xmrscott here. ocminer, just want to say you did the right thing in informing the greater crypto community and didn't really do anything that would make for unethical disclosure. The hack was already ongoing and impacting users by the hacker(s) not really including tx in the blocks and depriving honest miners of money.

Withholding the info you found to the public would have only left users and miners in the dark as to why things were happening, but it wouldn't have stopped the hack itself (although ironically for however brief a window it seems your announcement gave the hacker(s) pause). Worst case some other people figure out the more technical aspects of the exploit because it's more known and now multiple hackers are fighting over control of the blockchain instead of one which arguably isn't worse for end users or miners because the net effect is the same. On the flipside making it more known also means people who want to save a shitcoin that lies about the privacy and security it provides now know what the problem is and can help a dev incapable of doing basic multiplication.

The only situation where it would have made sense to not publicly disclose IMO is if you found the exploit yourself, but no one was executing on it yet.

Again, please do not let a crappy dev deter you from future public disclosure should there be any active exploits in the wild you see; we as a crypto community need people to call out issues like this.

Because the Monero community has demonstrated using objective mathematical models how this split negatively impacts privacy on both chains and MoneroV users are actually more negatively impacted. MoneroV in response has claimed 'FUD' rather than offer an objective rebuttal or some solution to the problem, most likely because they can't refute the math and logic. I meanwhile have a simple solution, don't do a chain split and instead the MoneroV community should create their own blockchain from genesis. This would give MoneroV what it seems to want; it a new blockchain means no old blockchain bloat and MoneroV users remain private, but for some reason MoneroV devs have yet to explain a solution, they remain fixed on doing a chain split to their own MoneroV users' detriment.


So what does this make stuff out there like BitConnect and Monero Gold to you? Surely BitConnect is the most legit crypto out there because so many 'cry' about it? 


Citation needed.


This is easily demonstratively false by looking at Monero's GitHub contributor history and the bi-weekly public dev meetings.


You do realize that by virtue of forking from Monero, MoneroV is CryptoNote based, right? It's even listed in the table in the MoneroV roadmap paper. Heck, even the MoneroV 'white paper' is just a link to the official 'CryptoNote' white paper


Again, citation needed demonstrating how much of the hashrate is made of those. Worth noting that according to MoneroV's own roadmap that the MoneroV PoW change will not happen until Q1 '19 which means it will be using the same PoW as Monero which is used by an unknown amount of botnets and browsers to mine. So MoneroV will be just as 'susceptible' as Monero to these bad miners (worth noting the browser mining isn't necessarily bad if the user agrees to it like in the case of Salon). Furthermore MoneroV fails to explain how this PoW change a year from now will somehow make it less ideal to mine for nefarious miners than it will be at chain split.


Mmm, not really. Monero community is against them because a chain split can undermine the privacy of both chains. So far all the official MoneroV Twitter account has done is cry 'FUD' rather than bring objective facts to the table.

Let's be intellectually honest here. Two groups of people, Group A and Group B have a debate. Group A says Group B's plan is bad and gives objective facts. Group B's counterargument is 'lol FUD' and fails to counter the objective facts of Group A. Who won the debate, the one with the undeniable facts or the one that just said 'FUD'?

And going back to 'concerned trolling' if all the MoneroV community can say is 'FUD' or 'concern trolling' they're committing even more logical fallacies AKA argumentum ad hominem and further demonstrating the Monero community's points...

"not everyone with a concern is a concern troll - and not every concern is unreasonable. In environments of genuine groupthink, applying the concern troll label may serve as a means of enforcing conformity and punishing (or silencing) dissent. And even without actual groupthink in play, many Internet posters find dismissing an argument much quicker and easier than evaluating it. In addition, the term "concern troll" focuses not on what the person is actually saying, but on some alleged agenda.

Thus, if misused, it is the perfect refuge for someone who has no counter to the actual argument: simply ignore the points made, allege some other position, and then accuse the other person of lying if they deny that that is what they're really saying. It's a combination of straw man and argumentum ad hominem: make up something to attack, and ignore their actual points on the basis that since the points were made by someone acting in bad faith, they need not be addressed." Taken from https://rationalwiki.org/wiki/Concern_troll


Edits: sp

You're confusing input and output history that's gained by having keys to the wallet (i.e. key theft) with undermining the ledger in such a way that a person doesn't need your keys to see which tx in a ring sig is the real input and which are the decoys. The video above highlights this, but let's just try to make it simple and post it here. Let's propose we follow your solution to show how it doesn't protect against MoneroV's chainsplit from undermining your or other's ledger privacy on Monero or MoneroV.

1. Let's say I have wallet A^Mp which is my 'primary' Monero wallet
2. Before the MoneroV split I move the value from wallet A^Mp to B^Mt, my 'throwaway' Monero wallet
3. The block where MoneroV creates a split happens, creating a MoneroV wallet, B^Vt, while I still retain the funds in B^Mt
4. Because B^Vt uses the same keys as B^Mt by nature of how splits work, if the MoneroV wallet software is malicious when I enter my keys to try and claim my MoneroV it can instead run a script that takes those keys and moves the value of both the Monero and MoneroV B^t wallets created with those keys to a wallet under the malicious actor. This is why as I believe you're trying to say in your comment, you move your funds in your B^Mt wallet back to A^Mp *before* you attempt to use your wallet B keys with the MoneroV client...because your Monero funds can't be stolen (nor do they have the keys to your wallet A^Mp which would allow them to scan for the historical inputs and outputs belonging to that wallet)...but they can still obviously steal the funds in your MoneroV wallet.

How the split undermines the ledger on both sides of the split is such:
1. When I first make a tx from my throwaway Monero wallet B^Mt to my primary A^Mp it does so with inputs 1, 2, 3, 4, 5. Input 5 is the actual input I control, 1-4 are the decoys.
2. I send a tx from my throwaway MoneroV wallet B^Vt to some new primary MoneroV wallet C^Vp. The MoneroV tx uses Input 5 again because it's the one I own, but the MoneroV client chooses decoy inputs 6, 7, 8, 9
3. Because the key image created for each the MoneroV and Monero tx is the same because it's based on the only input I control, Input 5, and because anyone can look at the key images on the blockchain, they know the same Input was used on both chains. Furthermore, since there are no 'duplicate' decoys (i.e. didn't use Input 6 in both XMV and XMR tx's) Input 5 is the only input that's used in both tx, thus anyone knows 100% that Input 5 is the real input
4. Because anyone now knows that Input 5 was 100% spent in both those MoneroV and Monero tx, it impacts anyone else who uses Input 5 as a decoy. For example say there exist some other tx on either MoneroV or Monero's chain that consists of inputs 5, 10, 11, 12, 13. Because I know Input 5 was 100% spent in another tx and is thus a decoy I have now narrowed down the real input to either 10, 11, 12, or 13. If enough people claim the MoneroV split and start using it because of steps 1-3 the other inputs...let's just say 10, 11, 12 can also be determined to be decoys thus even if someone doesn't claim and spend input 13 on MoneroV because other people have shown what the decoy inputs are, even if they didn't mean to... they have undermined whoever made that tx with the real input being input 13.


It's a bit technical so illustrations are arguably better IMO which the video does a good job at, but hopefully you begin to grasp why Monero people hate this split...because people who claim and use their MoneroV not only undermine said claimers own privacy because said claimers tx can be 100% traced for at least that tx...but by nature of that 100% tracing other things can begin to snowball. Because MoneroV users are going to make far fewer non-claim tx, this snowball effect is going to have a notably more detrimental effect on any MoneroV user than any Monero user. It's why it doesn't make any sense if the dev's are trying to expose a flaw in Monero, because MoneroV will be notably more affected by this flaw than Monero...so they're screwing over MoneroV users' privacy more while somehow claiming MoneroV has the same level of privacy as Monero when it's clear the MoneroV users are the ones taking the brunt of the MoneroV dev's executing against this flaw. Which is why anyone who understands this issue believes MoneroV to be a scam...they're claiming to be a privacy project but screwing over their own users' privacy more than Monero's (among other scam-like red flags).

Edit: Formatting, ambiguous phrasing

It's not FUD, it's simple objective logic. So far the XMV dev's have yet to address how they're going to fix the privacy issue XMV devs are creating (https://www.youtube.com/watch?v=TlVsMTeT_nE) that will impact MoneroV users more than Monero users. People who use coins from Monero might be impacted depending on how many people use the XMV gained from the chain split and the originating XMR so XMR users have every right to get angry which is why the Monero community regards this as a hostile fork...it undermines XMR's privacy and shoots XMV's privacy in the foot even worse.



No, MoneroV not an official fork of Monero and at least some of us regard it as a hostile fork because as said earlier it has the potential to impact privacy of XMR, but more importantly it impacts XMV users more: https://twitter.com/monerocurrency/status/964484507352141825

This whole privacy issue could be avoided if they decided to start their own blockchain instead of trying to do a chain split on Monero's chain. Sumo created their own chain. Others have... it shouldn't be that hard, but XMV dev's don't care about their own users' privacy it would seem and are more interested in what seems to be a quick cash grab scheme...

xmrscott, Monero contributor, here. For the average XMR user it is actually a bad move as it undermines their privacy. It also undermines XMV privacy arguably more so as XMV users will have fewer tx's. For more details see the video samsunggalaxyplayer put up:

https://www.youtube.com/watch?v=TlVsMTeT_nE

The official website also explains this somewhat in a recent blog post:

https://getmonero.org/2018/02/11/PoW-change-and-key-reuse.html

and the Monero Stack Exchange:

https://monero.stackexchange.com/questions/7608/what-is-monerov-and-how-is-it-different-than-monero

Long story short, if you choose to use XMV from the chain split as a result of XMR you held prior to the split as well as the XMR, you are effectively attacking the privacy of yourself (people can tell which input belongs to you 100% on both chains) and attacking the privacy of others who use your 100% known tx in their ring signature. If you value your own privacy and do not want to be malicious to others then do not use XMV unless they decide to create a blockchain from scratch instead of doing a chain split.

As I highlighted earlier, Verge transactions are as traceable as BitCoin transactions:

https://bitcointalk.org/index.php?topic=1366103.msg24475676#msg24475676

As I highlight on this page, BitCoin tx are arguably more secure because you can conduct them with TAILS or hardware wallets.

Lastly, if it's based on the idea of complete privacy then it's strange that disingenuous posts like the following highlighting 'public' blockchains as good and private blockchains (Monero) as bad (even though you can share your wallet and tx private view keys for auditing) are some of the most upvoted/retweeted in the Verge community...

https://www.reddit.com/r/vergecurrency/comments/6rvg58/comparison_table_of_anonymous_crypto/

Nope, you're right... it's still just BitCoin over Tor at this point. For a brief overview of 'privacy' CC, the privacy wiki is worth a check:

https://np.reddit.com/r/privacy/wiki/cryptocurrency#wiki_verge

"Verge is basically Bitcoin + Tor. There is no reason to use Verge over Bitcoin + Tor. Their "wraith protocol" uses optional stealth addresses, which are mostly ineffective alone."

It should be noted that the WP hasn't added stealth addresses yet and since the launch of WP was a wash, Justin has said he's done with countdowns, etc so there's no guarantee as to when SAs will actually be added. People can call that fact 'FUD', because of the doubt of when it will be released, but the fact of the matter is it's true unfortunately.

If you're speculating & storing and not making daily tx, etc so tx fees aren't an issue, BitCoin has better security because of integration with things like hardware wallets or w/ TAILS 1.3.x+ (Operating System version which has been out since early 2015 and is now on 3.2) has a built-in Electrum BitCoin wallet (and all TAILS traffic routes over Tor) and on top of the security of using TAILS that wallet is more likely to have more contributors, etc to ensure it gets quick/more security updates, improvements, independent code reviews, etc compared to a Verge Electrum wallet.

It should be noted again though, that neither BitCoin or Verge offer ledger privacy at the moment which as highlighted earlier is a concern if you don't want people to know exactly how much $ you receive/send from exactly where from/to and exactly when.

Edit: sp

Hello again everyone. Friendly educational reminder that Verge is not untraceable nor does it offer 'complete privacy'. For example, it has a rich list where anyone can see what address has the most $ in it, and how much of the coin supply they have (https://verge-blockchain.info/richlist)

If you look at address #1 in the richlist you can tell exactly what addresses sent them money and exactly how much and exactly when. And you can do this for every address.

In other words similar to how anyone can see how much money WannaCry made (https://www.thesslstore.com/blog/wannacry-ransom-total/) w/ BitCoin and when they tried to exchange BitCoin for Monero on ShapeShift, anyone (e.g. governments, criminals) can see how much you have, and where it goes with Verge and target you appropriately.

That is all. Have a good day! 

Sure, no problem. I could have very well mistranslated, but I was referencing in particular:

An example would be two 100 dollar bills. One was used in the transaction of illegal drugs, the other in the purchase of a chair. You cannot see just by looking at them which was used for which.

You CAN do that with almost all of cryptocurrencies.

Namely that you seem to be saying one can't determine which is which with most CC and thus most CC are fungible which is not the case per WannaCry, and AlphaBay et al. Pretty much any coin (nearly all) with a richlist (or capable of having one) is not fungible such as Verge because it order to have a richlist you have to be able to trace where the coin is at any moment in time. Tracing and linking allows for taint. Taint ruins fungibility. The only coins that are fungible of which there are few are coins that make it cryptographically unlikely to trace or link tx. If I misinterpretted what you said my apologies.

Edit: Rereading again, I believe you are actually saying you can (see) that with most CC when I originally thought you were saying the opposite. Again, my apologies; please forgive me.

Yes, because they aren't Monero user IP addr's *those are Monero node addresses*. User here being used to refer to people who actually are the actual senders and receivers of XMR. In other words, I can run a Tor node, but not use the Tor service myself. Likewise I can run BitCoin Cash, Monero nodes on VPS's without transacting/using the CC at all because I run nodes to support networks of things that I find of value. Please show me the origin IP addresses of the actual senders with proof and good luck...


Hmm, looking at the most recent conversation between fp and @vergecurrency (https://twitter.com/vergecurrency/status/893894722233782272) it looks like @vergecurrency is the one who hasn't read and/or understood papers like routing attacks on cryptocurrencies. Try again. Meanwhile sunerok who to the best of my understanding is one of the primary devs of Verge thinks that running 'make' to compile a wallet somehow outputs the compiling device's IP addr (https://www.reddit.com/r/vergecurrency/comments/6rvg58/comparison_table_of_anonymous_crypto/dlgc1om/) to the Monero node network. If you have 101 understanding of how make/compiling works than it should be obvious how ridiculous such a statement is and cause you to seriously the credibility of such a dev and/or project. I honestly should have ran Archive on it because now it seems the entire thread has been more or less deleted to cover up the truth and now I can't split my sides by reading it again. Oh well.

Here is what I wrote:

**Do you even know how opening a Monero wallet works? Or for that matter even compiling?

Monero wallets can be opened offline and they can even create transactions offline assuming they have a copy of the blockchain. Compiling is just running clone and make. You don't somehow broadcast out to the Monero node network when you run make for the Monero source code or any FLOSS project source code. If you don't understand how something as basic in programming as make works I seriously question whatever knowledge or expertise you purport in programming and cryptography.

Edit: redundant grammar**

I even issued a challenge to anyone in the Verge community:

**Yep, stealth addresses are cryptographically unlinkable and there have been a good number of academic papers written on them. Read any recently?

Alright. I challenge you good sir or miss. The three flags you need to capture are gaining root, telling the balance in my wallet, and telling me what my node Id is on the Monero network. My node IP addr is 23.19.164.86. Go!**

I later added some details, needs to be done 6 months by now and 10 XMR for anyone in the Verge community who returns all three and reports the exploit ethically. Despite citing over and over again how easy IP addr are easy to get sunerok has yet to even get the node Id flag.

Yep, I'm xmrscott on Reddit and I make no real attempts to hide it, but I'm not even a Monero dev. How about no? Stop shilling privacy lies on Twitter and r/Cryptocurrency and then I might consider it. The entire reason I started talking on Verge and here was because I got fed up with people telling blatant lies about the privacy of Verge and other coin. Sorry you don't like a spade being called a spade, but perhaps the Verge community should focus on fixing ledger transparency and being more private than BitCoin rather than spreading lies.


Or because you know, because they can't refute facts.
I own very little XMR at any one time and use it for its privacy, not it's speculation month to month. Personally I prefer Total Market ETFs and maxing out tax advantaged accounts with backdoor Roth IRAs over CC's for investment, but to each their own. If I'm trying to do any saving, it's saving people from misinformation some Verge folk spread here, Twitter, and r/CryptoCurrency.

Nope, incorrect...it would seem given that someone else also corrected you on mistaking economic divisibility for fungibility so either you do not understand fungbility or you don't understand what you wrote:

That is not what fungibility means. It means that one item of such currency is indivisible from another in the sense that one coin cannot be distinguished from another.

An example would be two 100 dollar bills. One was used in the transaction of illegal drugs, the other in the purchase of a chair. You cannot see just by looking at them which was used for which. [...] And then certain companies can say, we will not touch coins that were part of an illicit transaction. Even if this was not done by you, but by a different owner of that coin. -dazbog835

However it seems dazbog835 doesn't quite understand traceability or linkability. Most coins are not fungible, they fail what I will call the 'WannaCry Test'. Let's say I have an address known to be associated with a WannaCry hacker which we will refer to as a WannaCry Address. The question then for the test is, can I tell if coin is being sent from the WannaCry address to say, an exchange (miners can also refuse to accept such transactions in their block as well by the way). BitCoin the answer is yes it fails the test as ShapeShift and other exchanges have announced they blacklisted the BitCoin WannaCry addresses.

Verge's ledger follows the same set of protocols as BitCoin, it does not hide the true sender and true receiver from anyone viewing the blockchain. Thus, if WannaCry used Verge instead, exchanges and miners would still successfully blacklist the Verge-based coin because they only need a wallet address, not an IP address.

It isn't, because people can and have determined who has the wallets. Again repeating myself, but perhaps bolding will help you focus on the bits that matter and understand why Verge is not anonymous:

Merriam-Webster, first definition of 'anonymous': "of unknown authorship or origin". As said before because Verge is traceable and linkable just like BitCoin you can tell the origin and 'author' of a transaction by just a glance on the blockchain. BitCoin is best case pseudonymous, and now that the busts of the DarkNet Markets AlphaBay, Hansa, and busts of BTC-e and tumblers have happened because of the traceability and linkability of transactions, that pseudonymous can be considered a joke. Tor does not protect against the same issues that BitCoin has because the primary traceability and linkability is on the blockchain, not the initial tx broadcast. Therefore Verge has same joke of pseudonymous properties that BitCoin does; it is not 'truly' anonymous.

It is neither. Merriam-Webster, first definition of 'anonymous': "of unknown authorship or origin". As said before because Verge is traceable and linkable just like BitCoin you can tell the origin and 'author' of a transaction by just a glance on the blockchain. BitCoin is best case pseudonymous, and now that the busts of the DarkNet Markets AlphaBay, Hansa, and busts of BTC-e and tumblers have happened, that pseudonymous can be considered a joke. Tor does not protect against the same issues the BitCoin does because these the traceability and linkability is on the blockchain, not the initial tx broadcast. Therefore Verge has same joke of pseudonymous properties that BitCoin does; it is not 'truly' anonymous.

No, Verge is not 'truly' anonymous. If it were truly anonymous Verge would not have rich lists. It is BitCoin + Tor. Any coin can have its transactions routed through Tor by simply running said coin's wallet and configuring their device to route all traffic through their Tor client.

Do you know what took down the Dark Net Markets AlphaBay and Hansa as well as BTC-e? It wasn't IP addresses which aren't even stored on the ledger, it was the traceability and linkability properties of BitCoin (I can see in the ledger which is stored for all time where you got money, how much you got, when you spent, and who you gave it to *in 'cleartext'*). And the DNM users used Tor and mixers as well and they still got caught. Verge has those exact same properties of BitCoin and thus would have led to the same take downs. Verge is a joke when it comes to privacy for those who understand how privacy actually works.

Possessing a rich list, as a malicious actor I can then use ledger analysis to go after and identify who is tied to the biggest wallet, etc. Going after node IPs (e.g. Monero nodes) isn't particularly valuable because there's no guarantee they even use the currency on said device or they aren't running Tor/I2P (e.g. I run Monero nodes over Tor/I2P). Rich lists give me that guarantee of going after a big wallet of Verge, BitCoin, etc.


Nope, Verge doesn't, Verge has all the same fungibility issues as BitCoin whereas Monero doesn't. You can have tainted coins same as BitCoin because Verge's ledger is stored in the equivalent of cleartext. As an exchange, etc I can still tell one of your outputs came from SatoshiDice and then ban your account.


Nope, wrong again. What you're referring to in economics is known as divisibility. If you had done a simple Google search you would see that Fungibility clearly is "is the property of a good or a commodity whose individual units are capable of mutual substitution (i.e., interchangeability)" (Wikipedia). Verge does not have this property. As said above, I can still as CoinBase, etc tell you're sending from an address associated with SatoshiDice, etc and ban your account for attempting to use coin gained from gambling which violates my terms of service. Because that tainted coin(s) isn't accepted on exchanges, it is less valuable because I can't cash out on exchanges with it and thus it's value is effectively 0 compared to another Verge coin which isn't tainted (yet).


Rumors != Fact. But... just for fun... are we playing the rumor game? Rumor has it like TorCoin (a BitCoin + Tor scam), Verge developers will also cash out of their Bitcoin + Tor scam by the end of next year leaving anyone foolish enough to buy a bag and not cash out before it's too late, holding a bag.