close
  • chevron_right

    Hackers drain bitcoin ATMs of $1.5 million by exploiting 0-day bug

    news.movim.eu / ArsTechnica · Tuesday, 21 March - 20:03 · 1 minute

A BATM sold by General Bytes.

Enlarge / A BATM sold by General Bytes. (credit: General Bytes)

Hackers drained millions of dollars in digital coins from cryptocurrency ATMs by exploiting a zero-day vulnerability, leaving customers on the hook for losses that can’t be reversed, the kiosk manufacturer has revealed.

The heist targeted ATMs sold by General Bytes, a company with multiple locations throughout the world. These BATMs, short for bitcoin ATMs, can be set up in convenience stores and other businesses to allow people to exchange bitcoin for other currencies and vice versa. Customers connect the BATMs to a crypto application server (CAS) that they can manage or, until now, that General Bytes could manage for them. For reasons that aren’t entirely clear, the BATMs offer an option that allows customers to upload videos from the terminal to the CAS using a mechanism known as the master server interface.

Going, going, gone

Over the weekend, General Bytes revealed that more than $1.5 million worth of bitcoin had been drained from CASes operated by the company and by customers. To pull off the heist, an unknown threat actor exploited a previously unknown vulnerability that allowed it to use this interface to upload and execute a malicious Java application. The actor then drained various hot wallets of about 56 BTC, worth roughly $1.5 million. General Bytes patched the vulnerability 15 hours after learning of it, but due to the way cryptocurrencies work, the losses were unrecoverable.

Read 7 remaining paragraphs | Comments

  • chevron_right

    Crypto and the US government are headed for a decisive showdown

    news.movim.eu / ArsTechnica · Tuesday, 9 August, 2022 - 13:52

Crypto and the US government are headed for a decisive showdown

Enlarge (credit: Elena Lacey | Getty Images)

If you have paid casual attention to crypto news over the past few years, you probably have a sense that the crypto market is unregulated—a tech-driven Wild West in which the rules of traditional finance do not apply.

If you were Ishan Wahi, however, you would probably not have that sense.

Wahi worked at Coinbase, a leading crypto exchange, where he had a view into which tokens the platform planned to list for trading—an event that causes those assets to spike in value. According to the US Department of Justice, Wahi used that knowledge to buy those assets before the listings, then sell them for big profits. In July, the DOJ announced that it had indicted Wahi, along with two associates, in what it billed as the “first ever cryptocurrency insider trading tipping scheme.” If convicted, the defendants could face decades in federal prison.

Read 34 remaining paragraphs | Comments

  • Sc chevron_right

    On the Dangers of Cryptocurrencies and the Uselessness of Blockchain

    news.movim.eu / Schneier · Friday, 24 June, 2022 - 15:51 · 5 minutes

Earlier this month, I and others wrote a letter to Congress, basically saying that cryptocurrencies are an complete and total disaster, and urging them to regulate the space. Nothing in that letter is out of the ordinary, and is in line with what I wrote about blockchain in 2019. In response, Matthew Green has written —not really a rebuttal—but a “a general response to some of the more common spurious objections …people make to public blockchain systems.” In it, he makes several broad points:

  1. Yes, current proof-of-work blockchains like bitcoin are terrible for the environment. But there are other modes like proof-of-stake that are not.
  2. Yes, a blockchain is an immutable ledger making it impossible to undo specific transactions. But that doesn’t mean there can’t be some governance system on top of the blockchain that enables reversals.
  3. Yes, bitcoin doesn’t scale and the fees are too high. But that’s nothing inherent in blockchain technology—that’s just a bunch of bad design choices bitcoin made.
  4. Blockchain systems can have a little or a lot of privacy, depending on how they are designed and implemented.

There’s nothing on that list that I disagree with. (We can argue about whether proof-of-stake is actually an improvement. I am skeptical of systems that enshrine a “they who have the gold make the rules” system of governance. And to the extent any of those scaling solutions work, they undo the decentralization blockchain claims to have.) But I also think that these defenses largely miss the point. To me, the problem isn’t that blockchain systems can be made slightly less awful than they are today. The problem is that they don’t do anything their proponents claim they do. In some very important ways, they’re not secure. They doesn’t replace trust with code; in fact, in many ways they are far less trustworthy than non-blockchain systems. They’re not decentralized , and their inevitable centralization is harmful because it’s largely emergent and ill-defined. They still have trusted intermediaries, often with more power and less oversight than non-blockchain systems. They still require governance. They still require regulation. (These things are what I wrote about here .) The problem with blockchain is that it’s not an improvement to any system—and often makes things worse.

In our letter, we write: “By its very design, blockchain technology is poorly suited for just about every purpose currently touted as a present or potential source of public benefit. From its inception, this technology has been a solution in search of a problem and has now latched onto concepts such as financial inclusion and data transparency to justify its existence, despite far better solutions to these issues already in use. Despite more than thirteen years of development, it has severe limitations and design flaws that preclude almost all applications that deal with public customer data and regulated financial transactions and are not an improvement on existing non-blockchain solutions.”

Green responds: “‘Public blockchain’ technology enables many stupid things: today’s cryptocurrency schemes can be venal, corrupt, overpromised. But the core technology is absolutely not useless. In fact, I think there are some pretty exciting things happening in the field, even if most of them are further away from reality than their boosters would admit.” I have yet to see one. More specifically, I can’t find a blockchain application whose value has anything to do with the blockchain part, that wouldn’t be made safer, more secure, more reliable, and just plain better by removing the blockchain part. I postulate that no one has ever said “Here is a problem that I have. Oh look, blockchain is a good solution.” In every case, the order has been: “I have a blockchain. Oh look, there is a problem I can apply it to.” And in no cases does it actually help.

Someone, please show me an application where blockchain is essential. That is, a problem that could not have been solved without blockchain that can now be solved with it. (And “ransomware couldn’t exist because criminals are blocked from using the conventional financial networks, and cash payments aren’t feasible” does not count.)

For example, Green complains that “credit card merchant fees are similar, or have actually risen in the United States since the 1990s.” This is true , but has little to do with technological inefficiencies or existing trust relationships in the industry. It’s because pretty much everyone who can and is paying attention gets 1% back on their purchases: in cash, frequent flier miles, or other affinity points. Green is right about how unfair this is. It’s a regressive subsidy, “since these fees are baked into the cost of most retail goods and thus fall heavily on the working poor (who pay them even if they use cash).” But that has nothing to do with the lack of blockchain, and solving it isn’t helped by adding a blockchain. It’s a regulatory problem; with a few exceptions, credit card companies have successfully pressured merchants into charging the same prices, whether someone pays in cash or with a credit card. Peer-to-peer payment systems like PayPal, Venmo, MPesa, and AliPay all get around those high transaction fees, and none of them use blockchain.

This is my basic argument: blockchain does nothing to solve any existing problem with financial (or other) systems. Those problems are inherently economic and political, and have nothing to do with technology. And, more importantly, technology can’t solve economic and political problems. Which is good, because adding blockchain causes a whole slew of new problems and makes all of these systems much, much worse.

Green writes: “I have no problem with the idea of legislators (intelligently) passing laws to regulate cryptocurrency. Indeed, given the level of insanity and the number of outright scams that are happening in this area, it’s pretty obvious that our current regulatory framework is not up to the task.” But when you remove the insanity and the scams, what’s left?

EDITED TO ADD: Nicholas Weaver is also adamant about this. David Rosenthal is good , too.

  • chevron_right

    Coinbase erroneously reported 2FA changes to 125,000 customers

    news.movim.eu / ArsTechnica · Monday, 30 August, 2021 - 22:47

On Friday afternoon, Coinbase sent email and SMS text messages to 125,000 customers, erroneously telling them that their 2FA settings had been changed.

Enlarge / On Friday afternoon, Coinbase sent email and SMS text messages to 125,000 customers, erroneously telling them that their 2FA settings had been changed. (credit: SOPA Images )

Cryptocurrency exchange Coinbase sent an automated message to a large number of its customers on Friday, saying "your 2-step verification settings have been changed." Unfortunately, the message was sent in error—by Coinbase's count, 125,000 of those messages were sent (via email and SMS text) to customers whose 2FA settings had not changed.

According to Coinbase's own acknowledgment Saturday, its system began sending the erroneous messages at 1:45PM Pacific time on Friday, and kept sending them until the error was mitigated at 3:07PM.

In that Twitter thread, Coinbase acknowledges the mistaken 2FA messages' potential for confusion—confusion which retiree Don Pirtle told CNBC led him to panic-sell more than $60,000 of cryptocurrency. Pirtle was holding this large wallet as an investment for his grandson, so the panicked sale may have been as much blessing as curse—he now questions whether cryptocurrency was a safe investment in the first place.

Read 5 remaining paragraphs | Comments

index?i=bP9TRjqWiEA:Jkk8jjMbyEk:V_sGLiPBpWUindex?i=bP9TRjqWiEA:Jkk8jjMbyEk:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • chevron_right

    Man robbed of 16 bitcoin hunts down suspects, sues their parents

    news.movim.eu / ArsTechnica · Friday, 27 August, 2021 - 18:27

Man robbed of 16 bitcoin hunts down suspects, sues their parents

Enlarge (credit: KeremYucel / iStock )

Andrew Schober was almost all-in on cryptocurrency. In 2018, 95 percent of his net wealth was invested in the digital tokens, which he hoped he could sell later to buy a home and support his family.

But then disaster struck. Schober had downloaded an app called “Electrum Atom” after clicking a link on Reddit, mistakenly thinking it was a bitcoin wallet. Instead, it was malware that allowed hackers to steal 16.4552 bitcoin when he tried moving some of his tokens. At the time, they were worth nearly $200,000. Today, they would be worth over $750,000.

Distressed, Schober didn’t eat or sleep for days. He vowed to track down the culprits. After years of private investigations costing more than $10,000, Schober thinks he has found the thieves, and he’s suing their parents to get his bitcoin back. Krebs on Security first reported on the lawsuit.

Read 11 remaining paragraphs | Comments

index?i=bHCF6ZlOLCs:w3g7usao8ck:V_sGLiPBpWUindex?i=bHCF6ZlOLCs:w3g7usao8ck:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Nu chevron_right

    Cryptomonnaies, projets DeFi : comment éviter les arnaques et les projets peu fiables ?

    news.movim.eu / Numerama · Thursday, 26 August, 2021 - 12:44

Avec le succès du bitcoin et de l'ether, de plus en plus de projets de cryptomonnaie font leur apparition. Il faut cependant se méfier avant d'investir : il existe de nombreuses arnaques, et tous les projets ne sont pas viables. [Lire la suite]

Abonnez-vous à notre chaîne YouTube pour ne manquer aucune vidéo !

L'article Cryptomonnaies, projets DeFi : comment éviter les arnaques et les projets peu fiables ? est apparu en premier sur Numerama .

  • chevron_right

    GameStop FOMO inspires a new wave of crypto pump-and-dumps

    news.movim.eu / ArsTechnica · Sunday, 16 May, 2021 - 11:00

Physical representations of virtual dogecoins sit atop computer components.

Enlarge (credit: peng song / Getty )

After the California Gold Rush, in 1870, two Kentucky swindlers whipped up a scheme to prey on thirsty financiers’ FOMO. They invented a diamond field out West. Investors sunk millions in today’s money into the scheme. All of it, of course, was for naught—a cautionary tale about believing anyone who claims they have a surefire plan to get rich quick.

A hundred and fifty years later, a new generation of amateur investors is equally desperate not to miss the next big thing in the finance world. After watching the great GameStop stock boom play out on sites like Reddit and Discord this winter, hundreds of thousands of hopefuls are joining Discord groups that promise big earnings from manipulating the crypto market—also known as crypto pump-and-dumps. Step 1: Buy in early, when the coin is low. Step 2: convince other people to join you—the more, the merrier, the bigger the potential gains as the price of the coin goes up. Step 3: Sell out before the price tanks. Get the timing right, these groups promise, and you come out a winner (and richer). Losers are left holding the bag .

Read 15 remaining paragraphs | Comments

index?i=9xVFjOjp6lY:QQ__sh41ei8:V_sGLiPBpWUindex?i=9xVFjOjp6lY:QQ__sh41ei8:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • chevron_right

    Binance, the biggest cryptocurrency exchange, reportedly under investigation

    news.movim.eu / ArsTechnica · Friday, 14 May, 2021 - 16:43 · 1 minute

Binance, the biggest cryptocurrency exchange, reportedly under investigation

Enlarge (credit: Bloomberg / Getty Images News )

Binance, the world’s largest cryptocurrency exchange, is under investigation by a laundry list of US government agencies, including the US Justice Department, the Internal Revenue Service, and the Commodity Futures Trading Commission, according to a report by Bloomberg. The agencies are probing Binance for potential criminal violations, the report says, though the company has not been accused of any wrongdoing.

The investigations come on the heels of a report by Chainalysis that traced $2.8 billion worth of illicit bitcoin on exchange and trading platforms. Of that, $756 million went through Binance. Most of the suspect accounts received small amounts, but the majority of the illicit cryptocurrency flowed to a few hundred accounts that received between $100,000 to $100 million. Government officials are said to be focused on money laundering and tax evasion.

The recent ransomware attack on the Colonial Pipeline that led to gasoline shortages has sharpened the focus on cryptocurrencies’ role in illegal activities. In that case, it's reported that Colonial paid the attackers $5 million to return control of the pipeline’s operations. In another, a ransomware gang recently posted personnel records from District of Columbia’s Metropolitan Police Department after the department didn’t cave to their demands of a $4 million ransom. The group, known as Babuk, is behind other ransomware attacks and frequently requests payment in bitcoin.

Read 4 remaining paragraphs | Comments

index?i=kpbo3ut_ztE:_25nc5Lm1rs:V_sGLiPBpWUindex?i=kpbo3ut_ztE:_25nc5Lm1rs:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA