Healthy network summary
The Graphcoin v3 hard fork has stabilized with the majority of our community now running the new 70915 protocol.
- Block times are stable at around 62s
- Our new DNS seed nodes have 100+ connections
- Masternode count with the new collateral requirement is 50+ and climbing steadily
- Both exchanges successfully updated their wallets and market trading has resumed.
- The pre-mine has returned to an offline cold storage wallet. Staked earnings totaling 55,428.61010711 GRPH during our hacker countermeasure were sent to our primary burn address.
Another successful defensive stand against hackers
Last year, Graphcoin v1 suffered from a proof-of-stake timestamp hack which forced us into a coin swap. You can read about that here: https://medium.com/graphcoin/how-we-protected-our-communitys-blockchain-from-proof-of-stake-opportunists-5b5cf88c12a1
Graphcoin v2 had an exploit that allowed hackers to steal coins by forcing the entire reward, 20 GRPH, to go to a staking wallet. This occurrence was taking place about 8 out of every 100 blocks.
I ran some data analysis from a MongoDB block explorer database to identify the addresses being used to steal the coins, and came up with 80 addresses. I then added these addresses to a banlist in our source code that would prevent the hackers from moving any coins that were currently in those addresses or coins that originated from them after the v3 wallet update/hard fork. You can find the list here:
The addresses held more than 300,000 GRPH and this would be a huge victory for our community as it would prevent a bad actor concentration of network ownership. After announcing this update and publishing the banlist on our public github, the coins were immediately being moved out of the addresses and into zGRPH (privacy coins). This would allow the hackers to “wash” their tainted coins and after the update they could move them into clean addresses. https://explorer.graphcoin.net/transaction/827dd8d785c78f63f19e79ad2e43a9186c9ffd4e975d5314be7d2582069caa96
The global supply of zGRPH jumped from around 80,000 zGRPH to 503,633 zGRPH where it sits today. The hackers minted more than 400,000 zGRPH from their banned addresses before the v3 upgrade and new protocol 70915 was enforced.
But I had one last trick up my sleeve. After enforcing the new protocol, I simultaneously disabled zerocoin with spork 16, zerocoin maintenance mode.
More than 400,000 stolen zGRPH is currently locked and cannot be moved. The temporary downside is that we lose the privacy function on our network, but with some engineering effort before our next update we’ll be wiping out these coins for good and re-enabling zerocoin.
I also enabled spork 8, masternode payment enforcement, and believe this was the permanent solution to this block reward exploit. We haven’t seen anything unusual from our stakers since the update went live.
Looking back, I always took the opportunity to refresh the look and feel of our wallets after surviving the attacks.
I thought it was important to visually demonstrate the updates represented forward progress.
- We need developer help to compile a more stable Mac OS X wallet that runs on High Sierra/Mojave. If you know a developer who can help with this, please send him/her our way. Bounty — 50,000 GRPH.
- We also need a blockchain developer who can help us with coding the next minor release where we wipe out all existing zGRPH coins, resetting the count back to 0. Bounty — 50,000 GRPH.
A huge thanks to our community for hanging in there when the information was vague and future uncertain.
Note: also published on our Medium account.