Bahrain’s Regulatory Sandbox Teeming With Crypto Companies

Bahrain's Regulatory Sandbox Teeming With Crypto CompaniesBahrain’s regulatory sandbox has become increasingly crypto-friendly as half of the companies approved are now either crypto exchanges or other crypto businesses including ATMs. There are currently 30 companies approved for the regulatory sandbox by the central bank. Also read: Indian Supreme Court Postpones Crypto Case at Government’s Request Regulatory Sandbox Thirty companies are currently […]

The post Bahrain’s Regulatory Sandbox Teeming With Crypto Companies appeared first on Bitcoin News.

Tether Scandal Could Cause Big Bitcoin Short Squeeze, Boosting BTC: Analyst

Last week, the crypto community was shocked when the New York Attorney General’s (NYAG) office revealed that Tether Limited, the issuer of the USDT asset, and world-renowned Bitcoin (BTC) exchange Bitfinex may be in precarious financial standing. Related Reading: Bitcoin and Crypto Investors Are Torn Over Using Bitfinex After Accusation Respected sources, however, claim that…

The post Tether Scandal Could Cause Big Bitcoin Short Squeeze, Boosting BTC: Analyst appeared first on NewsBTC.

Vitalik Buterin Tweets ETH Development Proposals After Elon Musk’s ‘Ethereum’ Tweet Bait

Technology entrepreneur and Tesla CEO Elon Musk has sparked a conversation with Vitalik Buterin.

Technology entrepreneur and Tesla CEO Elon Musk has sparked a conversation with ether (ETH) co-founder Vitalik Buterin with his laconic one-word tweet “Ethereum” on April 29.

The tweet, which Musk swiftly ironized by adding “jk” within the same thread, prompted Buterin to extend an invitation to Musk for Ethereum’s DevCon in October. In response, Musk asked Buterin the question, “What should be developed on Ethereum?”

Buterin listed five of his top picks for the network’s developments, peppered with references to his own past Twitter threads and Ethereum research content.

Foremost among these is the creation of a “globally accessible financial system, including payments, store of value […] insurance,” as well as a disintermediated ETH-powered digital identity infrastructure.    

Buterin also proposed the creation of registries and certificates that would be digitally signed, certified and even revoked on-chain — which Buterin had previously pitched as part of a self-described tweetstorm on non-financial applications for blockchain in December 2018.

He further referred to the use of the ETH blockchain for “experimenting with new forms of human organizational structure,” and to enable micropayment use cases via ETH payment channels.

Other proposals from Buterin included crypto-powered “markets for personal data for privacy preserving machine learning,” and using “cryptoeconomics for spam prevention in social networks.”

Buterin lastly noted that blockchain can be a testing ground for “new market designs, eg. frequent batch auctions, combinatorial auctions, automated market makers,” and that the technology can power both identity, reputation and credit systems for disenfranchised social groups, and even to construct decentralized DNS alternatives.

In contrast with Buterin’s lengthy engagement with Musk’s lead-in, other blockchain creators — such as Tron Foundation CEO Justin Sun — responded in kind, with their own one-word quips.

Musk only briefly re-engaged in the conversation with an allusion to Buterin’s official Twitter handle, “Vitalik Non-giver of Ether,” cajoling Vitalik to “Stop giving away free ETH!”

EToro analyst Mati Greenspan meanwhile speculated that Musk’s single tweeted word had allegedly prompted a mini spike in Ethereum’s price.

As previously reported, Musk has praised bitcoin’s (BTC) structure as being “quite brilliant,” yet underscored the problematic energy intensivity of mining the coin. The Tesla founder has claimed he owns only a fractional amount of BTC, allegedly sent to him by a friend years ago.

$4.3 Million Lost as Crypto Scams in Australia Rise 190% in 2018

Authorities in Australia received 674 reports where cryptocurrency was used to pay scammers in 2018.

A 190% increase in cryptocurrency scams saw Australian consumers lose $6.1 million Australian dollars ($4.3 million) in 2018, according to a report released by the country’s Competition and Consumer Commission on April 29.

The substantial rise from the AU$2.1 million ($1.48 million) lost in 2017 came despite an industry wide slump in cryptocurrency prices, with Australian authorities receiving 674 reports where crypto was used to pay scammers.

Most of the victims were targeted by investment scams where they are encouraged to purchase digital currencies or asked to make crypto payments for access to forex trading, commodity trading and other investment opportunities. A total of AU$2.6 million ($1.8 million) was lost this way — and often, consumers only realized something was wrong when they were unable to withdraw funds or contact the fraudster responsible.

According to the Australian Competition and Consumer Commission (ACCC,) almost half of all those who lost money to crypto scams were men aged 25 to 34. The true number of victims could also be much higher, as some may have been too embarrassed to come forward, the report notes.

One victim, who believed they had been given a trial task for a well-paid job, was pressured into converting money at bitcoin (BTC) ATMs and sending it to investors.”Their bank accounts were then frozen as a fraud investigation took place. The unnamed victim said:

“I’m cooperating with the bank and hope to get my accounts unlocked and my name cleared. It’s clear to me now that this was just a money laundering scheme and I fell for it.”

The ACCC is now urging consumers to be wary of unusual payment methods such as crypto, iTunes gift cards and remittance services — especially if the payment request appears to be coming from a government agency.

In March, an Australian crypto fund manager was taken to court by his clients over the loss of AU$20 million ($14 million). It is alleged Stefanos Papanastasiou had requested his clients to transfer money to his wife and sister, and was unable to pay them back when they requested a withdrawal.

24 Countries and IMF Discuss Global Standards of Crypto Regulation

24 Countries and IMF Discuss Global Standards of Crypto RegulationTwenty-four financial authorities and 11 international organizations, including the International Monetary Fund and the World Bank, recently gathered in New York and discussed global standards of crypto regulation. “It is important to consistently implement international standards,” said the chairman of South Korea’s top financial regulator who attended the meeting. Also read: Indian Supreme Court Postpones […]

The post 24 Countries and IMF Discuss Global Standards of Crypto Regulation appeared first on Bitcoin News.

IOTA Finally Awakens, Surges 20% On Big Automobile Partnership

Nothing boosts a cryptocurrency better than news of a big partnership and they have been few and far between during the crypto winter. Many altcoins have simply flat-lined at their lowest levels for a long time but one has recently been revived on the news of a big partnership. Jaguar Land Rover to Offer IOTA…

The post IOTA Finally Awakens, Surges 20% On Big Automobile Partnership appeared first on NewsBTC.

Blockchain Projects Bloom as Crypto Spring Fuels a Fundraising Boom

Blockchain Projects Bloom as Crypto Spring Fuels a Fundraising BoomAs crypto winter subsides, spring has sprung in the cryptosphere, ushering in green shoots of growth across the board. Attention has largely focused on the increase in digital asset prices, as cryptocurrencies have swelled by an average of 40% in 2019. But away from the frothy market action, there is far more tangible evidence that […]

The post Blockchain Projects Bloom as Crypto Spring Fuels a Fundraising Boom appeared first on Bitcoin News.

‘Blockchain Bandit’: How a Hacker Has Been Stealing Millions Worth of ETH by Guessing Weak Private Keys

An interview with a senior analyst at ISE.

Earlier this week, United States-based security consulting firm Independent Security Evaluators (ISE) published a report on private keys for the Ethereum blockchain.

Despite establishing around 700 weak private keys that are being regularly used by multiple people, the researchers found a “blockchain bandit” who has managed to collect almost 45,000 ether (ETH) by successfully guessing those frail private keys. Cointelegraph interviewed Adrian Bednarek, a senior security analyst at ISE, to find out more about what they describe as “ethercombing.”

Research background and chief findings

Bednarek says he discovered the hacker by accident. At the time, he was doing research for a corporate client that planned to implement their own wallet with an integrated key generating algorithm.

“As a security analyst, before you start any assessment, you have to understand the underlying technologies very clearly — basically as if you’re creating them yourself,” he told Cointelegraph.

“Private key generation was one of the components we had to research, and I was going through the basics of what is a private key on Ethereum: How large is it? How is it generated? And how is it used to derive the public key and public address?”

On Ethereum, bitcoin (BTC) or any other major blockchain that supports the ECDSA (Elliptic Curve Digital Signature Algorithm) protocol, private keys are represented by 256-bit numbers. The ISE narrowed it down to eight 32-bit “sub-regions” in the 256-bit key space during their research, because brute forcing a private key within a larger region is meant to be a statistical improbability.

Those eight sub-regions contained an overall amount of 34 billion weaker keys, which the ISE subsequently scanned. “It took an entire day,” Bednarek says.

It is worth stressing that those keys were generated due to a faulty code and faulty random number generators, and the researchers were specifically targeting suboptimal keys.

“Private key is your user ID and your password at the same time,” the security analyst explained while breaking down the basic mechanics. “It’s different than your banking login, where you have your username and a password […] Therefore, when two individual people use the same password for creating a Brainwallet [i.e., wallets that entail passphrases as part of generating private keys] — like ‘password123’ — they will both own the same exact wallet.” As Bednarek puts it, “it’s like linking two people to the same bank account.”

Initially, the ISE specialist found that the private key of “1” *, which was picked because it is the lower bound of a possible private key, was actually being used on the blockchain. Furthermore, it had been involved in several thousand transactions.

* – (0x0000000000000000000000000000000000000000000000000000000000000001, if written using the 256-bit code)

“That was a red flag,” Bednarek recalled. “Why are people using the private key of 1? That shouldn’t be possible.” His team started to scan more keys to see how widespread the problem was. Although the ISE researchers had established that this issue is not particularly omnipresent, they had found as many as 732 weak private keys associated with a total of 49,060 transactions.

“Roughly, there’s about 50 million keys that have been used on [the] Ethereum [blockchain],  and we’ve only discovered 732 of those.”

The blockchain bandit

As mentioned above, during their research, the ISE team noticed how some of the wallets associated with the private keys — found with their suboptimal methods — had a lot of transactions going to a specific address, and no money was coming back out. As Bednarek said in an explanatory video posted on the ISE website:

“There was a guy who had an address who was going around and siphoning money from some of the keys we had access to. We found 735 private keys, he happened to take money from 12 of those keys we also had access to. It’s statistically improbable he would guess those keys by chance, so he was probably doing the same thing. […] He was basically stealing funds as soon as they came into people’s wallets.”

In a conversation with Cointelegraph, Bednarek explained that the hacker (or a group of hackers) had set up a node to automatically swipe funds from addresses with weak keys. To verify that, the researchers used a honeypot: They sent a dollar using a weak private key, which they knew the hacker was aware of, to see how fast it would be taken. The money was gone in a matter of seconds, the ISE employee said:

“If it was a manual thing, maybe it would have been taken within a day or whatever. But as soon as we sent it we went on the blockchain explorer, we saw that there was a transfer going out immediately, within seconds. So basically what he [the hacker] has is a blockchain node that is part of the transaction network set up somewhere. As soon as it sees transactions come in with a private key of which he has knowledge of, it immediately sends a request to transfer the money out.”

As per the data obtained from Etherscan, the hacker’s wallet contains around 45,000 ETH (worth more than $7.3 million, as of the time of writing). At the height of ether’s value, it is estimated that the bandit’s loot could have been sold for more than $50 million.

According to the comment section for the fraudster’s wallet address, it had been stealing funds for several years. One of the comments, purportedly submitted by major ETH wallet provider MyEtherWallet (MEW) features a link to a 2016 Reddit thread titled “Ethereum nodes with insecure RPC settings are actively exploited.” In it, a redditor described setting up an Ethereum node “with its HTTP RPC API exposed to the internet” and getting attacked within a few minutes after going live.

“If you google the [hacker’s] address there’s a lot of people complaining about him,” Bednarek confirms, admitting that the fraudster’s tacts have proven to be quite successful:

“This guy has taken a multi-prong approach to stealing money.”

The security analyst then described the fraudster’s method in greater detail: “One — he is looking at bad private keys. Two — he is looking at weak passphrase-based wallets and misconfigured RPCs. You are not really supposed to expose the RPC of your Ethereum node but sometimes people do, and if you don’t have the password set somebody can basically empty out the default wallet associated with your node.”

But such asset-grabbing is not a problem that is exclusive to the Ethereum blockchain, the ISE security researcher warns. “It [the blockchain] is working as intended, it’s just the way people are using it,” he said, describing an ethics-related problem his team faced while doing their research:

“Before we started on this [the research], we had an ethical dilemma — what if we find the wallet with a key that has a million dollar in it? Do we just leave it there? But if we leave it there, we know it’s behind a bad private key and it is likely to get stolen, therefore we would be somewhat responsible this money getting stolen because we could have notified somebody. But then the second problem is who do we notify? There is no easy way to identify the owner of a private key. Maybe we could take the money temporarily until somebody could prove that it was theirs? But then it creates a lot of legal issues. So the CEO of the company [that they were doing the research for] contacted the IFS for legal advice and they basically said: ‘if you find anything, leave it there. Don’t do any transfers. That way you won’t get yourself into any legal hot water.’”

Security advice and further research

Therefore, according to Bednarek, private keys tend to be vulnerable due to two main factors. The first is coding errors in the software responsible for generating them. Secondly, some crypto owners have a tendency to obtain identical private keys through weak passphrases such as “abc123,” or even leaving them blank.

For instance, the ISE report established that one of the most popular weak private keys is the one generated from an empty recovery phrase — i.e., “   ” — using the Parity wallet. There have reportedly been 8,772 transactions on this address with a total of 5,215,586 ETH transferred.

“For a while Parity let you use a default password of nothing and it would generate the private key based on that,” Bednarek explains, adding that the wallet developer allegedly fixed the issue at some point. “I think they have introduced a minimum password requirements [since then]. It might be just a single character, but you can’t use blank passwords on Parity right now if you’re using the latest version of their software.”

No wallet creators have contacted the ISE yet, according to Bednarek:

“That is an interesting issue because it’s hard to say which wallet was responsible, if there was a wallet at all — it could be just people entering the wrong private keys, it could be early debug versions of wallets, it could be developers themselves. It’s a bit hard to say why this exists and which wallet is at fault. It’s something I don’t think we’ll ever know.”

Bednarek’s main advice for those who are not computer-savvy is to use well-known and trusted wallets, possibly moving to hardware or paper-based wallets if large amounts of cryptocurrency are involved. He said:

“If there’s going to be trading or holding of a lot of currency then use a hardware wallet where the private key will never be revealed. A lot of my friends that are long term holders use paper wallets where they generate a random key and store it on paper so it never touches the computer at all.”

Nevertheless, there’s always some risk involved even when it comes to popular software, Bednarek warned, bringing up the example of the Iota wallet being compromised by a developer from Oxford who was arrested and accused of stealing around 10 million euros last month.

Given that the Iota wallet is open-sourced, its code was publicly posted on Github. At some point, the fraudster modified the random number generator by submitting a change to the code.

“That was done in a very obfuscated way,” Bednarek said. “Even though lots of people could review the code,” they just assumed it should work, according to him.

That way, the hacker was able to see how private keys were generated and reproduce them using his injected code, the ISE specialist explained.

“After lots of people lost lots of money, somebody finally reversed-engineered his modifications to the random number generator and they were able to see that he was creating sequential numbers within the specific range of the key space.”

As for the future, the ISE plans to continue monitoring blockchains and weak private keys at a larger scale. “We will move our scanning method to use GPUs where we will be able to scan 38 billion keys within a matter of seconds,” Bednarek told Cointelegraph.

“As we make the scanning more efficient, we’ll be able to do some crazy things like go after brainwallets or other key generation algorithms that might be faulty. So we’ll expand into different areas to identify more keys.”

Moreover, the security research group is going to publish more information — including faulty public keys — for people to do their own research and stay warned of possible security breaches. “Maybe this will turn into a collaborative effort to help finding some of the causes for this,” Bednarek suggested.

Crypto Market Wrap: Ontology Still Moving on Paxos Partnership

Crypto markets consolidate on Sunday; Bitcoin holding steady, BNB still gaining, Ontology making bigger moves. Market Wrap The weekend has been typically quiet on crypto markets but that is preferable over further declines. Total market capitalization has remained above $170 billion which keeps markets within their range bound channel. Bitcoin snuck over $5,300 a few…

The post Crypto Market Wrap: Ontology Still Moving on Paxos Partnership appeared first on NewsBTC.

Bitcoin Bulls Drive $20 Million into New York-based Crypto Trust

The bitcoin price is down over 74 percent from its record peak near $20,000. But that has not deterred institutional investors from strengthening their bullish positions in the market. The sentiment has led the world’s largest crypto asset investment firm to notch a record capital inflow this week. New York-based Greyscale Investments, a division of…

The post Bitcoin Bulls Drive $20 Million into New York-based Crypto Trust appeared first on NewsBTC.

Report: E*Trade Prepares to Offer Crypto Trading

E*Trade is reportedly ramping up to offer cryptocurrency trading services on its online trading platform.

Online trading firm E*Trade Financial Group is preparing to offer cryptocurrency trading on its platform, sources familiar with the matter told Bloomberg on April 26.

E*Trade will reportedly begin by offering bitcoin (BTC) and ether (ETH) after which it will add other cryptocurrencies.

As one of the largest online trading platforms, E*Trade offering cryptocurrency trading could represent a significant step forward for cryptocurrency adoption. Per the firm’s annual report filed with the United States Securities and Exchange Commission (SEC) on Dec. 31, 2018, E*Trade had 4.9 million brokerage accounts and a total margin receivables balance of $9.6 billion. The firm’s total assets are over $65 billion.

Should E*Trade offer cryptocurrency trading, it would join other online securities trading platforms like Robinhood, which have also stepped into the cryptocurrency space. In May 2018, Robinhood briefly overtook E*Trade in the number of trading accounts on the platform. At that time, Robinhood co-founder Baiju Bhatt said:

“Crypto has certainly added to our growth. In the next couple of years, I think you’ll see Robinhood looking like a full-service consumer finance company.”

Some analysts have recently said that cryptocurrency represents a sound long-term investment for institutional investors. Cambridge Associates, which specializes in pension and endowment consultancy, wrote:

“Despite the challenges, we believe that it is worthwhile for investors to begin exploring this area today with an eye toward the long term. Though these investments entail a high degree of risk, some may very well upend the digital world.’’

Elon Musk’s Deal with Wall Street Watchdog Could Mean Less Tweeting

By CCN: Nobody puts Elon Musk in a corner. Well, maybe the SEC. The Tesla CEO has reached a settlement with the U.S. securities watchdog. According to the court filing, which still requires a judge’s John Hancock, Musk will be tweeting a whole lot less than he’d probably like, certainly less than his 26.1 million followers would like. The deal, which was filed with the U.S. District Court Southern District of New York, means that Musk has agreed not to tweet about financial or production matters related to Tesla without his attorney’s blessing. The restrictive settlement will muzzle an otherwise

The post Elon Musk’s Deal with Wall Street Watchdog Could Mean Less Tweeting appeared first on CCN

Old Twitter Account Gives Away $10K in Bitcoin Cash in 48 Hours 

An Old Twitter Account Gave Away $10K in Bitcoin Cash Tips in 48 Hours Over the last two days, Bitcoin Cash (BCH) supporters have noticed a Twitter handle called @Bitcoininfo tipping a bunch of random individuals and nonprofit organizations significant amounts of BCH. The Twitter profile with 107,000 followers revealed on April 26 that it gave away $10,000 in BCH using the tipping bot Tippr. Also read: Researchers Find […]

The post Old Twitter Account Gives Away $10K in Bitcoin Cash in 48 Hours  appeared first on Bitcoin News.

error: Content is protected !!