This College Freshman Is Out to 51% Attack Your Cryptocurrency

A college freshman is coming after your cryptocurrency – but not to steal your coins, just to prove that someone could do so pretty easily.

According to a crypto enthusiast and security researcher going by the handle “geocold51,” most small-scale cryptocurrencies are at risk from the industry’s most feared vulnerability – the 51% attack. During this attack, a miner takes over more than half of a cryptocurrency’s mining power, which then allows them to erase a past transaction and replace it with another transaction – called a double spend.

While the ecosystem that’s been built up around bitcoin and other top-tier cryptos make them resistant to these kinds of attacks, other cryptocurrencies with less of a community of miners aren’t as secure.

Sure enough, on smaller coins, these kinds of attacks are getting more common. In a new report, Group-1B found $20 million worth of crypto theft accomplished with such attacks in 2018, as TNW reported.

On Saturday, October 13, geocold51 decided to display just how easy it was – livestreaming his attempt to 51% attack Bitcoin Private, a crypto with close to a $47 million market cap (at the time of writing).

Speaking to CoinDesk, geocold51 said, if a cryptocurrency can be so easily attacked, “it’s sort of a misvalue of a given currency by different investors.”

Geocold51 estimates he spent $100 to get to the point where he could have done a demonstration double spend on bitcoin private, but he stopped because his livestream got pulled.

Just to be clear, geocold51 wasn’t interested in stealing, and so he set up the demonstration where he’d send the bitcoin private he owned to two different wallets he owned. In that way, no user or exchange provider gets ripped off.

For him, it’s about displaying that many coins are vulnerable and, therefore, perhaps vastly over-valued.

That said, he estimates that to make a profit off a 51% attack, it would cost a malicious attacker roughly double – so around $200 – to buy some bitcoin on an exchange with his bitcoin private and then make another transaction on the longer chain that invalidates the first transaction, giving him his bitcoin private coins back and leaving the exchange coming up short.

While going through the exchange process costs more, the 51% attack has still become quite economical due to the rise of cloud computing. According to geocold51, without access to cloud mining, an attack like he did on bitcoin private would have cost him about $100,000 in hardware.

“Nicehash and the ability to rent hashing power fundamentally changes the landscape of 51% attacks,” geocold51 told CoinDesk, adding:

“If there’s not a lot of hashing power to secure it, but there is a lot of value associated with it, that’s where you can do a 51% attack.”

Because geocold51 announced the livestream on Reddit, the attempted attack got quite a bit of attention – even dogecoin creator Jackson Palmer tweeted about watching.

Still, the livestream didn’t work exactly as planned, and because of that, geocold51 said he would run a complete attack later. He told CoinDesk he will do it without a stream this week and release a recording of his demonstration on YouTube shortly after.

The inspiration

The young security researcher’s handle might remind some of another security guru.

According to geocold51, he was inspired by one of the most legendary hackers of recent years: geohot, who famously jailbroke the original iPhone, which means the restrictions on carriers and apps were removed.

These days, geohot likes to livestream himself searching for vulnerabilities.

And geocold51 figured he could start doing the same within the cryptocurrency ecosystem.

Geocold51 has a good knowledge of crypto. Back when GPU hardware was still lucrative for hobbyist miners, geocold51 mined quite a bit of bitcoin. He then began trading money on Cryptsy, before the exchange’s CEO allegedly walked away with millions of dollars in its user’s money.

In that, he lost nearly all his bitcoin.

But he still remained interested in the space, and continued to study up on how it all worked. And as the industry divided into hundreds and thousands of different cryptocurrencies, geocold51 thought he might be able to shine some light on the security pitfalls.

And others were interested in that too. His Reddit post about the challenge garnered 1500 upvotes and over Twitch, he received $888 in donations.

The day of the attack

What’s also interesting is that bitcoin private wasn’t his first target.

Instead, geocold51 had intended to go after einsteinium, a volunteer-run litecoin fork with a $19 million market cap and $598,000 in trading volume per day, at the time of this writing.

He announced his intent publicly, and as he got ready for the attack, commenters within his Twitch feed noted that the cryptocurrency’s hash rate was spiking.

Because he had announced the attack in advance, the einsteinium community boosted the hash rate because it was worried that such an attack could cause a chain split and create a second blockchain that people could get stuck on, according to Ben Kurland, one of the project’s board members. At that time, einsteinium was in the middle of a wallet upgrade. If users or exchanges did not upgrade their wallets in time, the blockchain split could have caused property loss.

Seeing the increased hash power, geocold51 decided to attack bitcoin private instead.

According to geocold51, he got up to 60,000 views during the Twitch livestream, before Twitch shut the stream down. The team at Twitch, he said, temporarily suspended him under the “attempts of threats of harm” section of its community guidelines.

He got another livestream up on Stream.Me a half-hour later.

Once broadcasting there, he was able to hire miners through Nicehash to mine bitcoin private. In fact, he almost immediately mined a block. And in very little time, he was controlling more than 50 percent of the hash power on the blockchain.

Pretty soon an account called “CommunityWatch” popped up in the stream and wrote: “Just a quick question: I’m assuming everything we are doing here is legal?”

Minutes later, geocold51’s video feed on Stream.Me cut out.

Geocold51 told CoinDesk that he had already gotten about two-thirds of the hash rate on bitcoin private. He’d transmitted his first transaction to a second wallet he controlled. And he had written another transaction onto an offline chain that went to a third wallet he controlled.

He was about to send this longer chain to the network, but since the whole point was to show people the attack could be done easily, he stopped once the livestreams shut off.

Protected in another way

Still, geocold51 is determined to follow through with his mission, and so will record his next attack to share on YouTube soon.

And while this vulnerability is likely to be worrying to many in the community, geocold51 noted that there is another way these coins are protected based on cryptocurrency game theory.

If someone tried to sell any significant volume of the coins, their price would likely plummet, since the community isn’t robust enough and doesn’t have huge amounts of liquidity. As such, geocold51 argued, even if it is easy to buy hash power and take over a network, it might not be feasible to make a lot of money from an attack.

Nevertheless, geocold51 is committed to continuing, using the donations he received to maybe even try to 51% attack more cryptocurrencies as well.

In fact, he told CoinDesk, he may intentionally attack some cryptocurrencies that have set up preventative measures for 51% attacks, to test them in production. For instance, the team developing Horizen (formerly zencash) believes it’s found a way to disincentivize 51% attacks by introducing certain miner penalties.

Geocold51 said he would be happy to fail against some of these measures.

Running the demonstrations privately and adding some production value on the final recording will likely make for more edifying content, according to geocold51, but he’s still a bit disappointed that his original plan didn’t pan out.

To CoinDesk, he concluded:

“There is something kind of neat about it being live.”

Twitch, Stream.Me and bitcoin private’s teams did not reply to a request for comment for this story.


Source
Author: Brady Dale
Image Credit 

International Task Force Notes Use of Cryptocurrencies in Financial Crime

The Internal Revenue Service (IRS) announced Monday that a new joint force of tax enforcement authorities will combat international and transnational tax crimes – including cybercrimes facilitated through cryptocurrencies.



Tax enforcement agencies from the U.K., Australia, Canada and the Netherlands will join the IRS in forming the Joint Chiefs of Global Tax Enforcement (J5) to prosecute tax crimes, according to a press release. The organization was formed in response to “a call to action” by the Organization for Economic Co-operation and Development (OECD) to “do more” on the crackdown on tax crimes.

The entity has already met, with cryptocurrencies coming up as an area of concern in financial crimes.

In a statement, Dutch Fiscal Information and Investigation Service general director Hans van der Vlist said:
“The unique thing about the J5 is the operational collaboration between five countries on tackling professional enablers that facilitate offshore tax crime, cybercrime and the threat of cryptocurrencies to tax administrations, as well as making best use of internationally available data and technology.”

Johanne Charbonneau, general director of the Canada Revenue Agency, also said that J5 is building a “serious commitment” in an international cooperation that will fight against serious international tax crimes, including cybercrimes through “the use of cryptocurrencies.”

No details are disclosed regarding how J5 will work together to end the threats received from cryptocurrency-related tax crimes, but an update on its initiatives is expected in late 2018, according to the news release.


Here at Dollar Destruction, we endeavour to bring to you the latest, most important news from around the globe. We scan the web looking for the most valuable content and dish it right up for you! The content of this article was provided by the source referenced. Dollar Destruction does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products or other materials on this page. As always, we encourage you to perform your own research!

Source
Author: Muyao Shen
Image Credit

Don’t forget to join our Telegram channel for Crypto, Business & Technology news delivered to you daily.

Israeli Cybersecurity Experts Predict More Attacks on Crypto-Related Businesses in 2018

At a time when the cryptocurrency sector is nearly saturated with heists, hacks, and more ‘cryptocrimes,’ Israeli cybersecurity experts say more turbulence await crypto investors this year, as blockchain-based digital currency attacks will surpass other types of cyber attacks in 2018.

Present at the Tel Aviv University annual Cyber Week cybersecurity conference tagged “Blockchain, The New Digital Age, the nation’s experts on the subject matter made it clear that ‘stakeholders’ in the cryptosphere need to brazen up for more attacks this year.

Lotem Finkelsteen, a threat intelligence analyst at Check Point Software Technologies, said:

“Not a day goes by without our hearing about a new ICO [initial coin offering] scam or mining attack. Blockchain technology is suffering from reputational damage and one of the main obstacles for blockchain technology to move forward.”

Mixed Opinions Concerning Distributed Ledger Technology

Blockchain technology, the foundation upon which Satoshi Nakamoto built bitcoin and the same system that underpins other cryptocurrencies was praised by many and criticized by some at the event.

Director and Global Blockchain technology Lead at Accenture, John Velissarios noted DLT is steadily taking over the world economy, as more and more businesses are integrating the nascent technology into their operations. In his words:

“We’re seeing blockchain applications for capital markets, exchanges, clearing and settlement systems and payment systems. The technology is evolving and the applications are becoming more significant.”

While a hand full of banks and traditional financial institutions like Bank of England, and several others are seriously looking to either augment their existing systems with DLT or create new blockchain-based systems entirely, Haim Pinto, the chief technical officer (CTO) of Bank Hapoalim, firmly believes the ground breaking technology has nothing excellent to offer at the moment, as “blockchain is still in a hype cycle. We can’t just take it and use it,” he said.

Pinto also condemned the key property that gives distributed ledger technology an edge over centralized databases – immutability.

While data stored on legacy systems can be altered or deleted, it’s impossible to tamper with things saved in the ledger. This excellent feature makes DLT the most secure, transparent and reliable form of data storage for now.

However, Pinto reiterated that the immutable nature of the burgeoning technology makes it unfit for banks seeking to comply with the EU’s General Data Protection Regulation (GDPR) as nothing can be deleted on the blockchain.

“Distributed general ledgers cannot erase anything. That’s just one of the challenges. In addition, there are mathematical challenges. Distributed general ledgers can’t scale up to the volume of transactions we need to serve,” Pinto concluded.

Central Bank Warnings Continue to Loom

Similarly, on March 15, 2018, BTC Manager reported the Bank of International Settlements (BIS), had warned central banks against the perils of issuing cryptocurrencies.

Also, in BIS’s latest report, the ‘bank of central banks’ condemned digital currencies and blockchain technology saying the former is overly unstable and the latter cannot handle huge transactions that central banks systems process.

With each passing day, the battle between the crypto enthusiasts and pessimists keeps taking new dimensions. Almost a decade has gone already, and cryptocurrencies have failed to crumble, while blockchain is busy disrupting industries. It remains to be seen which party will emerge victorious in the long run.



Here at Dollar Destruction, we endeavour to bring to you the latest, most important news from around the globe. We scan the web looking for the most valuable content and dish it right up for you! The content of this article was provided by the source referenced. Dollar Destruction does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products or other materials on this page. As always, we encourage you to perform your own research!

Source
Author Ogwu-Osaemezu-Emmanuel
Image Credit