Posted on

BitPico: BCash Defense Against an Attack is to “Censor, Manipulate, Blame and Cry”

BitPico, the anonymous group of developers known in the crypto sphere for the tests they conducted on the integrity of several blockchains, has announced that they are preparing an attack on the Bitcoin Cash network to evaluate how well it can withstand such stress.

According to BitPico, the intention is to find out whether Bitcoin Cash is a blockchain with a high level of centralization or is it transparent about its degree of decentralization.

The account says they expect to conduct a progressive stress test of up to 5000 nodes in 6 weeks, with the intention of seeing the consequences and testing the integrity of the network.

However, one of the most prominent threats is the security they claim to have of being able to fork the chain and verify that a 51% attack is possible.

The group has earned an important reputation for being able to perform stress tests on various platforms. One of the most common ways is to perform an excesive number of operations and requests, or DDoS attacks.

The BCH community in Reddit which, curiously enough, is more active in r/BTC than in the official Reddit of said altcoin r/BCH has criticized the announcement. Some question its veracity while others criticize that the attack may be more than just ethical hacking.

Reddit user chainxor commented that performing a 51% attack would be extremely costly and highly unlikely to happen for at least one group with little investment capacity.

BitPico: “Attacks” Also Happen on Social Media

After the news broke, other media outlets criticized BitPico’s seemingly dishonest intent and were quick to discredit it, calling into question its reputation for unsuccessfully attacking the LN network.

Faced with these statements, BitPico directly questioned the low level of impartiality of the article. For Bitpico, BCH uses some media to censor facts and manipulate information.

They mention that BCH’s “only defense is to censor, manipulate, blame and cry.”

A Little More Technical:

A few days ago, BitPico tweeted a transcript of an unpublished interview for Coindesk. In the sample the procedure that would follow to carry out the attacks on the network of BCH and to try a fork of the famous altcoin:

– Why do you think you’ll be able to fork the blockchain?

There are only a handful of mining pools and not enough nodes to enforce network rules; isolating majority of these nodes allows us to utilize our own nodes to withhold blocks and/or headers, reject blocks and/or headers, purposefully fail to relay block’s and/or headers and so on.

Recently the Bitcoin Cash network has hard forked to accept 32 Megabyte blocks. With a combination of sybil attacks and our farm producing 32 Megabyte blocks (in-advance) we can inject enough blocks to induce latency and churn into the network so that miners will fall behind on consensus and begin to build their own chains since we will have isolated all of the miners nodes to our own nodes with different rules regarding blocks sizes they are willing to accept.

At this point anyone can double-spend at any Bitcoin Cash Zero Confirmation merchant, even from a light client and with zero-effort; the funds will simply show back up once


Posted on

Hackers Are Stuffing Monero Ransom Notes Inside DDoS Attacks

Privacy-centric cryptocurrencies like Monero (XMR) are attractive to cybercriminals, who’ll seemingly do anything to get paid. Following a cryptojacking trend, hackers are now taking down websites with Distributed Denial of Service (DDoS) attacks, while demanding their victims pay a Monero ransom.

According to Fortune, these attacks are being launched against all types of targets. DDoS attacks essentially overload a website with fake traffic, to the point it gets knocked offline. Github recently fended off the biggest one ever recorded, with 1.35 terabytes of data coming in per second.

Cybersecurity company Akamai, which helped Github fend off the bombardment, revealed that recent DDoS attacks are filled with ransom notes. One note the company shared was buried inside the attack’s data, and read “Pay_50_XMR_To…” At press time, 50 XMR equals roughly $18,100.

While its normal for DDoS attacks to come accompanied with Bitcoin ransom notes, these usually aren’t buried inside the attack data. Hackers normally send their extortion notes via email, but these often end up in spam folders. Since the victim has to look at the attack to fend it off, it’ll always notice the ransom note this new way.

Chad Seaman, a senior engineer at Akamai’s security intelligence response team, stated:

“It’s actually like a DDoS attack with a phishing attack with an extortion attack all rolled into one. When we saw it we were like, huh, clever bastards.”

Senior manager for security intelligence at the company Lisa Beegle further revealed these attacks are novel for the company. She noted that they’ve seen “dozens upon dozens of extortion requests,” but none was in the attack data itself.

Beegle noted that by inserting the ransom note in the attack, the attackers were effectively making sure security analysts could see it. Akamai couldn’t tell whether any organization has paid any XMR ransom yet. The currency’s qualities prevent it from finding out.

Nevertheless, Beegle asserted that paying the ransom is never a good idea. According to her, it doesn’t guarantee the attackers will stop the attack, and if word got out an organization paid, more attackers would target it.

Moreover, Akamai researchers argue attackers could struggle to figure out which victim paid, given Monero’s anonymity. According to them DDoS attacks are never about the money, so a payment isn’t good enough for it stop. A blog post reads:

“If a victim were to deposit the requested amount into the wallet, we doubt the attackers would even know which victim the payment originated from, let alone stop their attacks as a result.”