Jump to content


Platinum Member
  • Content Count

  • Joined

  • Last visited

  • Days Won


Reputation Activity

  1. Like
    Warbler reacted to Lumpy in The Jed Attack   
    (1/2) - 22 February 2020
    Although never confirmed by Jed McCaleb, the "tacostand" XRP wallet (rEhKZcz5Ndjm9BzZmmKrtvhXPnSWByssDv) is well-known to belong to him.
    A quick look at the wallet and its transactions (https://bithomp.com/explorer/rEhKZcz5Ndjm9BzZmmKrtvhXPnSWByssDv) and you will quickly notice that Mr McCaleb manages his funds following a very strict routine. Every morning at 08:02 UTC, 1.7M XRP are sent to another wallet. 

    The so-called wallet, activated by Jed, is then "in charge" of selling the XRP. A rigorous routine is also in place. Wait 09:00 UTC and you will see on the ledger the first "create offer". Offer that is usually selling 1M XRP for USD Bitstamp (IOU).

    Keep an eye on the XRP:USD.Bitstamp orderbook and you will see that the order is algorithmically managed. The price (exchange rate) of the limit order is, if needed, constantly adjusted. As an example, last Thursday (2020-02-20), the limit order was canceled and re placed 13 times.
    Jed aims to sell the XRP. The more the offer is at the edge of / at a competitive price on the orderbook, the more chance it has to be filled. 
    However, this Saturday morning, 22 February 2020, Jed's automated bot sold 1.7M XRP for ... $188,456 USD, meaning that it sold at an approximate XRP:USD price of ... 0.11 USD. The price this Saturday morning being around 0.271 USD.

    The candle below highlights the magnitude of the slippage.

    Details of the transactions:
    A trade has two participants, a buyer and a seller. Selling at a discount of 0.59% means that an individual (or group of individuals) made approx 270,000 USD of profit this morning. Luck or Jed's bot generosity is not, as you guess, the explanation of the dramatic event.
    The attacker (https://bithomp.com/explorer/raBmhBNmYFGe5hJ5Gez2MbpNspewctCAGv) has been preparing his/her/their coup de grâce. Although only successul today, the attacker has been groping for the flaw. Transaction activities of the wallet indicate that the wallet has been active on the XRP:USD.Bitstamp trading pair for at least two months.
    The wallet sold this morning around 1M XRP, cleaning all the liquidity / depth of the bids of the orderbook, then placed the first killing order (1) that Jed's bot decide to take, then the second killing order (2). Jed's bot also hit the bid for the latter.
    (1): https://bithomp.com/explorer/FEDC30F932389FC34D126172E26ACD10D79CAD78ACEA360B44B82ABA25868087
    (2): https://bithomp.com/explorer/0E3372A2F43154B02100CEF29C941FBC85084EF2BDCA65FA7DCD4ACA709F214E
    The attacker does not act alone. Sub-wallets 1 (https://bithomp.com/explorer/rHjzw8L2ZBNhLfWw3yv8AY1hf1QYnRMriR) and 2 (https://bithomp.com/explorer/r9ujfsgebDGPEoQP7WFYcVrhEKQZPKVGd7), activated by the one mentionned above, looked like to have specific roles. Mostly create counter orders, allowing front running kind of strategy. 
    To be continued...
    Many interesting unanswered questions:
    - What was the specific technical flaw the attacker took advantage of?
    - What is the profitability of the attack? (taking into account potential front running costs - previous tests / iterations before finding the flaw)
    - Will the attack repeat itself tomorrow? / Had Jed noticed the event?
    (2/2) - 25 February 2020
    Yes. As you can see below, the attack was repeated every day since the first successful attempt.

    More active market participants during the week than the weekend has probably a positive impact (less slippage) on Jed's bot loss, although today's data indicate that the attacker had a +10% discount on the XRP bought.
    When yesterday, on Monday February 24th, many bids populated the orderbook, therefore reducing the potential slippage and the arbitrage gain, the attacker does not seem to be discouraged. The malicious wallet even sent few payments with some interesting memo (here below) to push for more cooperation...

    Cooperation that was indeed tried, successfully or not, in the past. Look at the memo below regarding a payment sent early January. 

    A payment got some echo (payback, as a sign of approval for cooperation?) on at least one receiver. Please note that the client description below recalls some other events (https://medium.com/@john.cantell/hi-renier-8f887aee027b). 

    John Nash would have been proud. Even in a decentralised exchange the concept of game theory can stand. Memo can support text messages, allowing market participants to communicate with each other and therefore, look at decision not in isolation but as being part of different interactions.
    As regards Jed's bot flaw, it seems that the algorithm takes decisions based on:
    the distance to the best ask: replacing the order to make sure that it is at the edge of the ask side the bid ask spread the volume depth of the bids: Jed's bot hits the attacker bids (in all examples), meaning that Jed's bot decides to hit the bid if the slippage is not too important and if a tight spread (mentionned above) is true Note that the above are assumptions and educated guesses. Digging into the transactions is probably the best way to know more about it.
    I am quite surprised that (my assumption) there is no outside / off ledger element Jed's bot relies on. For instance, the XRP:USD spot price of another (liquid) market, making sure that the decision to place an order on the ledger at x price is not irrational compare to the latter. The best for that being probably the BitMex XRP:USD spot index (https://www.bitmex.com/app/index/.BXRP). 
  2. Like
    Warbler reacted to at3n in All official wallet doesnt allow enable masterkey   
    Ok... So that's tefBAD_AUTH: "The key used to sign this account is not authorized to modify this account. (It could be authorized if the account had the same key set as the Regular Key.)"
    The wording of that is not fully clear to me, but it looks like the account that you think is the regular key is not actually set to be the regular key.
    If you enter the public address of your main account into Bithomp, it will display the public address of the regular key assigned to it (The "Regular key:" field in the Information panel). Does that match with the public address of the secret that you're using to sign the transaction? (To check this, go Bithomp Tools, Offline, and paste the secret key in, and it will show you the public address underneath.)
  3. Like
    Warbler reacted to Flintstone in All official wallet doesnt allow enable masterkey   
    It would be helpful if you could provide some screenshots of what you are doing.
    Check against this 
  4. Thanks
    Warbler got a reaction from at3n in All official wallet doesnt allow enable masterkey   
    @Flintstone I can't add anything here, @at3n doing a great job, better than I could  
  5. Like
    Warbler got a reaction from Flintstone in All official wallet doesnt allow enable masterkey   
    @Flintstone I can't add anything here, @at3n doing a great job, better than I could  
  6. Like
    Warbler reacted to at3n in All official wallet doesnt allow enable masterkey   
    "Missing/inapplicable prior transaction." is an error code from rippled, equivalent to terPRE_SEQ, which occurs when "The Sequence number of the current transaction is higher than the current sequence number of the account sending the transaction."
    Especially when building offline transactions, you need to manually input the next sequence number of the wallet which you are doing the transaction on (in this case, the wallet with the disabled master key). You can find the next sequence number easily by using the main Bithomp page to look at the details of the address. You must enter exactly this number in the "Next sequence" box on Bithomp when building the transaction.
  7. Like
    Warbler reacted to at3n in All official wallet doesnt allow enable masterkey   
    tefMASTER_DISABLED means that you're trying to sign the transaction with the master key, which is not allowed as it is disabled.
    You need to combine the public wallet address (r....) with the secret key of the wallet set as the regular key.
    So on Bithomp Tools, you choose Paper Wallet, then paste the regular key (s....), then tick "Sign on behalf of a different address", and paste the public address of the wallet which has the master key disabled. Then build the transaction that you need.
  8. Like
  9. Like
    Warbler reacted to Flintstone in All official wallet doesnt allow enable masterkey   
    Download Bithomp tools (offline) and try it on that. If it doesn’t work, give member Warbler a mention here and he should be able to help you out.
  10. Like
    Warbler got a reaction from Gepster in Bithomp using a HW wallet   
    Thanks for a good question.
    Actually, both ledger and trezor allow us to get other xrp addresses as well. (It's just a change of derivation path). 
    We just didn't work on it yet (UI wise), as it wasn't so popular yet to have a multiple xrp addresses on hardware wallets.
    We can add that to our roadmap, if we will see a higher demand, we can implement this.
    //sorry for late answer, I just saw it.
  11. Like
    Warbler reacted to ZIGXRP in Help find lost coins   
    I once saw an issue where I installed "XRP" while I still had the "Ripple" wallet on the Nano - the XRP wallet gave a different public address = 0 balance.
    Just make sure of the following when you restore your Ledger:
    Clear all apps you won't be using (BTC, ETH, etc)
    Use the 24-word seed that was associated with the wallet you were using before the reset.
    As posted above, confirm the public address and balance using the Bithomp explorer.
    Should all be there if the correct seed is being used - good luck
  12. Like
    Warbler reacted to Flintstone in Help find lost coins   
    It is possible to assign a secret key. Have a read through this. Should find it useful. Fully recommend Bithomp Tools and member Warbler is always active here should you need any assistance.
  13. Thanks
    Warbler got a reaction from inative in Bithomp vs. bitdefender   
    Yes, I got a reply:
    One more time, thanks for reporting it @crypto_deus and thanks for the ping @Flintstone 

  14. Like
    Warbler got a reaction from Flintstone in Bithomp vs. bitdefender   
    Yes, I got a reply:
    One more time, thanks for reporting it @crypto_deus and thanks for the ping @Flintstone 

  15. Thanks
    Warbler got a reaction from Flintstone in How to get trx_json instead of trx_blob after signing the transaction?   
    @hexripple @Flintstone
    You can decode transaction here:
    it's client side (works offline) and opensourced. 
    we have a js lib to decode transaction:
    very easy to use
    <html> <head> <title>Bithomp-decode</title> </head> <body> TX blob: <input id="tx" /> <br><br> <button id="decode">Decode</button> <br><br> <pre id="output"></pre> <script src="decodeXrplTx.min.js"></script> <script> var output = document.getElementById("output"); document.getElementById("decode").onclick = function() { var tx = document.getElementById("tx").value; var txJson = decodeXrplTx.decodeTx(tx); output.innerHTML = JSON.stringify(txJson, null, 2); } </script> </body> </html>  
  16. Like
    Warbler reacted to Kakoyla in How to get trx_json instead of trx_blob after signing the transaction?   
    You can use the binary codec to decode the blob. 
    const binary = require('ripple-binary-codec') const signedTX = '' var decoded = (binary.decode(signedTX)) console.log(decoded) If you just have a one off transaction you want to look at, I made a quick decoder tool for myself at
    Padanaram.digital then  click quick tool's then decode tx blob. It's not perfect but works for basic transactions 
  17. Like
    Warbler got a reaction from Flintstone in Bithomp vs. bitdefender   
    @crypto_deus Thanks for reporting this. @Flintstone Thanks for mentioning me in the thread. 
    I wrote them an email (a form on their website), let see if they reply.
    @crypto_deus if you know their contacts, please share or give them our email support [at] bithomp.com 
    Last months it was a lot of fishing (bithomp like) sites registered, I guess they didn't figure out bithomp.com is the official one. 
  18. Like
    Warbler reacted to moncho in A Sneak Peek on xrplorer   
    Thomas Silkjaer was really kind in letting me have a sneak peek into his latest project Xrplorer and write an early preview about it.
    xrplorer is a graph database representation of the XRPL, it is currently in the final stage of filling the database and will be released soon.
    I'd like to share the link to the post:
  19. Haha
    Warbler reacted to Sukrim in Other currencies on XRP-ledger   
    You would be wrong - but sure, you could say that.
  20. Thanks
    Warbler got a reaction from btc-eco in What is the Counterparty   
    counterparty is an IOU issuer xrpl address. 
    EUR is an IOU on the XRPL.
    You can place an order to buy 50 EUR IOU issued by one entity with the total price to be paid of 50 EUR issued by another entity. 
    I don't know many EUR IOU issuers, Gatehub is the only one I am aware of.
    so, for Gatehub EUR, the counterparty probably would be rhub8VRN55s94qWKDv6jmDy1pUykJzF3wq 
  21. Like
    Warbler reacted to at3n in XRP Lost at Koinex.in   
    Does the history contain a transaction ID? If so, at least you can see what action was triggered by your attempted withdrawal, and maybe get a hint about what actually happened, by entering the transaction ID into e.g. Bithomp.
    If you really can't contact Koinex then you could consider legal action if it would be worth your while. If they've gone out of business though, there may be no way to force them to pay up.
  22. Like
    Warbler reacted to Coolio in Spam? suspect BTC payments on XRPL   
    2505 activated accounts.
    The mainaccount is now empty of XRP. (https://bithomp.com/explorer/rpJZ5WyotdphojwMLxCr2prhULvG3Voe3X)
    Waiting for load up new XRP.
  23. Like
    Warbler reacted to lll_lll in Spam? suspect BTC payments on XRPL   
    The account was down to 5K XRP and it has now received another 22K XRP from Coinbase. This is just insane.

  24. Like
    Warbler reacted to yxxyun in Spam? suspect BTC payments on XRPL   
    some of these account were run out XRP

  25. Like
    Warbler reacted to yxxyun in xrpl X-address support   
  • Create New...