NANO (ex RaiBlocks)

BrokenArrows

h0neybadger wrote: »

It’s mentioned they have 4 million Nano left.

As to wether that will get distributed to the affected accounts, no one knows. But it will be a long time before a decision is made.

Why were they holding so many coins in the first place?

thunderdog

Had a relatively small amount of nano on bitgrail. This event has given me the drive to invest in a cold storage wallet. I have had a ledger nano on order since the end of Nov, but it wont be in stock until the end of March, so I've cancelled that and gone with the Trezor wallet instead.

I know (as yet) you cant put nano on them, but the trezor willbe for my main holdings of Ethereum and Zcash. I'll use online wallets for the rest.

I also had a small amount of btc on bitgrail. I'm guessing its highly unlikely I'll ever get access to that either?

Tango One

h0neybadger wrote: »

It’s mentioned they have 4 million Nano left.

As to wether that will get distributed to the affected accounts, no one knows. But it will be a long time before a decision is made.

So roughly a 3rd of the nano was taken, which hopefully means at some point we get a 2/3rd back. Probably just Wishful thinking though

Benzino

Tango One wrote: »

So roughly a 3rd of the nano was taken, which hopefully means at some point we get a 2/3rd back. Probably just Wishful thinking though

17 million was taken, 4 million is what is left (though I think they have 6 million left, could be wrong though).

Tango One

Benzino wrote: »

17 million was taken, 4 million is what is left (though I think they have 6 million left, could be wrong though).

Lol for some reason I thought it was 1.7 well I'm screwed then.

WhiteMemento9

A perspective from the creator of Nanex: There is no issue with Nano. It is an issue with using the RPC improperly.

There's a lot of FUD going around right now, primarily sparked by Francesco Firano and now with KuCoin coming out and saying they were having a 'double-spend' issue too. I'd like to point out that Kucoin fixed this issue immediately and compensated their ledger with their own funds. They did not attempt to sweep it under the rug and the issue was not wide-spread at Kucoin whatsoever, so kudos to them.

But let's get right down to the point of this post, the tl;dr:

There is no issue with the Nano protocol nor the Nano node. There is no double spending going on. The RPC API was being used improperly.
These issues are not 'double spend' in the traditional sense. Double spend assumes someone spent the same funds twice, which would be a major problem in any cryptocurrency and is basically the primary thing that has to be defeated in any cryptocurrency. That is not what is happening, nor was it ever what happened at Bitgrail nor KuCoin. People freak out when they hear 'double spend', and for good reason, but that is NOT what has been going on.

What happened in both the Bitgrail and Kucoin situations was an improper use of the RPC API.

In the RPC, there are two ways to do things:
Use the account/wallet system built into the node and allow the node to do everything for you, including sending money without you ever touching a raw block
Keep track of your private keys yourself, store nothing in the node, and only use the node for receiving transaction notifications, reviewing the Nano ledger, and broadcasting blocks you sign yourself outside of the node. (how Nanex does it)
Option 1: why it was used, why it exists, and why it's a bad idea
Option 1 is easy, and is how things are done for most traditional coin integrations on exchanges. Nano has that option, but it was never meant to be used by large services like exchanges. It was meant so someone could build their own UI or just use the command-line. It has its own use case, but not for exchanges.

The primary issue with doing it this way is that sends are not idempotent. Idempotency means that if I were to send the request more than once, it would only perform the action once or it would effectively have the same result. In this case, all you are doing is telling the node 'send X amount to this address'. It doesn't care if you already tried doing it before. It doesn't know if you're retrying something or just sending out more funds again. Since it's not idempotent, this means that any retry code in the case of intermittent failure could possibly end up sending out a transaction more than once.

There's also a variety of other issues like not being able to have fine-tuned control over what's happening, having much more difficulty in scaling across multiple nodes, etc.

This was the method that Bitgrail and Kucoin used. As a result, if anything in the system failed or resent a message for whatever reason, it would effectively 'double withdraw'. Again, I can't state this enough, it is not an issue in the NANO protocol. This is an issue in using the nano node properly.

Option 2: the proper way of doing things
If you keep track of your private keys yourself and only use the offline signing methods, this situation becomes much more unlikely. Your transactions become idempotent.

In the Nanex database, when a withdrawal request is submitted there is a unique identifier for that withdrawal. Your funds are immediately taken out of your Nanex wallet. Only then is the request sent to the actual nano node control system. It finds one of our hot accounts with an appropriate balance, locks the account for any further transactions, and creates and signs the block for the withdrawal. This block is then stored in the database with your unique withdrawal request ID.

All of this so far has not touched the node. When the block is ready, it will be sent to one of our nodes to be broadcasted. If, for whatever reason, that fails - it can be retried again because we're sending the exact same raw, signed block to the node. No matter what, a 'double spend' cannot occur because the operation is idempotent.

At this point, the account is still locked so no further withdrawals or deposits can be made to it. Our other nodes listen on the network to ensure it was broadcasted, and once it reaches consensus the account is unlocked for further transactions and the withdrawal is considered complete.

With 10 hot accounts and an Nvidia P100 GPU node, we can process 300 transactions a minute or 5 per second without the slightest possibility of double withdrawals. If we need to scale up, we just add more nodes and hot accounts.

Nanex's design is being implemented by Kucoin now and is regarded as the 'best practice' by the core development team. edit: note that this design isn't just the idempotent transactions, it also includes how we run multiple loadbalanced nodes and have self-consensus on all transactions

BIG EDIT: This can be done from the RPC entirely as well. This isn't something that has to be implemented outside of the node. The idempotent blocks can be created using the built-in wallet system or by providing the keys yourself.

Also, because I know it will come up: the block explorer issue with improper dates being shown.
This, too, was not an issue with the network. There are no timestamps in the Nano ledger and for that matter almost no cryptocurrency has timestamps, only references to past blocks. The explorer had an issue in which some transactions never had a timestamp recorded. This issue was resolved on January 19th, and any transactions that were missing a timestamp ended up getting that date.

Francesco is trying to use this too as some evidence something is wrong with Nano. That's simply not the case, and frankly a cryptocurrency exchange handling millions of dollars a day should not be relying on a third party tool to confirm their own account data.

In conclusion..
There is no issue with Nano. There never was. All the issues Bitgrail ever ran into was of their own doing because they didn't take time to think of how to implement the node properly, just how to 'get it done'. Kucoin unfortunately fell victim to the same thing, but they made things right and fixed their issue immediately. Francesco swept it under the rug and is now attempting to FUD Nano and the core development team in an attempt to save himself.

Stay strong, nanofam.

edit:

Here's another piece I did on 'why it's not an issue with XRB'. https://www.reddit.com/r/RaiBlocks/comments/7ozfrh/im_jaydubs_the_creator_of_raiexchange_ask_me/dsdfe17/

double edit:

Since I've got the platform for this and many people are asking - the core team never endorsed Bitgrail past saying it was a place you could exchange XRB. The time where Zack said 'funds are safe' (the main thing everyone references) was never in reference to Bitgrail's solvency. Those issues happened during a time when nobody thought Bitgrail was exit scamming or that they were hacked, rather it was FUD surrounding the node and the nano protocol itself and people were worried an issue in the node could have made people lose their money.

WhiteMemento9

They have also issued a separate statement on what they are doing in regards to trying to track the stolen funds.

https://medium.com/@nanocurrency/bitgrail-insolvency-update-2-11-18-9349c9fe1281

EagererBeaver

BrokenArrows wrote: »

Why were they holding so many coins in the first place?

It's an exchange wallet - the aggregate of the NANO held by the users on bitgrail, and bitgrail was the biggest exchange for it.

BrokenArrows

EagererBeaver wrote: »

It's an exchange wallet - the aggregate of the NANO held by the users on bitgrail, and bitgrail was the biggest exchange for it.

Ah right. I was thinking it was being held by bitgrail itself. Not the coin assigned to its users.

EagererBeaver

BrokenArrows wrote: »

Ah right. I was thinking it was being held by bitgrail itself. Not the coin assigned to its users.

That's how so many people get impacted by events like this - they leave their coins on an exchange which get centralised in a few addresses at most on the actual chain used by the coin so when they're hacked, a huge number of coins disappear.

Wombatman

EagererBeaver wrote: »

That's how so many people get impacted by events like this - they leave their coins on an exchange which get centralised in a few addresses at most on the actual chain used by the coin so when they're hacked, a huge number of coins disappear.

Most exchanges do this right? I think the issue here is more the quality of the exchange. Bitgrail seemed to be a one man operation. Doubt very much any actual hacking went on here in fact. Looks more like scamming by The Bomber.

Tinder Surprise

Wombatman wrote: »

Most exchanges do this right? I think the issue here is more the quality of the exchange. Bitgrail seemed to be a one man operation. Doubt very much any actual hacking went on here in fact. Looks more like scamming by The Bomber.

100% agree.

He has been acting the complete bollòx now for weeks and all very under handed stuff going on.

1.) Stopping those that wanted to withdraw NANO by forcing them to transfer into BTC first.

2.) Reports of massive unexplained withdrawals up to 10 days before the 'hack' *roll eyes

3.) Double deposits of ETH

4.) Asking NANO to amend the Ledger for the missing $170,000,000

...and the sad thing is he will more than likely walk off into the sunset with people's millions without getting in an ounce of trouble.

The guy is a scumbag - end of

EagererBeaver

Wombatman wrote: »

Most exchanges do this right? I think the issue here is more the quality of the exchange. Bitgrail seemed to be a one man operation. Doubt very much any actual hacking went on here in fact. Looks more like scamming by The Bomber.

They all do it as far as I'm aware. I don't know if any exchanges that have individual blockchain (or equivalent) addresses for each coin holding per customer.

smacl

Tinder Surprise wrote: »

...and the sad thing is he will more than likely walk off into the sunset with people's millions without getting in an ounce of trouble.

Assuming he gets past the lynch mobs.

Firano, 31, told the Italian news site Sole24ORE that he has received multiple death threats since announcing the hack and filing a police report, which he said is now being investigated. Users on Twitter and Reddit are circulating photos of Firano, accompanied by implicit and explicit threats.

Tinder Surprise

smacl wrote: »

Assuming he gets past the lynch mobs.

I don't condone that either but he has a something coming to him that's for sure.

mik_da_man

Feck it, just seen this now.

Don't have much in it, but peed off all the same..
Realistically is there much that can be done, I'm guessing not...?

smacl

Tinder Surprise wrote: »

I don't condone that either but he has a something coming to him that's for sure.

Nor I, though I could imagine that losing or stealing that amount of money is liable to drag all sorts of unsavoury characters out of the woodwork.

cravings

it's a really huge amount of money alright... and it seems some people have lost massive amounts. so yeah.. many people won't forget this ever. he's in a real mess now, that guy.

Wombatman

Sounds like it was a hack alright. Serious vulnerability in Bitgrail javascript allowing you to change the withdrawal amount before post back to the server. All validation done on client side so easy to alter via browser console.

Pussyhands

I came back after a week to see my nano nearly half what I bought at. FFS why can I never buy the right coin!

Is it all down to the lost coins?

BrokenArrows

Pussyhands wrote: »

I came back after a week to see my nano nearly half what I bought at. FFS why can I never buy the right coin!

Is it all down to the lost coins?

It's being held down by that issue. It will eventually recover.

Nothing has changed with the coin at all. its just fear that's keeping the price down.

Matt Simis

BrokenArrows wrote: »

It's being held down by that issue. It will eventually recover.

Nothing has changed with the coin at all. its just fear that's keeping the price down.

Yep pretty much. Its early in the year anyhow, plenty of time for Nano to get adopted at least first on all exchanges (and become the arbitrage coin of choice) then onto real world applications when its a bit more mature.

EagererBeaver

Waiting to pull the trigger on buying more...

Tinder Surprise

EagererBeaver wrote: »

Waiting to pull the trigger on buying more...

seems a good day alright.


24hr green on nearly every coin around, yet XRB approaching double digit red


FUD dripping

WhiteMemento9

Tinder Surprise wrote: »

seems a good day alright.

24hr green on nearly every coin around, yet XRB approaching double digit red

FUD dripping

I don't understand where the bull argument comes from at the moment. I understood why I was buying past dips. I thought they didn't make sense and couldn't understand them and in retrospect they didn't make sense because they were contributed to in large part by outside factors which couldn't have been accounted for at the time.

The hodl thing is crypto is such a load of bollox. If you think something will fall but have faith in it long term then why wouldn't you sell and buy back in later at a cheaper price. Nano isn't going to the moon over night and will need some serious good news to get it back on track. At the moment it is being propped up by the BTC run but if it has a correction you are looking at $4-5 Nano.

Just for some perspective. ~140k sats right before BG news broke. Now ~85k sats

EagererBeaver

Easy - if people have long term faith in the coin, then with nano stagnant/dipping slightly while everything else rises, you get more bang for your buck.

WhiteMemento9

EagererBeaver wrote: »

Easy - if people have long term faith in the coin, then with nano stagnant/dipping slightly while everything else rises, you get more bang for your buck.

Why not just sell after the news? I posted straight after the statement came out that I had sold. I could easily buy back in now at +45% my original holding. I don't mean that to sound like gloating because it isn't, I sold at a huge loss overall. I just don't really understand the reasons for holding when it was clear that the price could do nothing only tumble.

I am waiting until I see some signs of recovery or support of which I currently see none only a slow bleed out. I know they have the desktop wallet coming out tomorrow which could give some support but I don't see it. I think this is probably close to the floor but buying at the moment is a bet on BTC and not on Nano.

EagererBeaver

WhiteMemento9 wrote: »

Why not just sell after the news? I posted straight after the statement came out that I had sold. I could easily buy back in now at +45% my original holding. I don't mean that to sound like gloating because it isn't, I sold at a huge loss overall. I just don't really understand the reasons for holding when it was clear that the price could do nothing only tumble.

I am waiting until I see some signs of recovery or support of which I currently see none only a slow bleed out. I know they have the desktop wallet coming out tomorrow which could give some support but I don't see it. I think this is probably close to the floor but buying at the moment is a bet on BTC and not on Nano.

Because not everyone has the confidence or will to day trade? Given the news, the price has been *relatively* stable. If people knew with certainty they could sell and buy back lower then of course they'd do it. Problem is nobody has that certainty.

EagererBeaver

WhiteMemento9 wrote: »

Why not just sell after the news? I posted straight after the statement came out that I had sold. I could easily buy back in now at +45% my original holding. I don't mean that to sound like gloating because it isn't, I sold at a huge loss overall. I just don't really understand the reasons for holding when it was clear that the price could do nothing only tumble.

I am waiting until I see some signs of recovery or support of which I currently see none only a slow bleed out. I know they have the desktop wallet coming out tomorrow which could give some support but I don't see it. I think this is probably close to the floor but buying at the moment is a bet on BTC and not on Nano.

Because not everyone has the confidence or will to day trade? Given the news, the price has been *relatively* stable. If people knew with certainty they could sell and buy back lower then of course they'd do it. Problem is nobody has that certainty.

WhiteMemento9

EagererBeaver wrote: »

Because not everyone has the confidence or will to day trade? Given the news, the price has been *relatively* stable. If people knew with certainty they could sell and buy back lower then of course they'd do it. Problem is nobody has that certainty.

You think that going from 140k --> 85k. A roughly 40% dip. Coupled with the fact that if you had held almost anything else in that period you would be 10-20% the other way. So you have effectively lost around 50-60% on money you are holding in Nano. You think that is relatively stable.

I don't day trade but selling on news that you know will most likely negatively impact the price is just being smart. You have an advantage here in that you stay up to date with the coin/forums/news and have a small hop on the rest of the market when things go bad like this so not getting out seems incredibly naive. It is the same as why you take a position in Nano. You believe in it long term and you think the price will rise from that point. At the point the news came out there was only one way this was going to play out in the short term.