Showing posts with label hackers. Show all posts
Showing posts with label hackers. Show all posts

December 20, 2017

Ledger Nano S - the best Hardware Wallet by majority choice to keep your coins safe

If you are holding a large amount of cryptocurrency, it is not advisable to hold them on exchanges, mobile or desktop wallets. Exchanges could get hacked as it had happened so many times before; mobile and desktop wallets are safe so long as your mobile or PC is safe and protected from all kinds of malware that try to get at your coins. In this scenario, hardware wallets make life easy as they offer the best way to store cryptocurrency due to the great security associated with them. Further, hardware wallets can be relied upon even if they are connected to infected PC's -- But this should in no way be taken as a license for lax security measures on the part of the user. 

Ledger Nano S - the best Hardware Wallet by majority choice


Ledger Nano S, a leading hardware wallet, has earned top marks for its extreme reliability and competitive pricing. It comes on top for safely storing your crypto currency and even tokens. It supports many popular cryptocurrencies including Bitcoin, Ethereum, Ripple, Dash, Zcash. It connects to any computer (USB) and embeds a secure OLED display to double-check and confirm each transaction with a single tap on its side buttons.

Ledger Nano S - The secure hardware wallet

Ledger Nano S hardware wallet features


LATEST GENERATION HARDWARE
When you own cryptocurrencies, you need to protect your confidential data and the access to your funds. With Ledger Nano S, secrets like private keys are never exposed: sensitive operations are isolated inside your hardware wallet within a state-of-the-art Secure Element, locked by a PIN code. Transactions can’t get tampered with, they are physically verified on the embedded screen with a simple press of a button.

PAY AND AUTHENTICATE
Ledger Nano S includes Bitcoin, Litecoin, Ethereum and Ethereum Classic companion apps, and other blockchain-based cryptocurrencies. You can send and receive payments, check your accounts and manage multiple addresses for each currency from the same device.

MULTI-CURRENCY
Ledger Nano S supports Bitcoin, Litecoin, Ethereum and altcoins: hold different assets in the same hardware wallet.

BUILT-IN DISPLAY
Check and confirm transactions on the display and confirm with using the physical buttons (anti-malware second factor).

SECURITY
Your confidential data is never exposed: it is secured inside a strongly isolated environment locked by a PIN code.

MULTI-APPS
Use companion apps such as cryptocurrencies wallets, and also FIDO® U2F, GPG, SSH or build your own applications.

FIDO® CERTIFIED U2F
Ledger Nano S supports the FIDO® Universal Second Factor authentication standard on Google, Dropbox, GitHub or Dashlane.

BACKUP & RESTORATION
Your accounts are backed up on a recovery sheet.

November 21, 2017

Forum Wars: Reddit’s r/Bitcoin moderators accused of hacking and vote manipulation

By Kai Sedgwick - November 22, 2017 (news.bitcoin.com)


It’s no secret that not everyone in the world of bitcoin shares the same opinion. Heated debates, and all out flame wars, play across social media every day. But what happens when the debate goes beyond mere words, and individuals resort to dirty tricks such as hacking and vote rigging? That’s exactly what’s been taking place on r/Bitcoin, Reddit’s most popular bitcoin board, with over 430,000 users, according to one redditor.

He Who Controls Information Controls the World of Bitcoin


Moderators on the thousands of subreddits that make up the so-called “front page of the internet” have a range of powers at their disposal. These include deleting and pruning threads and banning users found to have been in contravention of the site’s rules. The vast majority of these unpaid admins perform their duties diligently and tirelessly. But what happens when moderators overstep the line and abuse their privileges?

According to the appropriately named censorship_notifier, such behavior is rampant on r/Bitcoin, with one or more mods routinely using their enhanced access to control the flow of information. While such antics may sound trifling and the stuff of message board bickering, the world’s most popular Bitcoin subreddit is relied-on by hundreds of thousands of people for information. Underhand tactics do nothing to advance the cause of bitcoin and sully the community’s reputation.

Busted by a Bot


Ironically, the behavior that certain r/Bitcoin moderators stand accused of wasn’t detected by a human whistleblower – it was uncovered by a bot. The Censorship Notifier Bot (CNBot) trawls Reddit boards to detect threads that are deleted and to uncover data that points to censorship. After redditor BashCo revealed large-scale vote manipulation on r/Bitcoin a week ago, the CNBot was despatched to investigate. Reddit threads attain visibility through upvoting. Conversely, when threads are downvoted en masse, they all but disappear from view.

The first thing the CNBot detected is that posting threads containing the words “censoring” or “censorship” on r/Bitcoin automatically resulted in thread removal. A lengthy post on r/btc – Reddit’s other primary bitcoin board, and one typically frequented by bitcoin cash supporters – delves into the matter in forensic detail. It explains:

"The bots which were downvoting comments and posts on /r/Bitcoin and upvoting posts on /r/btc began their attack on 11/14/2017 at around 18:00 utc. A similar unusual pattern of voting appeared on /r/btc around the same time the day before, though less dramatically. The bots seemed to be pushing people to buy Bitcoin Cash in such a blatant way that it even left a bad taste in the mouths of Bitcoin Cash supporters".

The post then outlines compelling evidence to show bot-orchestrated vote-rigging and widespread censorship. The individuals behind the campaign don’t appear to have stopped there however, for censorship_notifier continues:

"We also noticed that an extremely high number of /r/Bitcoin and /r/btc users were reporting that they themselves were hacked and part of the bot attack. We identified 35 such users, but the highest number of votes seen on a single thing indicate between 250-300 accounts involved with the attack".

Mods Are Gods


Not content with merely presenting the case for unethical moderator behavior, censorship_notifier goes on to point the finger of blame, identifying redditor nullc who also happens to be CTO of Blockstream. Elsewhere on r/btc, users have accused the Blockstream team of having “waged a distortion campaign in this very sub”. The same poster opines: “Blockstream, Inc. and Core have aligned BTC against everyone who wants peer to peer electronic cash. They did this by setting very high fees, through SegWit, which isn’t even much of a capacity increase”.


The merits of bitcoin cash, bitcoin core, and segwit are another debate for another time. It would be fair to say, however, that every bitcoiner, whatever their preferred chain, board, and scaling solution, should be entitled to speak their mind without risk of censorship.

So What Now?


Censorship_notifier’s lengthy exposé finishes by saying: “After the massive amount of research we put into this, we believe that at least one moderator of /r/Bitcoin must have been either aware of the bot’s plans (and allowed it to place blame on others), or have executed the attack themselves…We encourage the Reddit admins to carefully review our claims and to validate them. If our claims here are true, surely some type of strong action is warranted.

One of bitcoin’s greatest strengths is that it is censorship-resistant. Bitcoiners from all sides of the spectrum would do well to heed this as they engage in debate on Reddit and elsewhere. Criticize? Sure. Flame? If you must. Downvote? Go on then. Delete, censor, hack, and manipulate? Hell naw. We’re better than that.

Images courtesy of Shutterstock.


Kai Sedgwick

Kai's been assembling words for a living since 2009 and involved with bitcoin since 2013. He's previously written white papers for blockchain companies and is especially interested in P2P exchanges and DNMs.

November 08, 2017

Thanks to another bug in Parity, a user accidentally freezes up to a million of other people’s Ether

By Christoph Bergmann - November 08, 2017 (btcmanager.com)


Lightning never strikes in the same place twice? No way! After a Bug in the multisig contract of Parity caused Ethereum users to lose around $30 million in July, history repeats itself; another bug freezes ether with a value of $150-300 million on November 7.

As often with Ethereum, it is not so easy to understand what just happened. Parity announced on its blog that they discovered a critical bug. They found a vulnerability in the “Parity Wallet library contract of the standard multi-sig contract.” All users, which used this contract to store digital assets since July 20, are profoundly affected.

If we dig deeper into the story, it gets adventurous. There has been a library contract, which could be transformed into a standard multisig wallet and get possessed by any user. One person did this, by accident, and activated the “suicide” function of the contract. The mishap wiped out the whole code of the library, which turned every single multisig contract which used the library unusable.

In other words, every single digital asset, be it ether, be it some token, can’t be moved. How much value is affected, cannot be said for certain. A list estimates around 500,000 ether, some social media chatter mentions one million ether. According to Parity, the circulating numbers can’t be confirmed. But it’s not the worst bet to say that at least $100 million and at worst more than $300 million are destroyed. A significant part of it is the Polkadot funds, which have been collected by Parity itself.

What exactly happened? And how, and why? The precise explanation is bold. Christoph Jentzsch of Slock.it helped via Twitter to understand what happened on November 7 with Parity.


With the programming language Solidity, you can write smart contracts for Ethereum. One of these contracts is the multisig contract, which allows for defining the rule that funds on the contract can only be transferred if a given number of parties signs a transaction. Thanks to the flexibility of Ethereum’s smart contract system, you can customize these contracts way more freely than with Bitcoin. For example, the standard multisig contract of the main client Geth allows you to define a threshold of an amount, which can be transferred daily, and only when it is exceeded, a second party is needed to co-sign.

So far, so good. However, the Parity wallet created a library contract for the multisig contract. Like other libraries you know from other software, this helps to reduce complexity in the application by referring to a shared library of code. In itself, it is not a bad idea. But Parity made this library itself a contract on the Ethereum blockchain. And like every contract, it has a state, which can only be altered under given rules.

The problem was that these rules had a bug. The bug allowed any user to deploy a certain function which made him the possessor of the contract. As such, he was able to change the state. So did the user devops199, according to himself, by accident. This was the first part of the disaster.

The second part begins with that Ethereum contracts can have a “suicide” function. This enables them to kill itself, which has its merits, for example, when the contract is broken or just no longer needed, and you want to purge it from the blockchain. However, it can also have devastating consequences. Devops199 activated the suicide function on the Parity multisig library contract. As he says, just for fun, and without the intention of destroying anything. So the suicide function wiped the whole code inside the library contract.

The users needed some time to realize what had happened. The state of the multisig contracts, with which Parity users stored assets, is unaffected. It still contains the whole fund. However, when you try to change the state of these contracts, they refer to the library contracts to execute a function, like a transfer. And since the library contract has no longer any content, the multisig contracts are unable to execute any function. Every single asset, which has been stored with the Parity multisig contract, is frozen.

The only option to recover the funds would be a hard fork which changes the state of the library contract; if this is possible without creating another Ethereum Classic or doing severe harm to Ethereum’s reputation, is doubtful. Hence, some in the community are for such a hard fork; some are against. Maybe Ethereum has to bite the bullet, this time, and perhaps this is part of a blockchain’s coming of age.

November 03, 2017

Poloniex gets fake Google Play apps which steal user funds

By William Suberg - November 03, 2017 (cointelegraph.com)


Researchers have unearthed a further Bitcoin virus amid warnings that CryptoShuffler had made a comeback, stealing over $140,000.

According to Russian news media resource RBC, Kaspersky and ESET antivirus researchers have discovered two apps which do not officially exist infecting users on Google Play.

The apps purport to be from cryptocurrency exchange Poloniex, despite Poloniex not actually having an app.

After download, users who enter login information find funds being stolen from their Poloniex accounts. So far, around 5,000 downloads have completed, the investigators warned.

“These two apps were trying to steal Poloniex credentials as well as gaining access to user emails,” ESET’s Lukas Stefanko said in a warning first issued last week.



The latest threat adds to the soup of malicious items currently targeting Internet users, leveraging Bitcoin as a weapon.

In addition to CryptoShuffler, which takes advantage of copy+paste tools to replace destination Bitcoin addresses, businesses last week continued to be held to ransom by new Bitcoin malware.

Bad Rabbit, which targeted major outfits in Russia, Ukraine and further afield, displayed similar characteristics to May’s WannaCry attack.

Stefanko meanwhile advised users to enable two-factor authentication as a matter of course to guard against falling prey to current or future hackers.

October 25, 2017

Crypto Crime keeping pace with crypto rise

By Darryn Pollock - October 25, 2017 (cointelegraph.com)


The rising value of cryptocurrencies is likely to push up corporate ransom and extortion demands, a UK cyber security company warns. With Bitcoin reaching over $6,000 this week and other more anonymous coins also jumping in value, it is becoming more lucrative for criminals.

There have been highly publicized cases where cybercriminals and hackers have taken corporations hostage with their ransom demanded in cryptocurrencies. Now, there is an even bigger incentive to make high demands as the payoffs are much larger.

Big payday


Demands for at least $25 mln are likely to increase because technological changes in virtual currencies are making it easier for criminals to move sums anonymously, says MWR InfoSecurity.

MRW, which tests cyber defenses for banks and governments, has made the risks known to several large city institutions in a report that focuses on the effects of the growing interest in trading cryptocurrencies.

A liquid market


It is not only the high price of these digital currencies that are making it attractive to criminals; it is because the surge in demand is slowly building the depth and liquidity of the market.

The growing liquidity makes it easier for buyers and sellers of assets to conduct transactions without dramatically moving the asset’s price and rising prices enable larger sums to change hands more easily.

“A single transaction that consumes much of the liquidity of a market is very likely to be noticed, whilst a proportionally smaller transaction on a larger marketplace will generate less attention. As such, increasing liquidity of cryptocurrencies will mean criminals can extract greater values,” the report said.

Good for crypto is good for criminals


In July, it emerged that British companies were stockpiling cryptocurrency in case of ransomware attacks. They were prepared to pay on average £136,000 to regain access to critical data and intellectual property.

However, since there has been an increase in value, as well as the Blockchain infrastructure with the implementation of SegWit, things have become smoother for everyone including criminals.

Collecting real-world cash that could be spent anonymously presented problems for criminals until earlier this year, the report added, in part because the Blockchain, the infrastructure underpinning Bitcoin, sometimes took minutes or hours to finalize payments. Until then, ransomware demands were limited to about $40,000, the report argued.

But in late July Bitcoin split into two currencies and transaction payment times have been speeded up.