theory on why customers cant release coins from hansa with multi-sig. tl;dr hansa rigged the multi-sig

is there a way to check transaction id's for a multi sig transaction and see all btc addresses involved?? the way hansa ran multisig for the week i was there seemed fishy

my theory: for the last few days, since atleast monday- when BTC got sent to the temporary "escrow" that holds the funds while awaiting vendor to accept the order, instead of using the public key the user provided, i think hansa used 2 of their own addresses to sign with the vendors as the 3rd. we dont see how the transaction is made internally or what addresses is used, we basically took their word for it.., so unless theres some way that u can see all addresses involved in a 2/3 transaction on coinb.in or blockchain, we have no way to verify that hansa was ACTUALLY signing transactions with the user-provided public key. tried manually signing to release for my vendor with the private key associated with the multi-sig address i provided to make the account- signed but wouldnt register as part of the transaction when trying to verify and broadcast

tl;dr hansa had us fooled- hasnt been using users provided public key for 2/3 transactions, instead providing 2 keys they controlled with the vendors key

fuck


Comments


[6 Points] Sourcery_Market:

YES, use the redeem script. I have a thread running about this. Basically Hansa did a poor job in educating the users how to properly verify multisig addresses. https://www.reddit.com/r/DarkNetMarkets/comments/6oi8ez/hansas_multisig_implementation_curious/


[2 Points] Sourcery_Market:

Basically you are right. Hansa either rigged the multisig with 2 of their own keys and fucked everyone over. OR, if Hansa required you to deposit to a temporary hansa controlled wallet, then the multisig is irrelevant (unless this temporary wallet is multisig, in which case, yes they used their own keys).


[1 Points] poopinmypanties:

/u/sourcery_market you should post a step by step guide for users to verify that they are in control of the private key associated with the 2/3 transaction that they are supposed to be in control of, vendor is in control of the receiving address and 1 of the 2/3 addresses, and that the last 2/3 belongs to the market.

PLEASE stay safe- 99% chance that Right now is the worst time to enter the dnm scene. but theres always that 1% that its the PERFECT time. cant spend ur millions if ur in prison.

and if anybody knows how to do this, please summon /u/drReeferDNM to this thread so he sees it - i tried and failed lmao


[1 Points] tp911:

the way I understand it is like this:

  1. if u have the redeemscript (or all parties pub keys <2 or 3 parties>), you can finalize now if u have 2 private keys. But the time lock file doesn't give u the redeem script.

  2. the time lock file gives u the timelock tx. go verify one on coin bin and u will see its already got 1 signature. u can then sign it with ur privacy giving it 2 sigs. but the locktime value tells the blockchain if they can execute moving the $ or not.

anybody understand differently?

anybody have proof that the locktime tx's won't work? from what I can see, they will work after 90 days.


[-1 Points] AutoModerator:

Because you are using a brand new account, your submission has been automatically hidden from public view and is awaiting moderator approval.

If this message disappears, you will know your post has been approved.

If it doesn't disappear and you are not given a reason for your submission's removal within 24 hours, you can try reposting your thread. Accounts must be at least 7 days old to post unrestricted on /r/DarkNetMarkets.

Please see this modpost for more information and make sure to read the rules of our subreddit. If you are new to this community, please check out /r/DarkNetMarketsNoobs to get started on your journey.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.