Posted on

BSV User Films Himself Supposedly Double Spending his Crypto on a 0-conf Transaction

Bitcoin Cash SV (BSV), the altcoin born after the fork of Bitcoin Cash, seems not to be as secure as Craig Wright says as some hours ago a user reportedly was able to double spend his coins in a “0-conf transaction”.

The double spend is an attack in which a user manages to spend their cryptocurrencies repeatedly taking advantage of vulnerabilities inherent to the nature of consensus algorithms. Generally, the most feasible causes that can facilitate a double spend are a 51% attack or a race attack.

So far there are no records of an attack of this nature to the Bitcoin ( BTC ) network, something that is even more difficult when it is practically a habit that merchants wait for several confirmations or rely on payment processors.

However, given the nature of 0-conf transactions, an attack of this type, although difficult, is also possible and a user with the alias of “reizu”  uploaded a video on Vimeo filming an effective double spend of his BSV tokens:

Reizu Explains What He Did (And How Double Spent His BSV)

The user also wrote about this vulnerability on a blog posted on Honest.cash explaining how he carried out the attack (for educational purposes).

According to his explanation, the root cause of BSV being so vulnerable is because of its centralization. Taking advantage of this situation, he sent multiple expenses through the different nodes which allowed him to prove that the danger is genuine:

Then I had an idea. What if I send each node an unique transaction? Instead of a double-spending, it would be a kind of four-hundred-and-fifty-spending, one for each node of the BSV network … By keeping a record of which node each transaction was sent to (txid), then I could see which transaction is the one that was mined in the next block. That way it would help me for identify the mining nodes.

Indeed, after a few mined blocks I discovered that the transactions that were being mined were those that were sent almost always to the same nodes. I also confirmed what we already knew, that Bitcoin SV mining is very centralized. Specifically:

  • 34% of the hashrate is only 1 node.
  • 59% of the hashrate are 2 nodes.
  • 68% of the hashrate are 3 nodes.
  • 75% of the hashrate are 4 nodes.

Therefore, if there are 450 nodes in the BSV network; transaction T1 could be sent to 446 nodes, transaction T2 sent to 4 nodes, and the odds of transaction T2 being mined would be 75%.

Reizu pointed out that from his point of view, to avoid the possibility of this attack, “nodes must communicate with each other when they receive a double-spending transaction (sending a proof), ignoring it silently does not make sense”. He explained that other solutions are simply less convenient.

After this news broke, some Twitter users wrote to Craig Wright asking for an explanation. Weight simply denied the rumors without providing further logical or technical back to his words

The post BSV User Films Himself Supposedly Double Spending his Crypto on a 0-conf Transaction appeared first on Ethereum World News.

Posted on

$1.2 Billion Dollars Have Been Stolen Since 2017 According to a Report

As cryptocurrencies expand and attract many investors all over the world, there have also been criminals trying to scam users and steal their funds. According to estimates form the Anti-Pishing Working Group, criminals have ben able to steal about $1.2 billion dollars in cryptocurrencies sin the beginning of 2017.

Cryptocurrency Criminals

The research shows that an important number of virtual currencies have been stolen from their owners. These are very alarming numbers for the crypto community. How to avoid being hacked if even top virtual currency exchanges have been affected by hacks?

The estimates that the non-profit group was able to gather, include reported and unreported theft of cryptocurrencies. That includes the most important hacks in the last times, and also minor thefts that couldn’t be reported to local authorities.

Dave Jevans, Chief Executive Officer of the cryptocurrency security firm CipherTrace, explained:

“One of the problems that we’re seeing in addition to the criminal activity like drug trafficking and money laundering using cryptocurrencies is the theft of these tokens by bad guys.”

Additionally, the recovery rate of owners has been 20% of the stolen funds – which is always better than nothing. Though, these numbers could be bigger if other security measures are implemented. But the truth is that law enforcement officials are having trouble to find criminals involved in these thefts.

According to Jevans, the new General Data Protection Regulation (GDPR), will negatively impact the overall security of the internet and will also aid cybercriminals. GDPR rules aims to simplify the rules that companies ned to follow

“By restricting access to critical information, the new law will significantly hinder investigations into cybercrime, cryptocurrency theft, pishing, ransomware, malware, fraud and crypto-jacking.”

Important Hacks

Since the beginning of 2018, the market has experienced different hacks that took place in different virtual currency exchanges. Two of the most important where the Japanese exchange Coincheck and the Italian platform BitGrail.

Coincheck was one of the most important virtual currency exchanges in Japan. At the beginning of the year, the exchange reported that it had been hacked resulting in a loss of 523 million NEM coins – which at that time were valued at $500 million dollars.

The company had to explain the situation to the media giving a press conference. The cryptocurrencies were not properly stored in cold or multi sig wallets, making it very easy for hackers to access the funds.

Another important hack occurred to BitGrail, an Italian cryptocurrency exchange that was focused on Nano tokens (former RaiBlocks / XRB). During a hack that took place at the beginning of February, the company announced that lost 17 million Nano – which price fell from $11.5 to $9.12 dollars.

$195 million dollars have been stolen, which means that between Coincheck and BitGrail they account for an important percent of the total $1.2 billion dollars stolen since the beginning of 2017.

After these two hacks took place, other exchanges decided to impose further security measures to avoid being attacked. It is always advised to users to save their virtual currencies in cold storage wallets.