NuBits v3.0.1ban2 Release – Urgently needed Nu upgrade now available

There has been a theft of approximately 200 million NSR. It appears most or all of the stolen NuShares remain in possession of the thief at known addresses. This means it is possible to release a version of the Nu client that won’t accept transactions using the stolen NuShares as inputs. I have asked sigmike to do this, and here are the downloads:

http://212.129.19.120/nu-3.0.1ban2-linux-gitian.zip
http://212.129.19.120/nu-3.0.1ban2-win-gitian.zip

It appears a majority of minting power is already on the new version. We ought to try to get the entire network on the new version for consistency.

Blocked addresses are:

SYAxC194NgWoAqtGHHZ4GKXU6LT7mgqAq1
Sk2P6oj9VCC8VmCBQaRWK4iwTPbvPcGPsh
SQoAn2DmRPv2ypLcLR1NT3ciqfh8X9qbDQ
SWvFUTiJ2gvmUEGEszvXrdjkn6Uh9ZLbZe
SigAuqtYtigWZ8uVFG7iuLDYv9au9cK49L
SkNDumZBBbx5ygSRd7Nvbg32RoeUERoHrH
Sif3nJuoCZmG5zeahqAYy9jetRLAKfDawC
SYhzKRTPVR6PrqcHqZE1c2d7fWDQLqieba
SNi3zogpVvEGNLyxh6RLNHGU3PMPJBzgEY
SWxjKJ4m3U1X7h22yVDyDuHcdc5hwqxG6g
SYBAJJpoxwUBwyrLMud8B6FLibvZzbTCpi
Sbtxw5pC3y3QpepsWH5iAcra5a53ne6se9
SYxdao1Pyn92trMniivmw3UVLJ9wXbX6kz
SWVRAjpqjW4orkYmADPvQ1adUni9jVK7H8
SUJH1DLG2iLKHY3vXw4V5J1iLphCYAxg6n
ShQ4Rezxs3NKJHcRV6SVL1bvduT2n9P4bi
SewzCfwc36oFTXH9jL1VTUHsEPrJpnB2x2
SYy3bPPGqf3NipGyVRcgcu6rq7RKHoyh5Y
SQ7JRP54iQeLCHR8tujDJsAndKeiuyAqbi

NuLagoon US-NBT address BJDirPFfohpTRXTiTzw8gfZjV9qy3CRqpM is also blocked because @henry has not been heard from in quite some time, despite my attempts to contact him.

Soon I will be proposing a motion to burn the funds at the blocked US-NBT and NSR addresses. If there has been a mistake and some of these funds belong to deserving owners, they can contact myself, @jooize or bring it up here in the forum. We certainly don’t want to burn any legitimately owned NSR, and I believe the plan I am proposing will prevent that. If additional information indicates that one or more of the balances associated these addresses is legitimate, we will make a new release that doesn’t block the transfer of those funds.

I have contacted Poloniex about this to ensure that none of the addresses belong to them. We certainly won’t block transactions at addresses belonging to Poloniex, even if the funds transferred to them were stolen. Poloniex has not yet replied to confirm that they don’t have any of the restricted addresses in their wallet.

My proposed actions are:

  1. Have all clients upgrade to this patched version of 3.01 that blocks transactions from a list of addresses containing stolen funds.

  2. Vote on a motion (yet to be crafted) that authorizes burning US-NBT and NSR at the blocked addresses.

  3. Vote on a custodial grant (yet to be crafted) that creates NSR in the exact amount of the blocked NSR. The grant will be transferred to the proper owner of the NSR. The NSR supply remains stable, with equal quantities being burned and created.

@jooize, can you provide an OS X version soon please?

I have begun minting with 237 million NSR belonging to B&C Exchange shareholders. Doing so is in the interest of Nu, and can be expected to increase or preserve the value of NuShares. Where B&C Exchange is a major NuShare holder, it is in the interest of B&C for Nu to succeed. Therefore, I have advanced B&C Exchange interests by using the the NuShares it holds to secure the network in this circumstance. The B&C NuShares are configured to vote for park rates at the already established rates, and no motions or custodial grants are being voted for.

2 Likes

The source code is here: https://bitbucket.org/JordanLeePeershares/nubit/commits/tag/v3.0.1ban2

sha256sum of the builds:

108ff9a39faf5fc134bed1444d9475478cdb328bd16aa2e82b7cd2d23c340f8c  nu-3.0.1ban2-linux-gitian.zip
b3c789617b29cf44c097b53ffe19de33c768f44a3fe15dfbae7ee084cc5c046b  nu-3.0.1ban2-win-gitian.zip
a0130672cb493b6cbf8a80c56c4acd75d2a2d71bdb689d0cd37c87c9c9e4fa4e  32/Nu-3.0.1-win-setup.exe
95bd5641aae3193adfa16afa9fb202036065a42d1ca51c026dd18cdb2bda9e25  32/nu.exe
850097560fe4ac73e12c6c2b80b5ebb51a512b9aa16d9ae240af10da583c0812  32/nud.exe
d64901d41b16dcbb7036c66009e032b481a7b94eaa670bf2e43cf3715d5e5eed  64/Nu-3.0.1-win-setup.exe
7ca5c004568994037ac4ff2e6c724aa06a09a25ecf49a8665273eea3c6c9a74b  64/nu.exe
9a9dbdf75782d8d5ee142e7dc5ff2f53e3e19b34c4eea177fcb65471e6a09b78  64/nud.exe
a666a2db58dd1afbc4d3ef270ca10e5795f74ddd9a9c90451804b58e1e289ce2  bin/32/nu
6b87b95aeb5ffbae180908ddd4a02527273635b8202a9bad3c8a6045bf289baa  bin/32/nud
da8809bf16bbbf14a2349dce998d4b403ed3b30aa8f98c5b91c2464ad7d76a50  bin/64/nu
5e72b5cfebca5f4257151592a78b3da9da61a2ca0e632ff2e26dd3bb6b5aeea2  bin/64/nud
1 Like

Where have these NSR been taken from and how did the breach occur?

This is a significant action that you’ve unilaterally taken. I assume you have exceptional evidence to back up the allegations?

4 Likes

it sounds fishy…please provide more evidence.

1 Like

What’s immutability mean?

1 Like

They were taken directly from a Nu client wallet. No exchange was involved.

In order to take any action controlling transactions, a consensus of the majority of minting NuShares is required to do it. This case is no exception.

I can understand that this is uncomfortable and provokes suspicion as a reasonable immediate reaction. It is very regrettable that this is necessary at all.

Let’s consider what will happen if the allegation of theft is false and consider what would happen if it is true and we do nothing:

If the claim of theft is false: No funds will be burned immediately. This software change only prevents transfer of certain funds. I have published all the addresses. If you are the owner of any restricted funds and you did not steal them, please contact myself, @jooize or bring it up right here in this thread. If there is any doubt about whether the funds are stolen, I will support removing the restriction on transfer. We must make NSR ownership a sacred right that can’t be revoked. If it is really a theft as I believe is almost certainly the case, I doubt the thief will contact us to demonstrate their innocence. Easy come and easy go will be their orientation, I suspect. So, a lack of claims that these funds are not stolen is evidence (although inconclusive by itself) that they are stolen. We need to pass a motion to burn these stolen funds, so that process will give people a lot of time to come forward and claim they are victimized by it. It is theoretically possible that someone whose NSR was restricted and did not steal funds would not notice our plans to burn funds until after we do it. In that case, they can still appeal to myself, @jooize or the community. We can still give it back to them through custodial grant. Nu is very powerful and flexible that way. This is very unlikely to occur.

Now let’s consider what would happen if the claim of theft is true and we did nothing: A NuShare holder, presumably supportive of what we are doing, would be cheated and alienated, having lost their stake in the network. That isn’t right and it isn’t good for our network. The thief is very likely to sell the NSR soon, and it would be very bad for all NuShare holders if ~200 million NSR were quickly sold into the market. It is in the interest of all NuShare holders to prevent that. We can and we should. But it isn’t up to me. A consensus of minting NSR holders must decide.

I find it regrettable that this is divisive. I wish it weren’t and I am doing my best to address the concerns of all parties in a fair manner. Let’s get it done and move on to more productive and positive endeavors. I will be publishing a motion and custodial grant soon very soon to help us move forward.

3 Likes

The notion of irreversible transactions clearly isn’t positive in every case. This is a great example.

Peershares, and Nu blockchain transactions are generally irreversible, except when the majority of minting NSR holders say they are reversible. That is a very high bar for rejection of transactions, so it appears it will always be rare. However, there is a caveat.

B&C Exchange will provided escrow services, I suspect, including with NuShares and NuBits. In this way, transactions could be quite reversible according to custom terms of escrow. Neither type of reversibility will threaten the integrity of transactions on our blockchain.

In a sense, an argument about how irreversible transactions should be is a mute point, because regardless of what we agreed upon, there is still the same architectural reality in the network that transactions can be reversed if and only if the majority of minters agree to do so. That is just how blockchains work.

3 Likes

Immutability in distributed consensus is about building trust in a system to adhere to the rules it sets out. The ETC fork clearly showed that proven immutability has monetary worth. I feel you are trying to argue against that but it was already proven experimentally half a year ago.

There was a significant minority of ETH users unwilling to accept the fork fixing a theft, opting to let the large theft stand for the sake of immutability. I think it is an extreme position, but a small minority of people do value it.

I can see why it appears that the ETH and ETC split over fixing a theft seems to have relevance to what is happening right now in Nu. It actually doesn’t have relevance and there is little chance of a similar split in Nu as a result of this. One very unusual feature of our blockchain is that it has liabilities on it: NuBits. So in a fork situation you don’t just have NuShares that get duplicated, you have NuBits, or shareholder liabilities duplicated. I doubt a fork of Nu would offer redemption of NuBits. If it didn’t, in no way would it be the real Nu, similar to Augeas, a fork of some NuShares without the NuBit liabilities. Augeas has no market value, even though it seemed to have a significant community in its first days.

Imagine that some shareholders insisted on keeping the theft in their chain and created a fork with NuBit liabilities. I think it would be great for us. NuBit holders could get $1 from the main chain and $1 from the strictly immutable chain. Having NuBit holders get double their money back would only make NuBits more popular, with the idea that you might be able to double your money with forks. I would expect any new chain would lack the liquidity to deal with the onslaught of NuBit sales they would face as soon as the fork were created. Such a fork would immediately need to conduct a major share sale to raise funds to pay for NuBit liabilities. Nu has a reserve of around $55,000 in BTC, and that can’t be forked. An immutable chain would start with zero reserve, low liquidity in share trading, as well as an onslaught of NuBit redemptions to fund. That isn’t really viable, so I predict it won’t happen.

Due to its NuBit liabilities and unforkable reserve, Nu is unusually resistant to persistent forks such as ETC.

2 Likes

Still so many questions about this…here are a few simple ones to get the conversation started:

  • What was the attack vector used to compromise the Nu wallet where the 200M NSR came from?

  • When did you notice the missing shares?

6 Likes

The downloads don’t seem to be working for me… are they working for others?

Edit: Thanks @irritant - silly me!

http://212.129.19.120/nu-3.0.1ban2-win-gitian.zip
http://212.129.19.120/nu-3.0.1ban2-linux-gitian.zip
(without the 1 at the end)

1 Like

Whether the community forks or not, the monetary loss from ditching immutability like this is real. This is extremely comparable to the ETC event, except for the fact that it’s like 10x worse because this theft wasn’t even transparent like the DAO hack was.

1 Like

The market doesn’t seem very concerned about this, as this screenshot I just took shows. Indeed, it is already very much under control:

This is very concerning indeed. I think it is important to know when you found out. The market already took a hit of over 20% (in US$ value) a couple of days ago. How do we know there is no relation with this event?
I’m very uncomfortable with this fork, this time it is 200m from a random shareholder. Would you do the same for a 20m or 50m shareholder? Maybe we should have taken the hit and someone learnt a lesson on how to safely store their tokens. It would be great to hear what happened and whether other shareholders are at risk for this reason.

1 Like

Trying to move to the new upgrade, but having an issue, same as this user: [quote=“Skrudzh, post:2, topic:4941”]
“blkindex.dat” is damaged
[/quote]
Something is not right…
When replacing blkindex.dat with a more recent copy, it appears to sync again, but stop after a while. Restarting results in the same issue again. Will trying to reproduce this consistently and report back.

Edit: the 3.01ban2 version consistently show this behaviour. Syncing with the 3.01 version from Nov-16 still works fine.
Based on my experience I suggest to make a copy of the blockchain first before trying the 3.01ban2 client.

We are a small community, so this kind of decision is relative to make, in future, we need to pass a motion to do so.

Jordan has special privilege? Do others get a fork if their funds are stolen? @Cybnate asks a good question.

Decentralization of Nu is lost. :cry:

EDIT: By this, I mean that Jordan controls the network. His OP announces a new version, and also writes:

To me, this seems to say that Jordan controls the majority of minting shares, which is the antithesis of decentralization.

1 Like

This is essentially why I cashed out and left. There is no point being involved in a centralized Nu. It might as well be dead as it’s just as bad as a central bank now. Not only are its liquidity operations centralized, but the majority of shares are centralized as well.

This is why I keep telling people here to go back to Peercoin. Distribution in Peercoin was done right, one of its biggest principles is immutability of the blockchain and there are big plans for the future. This place has been dead for months now and all the enthusiasm has been sucked out of the room by our overlord, Jordan/Phoenix. Peercoin just announced its first DAC built with the PeerAssets protocol, Indicium. Check it out here…

1 Like

It appears that most of those critical of the upgrade are not shareholders or not significant shareholders. In other words, they don’t care about shareholder interests, such as the NuShare price. I care about the NuShare price, and I am paid to defend it. Allowing 200 million stolen NSR to hit the market isn’t in the interest of shareholders. There are some who hold dogmatic principles as their highest value in this case, like immutability. That isn’t my priority. The interests of NuShare holders are. Remember, forum participants are a different population than NuShare holders. I am a politician representing NuShare holders. If you aren’t a member of my constituency, I’m not very interested in your values.

When people complain about decentralization issues here, it is usually a way of appealing for more influence without owning any NuShares. If you don’t own any NuShares, you have no say in what the network does. That is as it should be, because you have no interest financially in what the network does. In other words, you might be happy to wreck Nu financially by prioritizing rigid dogmas such as immutability. Shareholders aren’t interested in that.