Posted on

What Happened When A Secret Bitcoin Key Went Public

At least one bitcoin mystery can be checked off our lists.

The long-awaited reveal of the private keys connected to a now-defunct alert system built into bitcoin occurred Monday through an email by two Bitcoin Core developers, Bryan Bishop and Andrew Chow.

In the email, the two wrote that the reason for full disclosure of the bitcoin alert keys was to “mitigate the effects of unknown dissemination and proliferation of the keys.” Further, Bishop and Chow emphasized that these keys would no longer pose risk to the bitcoin network, explaining that “the bitcoin alert system has been completely retired.”

Retired or not, social media kicked into overdrive once news about this bitcoin secret having finally gone public caught wind.

Part of the chatter was for Bishop himself, who gave a talk the following day after releasing the private keys at a conference in Portugal. He spoke about the vulnerabilities of the retired alert system and why the project to get rid of the whole system started back in 2016.

‘The Disclosure Is OK’

While the project started in 2016, one of the reasons behind why the keys stayed private until now was due to the danger full disclosure could pose to cryptocurrencies that still use an older version of the bitcoin code.

However, as explained by Pavol Rusnak, CTO of SatoshiLabs, the danger is presently limited to only one cryptocurrency, according to a script he ran checking the “sources of all altcoins on GitHub” and finding “only one that still has the alert key present.”

As such, for Bishop, his confirmation of the bitcoin alert system being sufficiently “dead” is reason enough for why “the disclosure is OK” as he explained in a rather exasperated tweet.

But alert systems, in general, aren’t all dead.

In fact, as Bishop and Chow say in their email, developers of cryptocurrencies wishing to use something like the bitcoin alert system but without the same vulnerabilities of private alert keys being hijacked can indeed implement “a few very simple fixes,”

Namely, developers have the option of downloading a recommended patch to “safeguard nodes from the aforementioned issues” accessible on the popular code-sharing website, GitHub.

While some of the vulnerabilities caused by the bitcoin alert system are addressed through this code update, certain vulnerabilities to developers could only be mitigated by publicizing the private alert keys, which is why to one user, the full disclosure was a “final step” in removing the whole bitcoin alert system once and for all.

Power in secrecy

Part of the reason for why full disclosure was necessary came down to the secrecy shrouding the original list of people and organizations who held possession of these private keys in the first place.

Indeed, any secret possession of the key would, in theory, open the risk of broadcasting false messages to nodes across the network.

In a tweet posted on June 14, Bishop wrote a message coded in one of the bitcoin alert key signatures to challenge Craig Wright to write a response in the same way, if he indeed had knowledge of this private information only known to a select few at the time.

Despite the open invitation to contradict his claim, Craig Wright did not respond, much to the dismay of some on Twitter.

In sum, “by broadcasting the values to make them available to everyone, the value of the keys is intended to be eliminated, since now everyone could feasibly sign messages, the value of the signed messages becomes zero,” Bishop and Chow wrote.

Or, as one observer noted on social media, possession of the alert keys makes everyone Satoshi – sort of.

Lock and key via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Jimmy Wales: Blockchain Can’t Be Banned

The name Jimmy Wales (born August 7, 1966), may not sound familiar to those outside the world of IT, but when it is taken into consideration that his name appears in the Time magazine as one of the 100 most influential people of 2006, his credibility and prestige begin to prove evident.

“Jimbo” (his moniker) became world famous thanks to the success of Wikipedia, which has already become an international reference for the search for information.

He is currently working on a new project: WikiTribune, which seeks to revolutionize the world of journalism through a platform that promotes impartiality and fights fake and unsubstantiated news.

During the BlockShow Conference in Berlin, Jimy Wales was interviewed by Cointelegraph about his career prospects. The vision he showed about the world of cryptos and blockchain technologies is quite compelling.

Concerning cryptocurrencies, Catherine Ross, the interviewer, asked him if he was still holding to his previous statements in which he said he considered cryptocurrencies to be a bubble. Jimmi Wales joined the “Crypto is a Bubble” team, but with a reasonably objective vision:

“When I say something is a bubble, it doesn’t mean that I think there’s nothing of value there. It means there’s a lot of noise and there’s a lot of investment money flowing in, and a lot of things are being invested into what does not actually make sense. A lot of projects are going to fail, but we additionally have a lot of scams, a lot of theft, a lot of crazy things happening. So, I just ask people to be careful.”

He mentioned that he was not a crypto investor although he did accept that he had “some crypto here and there.”

Jimmy “Jimbo” Wales

He also noted that he had no particular interest in projects based on blockchain technologies, but did not deny the possibility of diving into the pool if any idea was meaningful.

Regarding the issue of the regulation of cryptomarket and ICOs, he pointed out that it makes no sense to consider extremist positions such as those of some politicians seeking to ban their use, but he was emphatic in stressing that it is necessary to innovate in a new legal framework adapted to this reality:

“Blockchain as a technology is not something that needs regulation. You’ll occasionally hear a politician saying, “We need to ban cryptography,” but that’s stupid and crazy and you’re never going to do it with math. You can’t ban math. You can’t ban blockchain. It’s math.”

At the same time, we see a lot of things going on that it’s very difficult to say they’re anything other than just scams. People are making millions of dollars of other people’s money with no accountability and that deserves law enforcement for investigation.

We see a lot of the hacks and Bitcoin or other coins being stolen because somebody hacked the server and got the keys. That’s what the police are for, right? Ideally. I feel like there’s been far too little response. You know, if you walked into Citibank and walked out with 56 million dollars’ worth of gold… You went, and you picked a lock and you stole the actual gold [and put it in] the back of a truck, then there’d be an army of FBI agents investigating this.

I feel like a lot of the cryptocurrency thefts have gone [unsolved]. The police are like, “We don’t know what to do,” so they do very little. That’s not to criticize them, that’s just the fact that we don’t see the right kind of law enforcement response. People don’t think about it as regulation, but of course it’s against the law to steal things.”

For Jimmy Wales, the fact that there are so many scams and hacks is a situation that, in addition to tarnishing the image of cryptocurrencies, hinders the revolution they could bring along.

Jimmy Wales on Government Adoption

On the adoption of blockchain technologies by governments, Jimmy Wales was enthusiastic but cautious. For him, governments would be risking too much on a technology they cannot tolerate failing:

“They need to be very cautious and very careful. I think particularly when they’re dealing with taxpayer money, there’s a very good reason to be extremely cautious about new technologies … It doesn’t mean that we won’t necessarily move in that direction, but I want to see governments moving very cautiously in this space.”

To see the full video click here:

[embedded content]

Posted on

Charlie Lee: Litecoin is “Extremely Secure”

In a recent tweet, Charlie Lee stated that Litecoin is an extremely secure cryptocurrency, discarding the possibility of a 51% attack.

The tweet calms the anguish of many users given the recent wave of attacks on several altcoins as a result of the exploitation of their consensus algorithms.

Recently, Verge (XVG) suffered two 51% attacks as a result of an induced reduction in the difficulty of its mining. Verge uses five consensus algorithms, being Scrypt — the same one used by LTC — one of them.

The hacker’s M.O was to attack only one consensus algorithm instead of all five. They chose Scrypt, something that could have triggered some alarms.

According to Charlie Lee, Litecoin is extremely secure because it is the leading crypto using that precise consensus algorithm.

By his reasoning, having a much higher market cap than the rest of its “sisters,” the costs associated with a hack would be higher than the profits.

He advised relying mostly on the most important crypto of each consensus algorithm as a security measure.

Also, Mr Lee published a series of studies that show how easy it is to carry out 51% of attacks, mainly due to the reduction in energy costs.

¿What Makes Litecoin “Extremely Secure”?

However, speaking about Litecoin, Charlie Lee thinks “miners won’t attack and kill their cash chickun,” that is to say, even if they associate themselves, the damage caused by a miners’ attack would considerably reduce their profitability.

Litecoin is 99% dominant in the ecosystem of Scrypt-based PoW altcoins. The amount of resources needed for a hack is hundreds of times higher than its nearest competitor:

Other reasons Charlie Lee pointed out for promoting confidence in his altcoin were:

  • Pools are well distributed (largest 22%)
  • Hashrate up 50x (past 1 year)
  • High capital costs to attack ($322-761MM + ~$38-50k/hr)

The problem of pool mining has been widely criticized along with the design of ASICS for cryptos with non-ASIC-friendly algorithms such as Litecoin, Ethereum or Monero.

This situation has been resolved in many ways depending on how the proponents deal with the issue:

  • Monero is the most active and categorical. They automatically announced a fork to avoid their ASIC mining.
  • Ethereum had a strong movement that wanted to make a fork like Monero. However, Vitalik Buterin opposed and preferred to focus on his migration to PoS.
  • Litecoin made no substantial changes to its configuration, including Charlie Lee saying that ASICS could be a good opportunity for innovation.

At this time, Litecoin is quoted at a price of 116$ according to coinmarketcap.com data.

Neither Verge nor the rest of the altcoins’ spokespersons have issued any statements regarding Mr Lee’s tweets

Posted on

BitGo Co-Founder Ben Davenport Is Stepping Down

Ben Davenport, a co-founder of blockchain security startup BitGo, is stepping down as chief technology officer.

Starting next week, he will work part time as an advisor, he said in a statement Friday.

He said he intends to spend some time with his family and the broader bitcoin community as he determines his next steps. Ben Chan, another employee at the company, will take over as CTO.

“When [co-founder Mike Belshe] and I met, we had a shared vision to build an infrastructure company that would play a crucial role in speeding the adoption of bitcoin,” he wrote, adding:

“It was a big vision for a few guys in a tiny room, and the path was by no means straight or easy … But today, BitGo is the most trusted name in enterprise digital asset security, provides services for 20 different coins or tokens, and handles over $10 billion of transactions monthly. And BitGo is just getting started.”

Davenport said that while “there’s never an easy time to leave,” this is a good moment, given the company’s recent acquisition of the asset custodian Kingdom Trust, and the strength of the remaining team, including his successor.

“It’s incredible to think that Bitcoin didn’t even exist 10 years ago. And yet we’re still just in the first couple miles of a marathon. I’m incredibly grateful to have been able to do my small part, though I hope it will not be my last contribution by any means. HODL on,” Davenport wrote.

Bitcoin security image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Ethereum Security Flaws and Developments: Devcon3 Discussion

Martin Swende – Ethereum Foundation Lead ended his lecture on security and smart contracts security on the note: “Everyone here is a target for attack. Be paranoid.”

There was The DAO hack, where millions of dollars in ether was stolen due to a smart contract bug. There was the time ethereum transactions slowed because of an unknown attacker – this on one of Swende’s first days working on the protocol, no less. And then just a few months ago, ethereum client Parity lost $30 million after being hacked.

Keeping in mind the various BTC related attacks.

Having said that, enthusiasts and developers believe that there is much room for improvement when it comes to Ethereum’s security despite its ‘era-changing’ technology.

On the second day of this years Devcon event, much was talked around the security of smart contracts as their vulnerabilities in the code are the origin where many are loosing money.

The CTO of Zeppeling [blockchain security company] – Manual Araoz, commented on the matter as 2016 was the dark age of ethereum’s security however there are improvements that took place and are being made.

Just to have in mind, upgrading the smart contracts security or anything once they are running is very problematic. If there is a bug in the code of the contract which is made without safeguards there is no hope for developers to improve it.

However, a new OS project by Zeppelin is on the work which will make it very much easier to ‘edit’ around the code once it is on the ‘go-phase’.

“If we have a bug or need to improve the program, we can do so. It can be used to fix production code,” he said.

While it doesn’t solve the upgrading problem completely, the project provides a new tool – and these additions to the ethereum developer toolbox are acknowledged widely as moving smart contract security ahead.

Another project unveiled at the event, Securify is touted as a “push-button security auditing tool.” Revealed in a session titled “Not Your Grandma’s Smart Contract Verification,” it offers an easy interface for developers to plug in smart contracts and check for certain types of bugs.

However, this is not like there will not be any problem left related to the security of the self-execute contracts as every project talk, idea or discussion ended with a warning or list of problems.

For example – RSK’s Lerner – mentioned that he takes apart initial coin offering (ICO) contracts in his spare time and spots many obvious bugs. The fact that token issuers are now soliciting the help of security experts to audit their smart contract code is a good sign, he said.

On a general idea – Swende of the Ethereum Foundation added:

“The hacking scene has changed tremendously. The revenue stream for hackers was with botnets for denial of service attacks; that’s pretty difficult to build. Now, after crypto, it’s so monetizeable, and there are low risks,”

As a initiative step for all crypto-related individuals is to be worried and vigilant – ended Swende.