NB:
https://forum.getmonero.org/1/news-announcements-and-editorials/2452/monero-network-malicious-fork-from-block-913193-updates-and-resolutionFrom that post (which will be kept updated) -
Hi all,
The Monero network was (once again) the subject of an attack. Due to an error during the development of 0.9, Hydrogen Helix, we omitted a check that allowed for v2 blocks to be added to the network prior to the hard fork block height. Thus instead of forking on March 20, at block height 1009827, a v2 block was added to the network at block height 913193.
This is obviously problematic as not all services have updated to 0.9, and the bulk of the network hash rate is still on 0.8.x. We are preparing a point release to 0.9 that resolves this, but in the meantime only if you are running 0.9 you can do the following as a quick patch:
Shut down your Monero daemon
Grab a checkpoints.json file from getmonero:
https://downloads.getmonero.org/checkpoints.jsonPut the file in your bitmonero working directory (eg. ~/.bitmonero or C:\ProgramData\bitmonero)
Restart the daemon
As soon as the patched point release is out you can remove the checkpoints.json file, if you wish, and run the updated version. The checkpoints.json patch is a quick fix and does not prevent the attacker from replaying their attack at a later block.
After all this time on testnet I'm surprised to hear this, isn't there anyone on the team adept at at debugging and exploit testing?
Does anyone actually have a position that actively attack testnet before release? If not there are those out there that relish in this and do it for the accolades.
Not trying to be insulting hear as I know how hard you guys work on this but alpha/beta stages are there for a reason and really this is a simple expliot that should have been on the first error checks before release. I wish I it was 16 years ago, as I would have jumped on this just for the lulz.
Also are all the devs listed active? Did they all check this prior to release? What is the list that signed off on this?
