Bitcoin mining with the raspberry pi and antminer u1 for fun
49 commentsTrezor wallet ripple support
But I am going to look at some of the more interesting and relevant ones, going back to the middle of First, we need to differentiate between a hack and a theft. Many assume that they are one and the same, but they are not. Some hacks are positive — there is a service that will try to hack your bitcoin wallet to recover funds for you. And hackers have been helping to root out the owners of alleged scam cloudmining company HashOcean. So, not all hacks involve theft. And not all theft is a hack, obviously.
Theft does still happen out there in the physical world, with no computer getting involved. And as more and more of our lives and our wealth is online, the stakes get higher. All major law enforcement groups have their own cybercrime division, drawing on the skills of detectives, lawyers and, yes, hackers. But in most cases, figures on cybercrime are difficult to come by, as most victims have no interest in publicity, and many attacks are covered up.
In the cryptocurrency world, however, things are very different. A stroll through reddit or bitcointalk will give you an idea of the volume of chatter, level of detail and degree of scepticism about practically any and every aspect of the sector.
Suspicions are aired, spread and debated, and the senior team of the putative hack victim is usually on hand to answer questions. From what I gather, and lamentably with some notable exceptions, they generally do so as truthfully as they can, with good intentions, because they know that hiding stuff from the community some of whom are hackers themselves is futile.
It just seems like they do, because those hacks get a lot of public attention. Yet that is exactly what happened. Both BitGo and Bitfinex assure us that BitGo was not at fault in the hack, that the coding worked as it should.
This is more or less the haircut the account holders would get if Bitfinex went into receivership, and at least this way there is a chance that they can get their money back. The response of the Ethereum developers was to hard fork the blockchain, winding time back to before the theft, and closing the platform on which it happened. In this case, the proposal was particularly contentious because it demonstrated that public blockchains are not necessarily immutable, resistant to censorship, etc.
The Ethereum code was working fine. The change would be to avoid losing money. A good enough reason? But it is now the 6 th largest cryptocurrency in terms of market capitalization.
And the thief still has his or her 3. At time of writing, its web site was undergoing an overhaul , and is supposed to relaunch today August Erik Voorhees, the founder of Shapeshift, gives a riveting account of the drama here. No customer money was lost, and the site had relaunched by the end of the month.
Also in March of this year, Canadian exchange Cointrader suddenly closed down , with the explanation that an audit had revealed an unexplained deficit of bitcoin. The media took this to mean a hack, but it might not have been. In an email to clients, the exchange explained: The company was undergoing an audit to rectify this, most likely the same audit that uncovered the missing bitcoins.
No mention was made of the hack. So, did the hack even take place? Or had the audit uncovered something else?
In December , exchange Cryptsy and the media started receiving a stream of customer complaints about stalled bitcoin withdrawals, some pending for weeks.
In early January, in the face of no response whatsoever from the company, a frustrated client initiated a class action lawsuit in an attempt to recover their funds. The founder explained that a back door had been installed on the exchange by someone claiming to be a developer. The most startling revelation was that the coins had been missing for a year and a half.
He assumed that he could replenish the accounts with profits over time. But then an article was published in the sector blog Coinfire now part of 99 bitcoins , claiming that Cryptsy was under investigation from several Federal agencies including the SEC, the Department of Homeland Security and the IRS for a long litany of infractions ranging from operating without licenses to knowingly servicing accounts linked to terrorist financing, which triggered massive withdrawal requests that Cryptsy simply could not honour.
In April the court appointed a receiver to dissolve the business and determine how much was recoverable. Last week the receiver revealed that he had discovered that the now ex- CEO had been siphoning off crypto funds the whole time.
After an apparent lull in crypto hacks what were the hackers up to? The exchange was Bitfinex yes, them again , and this time the target was their online hot wallets , which store a very small amount of crypto assets.
Customer wallets were affected, but Bitfinex was able to replenish the losses out of their reserves. Customer funds were unaffected , but immediately after, the exchange announced its intention to move to multisig authentication as soon as possible.
Because of the unlikelihood of a cold wallet getting hacked the keys are kept offline, so how would the hacker get at them? However, there are cold wallets and then there are cold wallets. Depending on the configuration, some cold wallets can be compromised when they connect with the internet, however briefly, which they sometimes need to do to either move bitcoins or update balances.
The size of this theft almost caused Bter to sell the exchange , claiming that it simply did not have the funds to reimburse the 20, affected customers. A BTC loan from mining group JUA saved the day , however, and Bter was able to use that plus the promise to continue to repay out of profits to make the accounts whole. February was a busy month for hackers: Excoin was also hacked. The exchange turned out to have a prophetic name, since the hacker managed to divert all of the bitcoin on the exchange, which left it no choice but to shut down.
The hackers not only spent time profiling the employees and creating specific language and offers for each in the emails, but they cleverly staged the access and the theft over the New Year period, counting on a slower reaction time.
As soon as the movements were discovered the same evening as the account was drained , it shut down operations, and started work on rebuilding the trading software from scratch. After another lull in crypto hacks making headlines, in August , Bter was hit again.
It turns out that the hacker got access by gathering information on one of the Bter developers, hacking an account that he used on a different website, and taking advantage of the fact that he used the same password to get into Bter. As we have seen, however, this is a very controversial move for any blockchain based on immutability and censorship resistance, and the majority of the participants opposed the idea. Perhaps they used the threat of a hard fork?
Keeping some and returning the rest is better than losing all? And another happy ending: And then the hacker gave the coins back. The problem with hard forks, though, is that everyone in the network needs to update pretty much at the same time. A second hard fork a day later managed to fix the problem, diverting the coins to a new, MintPal-controlled wallet.
Trading volumes dropped sharply after the attack, which led to its acquisition by the end of the month by Moopay more commonly known as Moolah, not to be confused with the payments services provider of the same name.
To add to the confusion, less than 24 hours later, the CEO and founder announced that no, on second thoughts, Moopay was not going into bankruptcy after all. At the same time reports started to emerge tying the founder to other identities.
The next day, this was separately confirmed by both a former lover and by an ex-associate who in the past had pressed charges against him for fraud. Then the lawsuits started flying , injunctions were handed down and the CEO went missing. In December, he and a former colleague alleged to be his then girlfriend were arrested in the UK but released on bail.
And in August of this year, a couple of weeks ago, he was sentenced to 11 years in jail , not for theft or fraud, but for rape. Banks around the world are subject to a frightening number of hack attempts , some really sophisticated, and some successful. Another big difference is that bank accounts are, in most systems, insured up to a certain amount. With the uninsured crypto exchanges, however, that is not the case, and while the amounts are much smaller than with fiat bank hacks, the community is much more vocal.
How can we protect ourselves from bitcoin hacks? A relatively easy answer is to spread our bitcoin holdings across several wallets and exchanges, and throw the bulk in cold storage. Sticking with reputable exchanges is also a good idea, but a really big hack could decimate even the most solvent of business crossing fingers for you, Bitfinex. When an exchange gets hacked, the loss of the cryptocurrency is not the only cost.
Theft is lamentably a part of life which we will never be able to completely avoid. And the fact that it exists in no way makes the stolen asset more vulnerable and worthless. Gold, diamonds, cars… Anything that can be moved, can be taken.
And nothing is easier to move, in terms of logistics, than bits and bytes of information. With each hack, the community learns. And with that knowledge, gets stronger. And shows that if people are trying to steal what you have, it must be worth stealing.
Your email address will not be published. Notify me of follow-up comments by email. Notify me of new posts by email. What is the difference between an algorithm and a protocol, and why does it matter?
Leave a Reply Cancel reply Your email address will not be published.