Category Archives: Blockchain

Verge Is Forced to Fork After Suffering a 51% Attack

Blockchain technology contains advanced security features fundamentally. However the heist occurs in such secure platform are in frequent. The questions of a retrospective and why was hacked? It proof that the problem not given by blockchain technology design flaw. Most likely the root causes are given by end point (client side), operation management (show the privilesge credential in the system event log). Rumors happened yesterday, verge user feared the attacker might use his dominant network position to siphon funds from their accounts. Verge technical team announce that it is a hash attack and it only some blocks were affected during a 3 hour period, not 13 hours. But what do you think? Do you think there is a zero day happens in e-wallet? Headline News can be found in following url.

https://news.bitcoin.com/verge-is-forced-to-fork-after-suffering-a-51-attack/

Hyperledger technology without compromise

It has different fraud found in banking industry in past. The most annoying import and export bills department is the letter of Credit application.  A regulation gap in between cross-border countries. There are fraudulent cases found in banking industry in past. The most annoying topic is the import and export bills department is the letter of Credit application. A regulation gap in between cross-border countries. If is easy to let banking staff not aware fall in trap created by crook. As a result it encountered financial lost.

Whereby the International Chamber of Commerce agree to compliance the Uniform Customs & Practice for Documentary Credits (UCP 600) rule. As times go by many people ask whether the UCP 600 will be revised?

The technologies market practice so far. I heard that Letter of Credit has been replaced by hyperledger. I have seen Microsoft Azure Cloud services is going to target hyperledger, Ethereum types hyperledger platform market. Should you have interest of this technology transformation. Please refer below diagram for reference. By the way, hyperledger services now available on Azure Cloud. For more details, please refer below url for reference.

https://azure.microsoft.com/en-us/blog/announcing-support-for-additional-blockchain-protocols-on-azure/

Heard that Crypto exchange BINANCE faced ‘large scale’ theft attempt

Heard that a rumors on discussion website. A victim stated that an unknown counterfeit cryptocurrency transaction submitted in his account. I retrospectively his discussion detail and feeling that the problem may not happen in his endpoint. The victim stated that he noticed that a 3rd API key has been created, without IP white listing. But the API key not his own belongings. Regarding to the BINANCE Exchange client specification, they support REST API. What if when they are using REST API caching middleware,acting as a reverse proxy between load balancers and your REST API workers. Is there a way let threat actors do the dirty tricks in the cache space?

Should you have interest about this news. Please refer below url for reference.

https://www.ft.com/content/58a32050-22aa-11e8-add1-0e8958b189ea

When will the dream comes true – Retail business operate cryptocurrency as a exchange

Former Chairman of the Communist Party of China (Mao) said that sailed on the sea must relies on helmsman(大海航行靠舵手). The statement looks true. The drinking coffee trend found by STARBUCKS. The STARBUCKS, a founder and leading the coffee market. The founder has business sense to dig out the potential business pipeline in the market. Schultz’s comments to Bitcoin – “I think blockchain technology is probably the rails in which an integrated app at Starbucks will be sitting on top of,”

For those who interested. Better to read this news. Please find below url for reference.

https://www.foxbusiness.com/features/starbucks-chairman-schultz-hints-at-blockchain-app

Blockchain technology can do the magic – EU GDPR new data protection regulation

Preface:

The movie title – when harry met Sally romantic. It is a comedy film written by Nora Ephron. It gives an idea to the world all we are interconnected with fate.

GDPR – High Level Understanding

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

GDPR principle

General Data Protection Regulation are, quite literally, data protection model. Details are shown as below:

  • Establish data privacy as a fundamental right
  • Clarify the responsibilities for EU data protection
  • Define a base line for data protection
  • Elaborate on the data protection principles
  • Increase enforcement powers

In regards to GDPR, how does blockchain technology assists?

Blockchains are secure by design.Each block typically contains a cryptographic hash of the previous block. By foundation, a blockchain is inherently resistant to modification of the data. This is exactly fulfill the GDRP mandatory requirements. Let’s take a simple understanding of the requirements of data controller.

  • (Article 24) – be accountable, demonstrate compliance
  • (Article 25) – Adopt privacy by design
  • (Article 27) – If not in the EU, appoint a representative
  • (Article 28) – Take care when using 3rd parties (Processors)
  • (Article 30) – Keep records of processing
  • (Article 32) – Do security well
  • (Article 33) – Tell the regulator if they have a breach (72 hours)
  • (Article 34) – Tell Data Subjects about some breaches
  • (Article 35 and 36) – Do privacy impact assessments
  • (Article 37,38 and 39) – appoint a Data Protection Officer where specified

Let’s see how blockchain technology addressing these subject matters

Perhaps reader not interested to read a whole bunch of words.An explicit view and explanation in below informative diagram.

Reminder – New EU GDPR will be effective in May 2018

END of discussion.

Evade sanctions or this is our new world trend – petroleum cryptocurrency

The legitimacy of the crypto currency provides misty seen to everybody. Heard that  it is legal in some countries. However it cannot maintain the legitimacy since we must following the traditional financial currencies system guideline and policy. But think it over. In ancient age, people using material change concept. The revolution of the change since the printing currency depends on country’s gold deposits. Perhaps 80’s we do not have key terms so called digital transformation. From technical point of view, there is no technical issue on printing currency depends on country’s petroleum (Oil). This theory now came true. Venezuela is the 1st country issues crypto currency. The specification of the crypto currency is the oil-backed token as a form of legal tender. It looks that such theory is the alternative solution let’s some countries evade international sanction. From scientific perspective this is the correct way. Why we need to keep a classic financial technology without end of life cycle. Iran is considering the development of its own cryptocurrency now (see below url for reference).

https://www.cnbc.com/2018/02/22/iran-becomes-latest-rogue-state-to-develop-its-own-cryptocurrency.html

My imagination – New way of money laundry evade regulations

We heard turmedous crypto currency heist this year (see below). Do you  think is it a trick? Let’s think it over. The refund of the fees after heist is a grey area of regulator custodian.Since the money is a new sources far away from criminal activities revenue.How to using legal regulation forfeiting their money.Let’s think it over. How to dick out the money on a secure platform. Is it luck or counterfeit message with phishing technique. I believe that this is a old technique. How to evade the legal enforcement proceed legal action to forfeiting their money. End of Jan 2018 – Coincheck $530 million cryptocurrency heist may be biggest ever 2nd week of Feb 2018 – BitGrail Cryptocurrency Exchange Becomes Insolvent After Losing $170 Million.

Feb 2018 – BitGrail Cryptocurrency Exchange Becomes Insolvent After Losing $170 Million:

https://www.youtube.com/watch?v=Sb2_ZBcS7NE

Jan 2018 – Coincheck heist discussion:

Doubt – $530 million cryptocurrency heist

Doubt – $530 million cryptocurrency heist

As we know the most common cryptocurrencies are Bitcoin, Ethereum,Ethereum Classic, Monero, Litecoin, OmiseGO, Ripple & Zcash. Fundamentally NEM Smart Asset System more secure than bitcoin. The NEM Blockchain utilizes a Proof-of-Importance calculation (rather than Bitcoin’s Proof-of-Work or PIVX’s Proof-of-Stake) to accomplish accord through a procedure that boosts dynamic support in the system. NEM is a peer-to-peercryptocurrency and blockchain platform launched on March 31, 2015. But the value of each coin is underestimation. Why hacker target to NEM. Do you think hacker willing to engage hacking in difficult way ?

Information update on 29th Jan 2018 – CNN claimed that this cryptocurrency heist is the biggest amount. Such huge value of financial lost wasn’t happened before! See below url for reference.

http://money.cnn.com/2018/01/29/technology/coincheck-cryptocurrency-exchange-hack-japan/index.html

Another reference:

My speculation – How’s coincheck loses ¥58 billion dollars value of cryptocurrency

My speculation – How’s coincheck loses ¥58 billion dollars value of cryptocurrency

Incident background:

Japan-based company said hackers broke in at 02:57am local time on Friday (12:57pm EST on Thursday, 25 January).

Financial lost: ¥58 billion dollars value of cryptocurrency

Cryptocurrency type: NEM (XEM)

Victim: coincheck.com

Cyber attack historical incident record

The most recent cryptocurrency heist happened on February 2014. The victim firm is Mt. Gox. A bitcoin exchange in Japan. The heist value amount less than ¥48 billion. Coincheck started in August 2014 and is operated by Coincheck, inc. Similar of incident did not happen in past.

Coincheck current cyber defense mechanism

Coincheck provides Two-Factor Authentication and Cold Storage.

Remark: Cold storage in the context of Bitcoin refers to keeping a reserve of Bitcoins offline. Methods of cold storage include keeping bitcoins: On a USB drive or other storage media. On a Paper wallet.

Coincheck follow JBA’s guidelines to ensure customers can have use coincheck’s services in secure (For more details, please see below url for reference).

http://jada-web.jp/wp-content/uploads/2015/01/SummaryofGuidelinesforJADA_v1-0_20141023.pdf

Secure Random Number Genaration – Customer don’t need to worry about vulnerability because coincheck’s wallet use RFC6979, a secure way for generating random numbers.

Remark: RFC 6979 makes ECDSA DPA vulnerable at 2 levels.

  • Control all in first step of RFC, except x which is the secret key K=HMAC_K(V || 0x00 || int2bytes(x) || bits2bytes(h1))
  • s = kinv (h + r.d): kinv is not known but always fixed for the same input

Key factor found on this incident

Yusuke Otsuka, Chief Operating Officer of Coincheck, said the stolen funds were kept in an online ‘hot wallet’ as opposed to a much more secure offline ‘cold wallet.’ However the officical spokeman says that bitcoins are to be stored offline when they are not being traded. Meanwhile CEO Koichiro Wada said its bitcoins were indeed stored offline but that the more than 5 million NEM coins that were stolen were not.

Observation:

According to the NEM (XEM) platform architecture (refer to above diagram) and the statement provides by the CEO (see below). A hints bring my attention to their company internal network. See whether is there insider threat happen in their office?

Quote: “bitcoins were indeed stored offline but that the more than 5 million NEM coins that were stolen were not.”

Speculation:

It looks that implant malicious code then infiltrate malware to the distributed ledge system not easy to success. Since two factor authentication has been implemented. And therefore each transaction will be acknowledged on both parties (bitcoin exchange and end user). May be you can say hacker can counterfeit the SMS message by SS7  flaw. However such huge amount of transaction will be waken support staff.  So I believe that the cyber incident happen this time may have following possibilities.

  1. Phishing email embedded web site cross site scripting and CSRF token is a popular way to stolen the user credential.
  2. Admin console or workstation encountered malware infection.
  3. A Zero day encountered on their open source application.

Summary:

Above assumption is my speculation on hearsay evidence and headline news. Let’ me keep my eye open and provide the status update to you guys afterwards.

Reference – information update on 28th Jan 2018

https://www.japantimes.co.jp/news/2018/01/27/national/cryptocurrency-exchange-coincheck-loses-58-billion-hacking-attack/

https://www.reuters.com/article/us-japan-cryptocurrency/hacked-tokyo-cryptocurrency-exchange-to-repay-owners-425-million-idUSKBN1FH03D

Information update on 29th Jan 2018 – CNN claimed that this cryptocurrency heist is the biggest amount. Such huge value of financial lost wasn’t happened before! See below url for reference. As we know the most common cryptocurrencies are Bitcoin, Ethereum,Ethereum Classic, Monero, Litecoin, OmiseGO, Ripple & Zcash. Fundamentally NEM Smart Asset System more secure than bitcoin. The NEM Blockchain utilizes a Proof-of-Importance calculation (rather than Bitcoin’s Proof-of-Work or PIVX’s Proof-of-Stake) to accomplish accord through a procedure that boosts dynamic support in the system. NEM is a peer-to-peercryptocurrency and blockchain platform launched on March 31, 2015. But the value of each coin is underestimation. Why hacker target to NEM. Do you think hacker willing to engage hacking in difficult way ?

http://money.cnn.com/2018/01/29/technology/coincheck-cryptocurrency-exchange-hack-japan/index.html