00:20:02 @ofrnxmr: Yep 00:20:19 Also if I’m reading that correctly https://github.com/CoinSpace/CoinSpace/blob/master/server/lib/csFee.js their fees are fetched from database, including amounts and addresses.. so a server (because they insist it’s not a node lol) compromise could technically drain users wallet (or at least impose insanely high fees) 00:22:01 its not a server either πŸ’’, we are an offline, magic-based wallet 00:57:37 @mrcyjanek0:matrix.org: They do impose high fees: https://coin.space/all-about-fees/ 00:57:37 "Network fee + 0.5% (min. $0.30, max. $100) " 00:57:37 Could it charge more without a user reasonably knowing? Maybe but I've looked at enough of their code already and I can't be bothered to look at more :p 01:45:04 It could 100%, it stores the maximum and minimum server side 05:26:11 Guarda is listed as closed source , maybe remove that too πŸ˜† there is a closed issue on site for the coin wallet listing iirc 05:42:59 exit 05:50:36 plowsof: 2 05:50:41 I can do that > <@sgp_> @monerobull:matrix.org: do you have the ability to edit the pinned weekly discussion for r/monero? I finally took a look at the CoinWallet code, and it's really bad for privacy. I think it should be removed 06:00:03 j-berman full-time development (4 months) is now fully funded! https://ccs.getmonero.org/proposals/j-berman-4months-full-time-11.html @luigi1111 06:45:02 hinto-janai full-time work (3 months) is now fully funded! https://ccs.getmonero.org/proposals/hinto-5.html @luigi1111 07:46:07 the rest of us have hope πŸ™ 07:48:36 i can tell you that swapuz is a scam front for whitebit > <@monerobull:matrix.org> https://mrelay.p2pool.observer/m/matrix.org/cwOtPGFhcjHckQUxQcWIuyCw.png (image.png) 07:51:44 they dont have any liquidity. they claim they will do the AML check and refund money if necessary. they just forward the money to whitebit and claim without proofs that their partner whitebit needs more info (on totally clean coins, yeah...). its a classical "not my fault". of course with very small amounts you likely wont enc [... too long, see https://mrelay.p2pool.observer/e/-rWF2LUKNjVmWDlC ] 07:52:44 the only non dex in the market with own liqudity + history that actually process larger transactions are infinity and wizardswap 07:53:20 and whitebit itself are also just ukrainian scammers but thats another topic. just wanted to add 2 cents because i read swapuz 07:57:56 @longtermwhale:matrix.org: any experience with godex? issue to remove it https://github.com/monero-project/monero-site/issues/2430 08:06:28 @plowsof:matrix.org: i do not have personal experience on godex, can only tell you that anything that doesnt disclose their current AML partner and all their criteria is shady in the first place. for most legally based enterprises depending on the reason for the bad rating its impossible to take a coin thats bad and then j [... too long, see https://mrelay.p2pool.observer/e/6q-72LUKampET2pi ] 08:08:39 there is also groups other than the big KYT providers, they are hired by private individuals that got phished etc. they will mail exchange providers with address blacklists. those might turn up as 0% risk in the well known KYT providers but end up being frozen by exchange due to information from partners. the usual procedure h [... too long, see https://mrelay.p2pool.observer/e/v7DD2LUKMkNiazlD ] 08:10:18 @mrcyjanek0:matrix.org: here is the closed issue on site for coin wallet https://github.com/monero-project/monero-site/pull/2143#issuecomment-2002555434 08:21:16 sometimes i feel that reading IRC scrollback isn't good for my health 10:21:23 instead of "It never happened" people should like DataHoarders site which provides evidence that Qubic are responsible for invalidating peoples transactions https://xcancel.com/c___f___b/status/1967877575021301841 10:21:24 s/like/link 10:23:06 In total 115 transactions were invalidated https://paste.debian.net/hidden/5ea3d92e/ 10:23:06 All these transactions invalidated by the malicious attacker by producing the 10+ reorg get effectively "refunded" which has given a free double spend to any of these senders. Due to how the mempool works, they may have to wait some time before spending these again. 10:23:06 Spending the funds will use a different set of decoys. This has bad consequences for the users who were affected by the attacker. 10:23:06 This reveals the true spend of the transaction input, decreasing the user privacy permanently as a direct consequence of the malicious attacker invalidating the transaction. 10:23:06 Relevant blocks that included transactions that got invalidated 10:23:06 3499670 https://blocks.p2pool.observer/block/d3ed1c8867a05813f8f15f1c011790e883df54f99c0e9da6df92c0a6c36d5c7b 10:23:07 3499671 https://blocks.p2pool.observer/block/021ac55033935e731f576dd7226cdd0430c1c5cbcf23b19c56fe92ee2fbb2d84 10:23:07 3499672 https://blocks.p2pool.observer/block/66736b780e13c6623ee7599e5314ca5dac2c55c11d076684975fa62476f74e9d 10:23:08 3499675 https://blocks.p2pool.observer/block/9be23f6704592a40197a1c0aa0523fb57411ffb2ccb0e0dc6b3e3b46a3903483 10:23:08 3499676 https://blocks.p2pool.observer/block/9489923b1773c2575e3320b84357e451b2dc625ba1cb9d2f4d6c352689c5ac7d 10:23:53 A pool description/alert is placed on every qubic block now https://blocks.p2pool.observer/block/06beef9d26fce408b68aac0d1cea9fb01d5f73616a5fdff5167c799725ce6db1 https://irc.gammaspectra.live/86cd04aea1ad4d91/image.png 10:24:17 Each block involved also has a short description of what it means. rucknium is working on making a visualization 10:24:50 All invalidated transactions were archived fully. Endpoint to get the blobs is https://blocks.p2pool.observer/tx/1ddccf341edd64f58e669fc17568f07cec84b04a7f6be7d455b4ca206a99ec7f/json (replace txid) 10:25:56 We're excited to announce that it actually happened , Buckle up! a thread 1/12 🧡 πŸ‘‡οΈ 10:27:11 Additionally, some of these blocks in the chain were confirmed in Tari network (they were merge mining) also interleaved with Qubic's attacking chain. This links both together and proves these blocks were available at the time Qubic was mining, with their included transactions 10:27:49 All of them can be validated by manually walking monero into the alt chain. All block headers are also archived and can be downloaded via the buttons directly (and imported into monero) 10:29:03 To deny it happened just shows how big of a panic caused CfB. From Discord messages, they seemed to completely misunderstand how transactions work in monero, even after quoting our own messages why they shouldn't do 10+ blocks just a week earlier, and we verified this situation would occur in a testnet experiment. 10:30:47 Yet when it happened basically believed that transactions could be copied (they didn't copy them either), and this is also not doable due to several reasons detailed in #monero-research-lounge (see logs), for example, not accounting for coinbase shifts, or their withheld transactions, or them mining ahead of the chain (they'd need to replicate the 10:30:47 transactions in the EXACT order. usually these are randomly shuffled). 10:31:13 pinging all analysts to spread this far and wide cc @lordx3nu:matrix.org 10:31:16 There's the "blogpost" :D 10:31:29 thank you 10:31:31 not really, more information will come from others. 10:33:33 made it more obvious and clicking on the invalidated transactions in the block page will actually get you to the json endpoint 10:38:18 Double spending ""attempts"" will start appearing in a week 10:38:31 That's the time transactions more or less take to get cleared from mempool 10:52:12 whats going on with the mempool 10:52:14 400 pending 10:54:30 > To deny it happened just shows how big of a panic caused CfB. From Discord messages, they seemed to completely misunderstand how transactions work in monero, even after quoting our own messages why they shouldn't do 10+ blocks just a week earlier, and we verified this situation would occur in a testnet experiment. 10:54:30 it would be really funny if the CIA claims monero as their important infrastructure and classifies this as a terrorist attack 11:07:54 > All these transactions invalidated by the malicious attacker by producing the 10+ reorg get effectively "refunded" which has given a free double spend to any of these senders. Due to how the mempool works, they may have to wait some time before spending these again. 11:07:54 free double spend? i had 10+ tx affected on the 115 tx, no one i was sending money too accepts at 10 confirmations at this point. thats the actual trouble with the events, it weakens the whole ecosystem and slows it down. kraken 30+ confirms while constantly disabling and enabling withdrawals due to circumstances, besides withdraws failing here and then 11:08:30 the transaction sent was refunded, and in a week, it's possible to spend again 11:08:51 yes, the actual ecosystem damage goes further than that. talking in technical points there 11:09:16 DataHoarder: yes of course, but that means its not spent in the first place 11:13:01 In your case quite probably the harm is limited that the outputs you used as inputs cannot be spent until a week from the attack (or txpool is flushed everywhere/new tx is mined), and that the true spend is revealed permanently decreasing your privacy. This transaction will also display as a double-spend attempt after it's re-spent (as it has to 11:13:01 reuse the key image) 11:14:05 For an atomic swap, the damage would have been greater. 11:15:09 There is also no way for the attacking chain to know the purposes, so going with it hoping nothing is affected (which isn't the case) is true peak YOLO behavior 11:15:16 DataHoarder: yes, due to for example unstoppable or however that shit (sorry) is called now, doesnt go with current events (and fails constantly any way and bugs etc.) 11:15:49 basically cfb saying "just raise conf times to 30 or 70" that doesn't matter 11:16:04 everyone should rather understand the current happenstance as an opportunity to work on possible and real problems. they existed before qubic brought them to attention 11:16:12 monero code is 10, and no matter what others set, there WILL be issues on 10 reorgs or past that 11:16:18 (am not defending the dude) 11:16:37 indeed. it has brought attention to existing PRs talking about the problem and FCMP as well :) 11:17:10 it's not like bitcoin or others where a reorg means txs go back in pool, and if attacker is not double spending willingly it doesn't happen 11:17:33 (and it's referred by id) 11:17:50 in monero decoys are used so regardless of how old your original confirmation is, you can be affected 11:18:49 they are also referred by the global output index, meaning that the transaction gets invalidated even if one transaction output is out of order. to achieve this Qubic would need to mine BEHIND monero and include the same transactions, and same exact order and number of miner outputs (p2pool can have many) 11:19:04 it is technically infeasible for them due to the limit of size of their templates 11:19:41 As listed on https://github.com/qubic/outsourced-computing/tree/main/monero-poc they are max 896 bytes 11:19:59 without accounting for miner tx and rest of header, that allows maximum 28 transactions 11:20:08 they are doing 20 now. they are already at the limit. 11:20:32 meanwhile other pools are doing +100 txs per block 11:20:42 or p2pool doing 700+ outputs in their coinbase txs 11:20:52 https://blocks.p2pool.observer/block/e3a3af94bf2aa544b872e75bb81d4406ea1828db306c52c9b871980209ffd66a 11:20:56 717 outputs here 11:21:10 48 KiB block. 11:22:08 they'd need 54x their current space to fit this block outputs to ensure global output indices not change while selfish mining. ofc, they'd need to do this behind monero all the time 11:26:13 @longtermwhale:matrix.org: in pow the only way to inflict long term damage on an attacker like this is to sue them. With asics there is some sunk cost into asic hardware (that is decaying over time as well, as older mining hardware has little economic value, but is still useful for this kind of attack). There is no way to solve this problem if people are not willing to think openly. 11:31:05 qubic is a centralized botnet that drops and runs executables to its miners 11:31:22 its probably built using actual botnet code 11:33:37 (I am not suggesting to sue them) 11:42:32 we could get the official Monero twitter account to tweet something like "We are super excited to announce that WE ARE GOING TO SUE YOU!" 11:43:46 Served! 11:46:21 We could take them to kleros court 11:52:43 there is a strong sentiment that is expressed here and elsewhere that something should be done. I agree with this sentiment. Bitcoin will run into the same situation in the next 2-5 years. When old asics become so cheap that this attack becomes feasible. 11:52:49 Here's the reorg SVG (it gets generated from live block data on each startup) https://blocks.p2pool.observer/event/reorg_sep14_18/plot.svg 11:53:27 @spirobel:kernal.eu: But difficulty increases with new asics ? 11:56:45 @kevino:tchncs.de: the difference between old and new asics is already at 3 to 4x for the same amount of TH. The only difference is that the newer ones are half as energy efficient. For the attack energy efficiency does not matter because you can do it in bursts 11:58:11 the difficulty increases with price. 11:59:44 the cost of the actual attack comes down to game theoretics. will there be a bitcoin defense fund that will mine at a loss when push comes to shove? 12:02:05 we saw the game play out a bit now on a smaller scale + the added difference that CPUs can be resold / dont lose value and there is no way to outbid the attacker for general purpose CPUs compared to how bitcoin maxis speculate it will be possible to outbit attackers on old miners. 12:02:24 people want to stick to their convictions. 12:03:05 Eventually a decision will have to be made between sticking to outdated beliefs around proof of work and solving the issue. 12:03:39 for the record: I dont like proof of stake. I think it does not have a good answer for the high amount of stake needed. 12:04:18 the empirical evidence shows that higher amount of stake does not lead to more security. 12:11:34 Bitcoin is not a very good example of this, there are institutions involved in to "protect" it. 12:12:12 They will rather just make bitcoin less usable than outright attack it 12:16:27 @kevino:tchncs.de: but what can they do? especially if its decentralized. we can crowd source this after we implemented a fix and use it as a marketing campaign. Everyone buys a few old bitcoin miners and we all mine on a selfish mining strategy in bursts. 12:19:39 And who funds us ? 12:20:52 @kevino:tchncs.de: every worthy CCS gets funding no? 12:21:12 who funds qubic? this should be profitable by itself. Especially if the bitcoins start bidding the old asics 12:21:38 so either you resell the miner for roughly the same price, or its a success and you sell it for more + the mining profits 12:21:55 *the bitcoiners 12:43:02 @spirobel:kernal.eu: Satoshi 12:46:44 @satoshicfb:we2.ee: nobody is going to buy your shitcoin cfb. getting craig wright vibes here 12:48:27 @spirobel:kernal.eu: Qubic is only trying to help... 12:48:27 We should work together. Peace! 12:50:54 the difference between qubic and us doing it would be that our narrative would make sense. A decent marketing campaign is useless if the target is something as goofy as mining agi with cpus. 12:51:57 AI has to learn like human 12:52:02 Why you do not trust satoshi? 12:52:27 they would have done better if they at least took an open source ai and added a lora. instead of presenting this downy ai anna to the world. 12:52:39 massive own goal 12:53:50 I will not talk to satoshi hater. Only peace blocked! 12:53:52 AIgarth is the future 12:53:53 Like Monero ->>>>>>> transform ->>>>>> Qubic 😁🀩 13:00:47 @satoshicfb:we2.ee: sell your qubic now and join monero instead. we will do a much better job. qubic is down only from here. nobody trusts that you can mine ai with cpus. There is a reason why nvidia is investing heavily in networking as well. Not only is a CPU much less efficient when it comes to processing large amounts [... too long, see https://mrelay.p2pool.observer/e/uavx4LUKRVB3UUY0 ] 13:10:07 > satoshicfb left the room 13:38:45 @spirobel:kernal.eu: This made me buy Qubic NGL 13:38:54 Monero devs are now resorting to cope 14:01:47 cfb says ai will grow in the ai garden. If this answer satisfies you, go ahead. People that believe that can not be helped. The marketing campaign has reached its TAM and its effectiveness will only decay from here. Betting on qubic is a bet against nvidia. It is a bet against the fundamentals of information theory. Anyone wit [... too long, see https://mrelay.p2pool.observer/e/pNzQ4rUKOWpHSVU5 ] 14:02:12 don't fall for the trolls 14:08:54 okay just saw he spammed other channels as well. Best to get rid of it 14:11:52 he mistakenly posted the AI prompt text too 14:12:01 https://mrelay.p2pool.observer/e/lqHx4LUKVjlhenI3 14:16:03 lol 14:17:19 lmao whats that 14:35:55 see #monero :) 17:35:03 selsta part-time monero development (3 months) (18) has moved to funding! https://ccs.getmonero.org/proposals/selsta-18p.html 18:00:39 I have made this Timeline of Monero 18-block reorg on September 14th, 2025 https://github.com/WeebDataHoarder/Monero-Timeline-Sep14 18:05:01 DataHoarder: Wonderful! Thank you. 18:05:33 there are more columns hidden with data sources linked 18:05:42 then after the big log... there's another bigger one 18:06:24 if you have any suggestions on changes or wording, feel free to reach out 21:23:18 [CCS Proposals] Lu Lason opened merge request #612: Master https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/612 21:39:31 [CCS Proposals] Lu Lason opened merge request #613: Federation Market Nodes https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/613