ea7864630121720144524757434368 18:23:12 (hypothetically, not asking you to do it) 18:23:37 file picture2.png too big to download (1454500 > allowed size: 1000000) 18:23:37 picture2.png 18:23:57 So this is most likely a second sweep transaction 18:24:13 Too low probability that all 9 output would be used there 18:24:15 that's for a scan window of 2965023 to 3009430 18:24:45 But it has 11 outputs? It's unusual 18:24:50 yes, that transaction, with only 13 inputs, if unlikely to have included 9 of those outputs by chance. It's a good lead 18:25:04 sorry 17, not 13 18:25:04 oh right. they were moved back to the same ccs wallet. <= no, they were just spent as normal 18:26:39 that's the transaction to ask around about. I'd ask about all of these while you're at it: 18:27:32 and if youre not going to be back at that machine again in a month, how can you be sure there wasnt physical access? <= my house isn't in the habit of being broken into. Of course it is possible. I would expect there to be a trail then too. Unless somehow targeted only towards that machine. 18:28:03 bb77d03cae08942f43cccd759ade505a1c9435470a4a2cabfa5e26d2c93d1a58 (9) 18:28:03 32baff7fbe031dd673942061a0a20fd9615fbaccf06a6d4cd8d30e65376e12cd (4) 18:28:04 968a24397d3efc60c916810002d373d09d3be570c8c054f5d5b457ca35755706 (2) 18:28:04 17e502cf9e3886d99f79b8c40789b8b759df0f51da2830d3cdd1128549fd8d72 (2) 18:28:05 7486df2589ffc7c9edf23e8b9177131f8953a983af8400ddd8e198b8abfa0efc (2) 18:28:05 f6efef0e091bca24f89de8101d9b10d07c0af85db78af305e82c710c0fadb103 (2) 18:28:06 9e4e7e4c77f0523848a51f927a17a640117ff2cdeb7201933c69fe2daf7be06f (2) 18:28:34 2 and 4 ones can happen by chance, but not 9 18:28:39 and 9 happened the very next day 18:28:46 so the good news is that XMR has a strong community so just do a community fund raiser and you'll have this back in no time 18:29:11 dsc_ our resident optimist :) 18:29:17 its true though 18:29:19 :P 18:29:58 as a user I would be willing to donate, could even implement some banner inside the wallet 18:30:07 Did you at least send requests to exchanges asking if anyone deposited this exact or similar amount in September? Long shot, but still... 18:30:32 sech1> I though it was "by default" to never use that wallet again after the arrest <= this was a mistake on my part. Although, fluffy has/d other wallets that are also not compromised, as far as I understand 18:31:10 Exchanges can find deposits 1-2 hops away from this second sweep transaction 18:32:35 This hack has brought us all together, priceless 18:33:02 go team 18:33:41 didn't some guy say earlier he had enough to refund the ccs himself? 18:33:44 or am i trippin 18:34:38 I don't remember seeing that 18:34:53 ...anybody know how to scroll up in weechat? 18:34:55 32baff7fbe031dd673942061a0a20fd9615fbaccf06a6d4cd8d30e65376e12cd has 99 inputs, so there is a high likelihood for false positives. And for the 2 transactions, those aren't likely to match in this case. It's really just the first tx with 9 matches 18:35:30 nvm i got it, hang on 18:35:42 OWASP has a pretty good primer on Order of Volatility if you're wanting to collect data, although since it's a month+ old there's probably not a whole lot that can be preserved at this point unless you have long log retention on your networking devices and other systems. https://owasp.org/www-pdf-archive//NetSecurity-RespondingToTheDigitalCrimeScene-GatheringVolatileData-TechnoForensics-102908.pdf 18:36:02 nvm i misread what he said 18:36:15 11 outputs is highly unusual though. Is anyone aware of any services that would correlate with this activity? 18:36:27 I will re-run the test with these 11 outputs 18:36:50 Rucknium: 18:37:35 PocketChange?... but probably not applicable here 18:37:47 lmao 18:38:00 Had the same immediate thought :) 18:38:32 11 outputs in the CLI wallet is hard, I guess 18:39:11 Gives an awfully long command 18:39:32 I don't know why you would consolidate 17 outputs then split it into 11 unless it was a group of individuals that were you paying out to 18:39:46 Maybe we could look for other 11 output transactions in the same time span? 18:40:11 Or its an artifact of a poorly written churner 18:40:41 possibly an attempt at structuring 18:41:47 it was a team of 11 007 agents. They needed to split the winnings. ok I'll stop 18:42:39 Ofrn and his 11 alts 18:42:44 10 alts* 18:43:01 711 agents* 18:43:15 sgp: What software are you using to make those graph images? 18:44:33 Well, a certain sense of despair slowly creeps into my mind if not even Monero core team members can manage to stay safe against whatever type of attack that was 18:45:02 "Be your own back". Yeah, right. Bank robbers please line up here. 18:45:06 *bank 18:46:11 rbrunner7: but aren't we talking about a wallet that is effectively hot? with no passphrase, no multisig, no hardware device 18:47:12 it was running on an ubuntu machine that was running a node? and has a windows 10 desktop, that is definitely hot, SSH'ing into it occasionally 18:47:33 it had a passphrase, but the rest is right 18:48:33 Hard to say. It does seem one can hardly be too paranoid as soon as the amount at stake goes over a certain limit 18:49:08 luigi1111w: was the remaining 4.6 XMR saved ? 18:49:23 what 18:49:28 how was the passphrase shared, together with the seed? 18:49:33 244 remains iirc 18:49:47 Seed was split in 2 18:49:51 the wallet file had a password, the seed did not have a passphrase 18:49:56 Sorry from the main wallet 18:50:10 ah 18:50:13 all of lovera's was saved. I moved the 4.6 then the remaining 5.4 or whatever in small chunks 18:50:25 next transaction they swept to is: 2c5b45bf398dcae482019a46fb2d06d334bf4260484dc4857fc35db3689ad5ec 18:50:37 Lovera: 🥳 18:50:37 drinks on you? 18:51:13 https://matrix.monero.social/_matrix/media/v1/download/magicgrants.org/9f54c1748e9ad7a30d8401c6f89f01e99b8367ba1720151588539990016 18:51:15 not suspicious at all 18:51:18 monerobull: oh maybe a "seed passphrase" was meant? In that case no 18:51:37 sgp "Breaking monero part 420" :D 18:51:45 right - i did mean seed passphrase, as opposed a passworded wallet file 18:52:06 yes, generating a seed with passphrase is much safer 18:52:07 Maybe irs wants to donate the 625k to us if we can track this 18:52:10 we double up 18:52:15 IIRC it's called "offset passphrase" in CLI wallet 18:52:23 I'll let the report finish, but I think, since there are only 2 outputs, that this one might have been deposited at an exchange 18:52:32 right. I don't think that would help against keylogger 18:52:36 Ty sgp 18:52:52 sgp: What software are you using? 18:52:57 not if they have the file no 18:53:11 Keylogger no, but seed with passphrase is easier to split, and passphrase can be sent via 3rd independent secure channel 18:53:16 I refer to the original wallet creation 18:53:46 sgp 2 outputs only mean we can't trace reliably anymore 18:54:00 But you could look for 1 in/2out transactions that use it 18:54:11 If it was a single output and they tried to churn it multiple times 18:54:33 my own, not public sorry 18:54:40 then, if you find a chain of 1in/2out transactions that start with it, it's their churn 18:55:19 yeah, will keep scanning the graph from there if needed 18:55:27 rucknium weren't you working on safe/unsafe churning recommendations? 18:55:31 but from here on, it may get dicey 18:55:51 in some ways, it's a miracle we were even able to trace forward 2 hops 18:56:01 not a miracle 18:56:09 combining multiple outputs is a known weakness 18:56:34 s​ech1: No, that is Nathan Borggren (compdec): https://monerofund.org/projects/eae_attack_and_churning 18:56:39 ngl, I will LOL if the reason they got caught it because of pocket change, that would be too funny 18:56:56 ngl, I will LOL if the reason they got caught is because of pocket change, that would be too funny 18:56:58 Lmao 18:57:00 Ok I will make one myself. A little competition :) 18:58:52 anhdres: does pocket change sometimes split funds into 11 outputs? Would that be behavior that could be accounted for? 18:59:28 spackle_xmr: 19:00:18 I think PocketChange number of outputs is a little randomized now. 19:00:42 https://www.reddit.com/r/Monerujo/comments/164tklr/weve_released_an_updated_version_of_monerujo_on/ 19:01:31 I doubt they'd use anything but CLI wallet 19:01:32 64 days ago 19:01:42 So, they coukd have been using old version 19:02:02 Hack was 62 days ago? 19:02:35 Yes, they released an update on August 29 that changed the number. 19:02:35 I don't think I am the correct person to speak on this, but since I was tagged it is my understanding that the original version of PocketChange would have 11 outputs for a very large balance. It fills 10 pockets, and has a standard address output for a total of 11. 19:02:37 <1​23bob123:matrix.org> Ans still don’t know how they gained access? 19:02:46 Hack was around Sept 1st 19:02:47 <1​23bob123:matrix.org> And* 19:02:59 how often does android auto update apps? 19:03:06 do we really think these guys loaded the wallet into monerujo with pocketchange enabled lol 19:03:06 Ty spackle, thats what i was trying to remember 19:03:20 Sometimes i have over 50 apps pending 19:03:21 It doesn't auto update, I think 19:03:28 Wirh autoupdates enabled 19:03:31 At least on my phone, I have to click "update" 19:03:43 it's reasonable to believe they might have been on the old version then 19:04:01 not a guarantee ofc, but a reasonable assumption to consider 19:04:10 It only sends notifications that "you have N apps ready to update" 19:04:13 https://matrix.monero.social/_matrix/media/v1/download/monero.social/KjAVNHUcyDenkAeKeEhDIDfr 19:04:36 Nah. It will autoupdate if enabled 19:04:42 https://matrix.monero.social/_matrix/media/v1/download/monero.social/ilChkftpWdKkNcVVkWWGsAOw 19:04:43 Could it not have been an exchange payout? 19:04:48 pocket change would explain why deposits would be swept into 11 outputs, then the sender (possibly unaware) would re-merge them 19:05:18 This is the same observation I had in Monerokon. Other chains may have 'privacy tech' but they will never have the balls to implement it properly like Monero. 19:05:21 https://matrix.monero.social/_matrix/media/v1/download/monero.social/vTYHwRpWyMEgouYyUHmlfSSm 19:05:51 Even with auto-update and wi-if connected, it doesn't happen often 19:05:59 Right 19:06:02 android definitely does autoupdate, from the official google play docs site: By default, apps are updated automatically when the following constraints are met: 19:06:02 The device is connected to a Wi-Fi network. 19:06:02 The device is charging. 19:06:03 The device is idle (not actively used). 19:06:03 The app to be updated is not running in the foreground. 19:06:04 Google Play typically checks for app updates once a day, so it can take up to 24 hours before an app update is added to the update queue. After an app is added to the queue, it will be automatically updated the next time the constraints above are met. 19:06:39 My update queue had 19 apps, just checked 19:06:45 And I charged my phone today 19:06:50 On wi-fi the whole day 19:07:02 everyone should ask around to see if any exchanges or services received this deposit 19:07:12 sgp which one? tx id? 19:07:21 Same. google play is weird. It doesnt even oush updates to everyone at the same time 19:07:31 selsta: ? 19:07:37 2c5b45bf398dcae482019a46fb2d06d334bf4260484dc4857fc35db3689ad5ec 19:07:43 next transaction they swept to is: 2c5b45bf398dcae482019a46fb2d06d334bf4260484dc4857fc35db3689ad5ec 19:08:00 damn 19:08:10 I should've enabled logs on p2pool explorer :D 19:08:14 Morpheus: did you get this one? 19:08:20 Then I could check who viewed that tx :D 19:08:25 Or autodeleted already 19:08:49 o​frnxmr: I only have contact to one exchange and core also has contact to that one 19:08:53 <1​23bob123:matrix.org> I’m curious how they breached and if there still in the system 19:09:26 Is there anyone with some official relation to exchanges to ask them about this tx? 19:09:48 do we know what os was used on qubes during wallet creation? 19:09:49 Ok, would you do the honors, selsta? 19:10:33 <1​23bob123:matrix.org> It was qubes? 19:10:44 That'd be weird if they get caught. Lose-lose situation :D 19:10:47 <1​23bob123:matrix.org> I thought it was ubuntu 19:10:59 :D 19:11:05 Either we lose 2.5k XMR, or everyone says "but it was supposed to be untraceable, right"? 19:11:18 What are the tx id? 2c5b45bf398dcae482019a46fb2d06d334bf4260484dc4857fc35db3689ad5ec and which other one? 19:11:38 sgp: 19:11:49 probably ubuntu vm inside qubes i guess 19:12:19 PocketChange would be an extremely odd choice. It is the sort of thing that someone would do to laugh at tracing attempts. 19:12:31 <1​23bob123:matrix.org> I suspect it would of come from m$ 19:12:34 https://xmrchain.net/tx/bb77d03cae08942f43cccd759ade505a1c9435470a4a2cabfa5e26d2c93d1a58, which then appears to have been spent in https://xmrchain.net/tx/2c5b45bf398dcae482019a46fb2d06d334bf4260484dc4857fc35db3689ad5ec 19:12:47 <1​23bob123:matrix.org> Not qubes 19:13:03 bb77... is the first sweep after the hack, and 2c5b... is the second sweep, right? 19:13:19 yes 19:13:35 and bb77... is suspected to be PocketChange 19:13:55 correct. we don't know for sure of course, but it's currently my best guess 19:14:04 did you find any 1/2 transactions after 2c5b... ? 19:14:15 1in/2out 19:14:29 450K USD is hardly "pocket change" tho... 19:14:35 that will take me time to check. Might be tomorrow with the Monero meetup later today 19:15:18 there will likely be several candidates that are 1/2 after 2c5b... But I can get you the exact ones later 19:24:28 So we can trace it 👀 19:28:00 <1​23bob123:matrix.org> Checking journalctl please hold 19:28:16 <1​23bob123:matrix.org> Neg we have logrotate on 19:28:29 We will soon find a swap done to a shitcoin and press will be all over it monero devs traced it and its not that anonymous 😂 19:28:56 <1​23bob123:matrix.org> Pen test 19:29:18 Justin maybe you can say a few things about this at the meetup tonight 19:29:54 yes, it will do it randomly between 6 and 14. So if the random number is 11 it will create those outputs IF the wallet doesn't have 11 already filled, otherwise it'll be less. https://github.com/m2049r/xmrwallet/pull/914 19:30:00 Or sabotage 😅 19:30:10 have fun guys :) 19:31:38 Tari mainnet is close 🫢 19:32:15 we'll meet soon (Monerujo) and try to help shine a light on this 19:33:54 As I said in my github comment on the issue, I think there should be an expiration on CCS collection. There's XMR there going back YEARS and it just ends up a liability 19:34:23 https://ccs.getmonero.org/proposals/xmrhaelan-monero-outreach-round-3.html 19:34:47 has anyone seen or heard from xmrhaelen and/or Monero Outreach in a long time? That's just liability money forever 19:34:59 <1​23bob123:matrix.org> Brb 19:36:31 Also, if the GF is not multisig, it should be made so immediately 19:37:22 <1​23bob123:matrix.org> Where very reactive here, not proactive 19:37:28 Instead of analyzing txes perhaps it's time to do some computer forensics? 19:37:58 <1​23bob123:matrix.org> Here why i asked how and if there still in the system 19:38:05 <1​23bob123:matrix.org> Hence why i asked how and if there still in the system 19:38:22 What a horrible way to store large funds. You're too quick to call it a hack. 19:38:24 <1​23bob123:matrix.org> Maybe they’re looking at the response to tracing? 19:38:49 <1​23bob123:matrix.org> That too 19:39:41 <1​23bob123:matrix.org> Yubikey for ssh , key rotation etc normal opsec 19:40:16 what about an evil maid attack 19:40:45 Yes. hence: Jet fund 19:40:47 lol 19:41:15 plowsof @plowsof:matrix.org: youre fired. Jk 19:41:51 <1​23bob123:matrix.org> Nooooooo 19:41:59 <1​23bob123:matrix.org> No more jet! 19:42:07 My severance package can be the 0.2 xmr left over for the archive proposal 19:42:20 tldr: jet fund = closing old / dead ccs and collecting funds from those as well as overpayments to current ccs. And using it as a rainy day fund 19:42:32 Someone will trace it as it’s all done just stupidly convinent 19:42:32 Stolen 19:42:41 > My severance package can be the 0.2 xmr left over for the archive proposal 19:42:42 Stolen* 19:43:05 https://matrix.monero.social/_matrix/media/v1/download/magicgrants.org/1828cc1c6019d476c147983c8aaa3005fbcfcddf1720164635522367488 19:43:08 file picture2.png too big to download (1615209 > allowed size: 1000000) 19:43:08 picture2.png 19:44:24 Wasn’t the rugpull on roadmap 🤪 19:44:32 <1​23bob123:matrix.org> If they had qubes on baremetal and rotated the qube it wouldn’t be such an issue 19:44:58 april 2023 19:45:00 2023 exit scam 19:45:08 but yeah wrong month 19:45:10 123123, last day of the yr 19:46:43 https://xmrchain.net/tx/06550272cdfa1eea98d288b2d57c272b5c52a2b195b4f808c8c03422a58ca47b is also suspicious, since the 2 matching enotes are distinct; they aren't present in the matches with the other 2c5b... transaction 19:47:02 Bad actor or a bad joke with funds getting sent back 😂 19:47:04 So where's the windows host? Is it running on a server? Is it a physical device that they had access too? Also what kind of a virtualizer was used for the Ubuntu VM? 19:47:09 We will see 19:47:52 no VMs, just 2 separate computers 19:47:53 <1​23bob123:matrix.org> You are asking to many questions sir ! 19:48:07 polar9669: do u know if there are any mining pools planned? i can't solo mine kek 19:48:15 for tari i mean 19:48:18 running again with these 2 transactions 19:48:19 Why make 11 outputs if you're gonna spend 6 in one transaction? I think that they had a cursory knowledge of churning and tried to do it themselves but failed miserably 19:48:51 <4​rkal:monero.social> Imagine the attacker reading this... 19:48:58 <4​rkal:monero.social> Prolly shitting their pants rn 19:49:00 <4​rkal:monero.social> Lol 19:49:21 as far as breaking into my house, I would've hoped they would steal my silver stash. It turns out even thieves don't want to own silver. Er, I mean silver? That was tragically lost on a boat 7 years ago. 19:50:57 <1​23bob123:matrix.org> Sank the boat 19:50:58 It can be merged mined with monero, so yes there will be pools 19:51:12 4rkal: Or laughing. 19:52:30 any word where the pools will be when they're available? 19:52:40 Too easy isn’t it 19:53:48 <4​rkal:monero.social> Yeah most probably someone who got access there is pretty intelligent and has some good opsec 19:53:56 @spadin_spider please move to #monero-offtopic 19:54:04 that's all the updates from me today. I will need to organize some thoughts more 19:54:08 <1​23bob123:matrix.org> Lets ask the chain anal company that says they can trace monero 19:54:34 Were better than they are, but theyll want the credit if we can give em a lead 19:54:42 🎣 19:54:49 mf called me spadin spider xD 19:54:58 thanks sgp 19:55:52 but you have now challenged Rucknium to a duel 19:56:57 Suggestion: 19:57:09 We raise a bounty 19:57:13 I need to make trivia for the meetup today. Priorities :p 19:57:35 yo ucan ask how many monero was stolen from the ccs wallet 19:57:45 Dead or alive 19:57:45 i mean, found or recovered 20:00:15 sexy evil maid attack* 20:00:16 luigi1111w: have you inspected the logs on both devices? Ubuntu had many high/critical CVEs in the recent months. Windows event logs can also help if the initial compromise happened there. 20:00:33 Will their be a recording of any parts of the meetup? 20:01:14 It was sgp, jberman, and kayaba! 20:01:17 impromptu workshop, welcome to breaking monero 20:02:21 <1​23bob123:matrix.org> Too soon 20:03:13 will we appear on rekt.news :( 20:03:56 <1​23bob123:matrix.org> If it was evil maid i reckon it was luke he had a maids dress on at kon 20:04:27 we barely make the list 20:04:28 grafik.png 20:05:00 top 100 :( 20:05:10 the list only goes to 67 20:05:19 its over 400k 20:05:53 siren: SSH log was as expected. Bash history as expected. On windows side there was huge gap between last access and hack so I'm not sure what to look for. Same could apply to Ubuntu if they broke in long before hand 20:06:51 Those can be easily wiped. SIEM would have helped. 20:06:55 Luigi was password access by SSH allowed on the Ubuntu machine? 20:07:57 Have you updated ever since the hack? It would be useful to know the installed package versions at that time. 20:08:44 <1​23bob123:matrix.org> What about looking at the server with wallet? 20:08:53 If auditd was enabled you can try checking there https://github.com/wagga40/Zircolite 20:09:10 i got hacked not long ago for having open ssh port & password access lol; always use private keys boys 20:09:24 password was from password manager too 20:11:06 Yeah could be that someone placed the seed or the password (to SSH or to wallet file or anything that would grant an attacker access) on a SaaS password manager 20:11:15 So many ways 20:11:41 <1​23bob123:matrix.org> Ssh allows totp or fido2 20:12:05 That's good practice, we don't do that here :D 20:14:00 Seed and passwords were not ever in any managers. Doesn't really matter if a keylogger was present tho. It would be really odd to clean up everything and also leave other wallets alone. 20:15:24 So you had other wallets on that machine ? Anything related to the General Fund ? 20:15:57 No I don't have that 20:17:26 There doesn't need to be a keylogger, it can be [dumped from the process](https://jm33.me/sshd-injection-and-password-harvesting.html) or [memory](https://nored0x.github.io/penetration%20testing/Dump-Login-Passwords-From-Current-Linux-Users/). There are several ways to extract passwords/secrets. 20:18:51 <1​23bob123:matrix.org> Yeah in memory 20:18:54 <1​23bob123:matrix.org> RustOs 20:19:27 You need access to the machine to do that? 20:19:44 so ssh was a password? Or keys? 20:19:51 <1​23bob123:matrix.org> Kernel attack? 20:20:10 Was password login explicitly disabled in sshd? 20:20:25 You need access. But it is perfectly possible that this happened afterwards. 20:21:27 An attacker can attach to a running monerod process and dump credentials if: the attacker is root or the same user who started the monerod process. And this kernel param is set to 0 (often by default) /proc/sys/kernel/yama/ptrace_scope 20:22:16 Dump credentials of what? How would you get access without the credentials in the first place? 20:22:35 It was a password 20:23:05 It can also be your wallet-cli or whatever program that you passed credentials to 20:23:24 It can be caught when you start the process and submit the password 20:23:31 Unlock the wallet 20:23:45 I think Windows generates so-called 'Event IDs', often used for forensic purposes 20:23:51 <1​23bob123:matrix.org> PermitPassword neva! 20:23:56 but that is low hanging fruit that is probably already considered... 20:23:57 So basically a key logger by a different name 20:24:14 An attacker can attach to a running process and dump credentials if: the attacker is root or the same user who started the monerod process. And this kernel param is set to 0 (often by default) /proc/sys/kernel/yama/ptrace_scope 20:24:59 siren: credentials are not so easily extracted from memory 20:25:16 They would need to be root somehow also 20:25:16 monero has mechanisms in-place to counter that 20:25:18 They are if you permit ptrace 20:25:23 And you own the process 20:25:45 its probably not fool proof but there is quite a bit effort done in the underlying code to prevent such a thing 20:25:56 And it's not a keylogger, it uses ptrace or ld_preload 20:26:06 You can't really prevent thar 20:26:16 You can't really prevent that 20:26:20 yes and eBPF is another method 20:26:28 again, monero-wallet-cli has some hardening 20:26:43 but as uid 0 you are pwned yes ;) 20:27:08 <1​23bob123:matrix.org> PermitRootLogin allow always! 20:27:27 use my node over tor :( 20:27:31 Like if they are root they already won surely 20:27:33 So you're saying that the monero wallet cli or gui (whatever you used) was being run by root too? 20:27:54 I think root was disabled on this box 20:28:01 Because they don't need root to perform ptrace attach if it was started as the same user that was compromised 20:28:06 Just saying 20:28:06 The user running it was root 20:28:16 <1​23bob123:matrix.org> Anyway get a yubikey use edsca25519-sk 20:28:21 There is only one user. Machine doesn't do anything else 20:28:49 plowsof i recognized your name from your node url xD i be using it 20:29:01 hinto has provided a suggestion of "best" opsec on the github issue https://github.com/monero-project/meta/issues/916#issuecomment-1791394073 20:29:13 I have a yubikey. But if I'm doing this again it's just going to be airgapped 20:29:31 <1​23bob123:matrix.org> https://tinyssh.org/. And use this on server 20:29:37 Yeah something like that makes sense 20:29:40 spadin_spider i like you 20:30:29 :'D you too man 20:30:34 Do we have any logs to inspect on the machines? Sysmon, auditd, any more SIEM? 20:30:39 we can guess what happened / why but its only guesses, maybe just focus on what the correct method(s) shld be - from wallet creation / sharing to making payouts every other month 20:31:28 <1​23bob123:matrix.org> Guessing is fun 20:31:47 <1​23bob123:matrix.org> Also maybe look at os with fde and selinux 20:32:38 Terrible news 😔 20:32:38 CCS drained and Justin Tracking Monero ,🫠 20:32:38 hola Lovera 20:33:00 Hola amigo 👋 20:34:11 btc :| 20:34:36 This is very convenient if you really stole the funds 20:37:17 people generally dont do petty thievery if they are already loaded 20:37:22 no offense to luigi 20:37:52 who is the loaded party here? 20:38:01 luigi... or so I assume 20:38:13 what motivation would he possibly have 20:38:18 idk seems unlikely 20:38:22 isn’t fluffy the other half of this equation 20:38:41 same for him.. 20:38:45 Yeu 20:38:45 even the more likely one as the person who generated the wallet? 20:39:21 he’s under house arrest in South Africa with lawyer bills through the roof 20:39:26 <1​23bob123:matrix.org> I blame ofrn too many bans and got revenge 20:39:37 lawyer bills probably not a big deal I would imagine 20:39:43 plenty of motive if you’re looking for one 20:39:49 Everything told here about the wallet setup makes zero sense. Almost as if you're trying to make us into believing you were hacked lmao. 20:40:02 not after 3 years and different countries 20:40:12 I refuse to believe you had such poor opsec 20:40:31 humans :( 20:40:41 Yes 20:40:46 something like this https://en.wikipedia.org/wiki/Evil_maid_attack is more likely 20:40:48 <1​23bob123:matrix.org> Ai opsec when 20:41:00 us nerds do not consider the human factor because we spend 24/7 behind the PC 20:41:19 > Since the CCS was hacked and luigi1111 has write access to the repositories, I believe we should thoroughly double-check that all merge commits by luigi1111 are exactly that: merge commits. 20:41:19 ^ 20:41:40 <1​23bob123:matrix.org> https://thenewoil.org/ 20:41:40 <1​23bob123:matrix.org> ima put this here 20:42:30 I would hope I could come up with a better story than "I was hacked but have no idea how" if I was the thief 20:42:51 :) 20:43:09 https://x.com/chrisblec/status/1720132453728182452?s=46 20:43:09 can filter merges to monero by author on github 20:43:19 not seeing anything of note 20:43:54 I’m ruling luigi out on gut instinct. plus fluffypony promised an exit scam in 2023 I believe 20:44:04 Since the incident the machine was left running for whole 2 months? You destroyed the chances of any forensics findings as well. 20:44:28 Why no disclosure til now 20:45:07 All this dev, analysis, and statistician power, and we wait and only talk with 2 other ppl 20:45:18 * spadin_spider pondering what the new oil is while the page loads 20:45:22 The money belongs to hackers 20:45:39 Why not tell the hackers "someone stole yur money" the day of 20:45:47 And watch that someone get caught the same day 20:46:20 We all know one thing that makes trackibf monero hard: time 20:47:19 <1​23bob123:matrix.org> Maybe kyc/log tranaction ip addresses is the way to go🚀 20:47:45 kyc *vomits* 20:47:53 sorry allergies 20:48:03 maybe don’t let people who are under active fraud investigation generate your wallet keys? 20:48:10 I didn't find out for 28 days. Talking with core was hard with people being away and such. Disclosure timeline was far from ideal 20:48:26 "short term measure" 20:48:26 2 years later 20:48:36 Luigi 20:48:45 Ccs coordinator is plowsof. Ty 20:48:51 hey, the world runs on ducttape 20:49:02 some fortune500 companies run their mission-critical apps in `screen` 20:49:07 source: me 20:49:10 <1​23bob123:matrix.org> This is true 20:49:15 <1​23bob123:matrix.org> Look at gov 20:49:29 <1​23bob123:matrix.org> Win98 servers 20:49:37 those are the best 20:49:37 At least it wasnt windows xp, right? 20:49:55 Plenty of factories using windows xp on their machinery 20:50:09 Network connected 20:50:11 xp just works 20:50:19 <1​23bob123:matrix.org> Yeah IBM 20:50:20 in an airgapped setup, the machine can happily be running windows xp 32 bit 20:50:20 no string, no bs 20:50:37 (network connected) 20:50:59 <1​23bob123:matrix.org> Need 64bit for ultra secure m$ driver signing 20:51:00 Win 7 too, no more security updates 20:51:01 simply don't centralize donations like this, CCS doesn't even need to exist 20:51:15 Then you have to think about USB and other I/O attacks which could allow access for evil maids 20:51:25 <1​23bob123:matrix.org> Yeah multisig 20:51:28 ofrnxmr there's legacyupdate dot net 20:51:42 for xp/7 and others 20:51:47 <1​23bob123:matrix.org> QubesOS fixes this 20:52:11 <1​23bob123:matrix.org> Usbdom please allow 20:52:19 ah yes, evil maid, did not consider this 20:52:52 <1​23bob123:matrix.org> I still stand by if it was an evil mad luke had that dress on 20:52:56 <1​23bob123:matrix.org> I still stand by if it was an evil maid luke had that dress on 20:53:03 cool a fellow qubes enjoyer 20:53:05 note to self, put comp in a safe 20:53:15 "Evil maid attack" is a thing: https://en.wikipedia.org/wiki/Evil_Maid_attack 20:53:32 the really evil maids get into safes np 20:53:45 *refrigerated safe 20:53:57 solder all usb shut 20:54:25 <1​23bob123:matrix.org> https://matrix.monero.social/_matrix/media/v1/download/matrix.org/vMTaQRLqYRpiwpQMJbukYUwE 20:54:27 <1​23bob123:matrix.org> Lol 20:54:36 <1​23bob123:matrix.org> Rav laptop 20:54:53 everyone please investigate your cleaning staff 20:55:17 the milkman... the windowcleaner... the pool guy... the person who cleans your yacht.... nobody can be trusted right now 20:55:20 The REALLY evil maids move all furniture 3 inches to the left to make you question your sanity 20:55:26 123bob123 that a toshiba? 20:55:29 <1​23bob123:matrix.org> Note too everyone please re-evaluate your opsec stup 20:55:40 <1​23bob123:matrix.org> Note too everyone please re-evaluate  your opsec setup 20:55:48 my opsec is olperfect 20:55:52 Is perfect 20:55:52 jeffro256: DDR police in soviet times used to do that, enter someones home and move the furniture just to mess with their sanity 20:55:57 im on every continent 20:56:10 I am 10 people 20:56:13 <1​23bob123:matrix.org> Shamir key 20:56:19 The point is that is that you shouldn't leave devices with really important data unattended with no protections against modifications while you're not looking 20:56:48 anonero 20:56:51 and if it doesnt exist in 3 places , it doesnt exist 20:56:53 ^ and if you do... booby trap it 20:57:36 Mine is booby trapped 20:57:50 (Gotta get past ofrn) 20:58:13 have a drink buddy 20:58:21 <4​rkal:monero.social> Why isn't a new multisig wallet created for every css. Where the ownership is shared between core and the person creating it. That way you make the attack less profitable and no one person can screw up 20:58:53 it wasn't multisig...? 20:59:02 <1​23bob123:matrix.org> Can keep the wallet password in googledocs! 20:59:12 <4​rkal:monero.social> Essentially "decentralizing" it 21:00:02 " The REALLY evil maids move all furniture 3 inches to the left to make you question your sanity" > Welcome to my world ;-P 21:00:22 😎 21:00:49 <1​23bob123:matrix.org> Reminds of the last two episodes of 21:00:49 <1​23bob123:matrix.org> https://www.netflix.com/au/title/81122462 21:00:49 <1​23bob123:matrix.org> Thats how they got into his laptop 21:01:18 does Google sheets work? https://x.com/fluffypony/status/1720144322937409615?s=46 21:01:39 <1​23bob123:matrix.org> Never got charges at the end cause all the gols and silver made the gov more money then they lost 21:01:45 <1​23bob123:matrix.org> Never got charges at the end cause all the gold and silver made the gov more money then they lost 21:03:03 <1​23bob123:matrix.org> Hmm google 21:04:05 <1​23bob123:matrix.org> Cryptopad or etherpad! 21:14:37 https://matrix.monero.social/_matrix/media/v1/download/magicgrants.org/054e05317bcdd700a1583f5c28ea37cc277282161720187668647641088 21:14:43 <4​rkal:monero.social> Why isn't a new multisig wallet created for every css. Where the ownership is shared between core and the person creating it. That way you make the attack less profitable and no one person can screw up <= this sounds kinda hard to implement 21:15:55 He was advocating for more windows users and tracking platform among across node network 21:16:00 Luigi did you see my request for transaction proofs on the Github thread? 21:16:15 Taking seriously = hard sometimes. Coming from me, says a lot 21:16:50 Tracking platform architecture* 21:17:01 jeffro256: can you even create tx proof when they were sent from a different wallet cache? 21:17:19 we don't have the tx keys 21:17:36 Sgp: what tool is that? 21:17:42 Ah good point 21:18:01 unless the 0-out is returned back to sender seed (I don't think it is?), then not much that can be done 21:18:08 yeah I don't have txkeys for those txs 21:19:15 you could sign key images for some of the relevant outputs or something 21:23:18 if I eliminate the enote that ended up at that other transaction (8949a7dc5279599fc6beec7e7f9e318fb96d428680da9e41d553731b453d4277), then we can focus on these for 1aec83176690ca24ee8b8d5d8d466ab5d6a924941d4f39c5d2cffdcc94efb136: 21:23:40 https://matrix.monero.social/_matrix/media/v1/download/magicgrants.org/ae5882e4e01f1b389f304dd46b7a4f676b2b3c691720189950663589888 21:26:43 If we are suggesting OPSEC improvements: IMHO, HackerOne isn't a good vulnerability reporting platform. 21:26:46 1500 xmr was converted to btc on binance over the last week 21:27:11 In 3 trades* 21:27:14 Too much information available to too many people. 21:28:09 https://matrix.monero.social/_matrix/media/v1/download/monero.social/TVruTrMjoEDtKVAXDnOUiIdo 21:28:37 actually the viewkey wallet synced spent command should work I think? there is such a thing 21:28:48 The rest is all green 21:29:44 If same acct, likely the inputs can be traced back to ccs wallet 21:29:46 Sooo, binance? 21:32:03 is it a good idea that details around the investigation are posted here? 21:32:20 it only benefits the attacker 21:33:20 Well, i found out here 21:33:36 And in secret, seems all the important ppl were left out 21:33:52 i mean the tx graphs 21:34:12 Yeah, but who was he to share with? 21:34:20 with #monero-csi 21:34:22 (rucknium) haha 21:34:38 financial crime division 21:34:55 idk 21:34:57 sharing earlier doesn't change much for blockchain analytics 21:35:12 if anything it's better to share later after they might've made a mistake 21:35:18 if those sells were a week ago, it does 21:35:19 Just did read the buffer 😢 21:35:19 Can we prove to binance that they send the funds there? 21:35:20 If the account is still in use, they could freeze it's funds and/or have details about where the corn went? 21:35:20 It's for what CEX are for.... right? 21:35:24 can we hire the fbi 21:35:29 Could have followed the btc 21:35:41 No, fbi can hire us tho 21:36:04 no collusion with the feds guys cmon what 21:36:11 they hate us 21:36:11 monero financial crime division I meant 21:36:16 400k/650k is only enough for us to work for ourselves 21:36:30 but fair 21:37:05 ofrnxmr alright i'll just take 10k 21:40:57 Im not the fbi 21:41:09 Or irs, whichever has the bounty 21:42:57 i hope it's the irs... mfs owe me money 21:43:06 https://x.com/fluffypony/status/1720187441250738270?s=46 21:43:42 wtf? I ask fluffy to resign and he responds with “I literally never want to talk to anyone in the Monero space again” 21:44:02 r u resigning fluffypony or are you playing victim here? 21:45:02 So no hardware wallet, SSH without even basic "ssh key auth"? 21:45:02 Did I understand right? 21:45:02 When was the last time the Ubuntu machine was updated? Got a flow of CVE's recently, There is also a Russian botnet that was killed because of one of theses CVE... 21:45:04 Youre moneru_tv? 21:45:20 I started and ran monero tv yes 21:45:33 ah Manure_tv 21:45:38 the new look 21:45:48 u would know that if u were around for longer than 5 minutes :) 21:46:04 manure is what comes out of your mouth 21:46:24 heyo why are we fighting 21:46:52 because fluffypony doesn’t want to talk to anyone in the Monero community ever again 21:46:57 🥲 21:47:20 Maybe a Q for MRLlounge - in a multisig wallet, can we see which signers, signed a transaction? 21:47:31 Thats why were fighting? I thought it was bcuz yur geonic, and im ofrnxmr 21:47:48 anyone wanna go in offtopic and give me the rundown on this fluffypony character? all i know is he's important and in house jail 21:47:50 Like mixing oil and fire 21:47:58 plowsof I don't think so. you might be able to prove you helped sign, but you couldn't necessarily prove you didn't 21:48:06 why the fuck are you guys accusing fluffy now 21:48:06 ..snake oil 21:48:39 I don't know, doesn't seem productive 21:49:00 most people here are accusing luigi 21:49:11 I’m just providing a counterargument 21:49:15 only like 1-2 of actually stealing it myself 21:49:58 Who's accusing anyone 21:50:12 I see geo accusing fluffy 21:50:24 Like bro, go write a reddit post 21:50:41 speculation is pointless anyway 21:50:43 When was the last time the Ubuntu machine was updated? Got a flow of CVE's recently, There is also a Russian botnet that was killed because of one of theses CVE... <= interesting. I don't have access to the machine currently. It also was behind a router with no port forwarding so there's another layer to add to the potential compromised list. 21:50:47 https://x.com/chrisblec/status/1720132453728182452?s=46 21:51:11 posted already 21:51:20 https://twitter.com/TheDesertLynx/status/1720185126405931128 good old Joel 21:51:50 keep ignoring the obvious if that makes you feel good I guess? 21:52:11 We all know it was my alt, Dan r/dark (Is not the man & Braxman Tomsparks Advocate ): 21:52:14 the conclusions are obvious, but unprovable and counterproductive 21:52:24 I know, geonic, is your nose for bullshit is fkn terrrrible 21:53:07 Thinks shit smells like steak and vice versa 21:53:17 kek 21:53:18 https://matrix.monero.social/_matrix/media/v1/download/matrix.org/eSjnvbsisMoTwlmYbTNVDyun 21:53:28 the question now is why do we have a core team member who doesn’t want to talk to with anyone in Monero ever again 21:53:30 <1​23bob123:matrix.org> So people accuse the fluffy without knowing how the breach happened? 21:53:39 and why do people keep simping for him 21:53:54 Cuz yur movie sux and hes betrer den u 21:54:01 <1​23bob123:matrix.org> Ban without proof 21:54:04 fanboys will 21:54:08 whoa whoa whoa oscars 21:54:10 be fanboys I guess 21:54:22 <1​23bob123:matrix.org> I have theory 21:54:22 haha 21:54:32 geonic: could it be because bro's in jail and we *didn't* use te 2.4k xmr to rescue his butt? :I just a thought from outside observer 21:54:33 <1​23bob123:matrix.org> Ofrn hacked it so geonic wouldnt get paid 21:54:44 Sis geo get his money before it got stolen? 21:54:51 Or is that why he mad 21:54:54 luigi admit you stole it and that will clear fluffy 😆 21:54:55 Did* 21:55:05 easy peasy 21:55:17 Ill admit im luigi, and i stole it 21:55:20 false confessions have been made before... 21:55:23 But im also ofrnxmr 21:55:30 <1​23bob123:matrix.org> I think before any accusations need to find how it happened first breach or otherwise 21:55:39 it’s all fun and games until the wallet gets drained 21:56:02 Im still having fun.x 21:56:06 Sleeping on new bed sheets 2nite 21:56:23 invertebrates sleep on beds? 21:56:32 Yes 21:56:44 hehe 21:56:47 Learn something new everyday 21:56:52 <1​23bob123:matrix.org> So going forward what going to happen with css payments? 21:56:56 I know it looks bad to release this without knowing and including how it happened 21:57:02 geonic: this works better with proof :P 21:57:10 They all go to geonic's oscar marathon 21:57:28 I’m not accusing anyone. I’m just asking fluffy to resign 21:57:42 but it would need some other reason, no? 21:57:43 i propose we let me hold the ccs next time 21:57:43 <1​23bob123:matrix.org> Because? 21:57:45 Ok 21:57:50 Luigi is love luigi is life 21:58:02 <1​23bob123:matrix.org> So going forward what going to happen with css payments? <= not sure. Open to ideas. For existing CCSes, we will use GF to cover unless/until there is an alternative. 21:58:07 Luigi1111w is a crazyguy tho 21:58:12 <1​23bob123:matrix.org> Next time multi sig with mario 21:58:15 because he says he doesn’t like us 21:58:20 Luigi 21:58:26 This is both off topic and on topic - has there been any recent work to wrap a nice GUI around multisig in 2023? Ie - since the bugs got fixed 21:58:29 have a time for when funds go to a coldwallet 21:58:30 nvm, ill save for later 21:58:31 It's a slow tedious process using it via CLI - and it's not v user friendly. Which also makes it more error prone. 21:58:39 obv. this is a difficult period for these 2 core members 21:58:42 im not defending them 21:58:43 Need geonic to go crazy wondering what i was going to propose 21:58:47 now I understand why plowsof didn't even want to keep a small ccs-coordinator-wallet... 21:58:51 but getting emotional on twitter is not out of the ordinary 21:59:09 john_r365: agreed, this was part of the apprehension to using it. That and bus factor and complexity increases substantially. 21:59:12 <1​23bob123:matrix.org> Yeah 21:59:22 <1​23bob123:matrix.org> Drunk tweets better 21:59:41 KISS only went wrong ONE time 22:00:14 if luigi and fluffy are so loaded as to not be potential suspects, can they not just reimburse the CCS wallet loss between them? then we can all pretend this didn't happen and carry on regardless (hopefully with better opsec this time). 22:00:50 hm yeah good point. maybe fluffy can use the project coral reef xmr for that? 22:01:00 <1​23bob123:matrix.org> I think there should be active ccs funds wallet and inactive ccs. 22:01:04 Picture this: 22:01:04 1. We get robbed for 2700xmr on the first 22:01:04 2. The 2500 donor contacts us for refund, and we refund 22:01:05 3. We notice were fkn broke 3-4 weeks later 22:01:10 Good thing we didnt do that refund 22:01:33 they probably already considered that 22:01:37 and good thing we didnt buy the fuckin domain 22:01:39 we have 8k xmr in gf 22:01:40 given the time frame 22:02:14 ok well, enough drama for me today, goodnight :P 22:02:17 It would be 5.5k total in gf and ccs instead of 11k 22:02:26 <1​23bob123:matrix.org> Invest 8k into get rich scheme 22:02:49 put it on black 22:02:55 quick double and we're ahead 22:03:01 🎲 22:03:12 easy money 22:03:23 <1​23bob123:matrix.org> Double or nothing 22:03:34 Use it to shoet monero woth 100x leverage 22:03:35 hey, if you wrote any can you send to me? so i can copy paste to them. 22:03:42 s/shoet/short 22:03:58 monero.vegs 22:03:59 monero.vegas 22:04:25 <1​23bob123:matrix.org> If we rig it we can make big mulla 22:05:12 <1​23bob123:matrix.org> Is that mean there is emergency community meeting? 22:05:38 <1​23bob123:matrix.org> I can bring the drinks 22:05:42 yes on saturday at the usual time 22:06:09 i got the weed 22:09:07 We where meant to have the weekend off :'( 22:09:29 Release the update on sunday instead 22:09:49 hit that news cycle 22:09:51 For people opening new CCS proposals, who already have some level of community repututation, do you think it would be a good idea for them to fundraise by themselves? 22:10:17 you mean like use the CCS but have it post their own accounts? 22:10:25 XMR accounts* 22:10:57 Just for the immidate future 22:10:57 for some reason people love to donate to CCS proposals and alternatives seem to struggle 22:11:03 thats stupid, partially funded proposers would just take the funds and do nothing 22:11:29 i liked the idea someone posted earlier about 2/3 multisigging between 1 guy from monero and 1 guy from the proposal 22:11:58 that UX seems really rough 22:12:05 We are notoriously lazy the be fair 22:12:48 just put it on plowsofs ledger 22:12:53 Lol 22:13:16 we can use the new recovery service :) 22:13:30 I would prefer if it's still going through the CCS in the future (if possible) 22:14:17 I agree 22:14:54 CCS funds are insured also :) 22:16:30 Well I'm talking about the immediate open proposals *right now*. What do we say to the people who have open proposals rn? "Hang on for a couple more weeks, we're still trying to sort out how to not lose your funds" 22:16:39 can we just write off the dead proposals now? 22:16:58 like, your funds werent claimed for so long, a hacker took them 22:17:04 Lol 22:17:13 there, plowsofs biggest problem solved 22:17:39 jeffro256: just pay from genfund+the 244 I ahve 22:17:44 Sorry Doug, got hacked 22:18:30 Nah 22:18:32 Need to jet fund em 22:18:34 I did try and warn yas^ 22:18:39 Sorry I should've been more specific: the CCS proposals in "Ideas" and "Funding Required" stage 22:18:54 lovera is only one in FR 22:19:02 ideas need some resolution tho yes 22:19:14 please put “hacker” in quotes ktx 22:19:19 Observer has posted milestone 1 update and weve not put it to funding yet 22:19:46 We obviously shouldn't go with the current setup b/c more funds will be lost... so what do we do about *new* proposals in "ideas" and "funding required" stage until we fix the issues? 22:21:14 https://www.reddit.com/r/Monero/comments/qixorp/why_i_hope_fluffypony_will_remain_on_the_core_team/ 22:21:16 <1​23bob123:matrix.org> Css is on stop credit 22:21:21 <1​23bob123:matrix.org> Ccs is on stop credit 22:21:48 for everyone who got here 5 minutes ago 22:21:50 Who's simping? 22:21:55 Until custody issues are sorted out, we could have the CCS "promote" certain proposals, but have the XMR go to directly to the proposers as a temporary measure. Or we could have an emergency vote to decide on a temporary holder for *new* XMR 22:22:10 Ive never wrote some shit like that 22:22:18 Sounds like something geonic would write 22:22:28 For those of us who project onto others 22:22:34 <1​23bob123:matrix.org> Can i apply to be monero ceo? 22:22:37 no 22:22:38 sorry you’re too dimwitted to grasp it 22:22:39 direct funding is trash 22:23:14 Alright what's your idea then 22:23:16 who runs the watch wallet for ccs? 22:23:33 Kids. Dont do drugs 22:23:38 There isn't one , only the general fund 22:23:40 No no no 22:23:50 proper hardware wallet? 22:23:54 CCS is trash. Always has been 22:24:02 anonnero would have prevented this 22:24:02 plowsof is that to me? there is one, the website updates automatically 22:24:11 how many trusted people are we? do like 7/10 multisig on ccs walet 22:24:28 that sounds horrendous 22:24:30 3 maybe 4 22:24:32 That's still "direct" funding ??? 22:24:33 Haha 22:24:55 no, collect the funds like before, just in a proper wallet 22:25:28 I am curious who will pay up that half a mil EUR worth of XMR for someones fuckup or theft in plain sight 22:25:44 The person who donated for monero.com 22:25:54 Then add 200xmr 22:25:57 We haven't been able to rule out fraud / terrible opsec, a hardware wallet would be a bandaid on the issue. Also having a psudonymous contributor run a hardware wallet is unverifiable 22:26:10 Robbed right before refund expired 22:27:28 so youre saying it was fluffy or luigi? 22:27:38 if we cant trust core then we might as well buy bitcoin 22:27:41 The post mortem in this case is as good as after getmonero.org was serving binaries with malware. 22:27:53 pretty sure core members stole the finds 22:27:55 Dont trust, verify 22:28:03 No I'm saying that it would be insane to entrust the keys to them again immediately after what has occurred without any change in structure or oversight 22:28:07 I dont trust core, never have 22:28:12 pretty sure core members stole the funds 22:28:24 Not a prerequisite 22:28:31 and im saying direct funding will lead to a thousand cases of soloptxmr 22:28:35 Theyre people just like us 22:28:45 We are in the idea stage of how to fix it jeff 22:28:46 And i dont know em from a hole in the wall 22:29:18 For direct funding there already is kino 22:29:24 And and and 22:29:26 Delays 22:29:35 For direct funding there already is kuno 22:29:36 dont forget the delays 22:29:39 Speaking of 22:29:48 Hence where I said "immediate future" and "who already have some level of community repututation" 22:29:52 Have pol been oaid? If not, lets get a move on 22:29:57 b4 gf gets drained 22:30:15 If CCS did not exist we would have no such thing as soloptxmr 22:30:28 > structure or oversight 22:30:28 The scams that will appear on kuno after this 22:30:30 binaryFate I think is only half around 22:30:54 Have we tried reaching out to ciphertrace dave? 22:31:01 I feel like there would need to be an implementation of structure and oversight before those things could be changed 22:32:10 The people you trust to hold the keys to CCS funds take such a huge responsibility to have good opsec, physical security, network security, blue teaming knowledge, proper monitoring. You're better off not centralizing this. 22:32:28 Switch the CSS fund to BTC (and convert contributions automatically), into a multisig wallet... 22:32:28 Until we have multisig that is :D 22:32:29 That way CSS could continue to operate until we have a better way. 22:32:29 Monero have things bitcoin don't have 22:32:30 Bitcoin have things monero don't have.. 22:32:30 or 22:32:31 Get rid of CSS and find a better way 22:32:45 <1​23bob123:matrix.org> Add me! 22:32:48 monero has multisig 22:32:53 <1​23bob123:matrix.org> Trust me bruh! 22:33:05 why not dai instead of btc though? stablecoins ftw 22:33:19 <1​23bob123:matrix.org> Bare minimum multi sig 22:33:20 oh well, why it was not used then :/ 22:33:31 wrapped xmr in a eth multisig 22:33:51 <1​23bob123:matrix.org> Create ccs for it 22:33:55 oh cool a fellow wrapped tokens enjoyer 22:33:57 <1​23bob123:matrix.org> 😬 22:34:02 I don't care who it was... It could be Santa or Obama or Mother Theresa. But if you lose 450K USD doing one thing, then immediately do the exact same thing again, you'd have to be insane or stupid 22:34:05 How else will someone steal it? 22:34:13 g​fdshygti53: ccs wallet predates proper multisig support in monero 22:34:20 2/3 multisig , luigi/bF and some untrustworthy fall guy like myself 22:34:21 oh well, why it was not used then :/ <= not sure there is a singular reason, but multisig was beta quality for some time 22:34:24 couldnt you do a multisig between core, ccs leader, and recipient? 22:34:25 It was a design goal of our stupid core members 22:34:35 Obviously 22:34:37 We can vote on which projects to list on a directory. But funding should be direct, not escrowed. CCS is almost as if it was designed to be rugpulled. 22:34:54 Please kill off CCS 22:35:12 Direct funding direct responsibility 22:35:33 <1​23bob123:matrix.org> Hmm 22:35:33 imo we need decentralized development. the monero project doesnt mean monero 22:35:33 <1​23bob123:matrix.org> Less progression? 22:35:40 Getting funding for monero dev work is shaky enough as is. Let's make it even more uncertain for devs 22:36:12 Less soloptxmr 22:36:38 No??? The whole point of crypto is you don't have to trust "core". Monero has hard protocol rules, that differ from Bitcoin, such that it doesn't matter if every member of core dies tomorrow, it will keeping on chugging with a higher degree of privacy than Bitcoin 22:36:55 CCS/FFS has paid out 10s of thousands of XMR over the years. There's been lots of problems, but significant positives. 22:37:25 Yeah then lost everything 22:37:29 Dumbest shit I read today 22:37:44 You could say the same for rugpulled crypto projects 22:37:55 https://read.cash/@flipstarter/introducing-flipstarter-695d4d50 22:37:57 We should build something like this 22:37:59 its FOSS for a reason. No one trusts core. I trust git diffs tho 22:38:45 Yeah then lost everything <= technically lost ~92% 22:38:48 Trustless, non-custodial assurance contracts 22:39:10 As long as people read and understand them. 22:39:10 But yeah, I assume enough people do read and can understand the code, right? 22:39:45 We do have audits, fortunately 22:40:16 Paid for by the ccs, lol 22:40:22 Barely any development going on there, yes you can understand its not as bad as soloptxmr code :D 22:42:24 We could still raise money for this without the CCS. People would simply donate as usual. 22:42:49 CCS is the best at motivating ppl to donate 22:43:01 yeah I don't understand it but that's the way it's always been 22:43:13 don’t throw the baby out with the bathwater 22:43:16 Nobody would donate to my fake job if i wasnt on the ccs funding required page 22:43:39 Where is our Oscar? 22:43:48 withoubthe ccs your fake job wouldn't exist 22:43:49 Otherwise refund :D 22:43:53 fluffypony resigning is enough (totally unrelated of course) 22:43:56 You can have a public directory on getmonero.org of projects to donate. You don't need to escrow funds. 22:44:13 there are some in the Academy museum if you’re eager to see one 22:44:17 Refund??? :DDD 22:44:26 happy to buy you a ticket? :) 22:45:16 In fact we have W.I.P. https://monerodevs.org/ 22:45:26 (we’ll know on December 21 if we’re in the shortlist. campaign is actively ongoing) 22:45:57 geonic did you withdraw funds or are they gone now? 22:46:23 have not withdrawn, am one of the pending ones 22:46:43 rip 22:46:46 <1​23bob123:matrix.org> IOUs 22:46:53 Direct funding would have worked bettet 22:46:53 maybe 22:47:01 Direct funding would have worked better 22:47:05 Rip money 22:47:40 <1​23bob123:matrix.org> Create a gofundme for css fund 22:47:51 <1​23bob123:matrix.org> Create a gofundme for ccs fund 22:47:56 I hope he is not in debt because of Core 22:48:03 Create separate gofundmes for projects that couldn't receive funds from ccs 22:48:14 I think you meant separate 22:48:21 Don't do the same mistake again XD 22:48:42 justverify: Seraphis-concise and Seraphis-Squashed can do collaborative fundraising on chain: https://github.com/monero-project/research-lab/issues/91#issuecomment-967727906 22:49:03 But I think development direction went away from those variants. jeffro256 , what is the latest? 22:49:07 Just a proper multisig will work. It resist again one compromised wallet and would require collusion from key holder to steal it. 22:49:10 <1​23bob123:matrix.org> Get all data and give to ruck to trace 22:49:26 If monero support it then there is the solution 22:49:34 Keep CCS verification. Except after verification you just list a link to project and done 22:49:46 from now on, CSS could just continue to operate, give the key to many proper people 22:49:47 If they fuck up you dont list them again 22:49:49 no accountability 22:50:04 take the money and run 22:50:05 If they fuck up you dont list them again <= a bit rough with anon contributors 22:50:10 What do you mean no accountability? 22:50:14 The CCS acceptance is insanely difficult 22:50:17 That still happens 22:50:20 no milestones 22:50:24 Projects need prior history 22:50:30 <1​23bob123:matrix.org> Hmm 22:50:40 You either delist them or place a warning on their proposal if a milestone isn't met 22:50:46 Soloptxmr 22:50:49 <1​23bob123:matrix.org> Milestones stop walking off i think 22:50:57 People wouldn't be able to donate anymore because there's no address 22:51:27 <1​23bob123:matrix.org> I think the issue here is how the funds are held not how ccs works? 22:51:49 At the end we lost half a mil EUR, people wake up we could have funded soloptxmr2-69 22:51:59 IIRC Currently Seraphis-Squashed is what is implemented in the seraphis PoC 22:52:01 Just a proper multisig will work. It resist again one compromised wallet and would require collusion from key holder to steal it. <= could work if the right set of people can be found 22:52:34 Multisig across corrupt party 22:52:53 if we do direct funding the ccs will have to be way harder to pass than it already is 22:53:03 Implement multisig all you want but when the participants will all have crappy opsec and no monitoring 22:53:37 Still need more than one compromise. 22:53:37 So it's better and should be standard practice. 22:53:38 ill fight everything thats not a known dev or monerokon 22:53:38 <1​23bob123:matrix.org> Yes but it will limit the attack 22:53:47 CP Monerochan art in CCS when? 22:54:03 xenu is running the artfund for that 22:54:10 Fun fact we don't need a centralized one wallet for all in the first place. 22:54:11 (which didnt get drained btw) 22:54:15 ill fight everything thats not a known dev or monerokon <= :) 22:54:19 You're taking an unnecessary risk. 22:54:31 Why not CCS if you are such a supporter? 22:54:46 Monero chan art better opsec 22:54:52 I'd like to make a better UX for multisig. I think people saying "just use multisig" might not have played with it much? Horrible is a good adjective for the UX. Anyone interested in creating / wireframing a GUI for it? 22:54:53 Lets give them control 22:55:06 Plus we don't even know what really happened here and we won't know. In case someone from core stole funds, multisig won't prevent that. 22:55:24 Just like how we didn't know who distributed malware over getmonero.org 22:55:28 <1​23bob123:matrix.org> There is that too. 22:55:30 Direct fund or die 22:55:32 And how. 22:55:44 <1​23bob123:matrix.org> Need to find what happened too plug the hole 22:56:47 r they hosting that on windows too lol 22:57:24 the revokation of access was a good call, should've been permanent 22:57:51 fluffy is not involved with the community, just an extra attack surface at this point 22:57:55 <1​23bob123:matrix.org> Millennium edition 22:58:22 geonic I don't think fp has access to anything anymore? 22:58:38 was ccs wallet the only thing? 22:58:52 genfund wallet too, but not the big one 22:59:11 it's kinda hard to rotate the genfund I think, given it's everywhere 22:59:20 Was LEA informed ? Ccs funds were stolen it’s a crime which needs investigation 22:59:43 john_r365: i'll pivot to that branch of research since that's what the community needs, plus it'll make good praceice for what i need 22:59:47 what would we do if the genfund got drained too? 22:59:52 LEA who cant tie their own shoes 22:59:59 <1​23bob123:matrix.org> Give up and go home 23:00:02 Nothin 23:00:04 plus i've studied multisig past few days... assuming the code is c++ and not f***ing rust again 23:00:19 They can start with waterboarding 23:00:36 yeah. I'd say get rid of the remaining two and just do multisig with someone else from Core (who is not fluffy). binaryfate? 23:00:37 <1​23bob123:matrix.org> Memory safe would of saved cache passwords🚀 23:00:40 Then what will i do? 23:00:59 You instruct them lol 23:01:18 he's asking for suggestions 23:02:27 glad we could talk about these hard subjects in the open though 23:03:18 2 months in the dark to cover cores dirty job 23:03:23 just so we're all on the same page - what features would a multisig gui need besides basic signing of wallets? 23:03:48 well you need setup wizard thing to gather keys and data for setup rounds 23:03:48 There is a PR adding multisig to the monero gui iirc 23:04:12 multisig in GUIs was a topic 3 years ago 23:04:24 Tobtoht? :d 23:04:27 :D 23:04:38 we discussed it when creating feather but I think there was some blocker 23:05:00 Imo everyone who was in charge of the wallet should cover the stolen funds before CCS is open again 23:05:00 forgot the details 23:05:10 New multisig now, maybe no blocker? 23:05:17 response time seems fine for a decentralized org. finding out about the breach could've been quicker. 23:05:20 yeah ill check ofrnxmr 23:05:31 dsc_ you said you were going to bed 23:05:33 Ty 23:05:50 geonic: I am in bed and then came to the realization I wanted to read more drama 23:05:55 hehe 23:06:10 Monero TV always here for you. we keep the drama going 23:06:17 luigi1111w: oh cool a fellow wizards enjoyer 23:06:51 geonic: handled it extremely poorly compared to other FOSS projects. Though, they don't have incidents where they lose money like this. 23:07:14 and do other projects have a bunch of anons running them 23:07:40 Of course but in a more decentralized manner 23:07:54 guess we have a lot to learn from them 23:07:57 huh, projects loose money all the time 23:08:06 spadin_spider> luigi1111w: oh cool a fellow wizards enjoyer <= I just want the paperclip guy from msword 23:08:07 we barely make the rekt news tierlist 23:08:32 siren: would you write a postmortem and make suggestions that don't make the whole process 10x more cumbersome? 23:08:45 I wasn't even about those defi shitcoin scams 23:08:54 Very low bar to set 23:08:59 geonic: it has to be anons... public people have soooo many attack vectors. something like monero would get people fbi'd real quick 23:09:18 then feds would steal the project 23:09:18 geonic: while I can make recommendations. I cannot write you the postmortem as there's no evidence of an hack. 23:09:23 But geonic isnt an anon sooo 23:09:32 yeah and I'm not running anything here 23:09:33 And a lot of core is doxxed 23:09:37 Including fluffy 23:09:39 siren: thanks, I agree there's no evidence of a hack 23:09:43 No logs/monitoring (should have been) and because of how this incident was handled no luck with forensics. 23:10:04 Bet evidence was destroyed by retarded core oh wait they probably stole iy 23:10:08 60 days later lolz 23:10:15 > <@siren:kernal.eu> geonic: while I can make recommendations. I cannot write you the postmortem as there's no evidence of an hack. 23:10:15 In reply to @siren:kernal.eu 23:10:15 geonic: while I can make recommendations. I cannot write you the postmortem as there's no evidence of an hack. 23:10:16 Bet evidence was destroyed by retarded core oh wait they probably stole it 23:10:36 we're left with individual suspicions and the best thing we can do is lower the attack surface (fluffy) and spread some responsibility around (multisig) 23:10:38 Even trocador has deleted logs by now if swap was same day as theft 23:10:39 Cover the funds or no CCS 23:10:59 geonic: while I can make recommendations I cannot write you the postmortem as there's no evidence of an hack. 23:11:01 R u calling him fat? 23:11:08 lol 23:11:23 no it looks like he lost some weight. hopefully not due to his stay in prison 23:12:03 The thief is probably in this chat lol 23:12:14 In core chat as well 23:12:32 in this chatroom I'd say 23:12:33 yea 23:12:43 doesnt genfund have a similar security setup 23:12:48 why would they go for the small fund 23:13:07 anyone remember the numerous MyMonero phishing sites a.k.a. "hacks" 23:13:09 Doesn't have the seed to genfund 23:13:13 60 days tho to tell community about community funding system 23:13:14 Has the seed to CCS fund 23:13:22 fluffypony doesn't have access to the big gen fund 23:13:25 I hope the core retires 23:13:39 that narrows it down even more no? 23:14:07 The incident with getmonero.org malware also had ties with him 23:14:12 hello thief if you're here can i have like 1 xmr? pls 23:14:25 too many incidents have had ties with him 23:14:34 also many good things 23:15:10 Hi thief if you are not core member keep it 23:15:24 time to part ways. he seems fine with it. https://x.com/fluffypony/status/1720196536666030227?s=20 23:16:12 good idea to not only audit the code but the whole infra (wallets, servers, access controls) 23:16:24 Like moneroaddress.org 23:16:29 this my first day here and there was a robbery and now one of the cores is leaving...? is it like this every day around here XD 23:16:32 y'all paid 92% of CCS funds for an external pentest 23:16:38 There was a giant (1000+ XMR) market sell order on Kraken about 5 weeks ago which took the price down to 113 USDT on the XMR/USDT pair, this was either a mistake or someone really eager to sell. Though Kraken has KYC no? 23:16:38 On the paper wallet generatorpage of germonero.org 23:16:47 Getmonero.org* 23:16:51 kraken has kyc yes 23:17:11 you should download those pages and run offline 23:17:32 luigi, click the link 23:17:37 Moneroaddress.org 23:17:57 <1​23bob123:matrix.org> Sus 23:18:00 it doesnt direct to the paper wallet. 23:18:08 moneroaddress was never core hosted 23:18:09 it used to 23:18:13 oh 23:18:17 It directs to a mymonero phishing site of some sort 23:18:17 saddam used to own that 23:18:21 I'm not sure what happened to him 23:18:23 I guess it expired 23:18:29 oh no another mymonero phishing site 23:18:31 wow 23:18:55 so many of those around 23:19:02 Luigi1111w thats what the fuss between me and erc was about 23:19:09 Updating the page 23:19:12 2 weeks is good enough to swap it little by little 23:19:26 we didn't know so no one could watch out for that 23:19:38 swap history is all public tho? 23:19:51 https://www.getmonero.org/resources/user-guides/securely_purchase.html 23:19:53 or sell 23:20:06 yeah but not in large sums so 23:20:11 there was enough time 23:20:27 https://matrix.monero.social/_matrix/media/v1/download/monero.social/hlFFpxnpVnHQSbOMfwHVwlri 23:20:32 there was anyway 23:20:37 Siren: the rest is all green 23:21:25 But again, havent been checking throughout sept and oct 23:22:02 Guys 23:22:16 Is the ccs hack bullish or bearish 23:22:29 quotes to not make it to IRC side btw, can be confusing of who is talking to who 23:22:31 bull 23:22:32 bullish 23:22:34 actually 23:22:38 uh replies* 23:22:40 it's making monero more decentralized 23:22:42 so I think bullish 23:22:49 W 23:22:56 <1​23bob123:matrix.org> Winrar 23:23:02 <1​23bob123:matrix.org> Non leaky version 23:23:02 people who would have sold it over time to fund their work got it stolen and instead it got probably market-dumped 23:23:05 There will be more to come guys 23:23:13 Not that i did it or smth 23:23:13 Monero runs on donations 23:23:17 We could have 0 23:23:21 Wed be fine 23:23:35 alpharabius is the thief? 23:23:57 Nah, alpha is A thief 23:23:59 We might have to switch from donations to child labor ngl 23:24:10 I'm not a thief at all 23:24:21 but not THE thief 23:24:26 https://matrix.monero.social/_matrix/media/v1/download/matrix.org/sftMJfqdMveUzWEnMpQqYKty 23:24:36 Monero discord is planning to blame it on ms 23:24:39 Me 23:24:39 Why did core hide it for 2 months? 23:24:52 based. they are right 23:24:53 Wasnt discovered for 1 23:25:00 Were they dumb enough to cash out using Kraken? 23:25:01 And disclosed for another 23:25:13 Binance 23:25:21 If my screenshot says anything 23:25:31 Linance 23:25:31 Both 23:25:33 binance kyc is a joke anyways 23:25:47 *Linance 23:25:52 No large sales on kraken in the list 23:25:57 Only binance, and only those 3 23:25:59 if that was north korea, some chinese agent with a fake id registered the account 23:26:13 if that was north korea, some agent in china with a fake id registered the account 23:26:15 you can sell with limit orders, don't need to dump 23:26:20 I want core to cover 2675.00 XMR otherwise they can go die 23:26:36 it will come out of the genfund 23:26:43 also, please dont restore everything 23:26:48 I actually have a chinese friend, they can get into the mainframe hardline and retrieve the coins before the chinese festival 23:26:51 just the things that are actually still active 23:27:03 this is the perfect opportunity to trim the dead projects 23:27:11 I have a full list of WIP 23:27:12 1647 xmr sold on binance, about 1k less than the pot 23:27:25 will bring up some of the older ones soon afa closing 23:27:44 Real 23:27:44 tipxmr is a "work in """progress"""" 23:27:57 it's almost done ok 23:28:01 just another 1000 commits left 23:28:08 do it before paying anything out of gf 23:28:17 Why even have a centralized wallet for funding projects 23:28:19 Well, if they set limits youd see the walls, or exchanges would know who had massive bots 23:28:24 It don't make sense 23:28:30 tipxmr is a for-profit centralized service btw. no idea how that ever got funded 23:28:34 we didn't really have a great option when it started 23:28:37 https://matrix.monero.social/_matrix/media/v1/download/matrix.org/zDRIjQdhVdGpmprSziZKXPpD 23:28:37 about 1000 on kraken on oct 8 23:28:46 alpharabius: apparently nobody trusts multisig enough to use that instead 23:29:03 no I think it's trustworthy enough now, it's just clunky 23:29:13 wouldn't rino be a viable option? 23:29:19 Winblows 23:29:33 kayabanerve: can you lend us your rust multisig 23:29:34 yea I was about to say isn't that rino's whole schtick? 23:29:42 no 23:29:50 Hi jw 23:29:51 rino can be restored in cli wallet 23:29:58 hi 23:30:40 Guys i got a good idea 23:30:50 Blame the hack on the bogeyman 23:30:58 Solves all our problems 23:31:02 Hi, this is absurd 23:31:16 already blaming north korea 23:31:17 I think that there should be a specific set of meetings for discussion on new opsec/investigations 23:31:38 Im north korea now too? 23:31:47 Lol 23:32:15 Ofrn is me, plowsof, north korea, just half of the population is him larping atp 23:32:47 I suggest a new workgroup to be formed (maybe Monero Security Workgroup) that should meet in order to fix this issue 23:32:55 I suggest a new workgroup to be formed (maybe Monero Security Workgroup) that should meet in order to discuss this issue 23:33:04 Us crypto-neets shall UNITE to find the missing 500k 23:33:18 I don't think jokes help at all 23:33:38 Windows machine, password ssh, node running, bad opsec and physec, this is a very serious incident 23:33:47 Windows machine, password ssh, node running on the same machine, bad opsec and physec, this is a very serious incident 23:34:02 Overall, current CCS structure is flawed and relies on trust 23:34:17 Imagine the dude who took it is like "I left my fortune in the monero blockchain as an ordinal, but you'll have to find it" and it's just one piece with xmr 23:34:18 That fluffypony destroyed everything for example 23:34:29 ofrnxmr: I'd love to add multisig to feather, but I'm hestitant due to its experimental status 23:34:33 if it's ready for production, the experimental flag should be removed 23:35:21 ooo123ooo1234567: ya there? 23:35:42 Fluffypony is the king of monero 23:35:45 I think that one is abandoned 23:35:54 Don't even play 23:36:04 Yeah, but hes here 23:36:18 in matrix? 23:36:31 <1​23bob123:matrix.org> Ceo* 23:36:31 He came back under that handle a few months ago 23:36:43 With bp++ benchmarks 23:36:48 hmmm 23:36:54 that was a year ago or so 23:37:01 or even longer 23:37:10 I thought he died after fleeing south africa and getting shot down by nelson mandela's grandchild 23:37:10 few months, year, 30 days, 60 days, who can tell 23:37:12 No way 23:37:13 I getting old 23:37:46 that was me btw^ 23:37:46 May 2022 https://github.com/monero-project/research-lab/issues/101 23:38:06 August 2022 was when he posted the benchmark 23:38:32 just a few 14 months 23:39:00 Yeah lmao 23:39:09 been a long / short year 23:39:19 well then 23:39:49 i was so proud about nearly resolving the 36C3 WIP ccs 23:39:53 Feels like yesterday 23:39:57 It's FOSS 23:40:27 needs someone trustworthy? imma here 23:40:35 Wait, how long ago did plowsof @plowsof:matrix.org: ping me 23:41:28 +1 for nioc 23:41:30 Oh, sorry, monerobull @monerobull:matrix.org: did 10m ago 23:42:04 I wouldn't recommend using my multisig impl over Monero's in this use case, mainly for UI and 'core' reasons. 23:43:05 tipxmr (at 72 xmr) is the tip of the iceberg 23:43:11 taking any and all ideas for multisig ui's 23:43:15 Wdym by "core" reasons 23:43:24 probably part of monero core impl 23:43:46 official statement should be: "should have worked faster, get rekt" 23:44:10 expecting us to hold onto their coins for like 2 years is insane 23:44:12 tipxmr have finished milestone 1 (just didnt claim it yet) 23:44:23 My multisig only benefits as a backend for interactive environments. This is an interactive environment, yet core needs a user facing solution, and no one has such wrapped monero-serai. Even if someone did, this doesn't have efficiency requirements, so there'd be no reason to use monero-serai, an alternative, compared to the officially supported and more reviewed Monero impl. 23:44:27 Doug then, at 240 xmr? 23:44:36 oh man 23:44:45 why didnt doug claim it 23:44:59 Doug said "wtf!!" 23:45:04 he asked once then I asked him to verify address and he never did. IIRC 23:45:06 Lol 23:45:25 ey plowsof: you got a link to that multisig pr? i'll try to avoid reinventing any wheels 23:45:32 he was warned recently , maybe after september though , ill have to check 23:45:39 kek 23:45:49 "get your funds. oh. they are gone" 23:45:50 CCS says that he was quitting his job to work on/for monero 23:45:51 hey, i lost the most here. My poor jet fund 😕 23:45:53 never happened 23:46:20 market conditions 23:46:32 on 7th October i asked in here :( 23:46:36 too late 23:46:41 Lmao 23:46:56 plowof and before then as well I believe 23:46:56 Ccs coordinator left out of the loop 23:47:01 Wild 23:47:15 https://libera.monerologs.net/monero-community/20231007#c287402 23:47:46 plowsof its all gone, are ya dumb 23:47:53 When monero-serai is audited, you may argue it has better fundamental theory justifying it. The dkg is the reviewed PedPoP, not Monero's own ECDH-based system with factorial complexity. It hasn't been audited yet. 23:49:13 Thank you for the input 23:56:46 this accident is one of failure of centralized development. 23:56:54 it wont be last imo 23:57:33 i would like to hear about decentralized development (without relying on core.) 23:57:42 like how bitcoin cash does. 23:58:21 I wouldn't say a trusted group acting as escrows for decentralized development funding is centralized 23:58:34 Everyone had the option to seek funding outside of the CCS 23:58:36 well it's partially centralized at least 23:58:49 They could've done so directly or gone with MAGIC