NuBits v5.0.1 Release

A wallet containing B&C Exchange shareholder NSR under my control has been compromised. The exact method of compromise is not known, though it is suspected the attack vector was a email account used to register the VPS upon which the encrypted wallet was being used. Sigaint is a Tor based email service that suddenly disappeared recently. While my sigaint credentials were not compromised, it is possible that either the sigaint administrator or a hacker who had compromised the sigaint operation has used their privileged access.

The release blocks transactions from the compromised wallet addresses and the addresses compromised funds were directly sent to, all of which have been confirmed not to be exchange addresses through correspondence with our exchanges.

Here is a list of restricted addresses:



Here the downloads for Linux and Windows:


@jooize will be providing an OS X build soon.

I’m really sorry for this. There were ways I could have protected the wallet better which were on my to do list, specifically creating a new wallet and getting a new VPS, but I just hadn’t been able to prioritize them yet. I didn’t expect this to occur.

In the coming hours we will be looking closer at the public record of what happened and report additional info about losses.

1 Like

Nu 5.0.1 for macOS

shasum -a 256 Nu-5.0.1.dmg
48de80c5fed8891bc694eada0a40d26460146249ff4b12275b4ed8ef3d307092  Nu-5.0.1.dmg

Edit: Hadn’t fetched the latest commits in previous build.

Isn’t that like the second release that blackballs addresses, which were in @Phoenix’ sole control that got compromised ?
But I haven’t really understood, to whom the addresses belonged that were blackballed in the last release.

What a pity that FLOT has been sent packing. The narrative here has it that they were a bunch of incompetent people. As far as I’m aware funds controlled by FLOT multisig were never compromised.

It’s easier to sling mud at others who realized that it isn’t worth trying to correct false narratives.
Not answering important questions like

isn’t being punished. Why would he answer them?
Has the question ever been answered by what motion the B&C development fund has been converted to NBT in the first place?
It very much looks like this was based on @JordanLee’s/@Phoenix’ discretion. Would be a bad move, if no motion demanded that.

I wasn’t logged in for some time. I thought and still think it isn’t worth the efforts.
But I honestly couldn’t help from pointing out how unreliable and irresponsible @JordanLee/@Phoenix is.

1 Like

What was the total amount of NSR that was compromised? Do you have any theory about why the funds were sent to so many different addresses?

Sorry this happened.


I’m a bit puzzled, but a properly encrypted wallet is still worthless unless the password has been exposed. Did that happen? Interested in understanding how.

This forking doesn’t look great and doesn’t help getting exchanges aboard. Time for multisig?

I will post numbers (total funds, lost, …) when I’ve determined them.

Any updates on the details here? Is this 5.0.1 now the active version? Did it stop the thief from accessing the stolen funds?

Sorry for the delay. The current block explorer displays negative balances for some of the addresses the thief sent to, and I didn’t figure out if I can work around that and get accurate numbers. I’ve asked @backpacker and @woolly_sammoth to take a look. @woolly_sammoth has had to prioritize changes to NuBot’s price feeds in order to resolve straying peg appearance at CoinMarketCap, and an improved explorer which should resolve that problem at the same time.

The release was successful in securing most but not all funds.

In the coming hours?


I wonder how that public report manages to avoid talking about the B&C dev fund that was used for minting (although promised otherwise) and lost 200 million NSR.
Maybe that’s the reason why talking about it at all gets avoided.

Let’s sit things out again!

Look. Yes, that was the plan at the time. Then it turned out the block explorer displayed negative balances which delayed the investigation. You have no patience for how much time it takes to do everything, the issues that keep appearing along the way (you two are part of those), and I don’t work all the time though I wish I could.

You make people pointing out issues, issues?
That sounds like weird Phoenix logic.

Oh and btw, Cryptopia is well aware of the situation :wink:

The issue I have with you is that you run to conclusions which I later break down. You then move on to the next thing you find that can be suspicious without acknowledging you’ve been wrong.

What do you mean by that?

Just noticed that I haven’t been able to successfully mint block with my Nu client v5.01 in the last 24 hours. They all went unconfirmed after creation although I have 8 connections. My Peercoin client is still minting so it appears not to be the computer or connection. Anyone else seeing the same issues or do I need to restart the client or my computer?

1 Like

I’m having the same issue.

All blocks unconfirmed since yesterday morning. I’ve restarted the client and computer with no luck so far.

1 Like

There has been many reorganizations (51 yesterday). The most likely is that some major shareholders have a bad connection and mint on old blocks because they failed to receive yours, or because their own blocks sometimes fail to propagate and finally reach the rest of the network when they find a second or a third block (and then yours are forked out because your chain is shorter because you and the other nodes could not create that many blocks during the same time).

To verify that it’s what’s happening you can look at the “new block found” occurrences in your log. If they are always followed by 2 or more block received and a “REORGANIZE” then that’s probably what is happening.

It could also be a major shareholder that deliberately modified the client to not mint on blocks generated by others.


Hold on now. You accuse people of things that they could have done (guesses). I counter your assumption with scenarios that can make it look like that but isn’t necessarily so. I’ve in several cases gathered detailed data suggesting statements of yours were false. You then go silent in that topic or find something new to focus on.

What you suggest is guilt unless proven innocent.

This argument we’re having here is not one where I’ve breaken down your statements. Do not conflate those to invalidate my point for readers who do not follow our strife.

There is no question he said those shares would not be used to mint. He did announce it, though I’m not aware of within which timeframe of beginning minting. As for being authorized by B&C Exchange shareholders, there’s the following passed motion that means the US-NBT were transferred to be handled by @Phoenix “in the interest of” B&C Exchange shareholders. They later passed the motion to trade all US-NBT for NSR.

All B&C shareholders funds in existence as of August 21st, 2016 shall be transferred to @Phoenix immediately upon passage of this motion, to be used in the interest of shareholders. This includes funds held by Jordan Lee and Angela. It excludes any funds that may be given by shareholders as a BlockShare or BlockCredit custodial grant.

[Passed] Phoenix for Custodian of B&C Funds

Your crusade to enlighten everyone of what they should care about is apparently fair game according to those who control this forum. The fact you don’t know why they were used to mint suggests your primary interest in it lies not in whether it was best for B&C Exchange, but to find another weapon against @Phoenix and Nu.


I have found 163 entries with Reorganize in my logs (last week). Most are 2-5 blocks, found one with 6 blocks:

REORGANIZE: Disconnect 6 blocks; 525a93b7077822027583…8b950a4c7b02a3903beb
REORGANIZE: Connect 6 blocks; 525a93b7077822027583…4ac4f625b19ca5569b26

Wouldn’t be surprised about that given the current ‘climate’.

Things appeared to have returned closer to normal by now, although I still see an elevated number of orphans.