McAfee’s ‘Unhackable’ Bitcoin Wallet Allegedly Hacked

John McAfee’s Bitfi bitcoin wallet has allegedly been hacked after its creator issued a $250,000 hacking challenge. Bitfi, which has marketed the wallet as “unhackable,” alongside promoter John McAfee has not yet responded to a post from security research group OverSoftNL, where it claimed to have obtained root access.

LIONBIT

Accusations and Speculation

The tweet at the center of the furor was posted yesterday, Aug. 1 by Oversoft, and it read:

“Short update without going into too much detail about BitFi: We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard. There are NO checks in place to prevent that like claimed by BitFi.”

Bitfi did not immediately respond to the tweet but later appeared to make reference to it in a subsequent post at 8:18 PM.

https://twitter.com/Bitfi6/status/1024736244067172358

In a subsequent tweet on the same thread, Oversoft then accused Bitfi of using its $250,000 bounty as a marketing ploy, hinting that it would not hand over any information about security weaknesses just yet.

https://twitter.com/V_Epokhe/status/1024696420778033152

Bitfi Controversy

Much like its promoter, Bitfi has made a bit of a reputation as a bold, daring ,and sometimes brash self-promoter, repeatedly claiming that the hardware wallet is unhackable and even promising a cash bounty to anyone that could successfully hack it.

From $100,000, this bounty quickly went up to $250,000 as John McAfee ratcheted up the rhetoric in response to criticism from security researchers. For added measure, Bitfi then made sure to specify that the bounty was not intended to help it identify security vulnerabilities, maintaining that its claim of being “unhackable” was absolute.

A war of words then broke out between Bitfi and a series of security researchers who one after the other, picked holes in Bitfi’s claims. Notably, Ryan Castellicco was quoted as saying that Bifi is “a cheap stripped down Android phone” that he would “strongly advise against using.”

Another set of researchers then accused Bifi of harboring questionable apps on its device including Chinese search engine Baidu and the Adups malware, both of which they said regularly “called home.”

In response, Bitfi issued a comprehensive denial of these claims, accusing Oversoft of working for its competitors and reiterating its $250,000 bounty.

Yesterday however, Oversoft seemed to indicate that they have evidence to back up their claims, mentioning that the apps in question actually monitor and report on users, contrary to what Bitfi stated.

In the event that the Bitfi wallet has been hacked, it remains to be seen what that would mean for Bitfi and McAfee, both of whom had yet to respond as of press time.


Here at Dollar Destruction, we endeavour to bring to you the latest, most important news from around the globe. We scan the web looking for the most valuable content and dish it right up for you! The content of this article was provided by the source referenced. Dollar Destruction does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products or other materials on this page. As always, we encourage you to perform your own research!

Source
Author: David Hundeyin
Image Credit

Don’t forget to join our Telegram channel for Crypto, Business & Technology news delivered to you daily.

Crypto Exchange Bithumb Halts Withdrawals Amid $31 Million Hack

Bithumb, one of the largest cryptocurrency exchanges in South Korea by trading volume, is halting asset deposit and withdrawal services after hackers stole 35 billion won (or $31 million) from the platform.


Join in the fun and play on the world’s First Hybrid on-line Casino with BTC and Fiat currency payments. Check on-line for latest promotions.


The company said in an announcement today that the hack happened between late Tuesday night until early Wednesday morning Korean time. Though Bithumb has yet to disclose which cryptocurrency or in what amount had been damaged, it said in the announcement that the loss will be covered by the platform.

Meanwhile, the company said other assets have been moved to a cold wallet that stores cryptocurrencies in an offline environment that is not accessible through the internet. As such, Bithumb said investors should “immediately discontinue depositing cryptocurrencies until further notice.”


Don’t forget to join our Twitter channel for Crypto, Business & Technology news delivered to you daily.



As of press time, Bithumb is seeing over $300 million 24-hour trading volume on its platform, making it currently the sixth largest exchange in the world, data from CoinMarketCap shows.

The hack marks the second incident in less than two weeks in South Korea. As previously reported by CoinDesk, Coinrail, a smaller cryptocurrency exchange in the country also reported that it was hacked on June 10.

Though the platform did not disclose the amount of the damage, other sources suggested at the time that $40 million worth of cryptocurrencies could be at risk.


Here at Dollar Destruction, we endeavour to bring to you the latest, most important news from around the globe. We scan the web looking for the most valuable content and dish it right up for you! The content of this article was provided by the source referenced. Dollar Destruction does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products or other materials on this page. As always, we encourage you to perform your own research!

Source
Author: Wolfie Zhao
Image Credit

Forensic Analysis of the Verge Cryptocurrency Hack

Join in the fun and play on the world’s First Hybrid on-line Casino with BTC and Fiat currency payments. Check on-line for latest promotions.

In the space of fewer than two months, Verge has suffered two high-profile cryptocurrency hacks.

In April, news broke out that hackers had commandeered the network, successfully compromising the system and earning all the block mining rewards within a specific timeframe. In the aftermath of the hack, the development team created a few patches to the network protocol and carried out a hard fork.

Many XVG enthusiasts would have liked to believe that the worst was over. However, in May, hackers used a slightly modified version of the technique used to hack the blockchain earlier to pull off yet another major heist. To the most crypto enthusiasts, the situation with Verge is a severe problem that needs to be addressed.

The general narrative is that blockchains cannot be hacked. No accounting of blockchain characteristics is ever deemed complete without mentioning the fact that blockchain networks are tamper-proof. The entire premise of the emerging technology’s claim to being able to disrupt the global business process is that it is built on robust security protocols.

So, the question that is thrown up when things like the Verge hack happens, is that, are blockchains hack-proof?

Like most other concepts in the nascent industry, a bit of nuance is required to answer the question in a manner that addresses the facts only. The following is an attempt at a thorough examination of the Verge hack of April and May 2018.

Background

In April, a Bitcointalk user by the name of “Ocminer” alerted the crypto community to the activities of a hacker on the Verge blockchain.

Between April 4 and April 6, the hacker was able to gain control of the blockchain, mining transaction blocks at a much faster rate than should have been possible. The hacker gained 1,560 XVG tokens per second while running the exploit, eventually carting away $1 million worth of Verge coins.

Fast forward to more than a month after and Verge was in the news once again, as a hacker gained control of the network using almost the same approach as the April attack.

This time, the hacker mined blocks at a rate of 18,250 XVG tokens per minute. By the time the hacker had stopped, about 35 million XVG tokens had been carted away amounting to $1.8 million at the time of the hack.

Don’t forget to join our Telegram channel for Crypto, Business & Technolgy news delivered to you daily

Time Malleability Attacks

How did the hacker pull it off? It appears the attackers used – time malleability attacks.

The pioneers of the decentralized technology framework built heavily on the works of

Stuart Haber and W. Scott Stornetta regarding how to add time stamping documents.

When a transaction block is created, it is given a digital time stamp. Remember that there are many nodes in a blockchain network, each one working independently of the other but all must come to the same conclusion, or at least, a greater majority. This conclusion is called a “consensus.” There is also no hierarchy, so no node has any special dispensation over another node.

While this approach functions theoretically, in practice, some issues emerge. One of them is that all nodes do not operate at the same capacity hence, the ordering of the blocks might not be synchronized throughout the network. Remember, that there must always be one mutually agreed ledger for the network. So, what blockchains do is to specify a time window in which these disputes are resolved. In the case of the Verge blockchain, the time window is two hours. In the absence of such a time window, the network would be bogged down by a lack of consensus every second.

Thus, for a block to be deemed eligible in the network, it must be created within the two-hour window. This became the entry point for the attack, as the hacker created blocks with fake timestamps and inserted them in the blockchain. These counterfeit timestamps showed the blocks to be from a time in the past and because the network error-corrects every two hours, they were admitted into the chain for verification.

However, creating transaction blocks isn’t enough to enable the hacker compromise the system. The attacker still has to commandeer the mining protocol, thereby earning the block reward for the “spoofed transactions.”

Circumventing Mining Difficulty

Apart from creating new coins, mining helps to secure blockchains. As such, the Verge hack appears to be more devastating as it attacks the core of the Verge security apparatus.

Going back to the previous explanation of the how blockchains work and the numerous nodes working independently of each other, blockchains have to specify a target block time, i.e., the time interval between the creation of each block.

For Verge, the target block time is 30 seconds. The enforcement of the target block time constraint is what is known as mining. Without mining, nodes would submit blocks to the network willy-nilly. However, to send a valid block, the cryptographic problem contained within must be solved and the solution accepted by a majority of the blockchain.

This difficulty of the cryptographic problem is adjusted based on the rate at which blocks are being mined. When the rate goes up, the difficulty is increased, and vice-versa. So, a blockchain continuously adjusts the mining difficulty to reflect the current state of the network. In the Verge blockchain, an algorithm called “Dark Gravity Wave” is responsible for controlling the mining difficulty.

By creating a flurry of transaction blocks with spoofed timestamps from an earlier time, the difficulty controlling algorithm is tricked into thinking that not enough blocks are being mined because the difficulty setting is too high. Thus, the mining difficulty is drastically reduced.

During the April attack, it was reported that the mining difficulty plunged from 1,393,093.39131 to 0.00024414. As a result, the hacker was able to submit one transaction block every second. Reducing the difficulty level is still not enough to gain control of the system, as everyone on the blockchain should enjoy the decreased mining difficulty. To take over a blockchain, an attacker needs 51 percent of the hashing power, at least in theory. So, how did the hackers do it? The answer lies in the fact that verge uses five different mining algorithms.

Single versus Multiple Algorithms

The standard protocol for most blockchains that employ proof-of-work mining is to use one mining algorithm, usually the SHA-256. Some critics of this system point to the fact it engenders the emergence of centralized mining monopolies which they say is contrary to the philosophy of the blockchain.

Thus, blockchains like Verge use an amalgam of five different algorithms. The consensus within those who support a multi-algorithm mining protocol is that it is immune to ASIC-domination.

For a single algorithm blockchain, an attacker needs 51 percent of the network’s hashing power to successfully hack the blockchain. For a multiple-algorithm blockchain, the attacker only requires half of the hashing power of one algorithm. What this means is that the hacker will just need to commandeer one algorithm.

Due to the way Verge set up multiple algorithms, the difficulty of each algorithm is adjusted independently of the others. The April hacker only needed ten percent of one algorithm which turned out to be Scrypt. The other algorithms are blake2s, X17, Lyra2rev2, and myr-groestl.

At the time of writing this article, details of the May attack are still filtering in, but there is concrete evidence to show that the hacker took control of two algorithms this time around.

The difficulty of both the script and lyra2rev2 algorithms were several orders of magnitude lower than other three algorithms.

Summary

Why was the hack possible?

Either by human error or the deliberate actions of some individuals, the architecture of the Verge cryptocurrency was poorly designed.

Both hacks followed the same process. First, they created blocks with fake timestamps, forcing the mining difficulty to be drastically reduced. The hackers then took control of one/two of the mining algorithms, essentially printing money.

If there were lessons learned from the first hack, they seem not to have been appropriately implemented. In the aftermath of the first attack, the price of XVG shot up by 30 percent and Verge became an accepted means of payment by Pornhub, the largest porn website on the internet. The coming days will reveal what the future is for Verge.

One thing, however, is sure, some blockchains are not hack-proof. The question now is, which one(s)?


Here at Dollar Destruction, we endeavour to bring to you the latest, most important news from around the globe. We scan the web looking for the most valuable content and dish it right up for you! The content of this article was provided by the source referenced. Dollar Destruction does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products or other materials on this page. As always, we encourage you to perform your own research!

Source
Author Priyeshu Garg
Image Credit

Twitter Account of Dash Core CEO Hacked

Yesterday, Ryan Taylor, CEO of Dash Core, had his social media accounts and smartphone seized by hackers, who posted vulgar and racist comments on his Twitter account in particular as well as persecuting Justin Sun of Tron.

A 4chan thread was created in the anonymous online forum in the /biz section which handles topics related to business and finance. In this thread, a user said that it had taken over Taylor’s Twitter account and proved this to the other users before requesting that they vote on new posts and offer proposals. The other members wasted no time in coming up with suggestions.

“you should do a fake exit scam and cause DASH to dump lol”

“Post that all Dash private transactions will be revealed because dash users have nothing to hide”

“NOOOO!!!! You should have posted a believable FUD about dash being bankrupt or closing down and we could have bought the dip!!!”

The posts made included racist memes and self-deprecating commentaries, and the hacker also offended Justin Sun of the Tron project on request and proclaimed that bitcoin cash was the real bitcoin, as well as announcing fake collaborations at the request of other users.

Images of typed messages ready to be sent awaiting community response and approval, like the declaration that Coinbase would never list Dash, were also posted by the cybercriminal.

Taylor discovered that his account had been hacked after approximately an hour, and said:


If you want a the latest news delivered to your phone join our telegram channel!

Telegram-Follow


 

“It has come to my attention that I have been the target of cybercriminals at some time this afternoon (Wednesday, 5/9). At the moment, my Twitter account, LinkedIn account, and personal cell phone SIM card have been compromised. However, we’re still evaluating the extent of the attack, as additional channels could be compromised. I will continue to share details as they are surfaced.”

The hacker apparently trolled CMO Fernando Gutierrez who commented that the hacker may have “brain damage” considering what activities he did on the Twitter account, according to images posted on 4chan.

After a few hours of having no control over the improper tweets that were being posted, Taylor tweeted to say that he had finally managed to take back is account.

The price of DASH tokens does not appear to have been negatively affected by the event, its value actually experiencing a 4.7% increase over the last 24 hours despite the attempts made by the 4chan user or users.

4chan is renowned for doing similar ruses like this, with other incidences including breaking in to the accounts of actress Jennifer Lawrence to leak private photos and pursuing actor Shia LaBeouf to find the secret location of his livestream project by learning the flight patterns and contrails of airplanes in the video and identifying the place before taking down LeBeouf’s anti-Trump flag and substituting it with pro-Trump material.



eMarket Banner


Here at Dollar Destruction, we endeavour to bring to you the latest, most important news from around the globe. We scan the web looking for the most valuable content and dish it right up for you! The content of this article was provided by the source referenced. Dollar Destruction does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products or other materials on this page. As always, we encourage you to perform your own research!

Article credit