in

ALERT – New Block Chain Spoof Attack – Monte Spoof Attack

**[Forwarded from IamLupo [XDN] NL Developer]**

**What happened?**

DigitalNote XDN community reported unusual activity on chain abnormal large transaction amount PoS block. After some research we are able to deduce the attackers used a method of scanning previously accepted blocks valid inputs to create a custom output. The attackers are able to use an input of any coins in a previously valid block and craft a custom output of 900+ million coins for example.

**Why did this happen?**

Typically the relay function would not allow this but accept block assumes that inputs were already check during relay instead of checking each transactions inputs to make sure they are not smaller than the transactions output. The attackers, in this case they were able to spoof a PoW block, submit it along with a PoS transaction and force the tx through the network.

**Who is affected?**

ALL Bitcoin based source codes have this security threat RIGHT NOW! This was possible because the code used for checking transactions before including them in a block didn’t account for the case of input being crafted to be smaller than output. This is a brand new attack. This includes Bitcoin itself!

**What have we done to fix it?**

Going forward in the patched update we will account for this with several checks. Specifically addressed here [https://github.com/DigitalNoteXDN/DigitalNote-2/commit/16f6906b5e0a868c21f1a65d140dd73ed07cdc72](https://github.com/DigitalNoteXDN/DigitalNote-2/commit/16f6906b5e0a868c21f1a65d140dd73ed07cdc72) The source will now check each input against the network parameters to ensure that input is indeed a valid input for a new block and not invalid. These updates should be preformed IMMEDIATLY if you have not already done so in your ALT-Coin source code. This security flaw is deemed HIGH RISK! IMMEDIATE THREAT! We highly urge all coin development teams to check their source code for the possibility of this issue.

​

Release: [https://github.com/DigitalNoteXDN/DigitalNote-2/releases](https://github.com/DigitalNoteXDN/DigitalNote-2/releases)

​

xxx XDN Team <3

What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

🌟Stargazer Protocol🌟 Ready for take off! Satoshi AMA tomorrow! Dev is Doxxed! lesgooo!

📍 MiniEverDoge is hosting its presale in about 12 hours, see you there.