Top 5 Biggest Crypto Exchange Heists in History ...

List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses

List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses submitted by ripper2345 to Bitcoin [link] [comments]

To those who have been around since 2013 or prior, what event do you think is important for newbies to be aware of

There are certain precedents that have been set by certain events in the bitcoin industry that dictate how we view certain topics. Please help the newbies out by providing information about the event.
Also, if you just have something thats straight up just interesting. I know I would have loved that. At the bottom of this page i will link to a bunch of good reads about certain events. I will continue to add more info and some terms may lack explanations until i get around to getting the info together but you still have the option of googling it.
Here's a good place to start (although it's a bit outdated, these were all some of the biggest events in bitcoin)
I've always said that those of us who have been into bitcoin since 2013 and got to ride both the big bubbles (the april 2013 one and the late 2013 early 2014 one with mtgox happening shortly afterwards in feb i believe). People need to face consequences because of their actions and the problems mtgox was facing weren't a secret and lots of redflags caused many of the smarter users to stop using the exchange. If the Bitcoin community were in charge of the decisions made within the ethereum team, there would have never been a fork when the DAO hack happened. It allowed people to compromise many advertised principles of ethereum (immutability! Code is law! etc...) and worst of all it set precedent for people to start whining the next time there was a large amount of funds
Lesson teaching events
Google these terms to find more info, pm me if you're having trouble
Interesting reads
submitted by winlifeat to Bitcoin [link] [comments]

11-16 09:42 - 'To those who have been around since 2013 or prior, what event do you think is important for newbies to be aware of' (self.Bitcoin) by /u/winlifeat removed from /r/Bitcoin within 6-16min

'''
There are certain precedents that have been set by certain events in the bitcoin industry that dictate how we view certain topics. Please help the newbies out by providing information about the event.
Here's a good place to start (although it's a bit outdated, these were all some of the biggest events in bitcoin) [Topic: Topic: List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses (bitcointalk.org)]1
I've always said that those of us who have been into bitcoin since 2013 and got to ride both the big bubbles (the april 2013 one and the late 2013 early 2014 one with mtgox happening shortly afterwards in feb i believe). People need to face consequences because of their actions and the problems mtgox was facing weren't a secret and lots of redflags caused many of the smarter users to stop using the exchange.
'''
To those who have been around since 2013 or prior, what event do you think is important for newbies to be aware of
Go1dfish undelete link
unreddit undelete link
Author: winlifeat
1: https://bitcointalk.org/index.php?topic=576337
submitted by removalbot to removalbot [link] [comments]

[uncensored-r/Bitcoin] To those who have been around since 2013 or prior, what event do you think is important for newbi...

The following post by winlifeat is being replicated because the post has been silently removed.
The original post can be found(in censored form) at this link:
np.reddit.com/ Bitcoin/comments/7dbbaz
The original post's content was as follows:
There are certain precedents that have been set by certain events in the bitcoin industry that dictate how we view certain topics. Please help the newbies out by providing information about the event.
Here's a good place to start (although it's a bit outdated, these were all some of the biggest events in bitcoin) Topic: Topic: List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses (bitcointalk.org)
I've always said that those of us who have been into bitcoin since 2013 and got to ride both the big bubbles (the april 2013 one and the late 2013 early 2014 one with mtgox happening shortly afterwards in feb i believe). People need to face consequences because of their actions and the problems mtgox was facing weren't a secret and lots of redflags caused many of the smarter users to stop using the exchange.
submitted by censorship_notifier to noncensored_bitcoin [link] [comments]

Weekly Update: 24 crypto assets live on ParJar fiat on/off ramp, FantomVision PWA, $LINK + Voyager, $GHOST for $ESH Hodlers... – 17 Apr - 23 Apr'20

Weekly Update: 24 crypto assets live on ParJar fiat on/off ramp, FantomVision PWA, $LINK + Voyager, $GHOST for $ESH Hodlers... – 17 Apr - 23 Apr'20
Hiya folks! Hope the shelter-at-home is treating you well. As you might know that the super cyclone Amphan struck Eastern India and Bangladesh day before yesterday. As a result, I went into radio silence for two days. Now that I am back in the grid (albeit with ultra-super slow internet; this post took 4+ hours of retries just to upload pictures), let’s get rolling with the weekly update catch-up series again. Here’s your week at Parachute + partners (17 Apr - 23 Apr'20):

24 cryptocurrencies are now live on ParJar for trading with fiat in Europe, India and UK. This is massive! The new ParJar and #cryptoforeveryone masks look great Clinton! Designers in Parachute, Clinton is looking for fresh original designs for merchandise in the Parachute Shop. You can bag some cool $PAR and discount codes if your art makes it to the store. The #par4par raffle currently has a 500k $PAR prize pool. If you have 10k $PAR in your ParJar, you can claim a ticket. Get in on it! Foo hosted a Parena so that winners can get a taste of the raffle with their prize $PAR. Bose hosted a random TTR trivia this week for a 10k $PAR prize pot. Don't forget her rules: "you argue and you're wrong, you skip next question". Gamerboy's Tiproom quiz theme was a secret. Did you find out what it was? Charlotte’s Tuesday TTR trivia was fun as always. Victor hosted an animal-themed trivia for 1k $PAR in prize per question. Two-for-Tuesday continued with the ongoing series of letters. This week Gian got Parachuters to post music "featuring bands or artists whose name starts with the letters M, N, O or P". As always, super thankful for the playlist Sebastian! 136 music videos in total. Dang! Jason’s #wholesomewed prompt involved Parachuters sharing unconventional art pieces. "They can be made by you or someone else".
Visit the Parachute Shop for more epic merch like these
Uber cool #wholesomewed entries by (clockwise from top left) Fakhir, Erol, Pars, Georg, Eric, OilJam, Peace Love
Click here to track this week’s aXpire burn transaction. CEO Gary Markham wrote about Time Recording in his latest blog post. More insights into 2gether’s study about women in crypto were released. This is part of their original study report on female crypto consumers which was first published in March. $BOMB founder Zachary Dash set the ball rolling on a proposal system for brainstorming on ideas for the project. Click here for a sample proposal. For #XIOSocial discussions, Citizens talked about what interest rate would be ideal for $XIO when the dApp launches. $LINK was added to Voyager’s platform this week. Click here for the full range of available assets. Voyager also featured in MyFirstBitcoin.info's list of "Where To Buy Bitcoin". They also launched an integration with crypto trading education platform Market Rebellion this week. Switch announced that $ESH token holders will be eligible to claim John McAfee-backed $GHOST coins on 25th May. News of Ghost’s launch was shared in bitcoin.com, Cointelegraph, CoinPedia, Crypto News Flash and CryptoNewsZ. Neva Fomo’s review of SwitchDex was released this week. The winners of the #BUIDLonFantom Developer contest were announced this week. The FantomVision block explorer was upgraded to a Progressive Web App (PWA) which can be installed on your device as an application. The team hosted a monthly AMA in their Discord. This will be happening every month from now. A new technical paper on smart was contracts was published as well.
Bitcoin is a clear favourite for trading among female users
Bounty0x’s fundraiser on Republic came to a close this week with funding crossing over targeted amount by nearly three times. Founder Angelo Adam also shared a sneak peek into how the Hypedia platform could look like. Uptrennd Head of Community, Luke, started an #InfectedWithGratitude giveaway that brought 2 days of wholesome joy to the community. Founder Jeff Kirdeikis sat down for an Altcoin Buzz interview to talk all things crypto. IOST joined Uptrennd this week. Coingecko joined in the fun too. Awesome! Congratulations on onboarding 30k+ new users in 2020 alone. The team also set the ball rolling for a community-powered blockchain awards. The District0x District Weekly can be read here. Meme Factory now has a fixture inside the virtual world of Cryptovoxels. Hydro made it to the semifinal round of Ground Up Ventures’ March Madness Startup Competition. Congrats! With news of Google’s smart debit card leaking out recently, the team at Hydro discussed the implications of the tech giant entering digital banking. They also wrote at length about FinTech in Brazil and strategies to bank the unbanked. The team also made a presentation at the Canada FinTech Summit this week. For the latest Sentivate development updates click here, here, here and here. SelfKey’s $KEY token was listed on Kyber Network this week. Read more details here. The team opened up an AMA questionnaire form for the community. AMA date not decided yet. They are also hiring currently. Apply if you’re up for it. SimpleSwap listed $KEY and joined SelfKey’s Crypto Exchange Marketplace. To learn more about Constellation’s ERC20 to mainnet $DAG swap, click here. COTI crew sat down for an AMA with KuCoin this week. The KuCoin staking campaign (announced last week) reached its cap within 5 minutes of opening up. If you were hoping to be a mode operator, hope you reached out to the team on time. To read the fee policy, click here. $COTI will be listed on Coinbit next week. Main registration for Staking 2.0 was started.
The Hypedia mockups look great!
Pynk is now SEIS/EIS approved which entitles investors in its fundraise round to tax benefits. Wibson hosted an online meetup with Crypto Resources Academy for their Spanish community. This was followed by an ETHSantiago meetup to discuss data privacy. Harmony founder Stephen Tse was part of a Miami DevCon Fintech panel to talk about DeFi and blockchain in finance. Also, congratulations on becoming the top blockchain project by GitHub activity. Stake Heist was formally opened with bounties to find bugs in the Open Staking Testnet Network and build stuff on it for some sweet $ONE. Delegators were also invited to test the staking dashboard in return for $ONE prizes. Watch more about it here. $ONE got listed on WazirX. Ankr published a comprehensive Open Staking node setup guide. Another major announcement this week was that a chunk of block rewards from staking in the phase 2 testnet will be converted to mainnet $ONE. Woohoo! Click here for an early sneak peek into the new IntelliShare website. A quick introduction of the testnet Pacific Program was also released. In his latest article, GET Protocol CEO Maarten Bloemers expanded on the significance of contactless ticketing in the post-coronavirus world. The article was an excerpt from the team’s submission to the Dutch Ministry of Public Health, Welfare and Sport to explore possible opportunities. Maarten was interviewed by HKB News of Korea where talked about all things GET. Their crowd management solution was featured on Cointelegraph as well.

And with that, we have to say Bye for now. See you again with another update. Cheerio!
submitted by abhijoysarkar to ParachuteToken [link] [comments]

Major problems in the crypto market

Hello! In this post you will find out about major problems in the crypto market.
There are structural and functional issues that affect the market. These problems stem from a variety of reasons such as the infant nature of the market, lack of understanding of the cryptocurrency space, and some peculiar tokenomics just to name a few.

Major problems in the cryptocurrency market.

Price Manipulation

By far the biggest issue in the cryptocurrency market is the excessive volatility. The prices of cryptocurrencies on exchange platforms rise and fall dramatically over a short period of time. The biggest reason why this sort of asset price manipulation is possible is due to the lack of position price limits/fees on many cryptocurrency trading platforms.

High Trading Fees

The hike in trading fees is posing a problem to traders as 37 percent of those who took the survey see it as a concern ranking it as the second biggest problem on the list. As at December 2017 cryptocurrency traders were spending an average of $28 per transaction. It may look like a meager token for those making large transactions but for those trading in smaller volumes $28 is a lot. Imagine having to forgo $28 for a $100 transaction.
As more people patronized the cryptocurrency market, the trade volume became too much for miners to handle leading to congestion in the network. The only logical thing was to raise the transaction fees to compensate the miners.
However, as the transaction fees increased, cryptocurrency traders made moves to shift base from bitcoin to other cryptocurrencies like ethereum and litecoin where the congestion was less and the fees were cheaper.

Pump and Dump ICO Schemes

ICOs have emerged to become an integral part of the cryptocurrency market. Many tokens are introduced to the market via ICOs with investors buying these tokens in exchange for fiat money. Pump and dump ICO schemes continue to be a problem for the market due to the lack of regulation.

The Activities of Cybercriminals

The cryptocurrency market has right from its inception been beset by the activities of hackers and cybercriminals. There have been a number of high-profile cryptocurrency hacks and heists that have resulted in millions of dollars being stolen. Traders and investors have lost funds and some platforms have ceased to operate. In the aftermath of these hacks, the price of particular cryptocurrencies has dropped considerably.

Lack of Price Uniformity

Price charting is an essential part of asset/commodity trading. It is often necessary to develop price charts in order to carry out investment analysis and develop trading strategies. The problem here is the price of a cryptocurrency can vary considerably on the different exchange platforms. With such extreme price differences for the same cryptocurrency, price charting becomes a difficult endeavor.

Transaction Delays

The cryptocurrency market is plagued with a litany of delays across almost every type of transaction. From opening a trading account to verify your identity and being able to make deposits and withdrawals, the system seems to be quite slow. Blockchain technology ought to make transactions occur faster but it seems to take forever for transactions to be approved on the various chains.
MTCore brings the solution to solve crypto market problems, an extremely bulky market, but shrouded in a haze of bad practices. In this way, we intend to benefit from decentralized technology while maintaining centralized value. MTCore sells technology for the crypto market, accessible to all users, even those who have never heard of this market. We also bring the possibility of participating in a movement that until now was only accessible to millionaires.
submitted by hamsarb to MTCore [link] [comments]

Why people should stop panicking about bitcoin futures being added.

I've seen a TON of FUD about futures being added. Everyone is saying it will be shorted, they have been buying coins and pumping the price so they can dump it all and short it, etc etc
Now I think there might be a dip on Monday, but because of people panic selling, not because institutional investors have come together for the heist of the century.
I'm going to list some reasons off the top of my head, why it's not as dramatic as people are making it out to be, in no particular order:
  1. You can already short bitcoin on Bitmex, etc, this is still a major development of course and will allow institutional investors a more legitimate course of actions, but lets not pretend this will be the first time you can short bitcoin. This means they can put more, assuming they were limited by the lack of familiarity/trust with other platforms - but considering CME only has 3.6 billion in revenue and a big crash would leave them with a liquidity crisis (especially since it would cause a chain reaction pushing price even lower), I don't think they'd let themselves be hammered like that. The high margins are concerning but the 20% swing is fair enough.
  2. Bitcoin is global - Japan by itself has half the worlds Bitcoin trading volume. Wall street can't control demand or price, they could flood with sell orders to crash but that is more of a gamble than a sure thing especially in this emerging market.
  3. Investors, big institutional investors, seem to be bullish on Bitcoin with the upcoming futures - including international investors, thus the price rise. They tend to be more informed than the average chicken-with-their-head-cut-off on /bitcoin, and they seem to think the overall view is positive.
  4. ETF's - Bitcoins will probably be accessible through ETFs once futures are established. Easier Bitcoin in your IRA?
  5. Increased attention and flow of capital into bitcoin will have a positive effect on price.
  6. Not everyone shorts - Reddit seems to imagine wall st as a cable of sneering jews, eager and ready to crash companies for profit. Sure, if it's convenient or a good bet, but if they think the natural direction of bitcoin is UP, they will long it, not short it, and move whatever influence they have to raise the price not lower it. They are just as likely to buy at once to raise the price, as they are to sell at once to lower the price, and in fact the former is probably less risky if it doesn't pay off.
  7. Bitcoin has good memes, great memes even, and Bitcoin and Doge both have a bright future in the meme timeline
  8. Bitcoin would be relatively risky to short - are you going to risk a billion dollars knowing that the slightest good government news out of China, or Japan, or some other country or even just unpredictable natural market forces with no good news, will wipe out your position?
submitted by MountainFallsSpark to Bitcoin [link] [comments]

Top 10 of The Biggest Cryptocurrency Hacks and Scams Ever

If you have been around the cryptocurrency industry long enough, you will know that one of the biggest risks faced by users is the loss of funds through hacks on cryptocurrency wallets and exchanges.
Online exchanges are prime targets for hackers and thieves on the internet. This is mainly because of the amount of funds that are kept on these platforms. For hackers that have succeeded in stealing funds from such platforms, the amounts are usually huge.
As much as individual users try to play their roles in securing their accounts by using personal passwords, PINs and codes, there is a higher layer of security that lies in the hands of the platform providers. Once this is breached, the individual security efforts become irrelevant.
Over the years, exchanges and wallets appear to have improved in terms of security as the frequency of hacks and platform breaches have reduced. What used to be a common occurrence in the industry has become a rare development, with hacks now few and far between.
Let’s take a look at the top 10 of the biggest cryptocurrency hacks and scams ever.

10. Bitcoin Gold ($18 Million)

In May 2018, the theoretical 51% attack possibility was proven in a heist that saw a breach in Bitcoin Gold which cost the protocol $18 million.
In this heist, hackers used 51% raw computing power to seize control of the network and carry out their ulterior plans effectively. Ciphertrace and other security outfits in the ecosystem believe that the algorithm weaknesses in Bitcoin Gold’s Proof of Work (PoW) transaction verification may have enabled the success of the theft.

9. Geth ($20 Million)

In June 2018, the Ethereum client Geth was hacked and ETH worth $20 million was stolen. This incidence was reported by blockchain security firm, Cyphertrace. During the hack, JSON-RPC port 8545 was exploited. This is the port that initiates ETH send transactions.
All the ETH wallets that were affected by this breach was drained by the thieves, accumulating to the quoted $20 million equivalence based on the price of ETH at that time.

8. Bancor ($23.5 Million)

In July 2018, about one month after the Geth incident, decentralized cryptocurrency exchange, Bancor was hacked and $23.5 million worth of crypto stolen. This particular event raised some eyebrows in the cryptocurrency industry, redefining the general opinion of decentralized exchanges being prone to hacking.
The process involved the exploitation of a security flaw in a wallet that was used to update some of the smart contracts on the exchange. Bancor, which was one of the most successful ICOs of 2017, raising $153 million during its token sale, was forced to shut down after the hack.

7. Coinrail ($40 Million)

Coinrail was hacked in June 2018, and $40 million was stolen from the exchange. The South Korean exchange which ranked among the top 100 exchanges by volume, suspended its services shortly after the hack.
According to sources from the exchange, the tokens that were stolen included NPXS tokens from the Pundi X project, ATC from Aston and the NPER project’s NPER token.
  1. Binance ($40.7 Million)
Binance exchange was hacked in May 2019 and 7,000 Bitcoins were stolen from the platform. The value of the Bitcoins stolen at the time was about $40.7 million.
To achieve their aim, hackers were able to steal API keys, two-factor codes and some other key information to access the wallets. According to the exchange, the incident impacted only about 2% of its total Bitcoin holdings as all other wallets are secure.
Affected wallets were promised a refund through the exchange’s Secure Asset Fund for Users (SAFU) arrangement. This is a policy that the exchange uses to prepare for rainy days. A portion of fees charged on the exchange is set aside in order to ensure that platform users do not bear the brunt during occurrences such as this.

5. Zaif ($60 Million)

Japan-based cryptocurrency exchange Zaif was hacked in September 2018 and $60 million was stolen in the process. The theft was possible after hackers gained authorised access into the exchanges hot wallets, making away with huge amounts of Bitcoin, Bitcoin Cash, and MonaCoin.
The exchange’s asset reserve could not cover the loss, therefore it reached an agreement with a Japan-listed firm called Fisco to receive a $44.5 million investment in exchange for a major share of ownership.

4. Bitfinex ($77 Million)

The Bitfinex hack of August 2016 was a popular event that rocked the entire cryptocurrency industry. The hack occurred at a time when cryptocurrencies appeared to be shifting gears in terms of awareness and development. As a matter of fact, the aftermath of the event saw the Bitcoin price drop by 20%.
After the hack, Bitfinex issued cryptographic tokens to its users that were affected by the hack, all of which the exchange announced to have bought back by April 2017.

3. BitGrail ($187 Million)

$187 million worth of Nano tokens were stolen from BitGrail in February 2018. The reported theft was announced weeks after the unauthorized transfer was initiated. This information was from evidence retrieved from the Nano blockchain explorer by skeptics.
While BitGrail recognized the concerns of it users, it however stated that it is impossible for it to refund the stolen amount.

2. Mt. Gox ($460 Million)

The Mt. Gox scandal remains one of the biggest stains on the cryptocurrency industry. In February 2014, Mt. Gox was hacked and as much as $460 million was stolen from the exchange. In the wake of this, the exchange’s CEO, Mark Karpeles issued a statement that accepted responsibility on behalf of his company.
“We had weaknesses in our system, and our bitcoins vanished. We’ve caused trouble and inconvenience to many people, and I feel deeply sorry for what has happened, “ he said.
At the time, Mt. Gox was the world’s largest Bitcoin exchange that looked impressive from the outside, but many who claimed to know about the internal workings accused the company of a messy combination of poor management, neglect, and raw inexperience.
The size of this event left a huge dent on the reputation of Bitcoin and the crypto industry at large. It took a long time before the market picked up again, and for users to regain confidence in the industry. The exchange has since gone down and ceased to exist.

1. Coincheck ($500 Million)

The biggest theft in the history of the cryptocurrency industry happened in January 2018, when Japan-based cryptocurrency exchange, Coincheck was hacked. A total of NEM tokens worth $500 million were stolen in the process.
A statement from the exchange accepted the blame and took responsibility for the breach. According to reports, rather than storing its customers’ assets in offline wallets, the assets were stored in hot wallets that were connected to the internet. Coincheck also reportedly failed to protect the wallets with standard multi-signature security protocols.
Having traced the destination of the stolen funds, NEM developers created a tracking tool that would allow exchanges to automatically reject stolen funds.

Conclusion

Hacks and massive theft of cryptocurrencies have contributed to the setback experienced by the technology. Each of the events takes a hit on the confidence of investors and willing participants who may not be sure of how the affected exchanges will handle the situation.
The industry is however learning from past experiences, as the frequency of such hacks have reduced, while in some cases, modalities are being put in place to ensure that end users do not bear the brunt of such events, just like the case of Binance.
The NEM developers’ response to the Coincheck hack has a way of rendering stolen funds unspendable, as long as other members of the community comply. However, no one knows how long this will last, and if the hackers will be able to nullify the traceability of the stolen coins yet.
The action by the developers will discourage hackers and thieves, but is yet to restore value to the end users whose funds have been stolen.
For the industry to grow as it should and become stable, security of funds need to be established. Exchanges and developers are continuously making efforts to ensure that funds and transactions within the industry remain safe at all times.
http://bitcoinadvisor.info/top-10-of-the-biggest-cryptocurrency-hacks-and-scams-eve?fbclid=IwAR1aKdbjF1HQpFQq3jH6PQptxt7mhXHJWsABPnlN5ZEjmq07ByMEYWvVezM
submitted by OliAustin101 to TopBottomCrypto [link] [comments]

A Breakdown on Binance Hot Wallet's 7000 BTC Loss #Binance Original#

A Breakdown on Binance Hot Wallet's 7000 BTC Loss #Binance Original#
Binance, one of the largest cryptocurrency exchanges in the world, announced on May 8th (UTC) that a “large scale security breach” was detected in their cybersecurity system at 17:15:24 May 7th 2019 (UTC).
It’s said that about 7,000 bitcoin amounting to $40 million were withdrawn by hackers through a single transaction. Hackers employed various methods, including phishing and viruses, to obtain user API keys, two-factor authentication codes, and other information and to finally “execute well-orchestrated actions”.
As a pioneering and professional enterprise dedicated to building a better blockchain ecomodel, We, Beosin(Chengdu Lian’An Technology Co., Ltd.), takes quick action at the first time organizing our technicians to make in-depth analysis. Here’s the breakdown.
Attack Scene
- Transaction details
https://preview.redd.it/igniw3f6w4031.png?width=769&format=png&auto=webp&s=9ee914552c165211187c45ffbb1664dbe59af56a
As is shown in the above screenshot, the attack occurred at block height 575013.
The picture below shows the addresses where hackers were withdrawing BTC, with the yellow-marked parts being the major ones.
https://preview.redd.it/lv4j3509w4031.png?width=935&format=png&auto=webp&s=d95724a419730670dbff711c08a3085062938847
By 14:30 May 8th (GMT+8), a total number of 7074 BTC have been stolen from Binance’s hot wallet which remained a sum of 3,612.69114593 BTC after the suffering, indicating its security of secret keys.
Event Study
Hackers carried out withdrawal operations by API synchronously at 01:17:18 May 8th (GMT+8).
Once a user applied Binance exchange API, API key and secret key would be correspondingly generated. See the illustration below.
https://preview.redd.it/q8piepebw4031.png?width=1132&format=png&auto=webp&s=1535f27da6541f4568cba7a9fec8338427608af7
API offers users with IP-restriction-relief option as well as open-withdrawal option, from which open withdrawal means withdrawing tokens directly by using API key and secret key, without the need for SMS verification code and Google verification code. See the illustration below.
https://preview.redd.it/3fdztu2ew4031.png?width=486&format=png&auto=webp&s=fdcda4db02d229e0987f42d1f65333d5bccca178
The screenshot below shows part of the demo codes for API Call given by Binance.
(Source: https://github.com/binance-exchange/python-binance)
https://preview.redd.it/11gwxfkgw4031.png?width=727&format=png&auto=webp&s=62311cc1feed842adf20f5717d44449382fac1b4
By our first-step analysis, we think that the data breaches led to this attack. More specifically, it’s because that the users’ API keys and secret keys are obtained by and exposed to hackers.
In the case that a user enables IP-restriction-relief and open-withdrawal function, attackers are able to obtain user’s API key and secret key information and then implement heist.
We list 4 possible cases in which a Binance user might leak his/her info:
  1. Ordinary users don’t use API keys, generally speaking, and when power users adopt API keys to code for automated transaction, their source codes are likely to be exposed to attackers before their secret keys are committed to the same.
  2. Users are phished by attackers as their API keys and secrete keys are hijacked.
  3. The computer in which a user’s API key and secret key is stored has been infected.
  4. Cryptocurrency exchanges are easy to breach. Users API and Secret keys are stolen by hackers due to internal reasons of Binance exchange security system. Note that there are only 71 users enabled open-withdrawal function and each suffered loss.
Tips from Beosin
We highly suggest that both users and Cryptocurrency exchanges pay extra attention on information protection. Especially, when using advanced functions, strengthen the awareness of security to avoid any latent loss resulting from data breaches.
submitted by Beosin123 to u/Beosin123 [link] [comments]

Gregory Maxwell /u/nullc has evidently never heard of terms like "the 1%", "TPTB", "oligarchy", or "plutocracy", revealing a childlike naïveté when he says: "‘Majority sets the rules regardless of what some minority thinks’ is the governing principle behind the fiats of major democracies."

UPDATE: This post was inspired by a similar previous post which also has lots of great points, but the current post has a slightly different focus because:
(1) This post assumes ignorance (not dishonesty) on the part of nullc.
(2) This post basically gives a list of a bunch of sources on Wikipedia talking about oligarchy and plutocracy, as a starting point for anyone interested in this stuff.
Gregory Maxwell nullc has repeatedly shown that he has a very weak grasp of the political and economic realities shaping our world today.
He should not be (actually nobody should be) in charge of setting major economic policies and parameters (eg money velocity aka "max blocksize") for the most important non-state-based currency in the history of humanity (Bitcoin).
Are serious investors and businesspeople going to believe in a new currency whose economic parameters (eg money velocity aka "max blocksize") are centrally planned by a private for-profit corporation Blockstream whose CTO and CEO (Gregory Maxwell nullc and Adam Back adam3us) have repeatedly shown that they are totally clueless when it comes to markets and economics?
I don't even know where to begin to school this guy on the reality of politics and economics in the world today. It would take literally years of reading up on events in the mainstream media and online in order for him to get familiar enough with this stuff to stop blurting out ridiculously ignorant statements like:
"Majority sets the rules regardless of what some minority thinks" is the governing principle behind the fiats of major democracies.
https://np.reddit.com/Bitcoin/comments/44meru/why_would_miners_go_against_their_own_interests/czrgb0d
https://np.reddit.com/btc/comments/44p5tk/does_the_community_believe_that_gmaxwell_is_being/
Maybe the Wikipedia articles on "Oligarchy" or "Plutocracy" would be a good place for him to start reading up, so he can avoid making such ignorant public pronouncements in the future.
Meanwhile, it is obvious that this guy should not be in charge of centralized planning for Bitcoin's economic aspects such as "max blocksize".
Actually, blocksize is probably not a even a "parameter" which can be "pre-determined" by a C/C++ programmer.
Blocksize is more likely an "emergent phenomenon" which should probably be determined by the market itself.
Below are many, many links talking about how "oligarchy" and "plutocracy" have replaced democracy in politics and economics today.
https://en.wikipedia.org/wiki/Oligarchy#United_States
Some contemporary authors have characterized current conditions in the United States as oligarchic in nature.[8][9]
Simon Johnson wrote that "the reemergence of an American financial oligarchy is quite recent," a structure which he delineated as being the "most advanced" in the world.[10]
Jeffrey A. Winters wrote that "oligarchy and democracy operate within a single system, and American politics is a daily display of their interplay."[11]
Bernie Sanders,opined in a 2010 The Nation article that an "upper-crust of extremely wealthy families are hell-bent on destroying the democratic vision of a strong middle-class … In its place they are determined to create an oligarchy in which a small number of families control the economic and political life of our country."[12]
The top 1% in 2007 had a larger share of total income than at any time since 1928.[13] In 2011, according to PolitiFact and others, the top 400 wealthiest Americans "have more wealth than half of all Americans combined."[14][15][16][17]
French economist Thomas Piketty states in his 2013 book, Capital in the Twenty-First Century, that "the risk of a drift towards oligarchy is real and gives little reason for optimism about where the United States is headed."[18]
A study conducted by political scientists Martin Gilens of Princeton University, and Benjamin Page of Northwestern University, was released in April 2014,[19] which stated that their "analyses suggest that majorities of the American public actually have little influence over the policies our government adopts."
It also suggested that "Americans do enjoy many features central to democratic governance, such as regular elections, freedom of speech and association, and a widespread (if still contested) franchise."
Gilens and Page do not characterize the US as an "oligarchy" per se; however, they do apply the concept of "civil oligarchy" as used by Jeffrey Winters with respect to the US. Winters has posited a comparative theory of "oligarchy" in which the wealthiest citizens – even in a "civil oligarchy" like the United States – dominate policy concerning crucial issues of wealth- and income-protection.[20]
Gilens says that average citizens only get what they want if economic elites or interest groups also want it; that is, economic elites and interest groups are influential.[21] ...
In a 2015 interview, former President Jimmy Carter stated that the United States is now "an oligarchy with unlimited political bribery," due to the Citizens United ruling, which effectively removed limits on donations to political candidates.[25]
Links for the above references (footnotes) in the Wikipedia article on "Oligarchy":
[8] Kroll, Andy (2 December 2010). "The New American Oligarchy". TomDispatch (Truthout). Retrieved 17 August 2012.
http://www.truth-out.org/archive/component/k2/item/93150:andy-kroll--the-new-american-oligarchy
It used to be that citizens in large numbers, mobilized by labor unions or political parties or a single uniting cause, determined the course of American politics. After World War II, a swelling middle class was the most powerful voting bloc, while, in those same decades, the working and middle classes enjoyed comparatively greater economic prosperity than their wealthy counterparts. Kiss all that goodbye. We're now a country run by rich people.
[9] America on the Brink of Oligarchy 24 August 2012 The New Republic
http://www.tnr.com/article/magazine/books-and-arts/106430/money-politics-inequality-power-one-percent-move-on-effect
Winters conceives of oligarchy not as rule by the few, but as a kind of minority power created by great concentrations of material wealth. Compatible with a wide range of regimes, oligarchy can co-exist and even be “fused” with democracy as it is today in the United States.
[10] Johnson, Simon (May 2009). "The Quiet Coup". The Atlantic. Retrieved 17 August 2012.
https://www.theatlantic.com/magazine/archive/2009/05/the-quiet-coup/307364/?single_page=true
The crash has laid bare many unpleasant truths about the United States. One of the most alarming, says a former chief economist of the International Monetary Fund, is that the finance industry has effectively captured our government—a state of affairs that more typically describes emerging markets, and is at the center of many emerging-market crises. If the IMF’s staff could speak freely about the U.S., it would tell us what it tells all countries in this situation: recovery will fail unless we break the financial oligarchy that is blocking essential reform. And if we are to prevent a true depression, we’re running out of time.
[11] Winters, Jeffrey A. (November–December 2011) [28 September 2011]. "Oligarchy and Democracy". The American Interest 7 (2). Retrieved 17 August 2012.
http://www.the-american-interest.com/2011/09/28/oligarchy-and-democracy/
Democratic institutions aren't sufficient in themselves to keep the wealthy few from concentrating political power.
[12] Sanders, Bernie (22 July 2010). "No To Oligarchy". The Nation. Retrieved 18 August 2012.
http://www.thenation.com/article/no-oligarchy/
While the middle class disappears and more Americans fall into poverty, the wealthiest people in our country are using their wealth and political power to protect their privileged status at everyone else's expense.
[13] "Tax Data Show Richest 1 Percent Took a Hit in 2008, But Income Remained Highly Concentrated at the Top. Recent Gains of Bottom 90 Percent Wiped Out". Center on Budget and Policy Priorities. 25 May 2011. Retrieved 30 May 2014.
http://www.cbpp.org/research/tax-data-show-richest-1-percent-took-a-hit-in-2008-but-income-remained-highly-concentrated?fa=view&id=3309
[14] Kertscher, Tom; Borowski, Greg (10 March 2011). "The Truth-O-Meter Says: True - Michael Moore says 400 Americans have more wealth than half of all Americans combined". PolitiFact. Retrieved 11 August 2013.
http://www.politifact.com/wisconsin/statements/2011/ma10/michael-moore/michael-moore-says-400-americans-have-more-wealth-/
"Right now, this afternoon, just 400 Americans -- 400 -- have more wealth than half of all Americans combined," Moore avowed to tens of thousands of protesters.
"Let me say that again. And please, someone in the mainstream media, just repeat this fact once; we’re not greedy, we’ll be happy to hear it just once.
"Four hundred obscenely wealthy individuals ... -- most of whom benefited in some way from the multi-trillion-dollar taxpayer bailout of 2008 -- now have more cash, stock and property than the assets of 155 million Americans combined."
[15] Moore, Michael (6 March 2011). "America Is Not Broke". Huffington Post. Retrieved 11 August 2013.
http://www.huffingtonpost.com/michael-moore/america-is-not-broke_b_832006.html
America is not broke.
Contrary to what those in power would like you to believe so that you'll give up your pension, cut your wages, and settle for the life your great-grandparents had, America is not broke. Not by a long shot. The country is awash in wealth and cash. It's just that it's not in your hands. It has been transferred, in the greatest heist in history, from the workers and consumers to the banks and the portfolios of the uber-rich.
Today just 400 Americans have more wealth than half of all Americans combined.
Let me say that again. 400 obscenely rich people, most of whom benefited in some way from the multi-trillion dollar taxpayer "bailout" of 2008, now have more loot, stock and property than the assets of 155 million Americans combined. If you can't bring yourself to call that a financial coup d'état, then you are simply not being honest about what you know in your heart to be true.
[16] Moore, Michael (7 March 2011). "The Forbes 400 vs. Everybody Else". michaelmoore.com. Archived from the original on 2011-03-09. Retrieved 2014-08-28.
https://web.archive.org/web/20110309211959/http://www.michaelmoore.com/words/must-read/forbes-400-vs-everybody-else
According to the most recent information, the Forbes 400 now have a greater net worth than the bottom 50% of U.S. households combined.
[17] Pepitone, Julianne (22 September 2010). "Forbes 400: The super-rich get richer". CNN. Retrieved 11 August 2013.
http://money.cnn.com/2010/09/22/news/companies/forbes_400/index.htm
Forbes magazine released its annual list of the 400 richest Americans on Wednesday, and their combined net worth climbed 8% this year, to $1.37 trillion.
[18] Piketty, Thomas (2014). Capital in the Twenty-First Century. Belknap Press. ISBN 067443000X p. 514
https://en.wikipedia.org/wiki/Capital_in_the_Twenty-First_Century
Capital in the Twenty-First Century is a 2013 book by French economist Thomas Piketty. It focuses on wealth and income inequality in Europe and the United States since the 18th century. It was initially published in French (as Le Capital au XXIe siècle) in August 2013; an English translation by Arthur Goldhammer followed in April 2014.
The book's central thesis is that when the rate of return on capital (r) is greater than the rate of economic growth (g) over the long term, the result is concentration of wealth, and this unequal distribution of wealth causes social and economic instability.
[19] Gilens, Martin; Page, Benjamin (9 April 2016). "Testing Theories of American Politics: Elites, Interest Groups, and Average Citizens" (PDF): 6.
[20] Gilens & Page (2014) p. 6
https://journals.cambridge.org/action/displayAbstract?fromPage=online&aid=9354310
Each of four theoretical traditions in the study of American politics—which can be characterized as theories of Majoritarian Electoral Democracy, Economic-Elite Domination, and two types of interest-group pluralism, Majoritarian Pluralism and Biased Pluralism—offers different predictions about which sets of actors have how much influence over public policy: average citizens; economic elites; and organized interest groups, mass-based or business-oriented.
Multivariate analysis indicates that economic elites and organized groups representing business interests have substantial independent impacts on U.S. government policy, while average citizens and mass-based interest groups have little or no independent influence. The results provide substantial support for theories of Economic-Elite Domination and for theories of Biased Pluralism, but not for theories of Majoritarian Electoral Democracy or Majoritarian Pluralism.
[21] Prokop, A. (18 April 2014) "The new study about oligarchy that's blowing up the Internet, explained" Vox
http://www.vox.com/2014/4/18/5624310/martin-gilens-testing-theories-of-american-politics-explained
Study: Politicians listen to rich people, not you
Who really matters in our democracy — the general public, or wealthy elites?
[25] http://www.rollingstone.com/politics/videos/jimmy-carter-u-s-is-an-oligarchy-with-unlimited-political-bribery-20150731
Former President Jimmy Carter had some harsh words to say about the current state of America's electoral process, calling the country "an oligarchy with unlimited political bribery" resulting in "nominations for president or to elect the president." When asked this week by The Thom Hartmann Program (via The Intercept) about the Supreme Court's April 2014 decision to eliminate limits on campaign donations, Carter said the ruling "violates the essence of what made America a great country in its political system."
https://en.wikipedia.org/wiki/Plutocracy#Post_World_War_II
When the Nobel-Prize winning economist Joseph Stiglitz wrote the 2011 Vanity Fair magazine article entitled "Of the 1%, by the 1%, for the 1%", the title and content supported Stiglitz's claim that the United States is increasingly ruled by the wealthiest 1%.[34]
Some researchers have said the US may be drifting towards a form of oligarchy, as individual citizens have less impact than economic elites and organized interest groups upon public policy.[35]
A study conducted by political scientists Martin Gilens (Princeton University) and Benjamin Page (Northwestern University), which was released in April 2014,[36] stated that their "analyses suggest that majorities of the American public actually have little influence over the policies our government adopts."
Links for the above references (footnotes) in the Wikipedia article on "Plutocracy":
[34] Stiglitz Joseph E. "Of the 1%, by the 1%, for the 1%" Vanity Fair, May 2011; see also the Democracy Now! interview with Joseph Stiglitz: Assault on Social Spending, Pro-Rich Tax Cuts Turning U.S. into Nation "Of the 1 Percent, by the 1 Percent, for the 1 Percent", Democracy Now! Archive, Thursday, April 7, 2011
http://www.vanityfair.com/news/2011/05/top-one-percent-201105
It’s no use pretending that what has obviously happened has not in fact happened. The upper 1 percent of Americans are now taking in nearly a quarter of the nation’s income every year. In terms of wealth rather than income, the top 1 percent control 40 percent.
...
America’s inequality distorts our society in every conceivable way. There is, for one thing, a well-documented lifestyle effect—people outside the top 1 percent increasingly live beyond their means. Trickle-down economics may be a chimera, but trickle-down behaviorism is very real. Inequality massively distorts our foreign policy. The top 1 percent rarely serve in the military—the reality is that the “all-volunteer” army does not pay enough to attract their sons and daughters, and patriotism goes only so far. Plus, the wealthiest class feels no pinch from higher taxes when the nation goes to war: borrowed money will pay for all that. Foreign policy, by definition, is about the balancing of national interests and national resources. With the top 1 percent in charge, and paying no price, the notion of balance and restraint goes out the window. There is no limit to the adventures we can undertake; corporations and contractors stand only to gain. The rules of economic globalization are likewise designed to benefit the rich: they encourage competition among countries for business, which drives down taxes on corporations, weakens health and environmental protections, and undermines what used to be viewed as the “core” labor rights, which include the right to collective bargaining. Imagine what the world might look like if the rules were designed instead to encourage competition among countries for workers. Governments would compete in providing economic security, low taxes on ordinary wage earners, good education, and a clean environment—things workers care about. But the top 1 percent don’t need to care.
[35] Piketty, Thomas (2014). Capital in the Twenty-First Century. Belknap Press. ISBN 067443000X p. 514: "the risk of a drift towards oligarchy is real and gives little reason for optimism about where the United States is headed."
https://en.wikipedia.org/wiki/Capital_in_the_Twenty-First_Century
[36] Gilens & Page (2014) Testing Theories of American Politics: Elites, Interest Groups, and Average Citizens, Perspectives on Politics, Princeton University. Retrieved 18 April 2014.
PDF! www.princeton.edu/~mgilens/Gilens%20homepage%20materials/Gilens%20and%20Page/Gilens%20and%20Page%202014-Testing%20Theories%203-7-14.pdf
Finally, it is worth mentioning the notorious "Plutonomy" memo prepared by analysts at Citigroup:
https://pissedoffwoman.wordpress.com/2012/04/12/the-plutonomy-reports-download/
Citigroup wrote memos in 2005 and 2006 addressed to investors, basically saying that the world is dividing up more and more into a small group of rich people who drive the economy, surrounded by a large number of poor people whose economic interests can be safely ignored.
As the above links show, it is shockingly naïve for Gregory Maxwell u/nullc to claim that policies for fiat currencies are determined by "democracies".
If he is this ignorant about the reality of so-called democracies and fiat currencies, one can only wonder how much other stuff he is ignorant about, in his ongoing misguided attempts to impose his own centralized economic planning on Bitcoin.
submitted by ydtm to btc [link] [comments]

Anatomy of crypto data destruction and RNG

Ever since the post-credits scene in season 2, I've been thinking about how the stage 1 "payload" that encrypted all of the E-Corp systems might have been built, and how it might be flawed enough to permit data recovery. No sci-fi time-travel magic required for this theory.
We never get a direct look at the malware, but we do get a smattering of references to what it is throughout the episodes so far. Not enough to get a totally clear picture, but it's somewhere to start with educated guesses.
In S01E01, Mr. Robot is explicit about the aims:
If we hit their data center just right, we could systematically format all the servers, including backup. It would be impossible to enforce outdated paper records. It would all be gone.
Okay. They want to irreversibly delete the data on all of E-Corp's servers and backups.
In S01E02, when tasking Elliot with blowing up the Comet electric natural gas plant to take out the tape backups at Steel Mountain, Mr. Robot elaborates:
Once we blow up the pipeline, Darlene's worm will kick into high gear at the US datacenter, which you helped us to install. Thank you very much. The redundant backups at their eastern datacenter in China? The dark army is covering us on that.
Okay, we've learned the way they'll do it is with a worm, which Darlene wrote. A worm is malware that is designed to replicate itself and carry a payload.
In S01E08, after successfully entering the work order to remove the honeypot around CS30, Elliot states:
In 43 hours, exactly, our server will no longer be a honeypot, and that rootkit you wrote will take down Evil Corp. We did it Darlene. It's going to happen.
Despite what Lloyd might have said, rootkits are not serial rapists with very big dicks. They're malicious code designed to hide the presence of an attacker (inc. processes they might be running, alterations to system login and authentication modes to accept a backdoor credential) and their tools on a system once it has been compromised. Unqualified, the term "rootkit" commonly refers to kernel-mode rootkits, which operate directly within the context of the operating system, and frequently loaded through the same facilities provided for installing new device drivers. They can hide files/directories, running processes, network connections, and themselves (e.g. in the list of loaded drivers) from scanning entities on the same system. One way to detect a rootkit is to look for discrepancies between what tools on the system report (e.g. in terms of active network connections) versus what is observed externally (e.g. on a network monitoring device).
That makes the discussion of "honeypots" a little bit strange. A honeypot usually refers to a target on a network that's designed to be enticing to attackers, so that they try to hack it, but isn't "real" in the sense that it processes real data. It might be instrumented such that probing and reconnaissance activities targeting the honeypot are tied to network hacking alerts.
I can think of one of three interpretations of what turning server cs30 into a honeypot might mean:
  1. They've installed additional monitoring software on cs30.
  2. They've replaced cs30 with a totally different system that looks like cs30 to an outsider.
  3. They've installed additional network monitoring around cs30.
But none of these interpretations really make sense. If it's #1, if the rootkit was written properly, it's likely that additional monitoring would be fruitless, and the attack could be carried out without the whole Whiterose meeting riddles.
If it's #2, then the rootkit would probably not have been copied over to the clone, and fscociety would have noticed their server misbehaving. Unless, of course, E-Corp discovers the rootkit on cs30 as part of this process, in which case, they could have just cleaned it up, and closed off fsociety access to the internal server.
If it's #3, then the periodic use of the backdoored access to cs30 by fsociety should have been noticed by looking at that network monitoring data, likewise leading to a server cleanup and removal of the backdoor.
I'll chalk this up to somewhat cavalier and imprecise use of technical terminology by a TV show, and press on.
What have we learned so far?
In S01E09, after Tyrell coerces Elliot into showing him the fsociety arcade:
Tyrell: What is it that you're doing exactly?
Elliot: Encrypting all the files. All of Evil-Corp's financial records will be impossible to access. The encryption key will self-delete after the process completes.
Wait a second? Encryption? Encryption key? I thought we were after data deletion.
Of course, there's a perfectly plausible explanation: deleting data takes time. If you go around rm -rf'ing servers, there's a good chance that recoverable data will be scattered around those hosts. By performing bulk encryption, you overwrite all data on the target systems once, can still permit access to everything on the system while the encryption is occurring, and then destroy the key once the encryption process is completed. This lowers the length of the window in which someone can realize that something has gone terribly wrong. The key is small (tens of bytes, not to gigabytes or hundreds of gigabytes), and can be deleted almost instantaneously.
Several full disk encryption systems, including FileVault in macOS, and the now-defunct TrueCrypt have the ability to do this: you start encrypting the drive, but can continue working while the data is read, encrypted, and overwritten unnoticed in the background.
Some ransomware strains also follow this practice, so it's not an unreasonable approach. However, cryptography is a loaded foot cannon for the unwary, and it's surprisingly easy to make a small mistake that unravels the whole thing.
In S01E10, as Elliot looks for Tyrell at the E-Corp building, in voice-over he says:
A simple program: a worm that can make data unreadable. Malware that took Darlene maybe 2 hours to code. Is that all it takes to kill the world?
And follows with:
I wonder what stage they're at. Denial? Muttering to themselves "no, this can be fixed." Maybe bargaining? Forcing their techs to work overtime to try to decrypt our data. Or have they come to the realization yet that Darlene encrypted everything with 256-bit AES, and it would take an incomprehensible amount of time to crack? That all of their data is actually gone, for good.
AES is a symmetric encryption algorithm in wide use. It's stood the test of time since its standardization in 2000, and lots of people trying to find weaknesses in the last 2 decades. At a 256-bit key length, it would take many multiples of lifetimes of the universe to break, at least so long as computers are still made out of atoms. A quantum computer would not meaningfully assist in this kind of attack, as Grover's algorithm would still require 2128 quantum operations, and this is still going to take many multiplies of lifetimes of the universe to break.
But it does raise questions about cryptographic hygiene. Mechanically: what mode of operation is AES being used in to encrypt files? Let's assume Darlene has heard of the ECB penguin and has picked something better like CBC with per-file random initialization vectors.
More importantly: where is that key coming from? The right answer is to read it from a operating system provided cryptographically secure random number generator like /dev/urandom on UNIX-like systems, or the equivalent on Microsoft Windows CryptGenRandom. Ideally, perform this random key generation process individually (resulting in unique keys) on every single target system. There have been cases where CryptGenRandom has produced sub-par quality randomness on earlier versions of Windows, but not since Windows XP SP2 or older.
My theory is that this is where the fsociety worm went wrong.
In S02E01, we see the night of the hack for the first time, and in the terminal we see:
[email protected]:~# ssh -l root bkuw300ps345672-cs30.serverfarm.evil-corp-usa.com [email protected] password: The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usshare/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Thu May 8 16:26:57 2015 from cs30.serverfarm.evil-corp-usa.com [email protected]:~# cd /opt/2/task/2/fd1nfo/fsociety/hscripts/ [email protected]:/opt/2/task/2/fd1nfo/fsociety/hscripts# ls fuxsocy.py loadmod.py rootkitctrl sniff-out.pcap kernel_modules nuke.py sn1ff worm.py [email protected]:/opt/2/task/2/fd1nfo/fsociety/hscripts# ./fuxsocy.py 
And then:
Executing FuxSocy Loading Source of Entropy ####################### COMPLETE Generating Keys ####################### COMPLETE Locating target files. beginning crypto operations Encrypting /bin Encrypting /boot Encrypting /dev Encrypting /etc 
"Loading Source of Entropy" you say? That sounds awfully like a userspace random number generator. If the entropy pool is too small, or if the random number generation process is otherwise flawed, the key fed into the AES encryption process might be much more predictable than the 256-bit key length would suggest.
There was a major incident of this type discovered in 2006, where the Debian GNU/Linux package maintainers for OpenSSL (a popular, and widely used, though terrible) cryptography library commented out some lines that were generating code safety warnings when packaging it for the Debian distribution. Turns out these lines were essential to introducing any kind of real randomness for uses by the library, and this includes key generation and certain signing operations.
The fallout was that the affected versions of OpenSSL on Debian GNU/Linux would only generate 32,768 or 214 distinct keys. This also affected things like ECDSA signing, which was mirrored in 2013 when a similar vulnerability in Android led to the theft of about 56 Bitcoins.
You would have to know how the flawed key generation was implemented, and it would not necessarily be obvious looking at the keys from the outside, but if there was a flaw of this magnitude, you could break that "256-bit" key almost instantly with e.g. 14-bits of effort.
The use of Debian on the E-Corp servers might be a suggestive hint to this historical fiasco too.
The screen output also suggests that there might have been a single key generated at the start of the process that was copied as part of the data destruction payload to all of the E-Corp servers. Not ideal from a cryptographic hygiene standpoint.
In the post-credits scene of S02E12, Trenton and Mobley discuss:
Trenton: Have you given any more thought to what I said?
Mobley: I don't want to discuss this.
Trenton: Mobley...
Mobley: Fredrick.
Trenton: Seriously, Fredrick, what if we could? This might work.
Mobley: And also, it might not. I've taken enough risks for one lifetime, I don't want to discuss it anymore.
Trenton: But what if we could generate the keys...
Mobley: Tanya... will you just please shut up?
Trenton: What? This is important. We need to talk about it.
...
Trenton: Please, just look at it.
Mobley: Okay, so what? Say I did. Then what?
Trenton: If what I discovered is real, do you know what that means?
Mobley: Yeah, I know exactly what it means.
Trenton: Yeah, it means we could potentially undo this whole thing. Put everything back the way it was.
Mobley: I know. I know.
Trenton: Please. Just look at what I found.
I bet they've looked over the fsociety data destruction payload code and discovered a way to reproduce the key, precisely because there's this kind of flaw in it.
Finally, during Tyrell's AMA, a.k.a. S03E03, we get another shot of stage 1 running:
Thread #7 - 233 hosts online, initiating SCP transfer Waiting on thread updates ... Thread #2 - SCP complete. launched encryption tasks Thread #6 - SCP complete. launched encryption tasks Waiting on thread updates Thread #2 - Encryption tasks completed & verified Updating process log Thread #2 - Obtaining next hosts ... read 256 addresses Waiting on thread updates Thread #6 - SCP complete. launched encryption tasks Waiting on thread updates Thread #2 - Starting tasks on 10.0.0.29/24 
I interpret this as cs30 copying (via SCP) the data destruction payload to every server on the E-Corp network. The 10.0.0.0/8 IP addresses are designated internal network addresses, and are common for large internal business networks. It's odd that E-Corp would have a totally flat network, and also odd that cs30 itself seems to be copying the payload everywhere (not very worm-like), but perhaps this is just artistic license from the VFX guys.
Given how little we see of this screen, and how it was effective at wiping out E-Corp, I think it's safe to assume that the payload being transferred over SCP is both a propagator (i.e. the worm) and a data destruction payload, which would also address it spreading over the entire E-Corp network, even if it isn't flat. It is still suggestive of the single-key possibility though.
So, did Darlene fuck up the crypto? I think so. There's a few more suggestive quotes.
In S01E06, after dropping USB flash drives in the police parking lot for Elliot, the malware is blocked by antivirus.
Elliot: Did you write that exploit yourself?
Darlene: I had an hour.
Elliot: So what? You just pulled code from Rapid9 or some shit? Since when did you become a script kiddie?
Darlene: I repeat: I had an hour.
We learn that Darlene can be sloppy when doing things quickly, and re-iterating Elliot's voice-over in S01E10:
Malware that took Darlene maybe 2 hours to code.
And another off-hand remark in S01E08:
Elliot: How'd it go with the climate control hack?
Darlene: Handled. I happen to be really smart and good at things. Not like you give a shit.
There's a lot of ways that subtle faults in a cryptographic implementation can lead to the entire system coming tumbling down. Darlene might be an expert malware coder, but that's not a universal skill that necessarily translates over to other aspects of information security.
If you're curious about not falling into "bad noob practices" with crypto, there's a great set of cryptography building and breaking challenges that don't require much more than basic algebra, statistics, and coding skills.
Wildly speculating now:
submitted by DrElectolight to MrRobot [link] [comments]

Cybersecurity Facts, Figures, Predictions And Statistics for 2019

Cybersecurity Facts, Figures, Predictions And Statistics for 2019
https://preview.redd.it/5xbauoiutwz21.jpg?width=1920&format=pjpg&auto=webp&s=a1b2a10f1ab5851b202595605555d089485dc1cb
Cybersecurity Ventures released a special first annual edition of the Cybersecurity Almanac, a handbook containing the most pertinent statistics and information for tracking cybercrime and the cybersecurity market.
Here are just some facts, figures, statistics, and predictions to help frame the global cybercrime landscape, and what the cybersecurity industry is doing to help protect governments, citizens, and organizations globally.
Cyber crimes are increasing globally in size, sophistication, and cost. According to Cybersecurity Ventures :
  • By 2021 cybercrime damages will cost globally $6 billion every year
  • Cybercrimes are vastly undercounted because they aren’t reported — due to embarrassment, fear of reputational harm, and the notion that law enforcement can’t help (amongst other reasons).
  • By 2021 more than 70 percent of all cryptocurrency transactions annually will be for illegal activity.
  • Last year advertisers lost an estimated $19 billion to fraudulent activities, equivalent to $51 million per day.
Advances in technology are the main driver for economic growth but have also led to a higher incidence of cyberattacks. The leading trends such as e-commerce, mobile payments, cloud computing, Big Data and analytics, IoT, AI, machine learning, and social media, all increase cyber risk for users and businesses.
  • The 10 biggest data breaches of all time — with the number of accounts hacked and year occurred — according to Quartz: Yahoo, 3 billion (2013); Marriott, 500 million (2014–2018); Adult FriendFinder, 412 million (2016); MySpace, 360 million (2016); Under Armor, 150 million (2018); Equifax, 145.5 million (2017); eBay, 145 million (2014); Target, 110 million (2013); Heartland Payment Systems, 100+ million (2018); LinkedIn, 100 million (2012); rest of list…
  • Cryptocrime is an emerging segment of the cybercrime ecosystem. One report estimates that hacks on cryptocurrency exchanges suffered roughly $1 billion in losses during 2018.
  • The 5 biggest bitcoin hacks of all time — with the exchange name, amount stolen, and year occurred — according to CoinSutra: Mt. Gox, 2609 BTC | +750,000 BTC (2011); BitFloor, 24,000 BTC (2012); Poloniex, 12.3 percent of all BTCs — 97 BTC (2014); BitStamp, 19,000 BTC (2015); Bitfinex, 120,000 BTC (2016).
  • The cost of the 2018 Coincheck hack, the biggest cryptocurrency heist to date, was $530 million. 523 million NEM coins (known as XEM) had been stolen from a hot wallet (a wallet connected to the Internet) allowing hackers to drain the coins into a separate account. The cost of those stolen coins has since declined dramatically.
  • In a keynote at DevNet Create, Susie Wee, SVP and CTO of Cisco DevNet, shared research from Cybersecurity Ventures that estimates there are 111 billion lines of new software code being produced each year — which introduces potential for a massive number of vulnerabilities that can be exploited. Zero-day exploits alone are predicted to reach one per day by 2021, up from one per week in 2015.
  • The FBI reported that the Business Email Compromise (BEC), aka Email Account Compromise (EAC) — a sophisticated scam targeting both businesses and individuals performing wire transfer payments — has cost more than $12.5 billion in losses over the past 4.5 years (as of its last tally through May 2018).
  • Less than half of companies globally are sufficiently prepared for a cybersecurity attack, according to a PricewaterhouseCoopers report that surveyed 3,000 business leaders from more than 80 countries.
  • The 5 most cyber-attacked industries over the past 5 years are healthcare, manufacturing, financial services, government, and transportation. Cybersecurity Ventures predicts that retail, oil and gas / energy and utilities, media and entertainment, legal, and education (K-12 and higher ed), will round out the top 10 industries for 2019 to 2022.
  • ATM makers, banks, and law enforcement have been scrambling to defend the 400,000 ATMs in the U.S. against “jackpotting.” When cybercriminals take control of the machine, cash spews out of it like a Las Vegas jackpot. Jackpotting has been rising worldwide, though it’s unclear how much has been stolen because victims and police often do not disclose details.
  • Almost 50 percent of Ultra High Net Worth family wealth is being managed through family offices, which can be (cyber) targets due to the potential extortion value attached to reputational threats. 40 percent of family offices lack a cybersecurity policy. 28 percent of these businesses have already been victims of cyberattacks.
  • Distributed-Denial-of-Service (DDoS) attacks represent the dominant threat observed by the vast majority of service providers — and they can represent up to 25 percent of a country’s total Internet traffic while they are occurring. Globally the total number of DDoS attacks will double to 14.5 million by 2022 (from 2017), according to the Cisco Visual Networking Index (VNI).
  • Hacking tools and kits for cyberattacks, identity theft, malware, ransomware, and other nefarious purposes have been available in online marketplaces for several years — at price points starting as low as $1 — which makes the cost of entry to a life of cybercrime nearly free.
Learn more
Protect your business data and personal data
submitted by Cybervore_Inc to u/Cybervore_Inc [link] [comments]

Ether Thief Remains Mystery Year After $55 Million Digital Heist

Ether Thief Remains Mystery Year After $55 Million Digital Heist 2017-06-13 08:00:18.224 GMT
By Matthew Leising (Bloomberg Markets) -- Summer colds are the worst, and Emin Gün Sirer had caught a wicked bug from his 1-year-old son. So it was with watering eyes and a stuffy nose that the associate professor of computer science at Cornell found himself working from his sickbed on Monday, June 13, 2016. Gün—everyone calls him Gün—couldn’t tear himself away from his laptop. He had another type of bug in his sights, a flaw in a line of computer code he feared put $250 million at risk of being stolen. It wasn’t just any code. It was the guts of the newest breakthrough in software design related to blockchain, the novel combination of decentralized computing and cryptography that gave life to the virtual currency bitcoin in 2009. Since then, the promise of blockchain to transform industries from finance to health care has captured imaginations in corporate boardrooms and governments alike. Yet what the Turkish-born professor was exploring that Monday was the next leap forward from bitcoin, what’s known as the ethereum blockchain. Rather than moving bitcoin from one user to another, the ethereum blockchain hosts fully functioning computer programs called smart contracts—essentially agreements that enforce themselves by means of code rather than courts. That means they can automate the life cycle of bond payments, say, or ensure that pharmaceutical companies can authenticate the sources of their drugs. Yet smart contracts are also new and mostly untested. Like all software, they are only as reliable as their coding—and Gün was pretty sure he’d found a big problem. In an email sent to one of his graduate students, Philip Daian, at 7:30 p.m., Gün noted that the smart contract he was looking at might have a problem—on line 666. (They say the devil is in the details.) Gün feared the bug could allow a hacker to make unlimited ATM-like withdrawals from the millions, even if the attacker, who’d have needed to be an investor, had only $10 in his account. This staggering amount of money lived inside a program called a decentralized autonomous organization, or DAO. Dreamed up less than a year earlier and governed by a smart contract, the DAO was intended to democratize how ethereum projects are funded. Thousands of dreamers and schemers and developers who populate the cutting edge of computer science, most of them young, had invested in the DAO. This was real money, a quarter of a billion dollars, their money, meant to build a better version of the world, and every cent was at risk. Gün, who wears his dark hair short and looks a decade younger than his 45 years, had already been tracking and publicizing flaws in the DAO’s design. A few weeks earlier, on May 27, along with two colleagues, he’d urged investors to stop buying into the DAO until security issues could be fixed. It had been too late, however, and the program went live the next day. Smart contracts such as the DAO are built to be entirely reliant on their code once released on the ethereum blockchain. That meant the DAO code couldn’t be fixed. Other blockchain experts—including Peter Vessenes, co-founder of the Bitcoin Foundation—had also pointed out security flaws in the smart contract, but Gün appears to be the first to pinpoint the flaw that put the money in jeopardy. The problem was the code was so new that no one knew what to ­expect—or even if there was actually a problem in the first place. Gün had his doubts, too. This wasn’t even his job. He does this for fun. Daian didn’t think they’d found anything either. Over email, he said, “We might be up the creek ;).” Later, when Gün pointed to the error in line 666, Daian replied, “Don’t think so.” Gün says, “We don’t sound the alarm bell every time we find a bug that seems suspicious.” Instead, he went to bed to try to kill his cold—the one bug he knew to be real. “I was too miserable to sort it out,” he says. Four days later, Christoph Jentzsch lay on the floor of his home office, taking deep breaths, trying not to panic. It was Friday morning, and software developers all over the Western world were waking up to the news that the DAO, which Jentzsch had created, was being attacked. Gün had been right. Jentzsch, who has dark hair and a perpetual five o’clock shadow, lives with his family in the Mittweida region of Germany, a rural spot not far from the Czech border. Mornings in the Jentzsch household are a whirlwind as he and his wife get their five children—age 2 to 9—fed and off to school. Yet today, after his brother Simon woke him with a call that the DAO was being hacked, Jentzsch had to ignore his familial duties. “You’ve got the kids,” he told his wife. “I have an emergency.”
This is the story of one of the largest digital heists in history. And while you may have heard last year that hackers breached Swift, the bank-to-bank messaging system, and stole $81 million from Bangladesh’s central bank, the DAO attack is in a different category altogether. It played out in front of anyone who cared to watch and couldn’t be stopped. Just as the global WannaCry ransomware attack in May laid bare weaknesses in computer operating systems, the DAO hack exposed the early frailties of smart-contract security and left many in the community shaken because they hadn’t found the bug in time. The aftermath would eventually pit good hackers against bad ones—the white hats vs. the black hats—in the strange and futuristic- sounding DAO Wars. The roots of the DAO belong to an idea Jentzsch borrowed from another internet-fueled phenomenon: crowdfunding. The 32- year-old Jentzsch, a theoretical physicist by training, and a few colleagues started Slock.it in 2015. As they considered how to fund the company, Jentzsch approached it as many had—sell a digital currency, effectively a token, to raise cash. But why should each new startup have to program its own initial coin offering? Jentzsch wondered. What if one huge fund ruled them all? He introduced his idea to the world at DevCon 1 in London in November 2015. “What is the blockchain way of creating a company?” Jentzsch asked his audience. “Of course, it has to be a DAO.” It would work like this: Ether, a virtual currency like bitcoin, would be used to fund and develop applications on the ethereum blockchain—things such as making a music app similar to iTunes or a ride-sharing service along the lines of Uber. Investors would buy DAO tokens with their ether; the tokens would allow them to vote to fund projects they liked. If the app they backed made money, the token holder shared in the profit. In the six months he spent creating the DAO, Jentzsch thought it would raise $5 million. From April 30 to May 28, the DAO crowdfunding pulled in $150 million. That’s when ether traded just below $12. As the price of ether rose in the following weeks to $20.75 the day before the attack, so too did the value of the DAO, putting a $250 million target on this thing Jentzsch had unknowingly brought into the world with a fatal, original sin. “Our hope was it would be the center of a decentralized sharing economy,” says Jentzsch, who now regrets not capping the amount raised. “For such a big experiment, it was way too early.” In the weeks after the attack, Jentzsch and the rest of the ethereum community would come to grips with their own crisis that, writ small, echoed the bank bailouts and government rescues of 2008. “It became too big to fail,” he says. But why would anyone invest in the DAO in the first place? It has something to do with the strain of digital libertarianism at the heart of the ethereum community, much like the set of beliefs that led to the birth of bitcoin. Think of bitcoin as the first global currency whose use can’t be stopped by governments or corporations; on top of that, bitcoin is almost impossible to hack. Ethereum, then, is another level beyond. It’s an uncensorable global computer. As amazing and unprecedented as that is, it’s also a bit terrifying. Brought to life, the DAO ended up staggering off the table and turning on the community that wanted it so badly. Accustomed to working into the night to stay in touch with colleagues in North America, Jentzsch blows off steam by jogging or kayaking on the nearby Zschopau River. Yet on that Friday morning, he had the more pressing task of pulling himself up off the floor and dealing with the attack. “I went into emergency mode: Don’t try to save the DAO,” he says. “No, it’s over.”
It was far from over. Several hours later and half a world away from the Jentzsch household in Mittweida, Alex Van de Sande was waking up in his apartment in the Copacabana neighborhood of Rio de Janeiro. The baby-faced ethereum developer had been born in the small fishing village of Santa Cruz Cabrália in the Bahia region of Brazil and moved with his parents to Rio when he was about 3 years old. These days he’s known as “avsa” on Reddit and Twitter. After reaching for his phone to see why it was blowing up with Skype messages, he turned to his wife and said, “Remember when I was telling you about that huge unhackable pile of money?” She nodded. “It’s been hacked,” he told her. His first thought was to get his DAO tokens out. He owned about 100,000 of them, valued at about $15,000 at the time. He’s the lead designer of the Ethereum Wallet app, a program that allows him and anyone else to interact with the blockchain. Van de Sande scrambled to log in to it, but his password didn’t work. It was glitching, and as he worked to fix it, his panic subsided. He realized he shouldn’t be bailing on the DAO but trying to save it. And to do that, he needed Griff. Griff Green, who’s worked variously as a massage therapist in Los Angeles and a community organizer in Seattle, is one of only a handful of people in the world who holds a master’s degree in digital currencies. He got it online, natch, from the University of Nicosia. A self-described “dreamer,” the 32-year- old is the closest thing Ethereumville has to a mayor. Green knows everybody; in fact, he’d been the first to relay word of the attack to Simon, Jentzsch’s brother and a co-founder of Slock.it. Green had been working for Slock.it for about six months by then and woke up that morning in the house belonging to Jentzsch’s mom in Mittweida. Jentzsch is one of nine children, so his mother had a spare bedroom where she could put Green up for a few days. Using his extensive contacts, Green started identifying as many people as he could who were interacting with the DAO—going so far as to ask strangers to send pictures or scans of their IDs—in an attempt to sort friend from foe. And then something strange happened: The attack stopped working. In the six hours since the attack began, the thief had managed to steal 30 percent of the DAO’s 12 million ether—which that day equaled about $55 million. “We don’t even understand why the guy had stopped,” says Van de Sande. Now Green raced to protect the remaining 70 percent of the DAO the attacker hadn’t stolen. Once Van de Sande got in touch with Green in Germany, along with two or three others, the foundation was laid for what would become known as the Robin Hood group—white hat hackers who’d devise a bold good-guy plan to drain the remaining DAO. To save the DAO, they’d have to steal the remaining ether, then give it back to its rightful owners. And yet as they scrambled that Friday, qualms emerged within the group. “What does it even mean to hack something?” Van de Sande asks. No one knew if what they were about to do was legal. Also, wouldn’t their hack look just as bad as the theft they were trying to stop? Then there were the practical issues. “Who pushes the button?” he remembers wondering. Doing so would initiate their counterattack and alert the community. “Someone has to push the button.” The price of ether the night before the attack had hit an all-time high of just above $20. News of the hack sent it tumbling to $15 by the end of Friday, wiping out almost a half- billion dollars in market value. At that price, the DAO still held $125 million, and the Robin Hood group worried the attack would resume. They might be the only line of defense if it did, so Van de Sande agreed to use his DAO tokens to fuel their counterattack, thereby becoming a public face of the group. At this point, it might help to think of the DAO as the spacecraft in Alien after Ripley initiates the self-destruct sequence. To flee, she’s forced to use an escape pod. DAO investors had to initiate a similar sequence to deploy escape pods that would allow them to get their ether out of the DAO. The code that dictated the escape pods’ behavior is where the bug lived, so to steal the remaining DAO funds the Robin Hood group would have to be in a pod to exploit the flaw—and because of the way Jentzsch wrote the DAO, they had only a short window of time and just a few pods to choose from. A few minutes before launching the attack, Van de Sande joked on the group’s Skype chat, “Let’s go rob a bank!” No one laughed. “Not everyone really appreciated the humor,” he says. In his Copacabana apartment, Van de Sande readied to push the button on his laptop. Then, suddenly, he lost his internet connection. His router was down. “I was like, What the f--- is going on here?” he says. He had less than 30 minutes left to execute the Robin Hood hack. He frantically called NET, his Brazilian internet service provider, but couldn’t get past the automated customer ­service experience. He says the robotic voice told him, “We see there’s an internet issue in your neighborhood.” The irony was not lost on him: Here he was trying to steal millions of dollars from a robot but was being waylaid by another robot. “Then we missed,” he says. The window closed. He went from the high of feeling like they were about to come to the rescue of the vulnerable DAO to the crushing low of having their international connection severed by NET’s breakdown. He took his dog, Sapic—named after the one in Pedro Almodóvar’s All About My Mother—for a walk, then crawled into bed, defeated. The next morning was Saturday, and Van de Sande tried to reconvene the Robin Hood group to infiltrate ­another escape pod. But folks were busy and couldn’t get together. “We felt like the worst hackers in history,” Van de Sande says. “We were foiled by bad internet and family commitments.”
Who, exactly, were they at war with? No one really knows, but there are some clues. One address the attacker used is 0xF35e2cC8E6523d683eD44870f5B7c C785051a77D. Got that? Like everything else in a blockchain, a user’s address is an anonymous string of characters. But every address leaves behind a history on the blockchain that’s open for examination. Not that it makes sense to 99.9 percent of humankind, but Green gets it. To pull off his heist, the attacker needed to create a contract that would interact with the DAO. He did so on June 15 and deployed it in the early morning hours two days later, according to Green. Once activated, the attack contract started sending about $4,000 worth of ether through the attacker’s account every three or four minutes to drain the DAO. But where did the original money to fund the attack come from? To interact with the ethereum blockchain, every contract must be funded by an amount of ether. This attack contract was funded by two addresses, but tracing it further back becomes tricky. That’s because the second address used an exchange called ShapeShift to send 52 ether into its account on June 14. ShapeShift doesn’t collect any information on its users and says it turns one virtual currency, such as bitcoin, into another, like ether, in less than 10 seconds. While there are valid reasons for using ShapeShift, it’s also a great way to launder digital assets and ­cover your tracks. After the attack contract stopped working, the thief needed to deploy it again, says Green. He tried but failed, and after a few more transactions, the hack whimpered to an end. (One possible reason the attack stopped, Green says, is that the hacker’s tokens became corrupted, which means he had no way to exploit the bug.) We know this limited amount of one-sided information from the blockchain’s public record. Digital asset exchanges see both sides. An internal investigation by one such exchange concluded that the DAO attacker was likely part of a group, not a lone wolf, based in Switzerland, according to an executive there who wouldn’t speak on the record or allow the company’s name to be used. ­Exchanges are in the unique position of being able to analyze the trading activity of their customers because they know who they are, even if they’re anonymous on the blockchain. The executive says the exchange shared the analysis with the Boston office of the FBI, though there’s been no further contact since October of last year. Cornell’s Gün says he also spoke to the Boston office of the FBI—and to agents in the New York office and to the New York State Attorney General’s Office. “It’s very difficult to coordinate an attack of this kind without leaving breadcrumbs behind,” Gün says. He encouraged the FBI to look at the ethereum testnet, where programmers can run their code in a safe environment to work out kinks. The attacker wouldn’t just launch such a complicated hack without testing it, Gün says he told federal officials, and the feds might be able to get clues to his identity there. Gün says he also pointed them to addresses linked to the attacker, such as the one described above, that were listed by his grad student Daian on his blog. (The FBI declined to comment.) “I’m absolutely amazed. Why has no one traced this back and found out who did it?” asks Stephan Tual, the third co-founder of Slock.it. “It still bugs me to this day, because what that person has done is incredibly unethical.”
On Tuesday, four days after the initial attack, the hacker returned and somehow resumed the heist. The Robin Hood group had feared this moment would come and was ready. Early Sunday morning they’d finally managed to convene online and successfully infiltrate an escape pod, but had held off their counterattack. Now they had no choice. One strike against the group was their distance from one another—one in Rio, others scattered about Europe. (Some of the group’s members didn’t want to be identified for this story.) It was important that they coordinate their activities because, like in Charlie’s Angels, they all had different specialties: Green the community organizer, Van de Sande the public face, others who wrote the Robin Hood group attack contracts. So Van de Sande needed to be walked through the step-by-step hacking process they were about to unleash, because that wasn’t his area of expertise. “I’ll be honest, I was excited,” Green says. “This is the craziest thing that’s ever happened to me. This is the craziest thing that’s almost ever happened to anyone.” Whether it was legal remains an unanswered question. “You literally have cyber ninjas warring on the blockchain,” says Vessenes, the programming expert. “What they’re doing is almost certainly illegal, but they’re claiming it’s for the greater good.” And now it was Van de Sande’s job to let the community know that the Robin Hood group counterattack was benign. He took to Twitter, where he wrote “DAO IS BEING SECURELY DRAINED. DO NOT PANIC.” A nod to the classic Hitchhiker’s Guide to the Galaxy, his plea to not panic was met with all the snark and real-life concern Twitter can handle. “NOTHING SAYS DO NOT PANIC LIKE ALL CAPS,” one user responded. “#RealLife is more exciting than

MrRobot !!” tweeted another. Yet as the Robin Hood group attack

gained steam, they noticed something strange and worrisome—the attacker was with them in every escape pod. “We escaped the mother ship, but now we’re alone in space with the alien we were trying to escape,” says Van de Sande. This was a big problem. Because of how Jentzsch wrote his code, the Robin Hood group would have to wait several weeks before they could secure the ether they recovered. Yet if the attacker was in that escape pod with the group, he could just follow them—what’s known as a stalking attack. If the hacker stalked the Robin Hood group, the ether wasn’t really safe after all. “The game only ends when one of these parties doesn’t show up to fight,” Van de Sande says. This, in essence, is the heart of the DAO Wars, the never-ending battle that would have to be waged to keep the recovered ether safe. If only there were a way to reverse the theft once and for all.
What happened next is one of the strangest and most contentious episodes in blockchain’s early history. The morning of July 20 dawned cool and clear in Ithaca, N.Y., the home of Cornell. A weeklong ethereum boot camp on campus had brought developers and programmers from all over the world to town. The mood was anxious, but not because the workshops were about to begin. This was the day the ethereum community would decide to rewrite the past. The weeks since the DAO hack had been filled with acrimonious debate as developers, coders, investors, and other community members considered their options to undo the theft. As the Robin Hood group battled the attacker mostly in private, a public debate was raging. The white hat hackers weren’t the only ones trying to save the DAO. Jentzsch worked almost around the clock, fielding hundreds of requests from DAO investors on what they should do. Vitalik Buterin, 23, who created the ethereum blockchain before he was 20, became a focal point as he led the community through their options. In short, what they could do was change the ethereum blockchain to fix the DAO, but only if they got a majority of computers running the network to agree to a software update. Pull that off, and it’s as though the attack never happened. This is known as a hard fork. The decision stirred such strong reactions that it remains controversial a year later, both within the ethereum community and with bitcoin users who insist a blockchain’s history is never to be tampered with. In an interview in October, Buterin was unapologetic about pushing for the change. “Some bitcoin users see the hard fork as in some ways violating their most fundamental values,” said Buterin, who didn’t respond to requests to speak specifically about this story. “I personally think these fundamental values, pushed to such extremes, are silly.” Within the ethereum community, at least, Buterin’s views won the day, and computer nodes all over the world accepted the fork. Contained in block 1,920,000, the fix to the DAO was simple and did only one thing—if you had ether invested in it, you could now get it out. But why hadn’t the attacker made off with his money? It had been more than a month. The same code that exposed the DAO to the theft, in the end, enabled the ether to be returned. Everything to do with the DAO is a parameter: rules, if-then statements, and more rules that are all finalized before the program is set loose. One of these parameters stated that anyone wanting to get their ether out of the DAO had to wait a certain amount of time—27 days after the initial request, then another seven days. This fail-safe, written by Jentzsch, applied to the attacker as well. So even though somebody had effectively robbed a bank, he then had to wait 34 days before crossing the street to make his getaway. While he was waiting, the money was stolen back. A month after the original heist, the ether thief now had nothing to show for his caper. Back on the Cornell campus, ethereum boot camp attendees celebrated. The next day, Gün brought Champagne to the session he was teaching. He’d pasted makeshift labels on the Chandon bottles with a picture of the utensil that said, “Congratulations on the successful fork.” Then something else unexpected happened. The original ethereum blockchain, the one with the DAO attack in it, kept growing. Imagine a hard fork is a branch of a tree that sprouts in a different direction at the end of the main limb. The end of that limb is supposed to wither after a hard fork, but here it continued to grow as a small group of users continued to process transactions on that version of the blockchain. Instead of dying, this became a second form of ethereum, quickly dubbed ethereum classic, complete with a digital currency that now had value. Even in the ­science fiction world of blockchain, this was an unprecedented turn of events. It meant the DAO attacker suddenly had about 3.6 million ethereum classic coins in his DAO account, known as the DarkDAO, which were slowly gaining in value. The Robin Hood group held about 8.4 million, because in this parallel universe they still controlled 70 percent of the DAO funds they had recovered. The Robin Hood group couldn’t believe it. “We did everything to avoid this, but now we’re being dragged back into this fight,” Van de Sande says. Now, the bitcoin supporters who viewed the hard fork as a violation of the core values of blockchain could back up their belief by buying ethereum classic. That’s exactly what entrepreneur Barry Silbert, a heavyweight in bitcoin circles, did. “Keep in mind, the original chain is ethereum classic,” he says. “The fork is ethereum.” Putting his money where his mouth is, Silbert’s firm, Grayscale Investments, recently issued an investment thesis outlining the benefits to ethereum classic over ethereum. A section heading sums up the rationale: “The DAO and the Death of Principles.” Alexis Roussel, co-founder of Bity.com, a digital currency broker in Switzerland, still marvels at the aftereffects of the hard fork and the wild world of the blockchain. “This is something that doesn’t happen in traditional finance,” he says. “If something happens with Apple, you don’t suddenly have a clone of Apple.”
It’s been about a year since the DAO attack, enough time to take stock of what went wrong. Van de Sande is eager to move on. “It was really just a blip,” he says. “We are ready to move past it and leave the DAO story behind us.” Green, who’s organizing an ethereum conference at this summer’s Burning Man festival in the Nevada desert, has kept a sense of humor about it. “The Robin Hood group was just a s--- show,” he says with a laugh. “I hope the movie portrays it better than it actually was.” As for the bug itself, apparently many smart people looked at the code before Gün but missed one major flaw. The order of commands in the code allowed DAO token holders to withdraw any profit they’d made from their investments. It reads “withdrawRewardFor(msg.sender)” and adds, almost improbably, a note to anyone reading the code that says, “be nice, and get his rewards.” That’s line 667—let’s call it “The Neighbor of the Beast Bug.” If the withdraw line had come after these lines:
totalSupply -= balances[msg.sender]; balances[msg.sender] = 0; paidOut[msg.sender] = 0; return true;
the attack wouldn’t have been possible, Jentzsch says. But if the code had been in the correct order, the reward parameter wouldn’t have worked. As for the note, this line of code was meant to allow investors to withdraw any profit—“Reward”—their investments had earned. Instead it became one of the biggest backdoors in hacking history. It would have been better to not pay rewards during the split function from the DAO, what we’ve been referring to here as the escape pods, according to Jentzsch. Another decision he made when he had no idea of the bug shows how quirky and unforgiving code can be. “If the capital ‘T’ in line 666 had been a small ‘t,’ that would also have prevented the hack,” he says. Jentzsch has many regrets but insists no one was aware of the specific problems in lines 666-667 (other observers had pointed to flaws in other lines, just not here). Had more people looked, “it would have made no difference at all,” he says. “If you don’t know what to look for in a security audit, you won’t find it.” Even Gün, who had it in his grasp, let it go. “I still missed it,” he says. Green’s emotions are still raw related to Gün. “I actually got really pissed at him about this,” Green says. “He started bragging about how he found the bug.” He adds that it was “very irresponsible of him to not tell anyone of his inkling.” Still, Green “respects the hell out of Gün” and says they’ve since made amends. Asked to recount that night last June as he lay sick in bed, Gün says, “I came away from this thinking there’s potentially an issue.” But he’d consulted Daian, his grad student (“whom I trust”). Daian had said it’s “not exploitable.” Gün says that had he been certain of the danger, “I would have told people.” In a blog post that explained the mechanics of the DAO heist Daian published the night of the attack, he gave a shoutout to his professor in the acknowledgments. “Gün, we were so damn close—sorry it wasn’t quite enough this time :),” Daian wrote. As for the attacker (whoever he or she or they are) and the ethereum classic booty, Gün says, “Great, wonderful, he should cash out.” The hard fork proved it wasn’t just the DAO that needed to be fixed, but the ethereum blockchain itself. He says: “The fault lies somewhere on the system side as well.” But the fear that smart contracts are too clever by half and that by extension so is the ethereum blockchain itself—prevalent in the days following the DAO attack—has dissipated. At least that’s the market’s verdict, judging by the price of ether. After the attack, it traded from $10 to $12 for about nine months. Then in March it took off; it’s valued at $341.19 as of June 12. (That would have valued the DAO at $4.1 billion, but let’s not even go there.) Ethereum classic has risen as well, and it now trades for $18.71. Both versions of ether remain viable, in other words. The thief holds one; the revisionists, the other. Going forward, the choice is really: Whom would you rather believe? Since the hard fork, the attacker ended up making off with his ethereum classic. That means he got away with about $67.4 million, assuming the stash hasn’t been sold. Not too shabby, 0xF35e2cC8E6523d683eD44870f5B7cC785051a77D.
Leising covers market structure at Bloomberg News in New York.
To contact the author of this story: Matthew Leising inNew York at [email protected] To contact the editor responsible for this story: Joel Weber at [email protected]
submitted by Degoony to ethereum [link] [comments]

Trade Nexi Pre-ICO Kicks off! Gazing into the future through the lens of the present

Trade Nexi Pre-ICO Kicks off! Gazing into the future through the lens of the present
Japan? Such was the excitement when the attention-grabbing news broke out on Japan’s goal of making cryptocurrencies a mainstay in their bid to transition into cashless economy (1). Considering Japan’s status as one of the largest economies in the world just behind the US and China (2), and the country’s reputation as a technology powerhouse, this news is hardly meant to be a surprise. However, what makes the news a resounding one is the fact that Japan has had its fair share of the challenges associated with the adoption of cryptocurrencies. When the major heist that saw hackers carting away with $450 million worth of bitcoin occurred in 2013, Japan was the worst hit because Tokyo Japan accounted for 70% of Bitcoin transactions at the time. How did the country respond? Rather than becoming reactive, skeptical and averse to cryptocurrencies, they did the opposite by taking proactive steps towards ensuring such debacles do not reoccur. Regulations were set, and more security checks were put in place. Why? The country saw, (and sees) clearly, the future through the lens of the present and they are consciously positioning themselves to become a front-runner in the financial revolution that has begun already. A revolution that sees cryptocurrencies as the mainstay means of transaction ahead of fiat money, in every nook and cranny of the globe.

https://preview.redd.it/5vuk2taf7fd21.jpg?width=1189&format=pjpg&auto=webp&s=4b5a7b39fdeff0b0cc09f9547254d9025c8d1812

Japan’s case is just one out of the many budding cases strongly indicating the imminent watershed moments in the financial world where the global market gravitates from fiat, border-restrictive paper currencies into decentralized digital currencies built on blockchains. The revolution it brings does not only afford more freedom but the speed with which transactions will be made is uncanny. For instance, if Japan’s project succeeds within the defined time frame, the developers claim it will be able to handle over a million transactions (up to 10 million) per second. In comparison, some of the most efficient and fastest of credit card networks are only able to handle several thousand transactions per second. To put that into perspective, individual transactions on the blockchain can be confirmed in two seconds or far less. Such is the immense power and potential of crypto-driven marketplaces.
Trade Nexi — a melting pot of three market models — Trade Nexi Market, Trade Nexi Exchange and Trade Nexi Community stands as a major forerunner in this revolution of synergizing Blockchains with eCommerce. The project will blur the distinction between the two worlds, as cryptocurrencies become the foremost means of the transaction of goods and services. The pre-ICO stage kicked off with lots of fanfare and with the relentless efforts of the teams of experts behind the scene, lots of progress have been made and meaningful traction generated. In the first week of the pre-ICO stage launch, our social media outlets grew in leaps and it keeps getting better (See figure 1).



https://preview.redd.it/4dyn3a1k7fd21.jpg?width=425&format=pjpg&auto=webp&s=02c1ac205062b938d8e575897a8fddd73de9afc6

By the end of the first week, we had received visitors from 46 countries spread across 5 continents across the globe with India topping the charts on the number of unique visitors. Perhaps the most interesting aspects of the milestones made were the fact that main ICO listing platforms have been selecting us for listing and some were done without filing applications to them. Such is the potential and long-term viability of the Trade Nexi project.
Current listings and initial ratings are as follows:
ICO Birds with a rating of 9.3/10
CRYPTOTotem — 7.9/10
ICObench — from 3.6 to 4.0
ICOmarks — 6.9
CoinLauncher — 5.38
CryptoKrunch — total score 61
Other listings and recognition include:
ICOHOLDER
Wings Foundation DAO Platform
Coingecko
TheTokener
NB: We got selected by ICOHOLDER, one of the biggest and strictest ICO listing sites, without applying. They checked out our project out, found it auspicious and listed us.
We are matching on — with conscientious attention to details, security and ease of transaction as our watchwords. The pre-ICO stage affords early buyers to purchase our tokens at a modest rate of 1 Nexi = $0.002 before the full ICO launch later in February 2019. For more information on TradeNexi, our objectives, available opportunities and how to purchase our tokens join our budding community on the following platforms:
Website: https://tradenexi.com/
GitHub: https://github.com/TradeNexi/Nexi-Token
Discord: https://discord.gg/MgWcKnP
Twitter: https://twitter.com/TradeNexi
Reddit: https://reddit.com/usetradenexi
Bitcointalk: https://bitcointalk.org/index.php?topic=5097950.0
Medium: https://medium.com/@tradenexi19/
Telegram group: https://t.me/tradenexigroup
YouTube: https://www.youtube.com/channel/UCt5Pq4qU-X7xGiXFq6bhIqg
Instagram: https://www.instagram.com/tradenexi
https://tradenexi.com https://tradenexi.com/buy-nexi https://tradenexi.com/bounty [[email protected]](mailto:[email protected]) for general inquires [[email protected]](mailto:[email protected]) for help using our services [[email protected]](mailto:[email protected]) for business

Footnotes
  1. https://www.technologyreview.com/s/611656/will-people-ditch-cash-for-cryptocurrency-japan-is-about-to-find-out/?utm_campaign=the_download.unpaid.engagement&utm_source=hs_email&utm_medium=email&utm_content=69185384&_hsenc=p2ANqtz--WrQmYwm-y3ObreBpOs47x9GeD8c1Tt8_HjHk4Ca3XfX_YG_u3Q0wdqNba72gMKMdNMRUL8ZD-C_7zF21SMZCV5KdGEA&_hsmi=69185384
  2. https://www.focus-economics.com/blog/the-largest-economies-in-the-world
submitted by TradeNexi to u/TradeNexi [link] [comments]

Blue Beelzebub (Part 1)

For years, years, I wondered – ‘why me’ – you know, you know, kiddo – ‘why me’ – but there is no ‘why me’. What? As if there were, you know, ‘chosens’, there’s no ‘chosens’ – there’s no all–seeing, all–knowing powerful nothing. It happened. That’s it. I fell for it. I took its bait – hook, line, sinker. Didn’t I do it to myself? Wasn’t I the sucker? There’s no ‘why me’ – and once I realized that, that there was no, that there was no, no any kind of justice what so ever, until I acted, that gave my existence purpose. And now I’m gonna fulfill that purpose. I don’t want you getting involved. You’re deep enough as it is. Don’t be the sucker!
– Bobby Mortaren; famous last words
I raced from the house to the hotel, at Walsenburg, where I struggled to make sense of everything that transpired. I poured myself over notes and records that I had brought along. Only my laptop’s glow illuminated the room. Every so often lights through I-25 swept across the bed. Every so often breezes stirred trees around the perimeter. Soon midnight passed. The world darkened, relaxing as it were into slumber.
A knock rattled the door - and I could have shrieked if it weren’t for what remained of my nerves. All of a sudden, I felt so icy, so cold, that I stood, frozen, uncertain of how to proceed. Who was it? It couldn’t be good. Not the FBI. Not the Thules. Ache, already?
I balked at chucking my laptop - whoever they were at the door, they’d find it, they’d find it.
It’s the 21st century; evidence doesn’t vanish without a trace.
As my heart pounded my chest, I reached that door and cracked it a notch. I braced for the kick certain to follow. It didn’t come. The hotel’s courtyard / lot spread, deserted except for my rented Wrangler. There wasn’t anyone - anyone who may have been my visitor.
Yet - by my feet - at the edge of the threshold - my visitor had left a box.
I poked at it with my pole and turned it over and over. It wasn’t postmarked. It wasn’t addressed. It had been delivered by hand and, suspecting what it was, I yanked it inside. Leaning onto and drooping against the door, I tore its lid. The box contained two floppies, a CD, and a stack paper. It was Blue Beelzebub - all of it, every part of it. As well as instructions: a How-To-Guide for destroying your future, fetched onto my doorstep, white-glove-style to boot, as promised. It may as well have been a bomb.
###
How did Blue Beelzebub mutate into my obsession?
Worse - did I expect to find its truth remarked into code from 1996? 1996! There wasn’t a lot to the internet way, way back when. But crime was crime no matter its era. Was it crime? And did the game start this way or that way then evolve into crime? Was it crime from its start?
The programmer of Blue Beelzebub, a hacker by the avatar ‘ZuZu’, claimed to be legit. Their MO had been to create games not scams. Or so it appeared until Blue Beelzebub entered the story. If it were a product of malware, why had ZuZu devoted so much of their effort into its creation? Why had they boasted of the game’s nitty gritty details during its gestation? Why all of that trouble, if only a fraction of it would have been appreciated by those who played it? Even LVN, when they weren’t laundering bitcoin, expressed what may be described as passion for that game.
Was it a game?
By 1996 standards, its demos parlayed atrocious graphics and threadbare mechanics. The way it affected the player’s rig ensured nobody would be eager to replay it. The game passed every scan available yet it twisted the OS and hijacked the PC to serve as a node, a link into a yet-unknown and yet-unnamed network for purposes every bit as mysterious as the game itself.
As I contemplated the reality of the situation, I settled onto the notion that that game may have been a gimmick to cover truly malevolent intentions. That had been the crux of LVN’s KickStarter and GoFundMe rackets - they always proposed plausible if lofty projects as if they were real, actual products people buy. However, case after case demonstrated that their pretense unraveled after scrutiny. Could it be, as far back as 1996, the creator(s) of Blue Beelzebub conceived of such a deception? FPS (of the type Blue Beelzebub reported to be) were the rage through the 90s. If so then their MO resembled that of a typical bait-and-switch scheme - bait them with a game, switch them with a virus. Then? What? Profit?
###
In the summer of 2017, Czech authorities in conjunction with the EU, arrested LVN at their apartment south of Plzen. They seized the hacker’s laptop, PC, as well as their twenty thousand CD library. LVN was a hacker-for-fire; evidence presented at their arraignment demonstrated to the court that they had been paid by Russian and other Eastern European actors to pilfer bitcoin wallets. In addition to theft, the court entertained charges connected to a NiceHash heist of 64 million euros earlier that year.
It was the breach of NiceHash’s security that brought my skills to the EU’s attention. For a few weeks, between March and May, I played my part to aid the investigation and the conviction of its mastermind. We discovered that the breach had been directed from inside NiceHash. We split the work: ‘brick and mortar’ detectives ran interviews and stakeouts while my fellow ‘white-hats’ and I toiled at the forensics. To meet our end of the bargain, we created a model of that cyber-attack, in order to construct and deconstruct its operation. As we realized how the crime had been executed, we identified the party responsible for it and built the authorities a solid chain-of-evidence - a chain-of-evidence that identified LVN as the perpetrator.
LVN masterminded not just that NiceHash heist but a dozen scams at sites like KickStarter and GoFundMe. LVN traded exclusively through bitcoin. Their MO was to sow fake projects then to reap real funds submitted by backers - by backers who aimed to launder money via its exchange into bitcoin. Projects were advertised to those who sought the service; they were fraudulent through and through yet they appeared real enough to fool the maintainers of those sites and the public at large who may have been tricked by the scams.
Under the supervision of the investigation at large, I pledged my dollars to a few of LVN’s projects, to see what the response would be. Soon, LVN and I exchanged emails. They wanted to speak face-to-face. In front of the experts, I played to type and gained access to a roster of services from that hacker-for-hire. As a result of the communication, the investigation brought into play anti trafficking & exploiting agencies from around the world and accelerated their goal to convict LVN.
One of the projects LVN advertised didn’t fit into the mold in so far as it felt like a genuine hobby of theirs. LVN sought investors to fund their (re)development of a game, Blue Beelzebub. The project listed at KickStarter - removed but saved to my laptop - included a lightbox of images and demos as well as snippets of code. It discussed such esoterics as: updates to its physics engine and its video & audio renderer; upgrades to its arsenal and its gallery of foes; changing its play - expanding its levels and ditching its linearity.
The details impressed me as they perplexed me. Why? I kept asking. What’s the idea? What’s the racket? Why create a game using twenty year old technology? I understood its esoterics perfectly for I came of age during the 90s. So much of what went into Blue Beelzebub felt familiar as it was familiar. An FPS - first person shooter - propelled by a fork of that fabled, 2.5D DOOM engine. Little wonder that its caps parlayed the look and feel of classic 90s PC games!
Maybe it was yet another scam? Or - maybe - it was a hobby of a gamer / programmer? Could it be that LVN recalled those early DOS games and wanted to re-create the era? But that wasn’t everything. And as I mused & Googled I started to ask myself if there wasn’t more about Blue Beelzebub beyond the haze of my nostalgia. I failed to connect the dots although that did not shake the deja vu - somehow, someway, I recognized that game.
###
Escape published my article about LVN’s conviction. Against the advice of my editor, I stalked its commentary, to see what, if anything, the story drew out of the woodwork. Its aside re: Blue Beelzebub attracted attention. I wasn’t surprised, to be honest, as I had inserted it into the text to draw reaction. And my rouse worked! But I wasn’t the only one who felt deja vu about the game.
A commentator, who asked for anonymity, posted a link to 4CHAN about Blue Beelzebub. LVN had advertized the KickStarter for the game at a group devoted to indie developers. LVN never advertized their work at 4CHAN out of fear of exposure. So that thread where they didn’t ask for money confirmed my sense that it wasn’t, necessarily, a scam.
As I scanned that thread, however, I realized what a rabbit-hole the business would be. After LVN’s post, anonymous replies went to and fro as they typically do. Then the tenor of the thread devolved into a war amongst those who were for vs. those who were against what LVN proposed to do with the game. It was a question about credit. At last - somebody revealed a truth I duly suspected of - that Blue Beelzebub wasn’t the work of LVN - that the game as it existed predated LVN by twenty years or so.
The idea for Blue Beelzebub had floated about USENET c. 1995. The majority of the conversations extracted from the archives suggested that the game was vaporware. Its supporters countered that either a P/C or a DEMO existed and that a play-through had been uploaded to (early) YouTube. Everyone who added their opinion - pro & con - agreed that it was “inspired by Satan”, “took its cues from Crowley’s ‘Thelema’“, and that it included clips “replete with ever more corrupt” gore and snuff. A self-described player, whose rig they claimed had been “totaled” by the game, stated bluntly that it contained a “Chinese Sandwich”.
Undeterred by the confusion, I kept at my search, ramming through the archives, pushing my way further back in time, from 1997 to 1995. USENET had been mirrored prior to its collapse yet its content was not indexed completely; a robust query of its posts required force and patience.... In spite of the odds, my effort worked, my persistence located the roots of Blue Beelzebub.
It was a posted dated June 15, 1995 written by the game’s originator, a hacker by the name of ZuZu. According to their missive, they claimed to have produced “a proof of concept demo” for their “latest and greatest” game, Blue Beelzebub, and that it was “a legit game catering to those who worship and admire Lucifer and everything that stands for”. ZuZu listed, point by point, the substance of their creation. I wasn’t surprised to see, splattered across that post, the verbiage LVN usurped for their own advert.
Except - they weren’t seeking funding. According to their missive, the game had been bankrolled “by entities of a foreign sort, who don’t want to be credited”. Rather, they were seeking “experts” willing to alpha & beta test the product.
Blue Beelzebub and by extension ZuZu went rouge between 1997 and 2005.
Then - October 31, 2005 - ZuZu submitted their last, known public statement. Broadcasted through their usual, over-the-top flamboyance, they wished for their “fans to learn and spread the word” that they “secured an exclusive”. They had convinced a devote of indie horror / FPS games to review Blue Beelzebub. The player they had snagged was famous for their day and their name I recognized as I read it.
Bobby Mortaren - an internet pioneer par excellence. Mixing reviews and play-throughs together, his format had been lauded as visionary and just as imitated. Tweaked a bit by-the-by it continued to find use. His name, though, hadn’t been spoken of for a decade. Games had changed. Tastes had changed. He could have shifted into yet another venture so far as I knew.
Mortaren posted his works to YouTube - to YouTube prior to its merger with Alphabet. As I considered the changes that transpired across the years, I wasn’t surprised to discover that all of my links to his works were dead. Eerily, though, it was impossible to locate his reviews directly via YouTube. So I tried Google and Bing. No result. Ditto with DuckDuckGo. Ditto with Wiki, SlideShare, BoardReader. Out of desperation I surfed into the remnants of Alta Vista - maybe its database saved the information? No. No. Futile - all of it.
YouTube’s size was greater than USENET’s size. My task’s extent was altogether a colossal order of magnitude. If that which I pursued had not been deleted, then, it would be found ad finem omnia. So to dig further I opted for a quick & dirty hack - a bot. A bot scripted to sift and sort all YouTube’s content that matched keywords Mortaren and Blue Beelzebub. I ran it and waited for days then for weeks then for months.
###
My extensive search corroborated the fact that Mortaren left the internet c. 2006. Assuming they may have continued via pseudonym, I enquired into the matter with colleagues who devoted themselves to games and / or to reviews. Only a few recognized their name; nobody was cognizant of their voice.
An editor from ToplessRobot directed my attention to a defunct fansite’s messageboard where somebody asked why Mortaren vanished without a trace. To my shock, the reply was that Mortaren had been arrested by the FBI c. 2006. I could not fathom why. Nevertheless, if the revelation were correct, then, the resolution to the matter was tantalizingly viable. Arrests - and trials - were public.
The LVN / EU case brought my forensic skills to the notice of the DOJ and the Treasury / Secret Service. The FBI, like its European counterparts, wanted to understand everything about bitcoin and how it might (might) be possible to trace transactions to individuals.
As part of my freelance work, I already met and debriefed FBI agents re: the Czech hacker. Eventually ‘large’ talk gave way to ‘small’ talk amongst us. It was at that juncture that I broached the subject of Blue Beelzebub - namely, that LVN hatched a scheme to defraud investors (via bitcoin) ostensibly by promising to develop an update to that game.
“They got exposed by players who recognized the game’s ill-repute,” I stated. “Apparently, the game’s infamy started after its reviewer, a fellow by the name of - er - Robby Mortaren? Bobby Mortaren? Well - they got arrested by the FBI.”
Neither the game nor the reviewer elicited a reply - immediately, anyhow.
A (censored) document, summarizing a DOJ investigation, worked its way into my mailbox. Mortaren had been under FBI surveillance from November 2005 to May 2006. Why wasn’t stated; just that the FBI obtained search warrants for computers & electronics. A federal judge issued an arrest warrant May 30, 2006; however, the DOJ withdrew the charges after Mortaren agreed to an immunity deal. Mortaren turned star witness at a trial that involved organized crime as well as rackets, cults, ritualized human & civil rights abuses and elements that suggested Satanism. The perpetrator(s) that the DOJ wanted to convict fled either to South America OR Eastern Europe / Central Asia. The trial evaporated; neither the charges nor the perpetrator(s) were detailed.
Mortaren’s immunity deal with the DOJ wasn’t negotiable or retractable and included a complete internet ban.
The document listed a PO BOX as Mortaren’s permanent address.
To Mr. B. Mortaren:
Sir, I apologize. Blue Beelzebub. Were it not for the fact that you may be the only person left to recall that game, I would not have stretched my resources so thin to find you. If you are not able to assist my research, is anyone?
I was part of an EU investigation re: bitcoin, theft & fraud, as well as trafficking & exploiting vagrants. Through that investigation I came into contact with a hacker; they claimed to be working on Blue Beelzebub; they sought funds to upgrade it. While disturbing to say the least, that game did not strike me as part of the hacker’s MO. So I pried further into the matter and discovered, to my astonishment, that Blue Beelzebub dated to the mid 90s and that you reviewed & posted the demo at YouTube.
I am curious about that game. I cannot get it out of my head. Who was the programmer? Who was the developer? Where did they get the money? What were their goals? What was the game about, if the game was about anything?
A DOJ document summarizing your immunity from prosecution was brought to my attention. I suspected, as I matched the timeframe of the FBI’s surveillance and arrest, to the demo, that these matters are related. I was not able to find a link, due to the fact that all records, transcripts, etc., were sealed by request of the FBI.
If, for any reason what so ever, we cannot communicate about this matter, would it be possible to contact a surrogate or anybody with the information I seek?
With All Due Respect
JK
###
Due to limits that existed at YouTube’s debut, videos posted from 2005 to 2010 were capped to 10 minutes. Both image and sound playback quality were kept low to spare bandwidth. A lack of (accessible) software and hardware to edit video forced vloggers to improvise. Mortaren had always used a webcam and mic from the 90s to shot their videos ‘live’, i.e., without edits.
YouTube retained the majority of Mortaren’s content; however, after a check of the dates and the poster’s IDs, I determined that Mortaren’s videos had been reposted c. 2006 by another user.
If the titles / numbers were correct then there were seven parts to the demo Mortaren recorded for Blue Beelzebub. Of seven, six remained. Specifically, the 5ifth - which must have been filmed as evidenced by the discontinuity between 4ourth and 6ixth - defied my ability to trace.
The reposter stated that “the 5ifth wasn’t part of the review package”. Yet, as I perused copies of replies they had saved, commentary that referenced material that doesn’t appear anywhere else, I strongly suspected that a 5ifth had been posted for a while and, for whatever reason, Mortaren removed it prior to 2006.
1irst - details facts re: the game: the developer, the programmer, the system requirements, etc.
“If your rig’s able to run DOOM, Blue Beelzebub works,” they state then add: “although, prepare yourselves, kiddos, the game takes a very, very long time to install”.
Passingly, he adds that a fan of his had ditched the game after they experienced “a catastrophic system failure” that they blamed “on either a bug or a virus or both”.
The executable and its auxiliary files pass every virus and malware checker Mortaren throws at it.
2econd & 3hird - demonstrates the game play or what passes for it.
Mortaren prefers to record his reviews live so that his fans experience the game exactly as he does. His videos contain hints / cheats if they are discovered as he plays. He describes Blue Beelzebub as a DOOM-GUY-ESQUE player who moves through an enshadowed monochromatic maze.
“There’s no backwards, I, I, I don’t believe it! Did they forget to give us backwards? There’s forwards and left, right. Kiddos, you gotta do a circle to go backwards.” He continues to berate the game, adding: “Yeah, there’s only forwards. And you know, I gotta say it, the programmer may think they’re the money’s nuts for it.... But it’s so weird that going forwards causes the view to bob up and down or side to side. What’re they trying to do? Are they trying to replicate a player’s gait? Takes me right out of the game. Let me tell y’all why. Like I said, the programmer’s got to be thinking they’re the monkey’s nuts but it’s that bizarro attention to detail that’s so jarring as I consider the lack of detail given to the graphics. Guys. Guys. Guys. You gotta think about what you present.”
Mortaren piles his criticism of the graphics and the sounds, comparing both unfavorably to DOOM. Especially frustrating is the invariance of the black & white textures throughout the maze. He praises the response of the maze to the player as he notes, while attempting to draw the maze, that its passages shift at random. Then more and more criticisms were strewn at the game, including its lack of weaponry, its lack of powerups / extras, its lack of anything.
“A game can’t be about going through the maze, guys, there’s got to be a point - something to do!” Finally, he voices the suspicion that he had been duped by ZuZu.
4ourth - the demo gets interesting.
Mortaren finds an area of the maze where the textures differ. The video’s pixilation - perhaps due to the webcam - perhaps due to the way the reposter preserved it - masks the bulk of the alteration. I detect a change of shade, though, from black & white to blue.
“Well it can’t be for nothing that the wall is blue. Jeez!” As he cracks the joke, to his shock (an explicative slips), the sounds became those of “eerie, drone-like notes fading into reverb” and the monitor displays a still-shot. Mortaren zooms into the image; I recognize it as coming from the shock-site, ROTTEN.
After that alteration, every blue-hued texture Mortaren faces produces other images, increasingly nihilistic and graphic, usually of the dead or the dying, often of celebrities, suicides, accidents, wrecks.
5ifth - ?
6ixth - the segment starts at an awkward jump.
It must have been split from the 5ifth video and while Mortaren does not state why, explicitly, the tone of the voice suggests that something serious transpired.
“Sorry, kiddos, I turned the webcam away - a first - I guess this ZuZu accomplished something.”
When he returns the webcam to the monitor, it is apparent that in addition to tone the substance of the game itself altered.
The player stands at the center of a room Mortaren describes as “a vault with a hole at its floor”. The 2.5D renderer prevents the player from gazing inside the hole. But by directing the player to walk the hole’s circumference it is possible to catch bits of its contents. A sharp, blue light shoots out of the hole; the way it cast light at the ceiling suggests there might have been “water”, as if the hole were a well of sorts.
What shocks Mortaren is that the room fills with children. The renderings of faces make each of the children unique. However: “the ghastliness of the imagery resembles how faces voxilate like with Delta Force games”. Further, he notes, after a pause that echoes my own consternation and trepidation, “I’ve seen these kids. Yeah, I’ve seen these kids from those, those photographs the game stopped everything to show us. Jeez!”
The children stand statue-like as the player walks about them. They serve as obstacles that block movement, otherwise, inert, unresponsive, “not that the player interacts with the kids as there’s no other keys available except A, W, D”.
The video continues, then, Mortaren shrieks.
The playback jostles as if it were about to stop. When everything resettles, he speaks, calmly and evenly, that “there’s a kid that’s different ... animated. You gotta see it, kiddos, I can’t say if it’s awful because it’s awful or if it’s awful because it’s awful....” The webcam zooms into the monitor; the child rendering appears to show it breathing, haphazardly, with their mouth agape. And then, then the child moves and the player like the viewer alike slip an explicative. “I take it back, everything, this is truly and utterly awful.”
7eventh - the coda feels like the set’s longest but is the shortest.
“Right now I’m running. I don’t have a weapon, jeez! I’m running as fast as this keyboard allows but my health is shrinking.” Mortaren stops and rotates the player to face backwards. The animated child is behind and striking the player using a technique that resembles “Hanna-Barbera laziness - or who knows - who knows, kiddos, it could be part of the style”. Just as it is with DOOM, as the player’s health decreases, the view gets redder and the avatar gets bloodier. Mortaren aims into the maze; there is no exit, there is no weapon, no upgrade to assist, all that exists is the floor where the player drops, dead.
The 7eventh adds a post-script recorded after the demo. It shows Mortaren’s PC, open and split to pieces. “The game installed a virus,” he declared then described its symptoms.
“Immediately upon my player’s death, the PC rebooted. After the BIOS, instead of going into DOS, it starts a telnet session and tries to connect via IP. Of course it doesn’t get a reply since my PC uses dial-up. So it freezes, pinging and pinging a server somewhere that it cannot reach.”
Mortaren concludes by theorizing that if Blue Beelzebub were a virus, it must have been designed to target high-end systems with LAN / Ethernet ports.
I jot the IP and attempt to connect to it. Strangely, it will not load yet it will not issue an error of any kind. Chrome, FireFox, Edge, etc., freeze. WHOIS is not able to resolve the owner. Nevertheless, it yields the location of the server, a site approximately 50 miles north east of Trinidad, Colorado.
I reject the result; users of tracers already know that they rely on ISP databases to match IP / location - and how often are those databases updated? - and how often are those updates distributed? The decade that passed between today and the video, and between the video and the creation, assures that there must have been a drift re: the location of the IP.
###
I will not reveal the particulars of when, where, and how I received the call.
“The coordinates.” Into my ear spoke a voice that my investigation made familiar. “Check the coordinates.”
“Coordinates?”
“Blue Beelzebub.”
“Yes,” I replied and Mortaren implied we’d meet.
Mortaren had traced my whereabouts through the blogosphere. He wanted to talk about the game yet feared the government “and or others” eavesdropping. I admitted off-handedly that as I sunk into my work with the DOJ, my paranoia tipped.
“What’s the deal with the game, anyway?”
“What do you want on your Chinese Sandwich?”
My impression settled onto a mixture of intrigue and trepidation. The matter felt so cryptic as to defy credulity. Coordinates? Blue Beelzebub. Chinese Sandwich? Nevertheless, even as we talked (brief as the conversation was) I put together that by coordinates + Blue Beelzebub Mortaren referred to the IP the game telnet’ed.
submitted by 0fruitjack0 to nosleep [link] [comments]

This Week in Bitcoin: Taxes, Forks, Pranks and Porn

Bitcoin in Brief is your roundup of everything that matters from all over the vast cryptosphere that you might have missed. This week’s daily editions included stories about taxes, forks, pranks, porn and so much more. This weekly edition will bring you up to speed with everything covered; just make sure you keep up. A Panther’s Moonshot Bet
On Monday we reported why Pantera Capital bets on a moonshot bitcoin price point, how the world’s most popular decentralized digital asset has been forked more than 70 times, and a growing list of countries likely to let you keep your crypto profits. Additionally covered were Yahoo! Japan which confirmed that it is entering the crypto space by acquiring a stake in an exchange, and a good-hearted wager between bitcoin core and bitcoin cash supporters that exemplifies how ecosystem actors should treat one another. The Tax Man Effect
The world’s biggest economy faced the tax man on Tuesday, as the United States and its crypto traders had to pay for last year’s gains. Economists and market bulls were insisting that this fact caused dramatic sell offs, leading to haircuts across the board. We also covered I Pay You, the supposed hack of Ian Balina, and the release of a bitcoin themed clothing line for babies. Pornhub? We’ve Never Heard of Pornhub
On Wednesday it was revealed that Pornhub, a website we’re sure you never heard of before because nobody watches porn on the internet, has joined the crypto revolution. We also reported about how South Korea’s loss of ICOs is Switzerland’s gain; how bitcoin is blamed for every crime under the sun; why Ethereum’s Vitalik Buterin is accused of favoritism; and why bitcoin cash (BCH) is getting a ton of love from CNBC’s Brian Kelly. ICO Scares Investors With Ghost Prank
On Thursday we indulged ourselves with a bunch of crypto crime news stories, including an international bitcoin heist escape, the fury of a scorned woman, a bear spray robbery, and some whole food violence.
The biggest issue of the day was a German online news source claiming that Savedroid has apparently taken the money and run. The company website was replaced with a meme picture, “Aannnd it’s gone.” Founder and CEO Yassin Hankir tweeted a picture of himself on a beach, long gone. All this after having raised $50 million in an ICO. Investors were not pleased. Truths, T-Shirts, Things That Matter
The most talked about issue on Friday was the stance that Kraken’s chief executive took against the latest actions by authorities in New York. Jesse Powell has refused to complete a questionnaire, and instead respond with strong-worded language. “When I saw this 34-point demand, I immediately thought ‘The audacity of these guys – the entitlement, the disrespect for our business, our time!…I realized that we made the right decision to get the hell out of New York,’” he said.
We also reported about a deal between privacy web browser Brave Software and Dow Jones Media Group to test blockchain technology in digital publishing; and another crypto clothing line – this time for hip adults – by The Hundreds a streetwear brand from Los Angeles. Coinsecure Working With Authorities
This Week in Bitcoin: Taxes, Forks, Pranks and PornCoinsecure, the hacked Indian bitcoin exchange, has updated clients on Saturday about its repayment plan. The team said they have been flooded with calls and emails over the last few days regarding the disbursement of funds. And they claim to have been working with the authorities tirelessly since the incident and that there have been a lot of back and forth with several data requests. They add that they have been working on providing the data requested and that has consumed the majority of their time.
They wrote that: “We’d like to inform you, that we have started work on the claims process. Our legal team is currently reviewing contracts and our teams are working on putting together the claims form for your perusal. We are hoping that by the following weekend, we should get started and you should be able to submit your claims withdrawal requests. Please understand, that with authorities being involved and investigations underway, things do slow down a bit and we have to follow processes outlined by the authorities.”
submitted by goodwinnat to u/goodwinnat [link] [comments]

Timeline: Growing List of Major Cryptocurrency Heists. By Andrea Tan and Yuji Nakamura February 1, 2018. Email This ... Mt. Gox, once the world’s biggest Bitcoin exchange, reported that tokens ... Many of the largest Bitcoin heists remain unsolved. We examine the largest, most disruptive ones in this list of the biggest bitcoin heists. Bitcoin has gained a notorious reputation since mainstream media caught wind of heists in 2009. Mt Gox scandalmay be one of the most infamous accounts, but there are plenty more examples. Billions of Bitcoin are still “missing” in todays economy ... Losing around $60 million in cryptocurrencies including Bitcoin, Bitcoin Cash, and MonaCoin, Zaif was the second major Japanese exchange to lose funds after Coincheck earlier in 2018. This lead to Japan’s FSA to carry out an investigation of the incident. List of Major Bitcoin Heists, Thefts, and Losses. From Bitcoin Wiki. Jump to: navigation, search. Following is the result of research on prior Bitcoin-related thefts. Dates and times are sometimes approximate. The list is designed to be as accurate and informative as possible, and most of it is well-referenced. For disputed thefts, best judgement was applied and only the ones that were most ... Because of the volatile nature of Bitcoin's exchange price, I have denominated heist estimates in BTC. Although not heists per se, major permanent bitcoin-denominated losses are also included in this list. If I missed any major thefts, heists, or losses, or if you have any other information to contribute to one of these events, please leave a reply in this thread.

[index] [18949] [9250] [34952] [9651] [22761] [13569] [20426] [33883] [24584] [39044]

#