If this doesn't belong here please remove but I think what I've done here would qualify as hacking to an extent.
I don't know why I'm writing this post; maybe it's because I just wanted to tell someone, or to give people a bit more caution. Regardless this is the explanation of how I was able to "earn" extra Vertcoin by using open source software such as p2pool and the one click miner.
When I first learned about altcoins, Vertcoin caught my eye because of how accessible it seemed to mine. I was drawn in by how easy it was to join a p2pool node and start mining using one-click-miner (OCM). Shortly after I started mining, I looked into hosting my own node. I learned if I hosted my own I'd have the best results with latency and I could charge a fee for others to mine on it if they didn't feel like hosting their own. Once I started hosting I realized there were a lot of 0% fee nodes on OCM. I started hosting a 1% fee node but as expected, I didn't get much traffic. I tried reducing my fee to 0% and I noticed a lot more people mining on my node, I was getting some serious hash rate.
After messing around with common node finders and studying how one-click-miner adds nodes to it's recommended list, I realized they just pick up all new nodes and the lower your fee and latency to miners, the higher in the list you are for them. I had an interesting idea at this point but I needed to figure out one more thing. How does OCM determine the fees of a node? The answer was the best case I could possibly imagine: it just asks the node what's your fee. I think this was due to the mentality that most people simply download the software to host a p2pool node and never think twice about it. For me this meant all I needed to do was figure out where in the open source code a p2pool node declares it's fee and recompile it. Once I did that I would be able to set any fee I wanted and everyone would still join my node believing it was charging absolutely nothing for a fee.
I dug around the code until I found the place where the p2pool node broadcasts it's fee and just hard coded a fat 0 there instead. To test if my idea had worked, I quickly restarted my 0% fee node running my modified version of the code. Within a day after setting a 10% fee I was getting 7 times more Vertcoin than I could possibly mine with my own computer. I eventually noticed a cap on the number of people that would join so to make more Vertcoin I ramped the fee over time to 50%. This didn't result in losing any miners other than the standard fluctuations that happened either way.
Even though I was making significant Vertcoin and this point, it wasn't enough for me. After some thinking I had an idea that could get me the most Vertcoin possible without significant effort. Remember, the things that rank your node on the list in OCM are your latency to people and your fee. I couldn't do anything about the fee since it's 0 already, but the latency I could play with. I committed my modifications to a code repository and wrote some scripts that with the click of a button, download that code and start running Vertcoin wallet and a p2pool node. Now I just needed to get a bunch of computers in different locations. Hello AWS. I made an Amazon account with a new email and dedicated it to just spinning up servers in different countries and regions. I setup servers and ran my script in every available region on AWS. The hardware for running a p2pool node is fortunately not that expensive. In the end it cost me about $200 a month but with the Vertcoin I was getting from running nodes all over the world, I made near double that daily.
That's pretty much the whole story. I don't really remember why I stopped, I think something was incompatible with my changes in one of the updates some 4 months later. Being fresh out of college it felt good to make some extra money, albeit a bit morally corrupt. Also be careful out there, open source means a lot more exploitable. People can analyze every single part of every crypto and if there are holes, they will find them.
[link] [comments]
from hacking: security in practice https://ift.tt/2XXrb69
Comments
Post a Comment