Crypto currency world Trivia: Most crypto exchange are currently licensed at United States level as money transmitter businesses.
Status update on Mar 2018:
US regulators have stated their desire to implement more oversight at the federal level.
Reference URL: https://sg.finance.yahoo.com/news/crypto-exchange-bittrex-compliant-sec-225148555.html
Heard that a rumors on discussion website. A victim stated that an unknown counterfeit cryptocurrency transaction submitted in his account. I retrospectively his discussion detail and feeling that the problem may not happen in his endpoint. The victim stated that he noticed that a 3rd API key has been created, without IP white listing. But the API key not his own belongings. Regarding to the BINANCE Exchange client specification, they support REST API. What if when they are using REST API caching middleware,acting as a reverse proxy between load balancers and your REST API workers. Is there a way let threat actors do the dirty tricks in the cache space?
Should you have interest about this news. Please refer below url for reference.
https://www.ft.com/content/58a32050-22aa-11e8-add1-0e8958b189ea
Former Chairman of the Communist Party of China (Mao) said that sailed on the sea must relies on helmsman(大海航行靠舵手). The statement looks true. The drinking coffee trend found by STARBUCKS. The STARBUCKS, a founder and leading the coffee market. The founder has business sense to dig out the potential business pipeline in the market. Schultz’s comments to Bitcoin – “I think blockchain technology is probably the rails in which an integrated app at Starbucks will be sitting on top of,”
For those who interested. Better to read this news. Please find below url for reference.
https://www.foxbusiness.com/features/starbucks-chairman-schultz-hints-at-blockchain-app
Preface:
The movie title – when harry met Sally romantic. It is a comedy film written by Nora Ephron. It gives an idea to the world all we are interconnected with fate.
GDPR – High Level Understanding
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
GDPR principle
General Data Protection Regulation are, quite literally, data protection model. Details are shown as below:
In regards to GDPR, how does blockchain technology assists?
Blockchains are secure by design.Each block typically contains a cryptographic hash of the previous block. By foundation, a blockchain is inherently resistant to modification of the data. This is exactly fulfill the GDRP mandatory requirements. Let’s take a simple understanding of the requirements of data controller.
Let’s see how blockchain technology addressing these subject matters
Perhaps reader not interested to read a whole bunch of words.An explicit view and explanation in below informative diagram.
END of discussion.
The legitimacy of the crypto currency provides misty seen to everybody. Heard that it is legal in some countries. However it cannot maintain the legitimacy since we must following the traditional financial currencies system guideline and policy. But think it over. In ancient age, people using material change concept. The revolution of the change since the printing currency depends on country’s gold deposits. Perhaps 80’s we do not have key terms so called digital transformation. From technical point of view, there is no technical issue on printing currency depends on country’s petroleum (Oil). This theory now came true. Venezuela is the 1st country issues crypto currency. The specification of the crypto currency is the oil-backed token as a form of legal tender. It looks that such theory is the alternative solution let’s some countries evade international sanction. From scientific perspective this is the correct way. Why we need to keep a classic financial technology without end of life cycle. Iran is considering the development of its own cryptocurrency now (see below url for reference).
We heard turmedous crypto currency heist this year (see below). Do you think is it a trick? Let’s think it over. The refund of the fees after heist is a grey area of regulator custodian.Since the money is a new sources far away from criminal activities revenue.How to using legal regulation forfeiting their money.Let’s think it over. How to dick out the money on a secure platform. Is it luck or counterfeit message with phishing technique. I believe that this is a old technique. How to evade the legal enforcement proceed legal action to forfeiting their money. End of Jan 2018 – Coincheck $530 million cryptocurrency heist may be biggest ever 2nd week of Feb 2018 – BitGrail Cryptocurrency Exchange Becomes Insolvent After Losing $170 Million.
Feb 2018 – BitGrail Cryptocurrency Exchange Becomes Insolvent After Losing $170 Million:
https://www.youtube.com/watch?v=Sb2_ZBcS7NE
Jan 2018 – Coincheck heist discussion:
As we know the most common cryptocurrencies are Bitcoin, Ethereum,Ethereum Classic, Monero, Litecoin, OmiseGO, Ripple & Zcash. Fundamentally NEM Smart Asset System more secure than bitcoin. The NEM Blockchain utilizes a Proof-of-Importance calculation (rather than Bitcoin’s Proof-of-Work or PIVX’s Proof-of-Stake) to accomplish accord through a procedure that boosts dynamic support in the system. NEM is a peer-to-peercryptocurrency and blockchain platform launched on March 31, 2015. But the value of each coin is underestimation. Why hacker target to NEM. Do you think hacker willing to engage hacking in difficult way ?
Information update on 29th Jan 2018 – CNN claimed that this cryptocurrency heist is the biggest amount. Such huge value of financial lost wasn’t happened before! See below url for reference.
http://money.cnn.com/2018/01/29/technology/coincheck-cryptocurrency-exchange-hack-japan/index.html
Another reference:
My speculation – How’s coincheck loses ¥58 billion dollars value of cryptocurrency
Japan-based company said hackers broke in at 02:57am local time on Friday (12:57pm EST on Thursday, 25 January).
Financial lost: ¥58 billion dollars value of cryptocurrency
Cryptocurrency type: NEM (XEM)
Victim: coincheck.com
The most recent cryptocurrency heist happened on February 2014. The victim firm is Mt. Gox. A bitcoin exchange in Japan. The heist value amount less than ¥48 billion. Coincheck started in August 2014 and is operated by Coincheck, inc. Similar of incident did not happen in past.
Coincheck provides Two-Factor Authentication and Cold Storage.
Remark: Cold storage in the context of Bitcoin refers to keeping a reserve of Bitcoins offline. Methods of cold storage include keeping bitcoins: On a USB drive or other storage media. On a Paper wallet.
Coincheck follow JBA’s guidelines to ensure customers can have use coincheck’s services in secure (For more details, please see below url for reference).
http://jada-web.jp/wp-content/uploads/2015/01/SummaryofGuidelinesforJADA_v1-0_20141023.pdf
Secure Random Number Genaration – Customer don’t need to worry about vulnerability because coincheck’s wallet use RFC6979, a secure way for generating random numbers.
Remark: RFC 6979 makes ECDSA DPA vulnerable at 2 levels.
Yusuke Otsuka, Chief Operating Officer of Coincheck, said the stolen funds were kept in an online ‘hot wallet’ as opposed to a much more secure offline ‘cold wallet.’ However the officical spokeman says that bitcoins are to be stored offline when they are not being traded. Meanwhile CEO Koichiro Wada said its bitcoins were indeed stored offline but that the more than 5 million NEM coins that were stolen were not.
According to the NEM (XEM) platform architecture (refer to above diagram) and the statement provides by the CEO (see below). A hints bring my attention to their company internal network. See whether is there insider threat happen in their office?
Quote: “bitcoins were indeed stored offline but that the more than 5 million NEM coins that were stolen were not.”
It looks that implant malicious code then infiltrate malware to the distributed ledge system not easy to success. Since two factor authentication has been implemented. And therefore each transaction will be acknowledged on both parties (bitcoin exchange and end user). May be you can say hacker can counterfeit the SMS message by SS7 flaw. However such huge amount of transaction will be waken support staff. So I believe that the cyber incident happen this time may have following possibilities.
Above assumption is my speculation on hearsay evidence and headline news. Let’ me keep my eye open and provide the status update to you guys afterwards.
Reference – information update on 28th Jan 2018
Information update on 29th Jan 2018 – CNN claimed that this cryptocurrency heist is the biggest amount. Such huge value of financial lost wasn’t happened before! See below url for reference. As we know the most common cryptocurrencies are Bitcoin, Ethereum,Ethereum Classic, Monero, Litecoin, OmiseGO, Ripple & Zcash. Fundamentally NEM Smart Asset System more secure than bitcoin. The NEM Blockchain utilizes a Proof-of-Importance calculation (rather than Bitcoin’s Proof-of-Work or PIVX’s Proof-of-Stake) to accomplish accord through a procedure that boosts dynamic support in the system. NEM is a peer-to-peercryptocurrency and blockchain platform launched on March 31, 2015. But the value of each coin is underestimation. Why hacker target to NEM. Do you think hacker willing to engage hacking in difficult way ?
http://money.cnn.com/2018/01/29/technology/coincheck-cryptocurrency-exchange-hack-japan/index.html
Preface:
The cyber attack wreak havoc today. Perhaps system applications and operation system hard to avoid vulnerability occurs because of short development cycle. Crypto currency might change the financial world. However there are more and more topics are under development.
Technology background
Ethereum is an open software platform based on blockchain technology that enables developers to build and deploy decentralized applications.
What language is Ethereum written in?
There are four official reference implementations available (see below)
Golang, C++, Python and Java
The non-officially but fully working program language are Rust, Ruby, JavaScript and Solidity. However there are design limitation occurs on Golang which causes software developers decide not to use.
Why “Go” language not have been chosen by software program developers?
The question about generics in Go is years old, and has been discussed up and down and forth and back across the Go forums, newsgroups, and email lists. However Go is a language with an intentionally restricted feature set; one of the features that Go leaves out being user-defined generic types and functions.
In short, it looks that Go language lack of traditional program language flexibility. Perhaps Go (Golang) libraries work best for scientific computing. A comment consensus is that Go might evolve into the perfect high performance computing language for scientific use. And therefore programming developer prefer to make use of other programming language.
However cyber world similar a dangerous zone. The operation system, application and hardware are difficult to avoid their design weakness (vulnerabilities). The situation sounds like a cancer in Human body. The cancer evoluted by a normal human being cell.
There are vulnerabilities found on cpp-ethereum last year end. A status update released on 18th Jan 2018.
Should you have interest of this topic, please find below details for reference.
An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum’s JSON-RPC
https://nvd.nist.gov/vuln/detail/CVE-2017-12113
An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service.
https://nvd.nist.gov/vuln/detail/CVE-2017-12119
An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum’s JSON-RPC
https://nvd.nist.gov/vuln/detail/CVE-2017-12116
An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum’s JSON-RPC
https://nvd.nist.gov/vuln/detail/CVE-2017-12115
An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum’s JSON-RPC
https://nvd.nist.gov/vuln/detail/CVE-2017-12112
An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum’s JSON-RPC
https://nvd.nist.gov/vuln/detail/CVE-2017-12114
An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum’s JSON-RPC
https://nvd.nist.gov/vuln/detail/CVE-2017-12118
An exploitable improper authorization vulnerability exists in miner_start API of cpp-ethereum’s JSON-RPC
https://nvd.nist.gov/vuln/detail/CVE-2017-12117
An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service.
https://nvd.nist.gov/vuln/detail/CVE-2017-14457
Summary:
There were 40,135 transactions on Ethereum blockchain on 5/17/2017. On January 25, 2018 Ethereum now is a bit over $1050. Perhaps of the crypto currency value it will lure the interest of the hacker. As usual another vulnerabilities or zero day cyber attacks might happen later on. So make sure that you have remediation and mitigation procedure if your Ethereum back-end is develop by C++.
A new mantra , some people quit the bitcoin business whereby some people catch up immediately! Such statement precisely describe current situation of bitcoin industry. A South Korean bitcoin exchange has filed for bankruptcy after being hacked again. They are decide to quit. It surprise to us with advanced secure platform causes such tragedy. But malware infection and DDoS attack not green to IT world today. Be brave to facing difficulties. Your new era is coming. A visible hints to re-engineering your cyber defense model in according of Lockheed Martin the Seven Ways (Cyber Kill Chain). You can figure out existing weakness of bitcoin technology architecture model. Perhaps sad feeling bring to bitcoin world is that they did not paid the attention on end-point wallet security management and manged security services. The trend is on the way, even though we are not belongs to this industry. Let’s you and me become the witness of this age!
More details of Youbit Bitcoin exchange quits operation see below url:
Dig out more in regards to e-wallet security information see below url: