New security efforts will improve Binance as it plans to reopen withdrawals and deposits on Tuesday.
Fidelity may soon offer crypto trading, Facebook Coin may be launched in Q3 2019, and more.
Top Stories This Week
Binance, one of the largest cryptocurrency exchanges by daily trade volume, experienced a security breach this week, losing a little over 7,000 bitcoins (BTC). CEO Changpeng Zhao stated at the time that the bitcoins were withdrawn from its hot wallets, which contain only 2% of the exchange’s total bitcoin holdings. In the interim, proceedings from the hack have been moved to seven addresses. CZ devoted a live AMA on Twitter to address community concerns in the wake of the hack, also discussing the idea of a Bitcoin chain reorganization. In response to criticism of using the term “reorg,” CZ later apologized, but noted that “it is my strong view that our constant and transparent communication is what sets us apart from the “old way of doing things.”
Embattled cryptocurrency exchange Bitfinex confirmed it would conduct a $1 billion so-called initial exchange offering (IEO) in a whitepaper issued on May 8, with a Bitfinex shareholder confirming that $1 billion in both hard and soft commitments have been sealed. The exchange is currently facing ongoing legal scrutiny from authorities who accuse it of losing $850 million. The white paper notes that there will be a sale of up to 1 billion LEO tokens, each worth 1 tether (USDT), lasting until May 11, which marks the cut-off point for sales to private investors. Zhao Dong has noted that the $1 billion already committed means there is little chance of a public sale.
Social networking giant Facebook is hiring PayPal staff ahead of its alleged cryptocurrency launch, making up 20% of a 50-person team, according to an unnamed source familiar with the situation. According to the source, the social network company began hiring for a dedicated blockchain team last year, under the auspices of David Marcus, himself a former president of PayPal. The same source notes that the Facebook Coin could be launched as soon as the third quarter of 2019. The Committee on Banking, Housing, and Urban Affairs of the United States Senate is now seeking information on Facebook’s reported cryptocurrency project in response to the rumors over the project.
United States $7 trillion investment firm Fidelity will reportedly roll out bitcoin (BTC) trading for institutional clients in the coming weeks, an unnamed source told Bloomberg. According to this source, Fidelity’s cryptocurrency-focused spin-off, Fidelity Digital Assets, would be adding to the existing range of services, with trading to go live in a soon as in a few weeks. The source noted that the service will primarily target large-volume traders like other over-the-counter (OTC) offerings. Fidelity has not itself confirmed the time frame of the service offering, but did hint that its future direction would only involve more integration with the bitcoin space. Fidelity Digital assets launched in October 2018 and has offered cryptocurrency custody from March this year ahead of planned OTC trading.
United States-based coffee chain Starbucks will begin using Microsoft’s Azure Blockchain Service to track the production of its coffee. The “bean to cup” initiative, first announced in 2018, involves farmers in Costa Rica, Colombia, and Rwanda piloting a blockchain-based coffee-tracking system. The system, whose pilot program will be open sourced by Starbucks, will allow customers to track the production of their coffee and will open up potential financial opportunities for coffee bean farmers on the backend. Microsoft’s Azure Blockchain Service is a blockchain-as-a-service (BaaS) platform that currently supports Quorum, the Ethereum-based platform of JPMorgan Chase.
“It doesn’t do anything. It just sits there. It’s like a seashell or something, and that is not an investment to me.”
Warren Buffet, Berkshire Hathaway CEO
“Cryptocurrencies or bitcoins, or anything like that, are not really currencies — they are assets. A euro is a euro — today, tomorrow, in a month — it’s always a euro. And the ECB is behind the euro. Who is behind the cryptocurrencies? So they are very, very risky assets.”
“The debate is over, bitcoin won. It is now seen by people all around the world as a legitimate place to [store] their value.”
“And I think the people who are professional traders that go into trading cryptocurrencies, it is just disgusting. It is like somebody else is trading turds and you decide, ‘I can’t be left out.’”
Charlie Munger, billionaire investor and vice chairman of American holding conglomerate Berkshire Hathaway
Winners and Losers
At the end of this week, bitcoin is trading up, at around $7,154 as of 7:35 a.m. EST. Ether is at $190, XRP is at $.31 and total market cap is at about $213 billion.
The top three altcoin gainers of the week are Kurrent, Cryptosolartech and Everus. The top three altcoin losers of the week are ICOCalendar.Today, Lendroid Support Token and Commerce Data Connection.
For more info on crypto prices, make sure to read Cointelegraph’s market analysis.
“Blockchain, Komgo, Forcefield, Vakt, one of these will have to work to change how trade is being done. It’s a matter of time. When, I can’t tell, but I think it has to go paperless.”
“I actually think we should shut down the cryptocurrencies.”
Joseph Stiglitz, American economist and Nobel Prize winner
“Ultimately we want to be able to tokenize existing securities — equities, fixed income, funds. Maybe the token will eventually replace the share one day.”
Thomas Zeeb, head of securities and exchanges and director at SIX
“If they came to us with a particular derivative that met our requirements, I think that there’s a good chance that it would be [allowed to be] self-certified by us.”
Unnamed CFTC official speaking about ether futures
“I eventually want to have a fund where I take in bitcoin and I fund everybody in bitcoin and they pay their employees and suppliers in bitcoin and then I pay my investors in bitcoin.”
Prediction of the Week
Michael Novogratz, Galaxy Digital CEO, predicted this week that in his opinion, bitcoin will beat its all-time-high price within 18 months. During an interview, Novogratz added that $6,000 is a stall point, and the next one will be $10,000. The CEO also noted that altcoins were not likely to follow bitcoin’s rise, as they still have to prove their use cases. Illustrating his point with an allusion to the table of elements, Novogratz pointed out that out of the 118 elements present on the periodic table, only “gold has store of value just because.”
FUD of the Week
The United States District Court of the Southern District of Florida issued an order this week that requires Craig Wright, the self-proclaimed Satoshi Nakamoto, to provide a list of his public bitcoin (BTC) addresses. The court’s order is part of a continuing case against Wright that has been filed by the estate of computer scientist David Kleiman over Wright’s purported thefts of hundreds of thousands of BTC. The plaintiffs had requested that the court make Wright turn over a list of the public addresses of bitcoin he owned as of Dec. 31, 2013, as well as identify all bitcoin allegedly transferred to a blind trust in 2011.
Chinese social media giant and payment service provider WeChat banned cryptocurrency transactions in its payments policy this week. According to a tweet with an alleged screenshot of the policy changes, users who engage in cryptocurrency trading will have their accounts terminated. The updated rules — coming into force on May 31 — state that “merchants may not engage in illegal transactions such as virtual currency,” the issuance of tokens, selling pornography or online gambling. WeChat is a popular messaging and payments service provider in China with the overall number of users allegedly reaching 1.098 billion by the end of last year.
“It’s like being on the internet; so people can spin out and they can start owning bitcoin, they can start owning ether. Some percentage of the user base is likely to do so, and again I think that’s gonna be a dramatic catalyst.”
Spencer Bogart, partner at Blockchain Capital, speaking about Facebook Coin
“Blockchain…very interesting development.”
Charles, Prince of Wales
“An awful lot of our international power stems from the fact that the dollar is the standard unit of international finance and transactions […] it is the announced purpose of the supporters of cryptocurrencies to take that power away from us.”
United States Congressman Brad Sherman
“We should not be trying to guide innovation, but we also should recognize that we cannot stop it and embrace the potential for positive change that innovation offers. Our silence is likely to simply push this innovation and any attendant economic growth into other jurisdictions that have done their work and provided clear guidelines for the market participants to follow.”
“We have teams clearly working on blockchain and cryptocurrency as well, and we want to participate in that in whatever form it takes in the future. I just think it’s a little early on right now.”
PayPal CFO John Rainey
Best Cointelegraph Features
Cornell University’s Emin Gün Sirer talks with Cointelegraph about the missions of academics to change the world, and about the new waves of projects to come.
In this latest analysis on India and cryptocurrency, Cointelegraph looks at how the Indian government has toyed with the idea of banning cryptocurrency in the past, and how their stance looks now.
The Junior Minister for Financial Services, Digital Economy and Innovation within the Office of the Prime Minister of Malta gives his thoughts on the new virtual financial assets acts, and how far Malta has gone as the Blockchain Island.
A Brief, Not So Historical Recap Of Binance’s 7,000 Bitcoin Hack
As reported by us previously, on Tuesday, Binance a Malta-registered Bitcoin & crypto asset exchange that is one of the most well-respected in the market, divulged that it has been slammed by a “large scale security breach”. The platform reported a loss of 7,000 BTC, valued at $42 million at current values.
In the post, it was explained that on Tuesday, “hackers”, which remain unnamed, were able to obtain a large number of user API keys, two-factor authentication codes, and “potentially other” tidbits of information, giving them access to users’ accounts on the platform, withdrawal permissions included. Binance reports that the malicious group/entity used a serious of techniques to get their hands on this information, including phishing, viruses, potentially the extremely devious SIM swapping technique, and “other [vectors of] attack.” Once hackers managed to get their hands on the aforementioned bits of information, they were able to withdraw 7,000 BTC from Binance’s hot wallet. The company asserts that 7,000 BTC is peanuts:
“The above transaction is the only affected transaction. It impacted our BTC hot wallet only(which contained about 2% of our total BTC holdings). All of our other wallets are secure and unharmed.”
The $42 million that was lost was explained to be reimbursed by Binance’s SAFU fund, ensuring that “no user funds will be affected”.
Bitcoin Blockchain Rollback?
While the company ensured that customer funds were safe, discussion arose about Binance potentially leaking its own private keys, which pertained to the hacked addresses, to entice miners to begin a rollback. In other words, some proposed that Binance should give miners past ownership of the 7,000 BTC stolen to push them to build another chain without the hacked transaction. This would put the hacked BTC in the hands of the miners, not malicious hackers.
While this idea first seemed absurd, Changpeng entertained it, taking to Twitter to remark that it is something he is considering.
Yet, backlash ensued. Many quickly exclaimed that this would be a net detriment to the crypto community, not a benefit. “Talk of forking or reorganizing the blockchain is close to heresy,” Mike Novogratz of Galaxy Digital tweeted. Others expressed similar points. Jimmy Song, a prominent Bitcoin educator, simply noted that such a move would be financially unfeasible or impossible, as the sheer amount of computational resources being allocated to Bitcoin mining would make the rebuilding of a chain very, very difficult.
And eventually, CZ folded, declaring in a “ask me anything” that such a move would be risky, as it would damage Bitcoin’s credibility and value proposition as an asset that is immutable and limited. He added in a tweet that pundits like Jihan Wu advised him against making such a play.
Binance To Put The Best Foot Forward
While CZ has seen quite a bit of backlash over the rollback proposition, Binance is looking to put its best foot forward.
During the “Ask me Anything” stream aforementioned, Zhao fielded questions about Binance’s plans for its expansive roster of products. Responding to rumors that the exchange intends to launch margin trading for Bitcoin and other popular digital assets, the industry insider stated that Binance does, in fact, have plans to launch the aforementioned feature soon.
CZ explains that engineers at Binance are “beta testing” the feature, and that leverage support will soon roll out to “large traders,” whom the exchange “has agreements with, so if they are bugs, we can fix those.” He adds that once the bugs regarding margin trading are ironed out, it may be rolled out to Binance’s clientele in certain friendly jurisdictions, citing the fact that “the code is done.”
This confirmation that margin trading, which Binance first mentioned in its seminal whitepaper, is soon arriving comes just days after Reddit sleuth “enriquejr99” revealed that the “isMarginTradingAllowed” boolean in Binance’s API was enabled for nine pairs: BTC-USDT, BNB-BTC, ETH-BTC, TRX-BTC, and XRP-BTC, and four others. This, Ethereum World News reported on previously.
On the matter of other products, Zhao explained that there are “a few different proposals and plans” in motion in regards to a potential stablecoin on Binance Chain. According to The Block, Zhao stated that “it is likely something may happen there” but added that there are no concrete plans at the moment. The industry insider goes on to speak on Launchpad and the next fiat onramp, to which he stated that there may soon be announcements for those two facets of Binance’s business.
Title Image Courtesy of Marco Verch Via Flickr
The post Bitcoin (BTC) Holds Strong After Binance Hack, CZ Ensures Blockchain Rollback Won’t Happen appeared first on Ethereum World News.
When the largest crypto exchange on the planet announces
that it has been hacked one would expect an avalanche in crypto prices but
Bitcoin is already starting to recover a few hours later.
Binance Breached But Crypto Funds SAFU
Around four hours ago the world’s largest exchange by daily
that it had suffered a security breach. Binance and its enigmatic owner
Changpeng ‘CZ’ Zhao have often boasted their security prowess and that digital
assets are safe or ‘SAFU’ (secure asset fund). That didn’t stop hackers making
off with at least 7,000 BTC and a raft of user API keys, 2FA codes, and ‘potentially
other info’ according to the post.
Binance has already stated that it affected only hot wallets
and that it will cover the incident in full using its own fund dedicated to
backing up assets.
The crypto community reacted instantly with some applauding
the actions of the exchange for refunding stolen assets. ‘Bleeding Crypto’ tweeted
the following which erupted into a debate about the need for decentralized
“Why is the market freaking out. Do you guys not know how to read? Here you go I circled it for you!! Thank you for being transparent and keeping us up to date. I fully trust in Binance and feel safe with my Funds there.”
Others were not so convinced pointing out that not only
Bitcoin was stolen, the hackers also made off with a whole bunch of user data;
Binance has already suspended transfers stating that it will
take about a week to resolve the issue. A full refund within a week would be
pretty remarkable considering that people are still waiting for compensation
from the Mt Gox hack five years ago.
Bitcoin Price Reaction
Markets did react after the announcement as expected and
Bitcoin dumped 2.7 percent back to just below $5,800 according to Coinmarketcap.com. TradingView
with its Biftinex premium still reports BTC as trading over
$6,100 at the time of writing.
Trader and economist Alex Kruger pointed out that this would
have normally caused a deluge in a bear market;
“In a bear market this would have easily have caused a deluge. Either way, good excuse for bulls to take cover, bears to charge.”
has already started to recover at the time of writing and is currently trading
at $5,860. Binance Coin dumped instantly as expected dropping 9% to below $20,
damage limitation will come for BNB since all transactions on the exchange have
been suspended in the aftermath of the breach.
Strangely enough Tron is the only altcoin in the green at
the moment after Justin Sun announced that he would donate the lost 7,000
Bitcoins back to Binance which really doesn’t need it as CZ pointed out;
The post Binance Breach Fallout: Crypto Community Reacts But Bitcoin Barely Blips appeared first on Ethereum World News.
Binance Sees “Security Breach”
Binance, a Malta-registered Bitcoin & crypto asset exchange that is one of the most well-respected in the market, has just revealed that it has been slammed by a “large scale security breach”. The platform reports a loss of 7,000 BTC, valued at $42 million at current values.
Early Tuesday, Changpeng “CZ” Zhao, the chief executive of Binance, took to Twitter to reveal that has platform had to undergo “unscheduled server maintenance” that would “impact deposits and withdrawals”. Interestingly, CZ noted that the “funds are #safu”, evidently trying to reassure users that nothing was amiss.
But as we and the rest of the cryptocurrency community have learned through a Binance blog post, funds, namely a large sum of BTC, aren’t entirely SAFU. In the post, it was explained that earlier today, “hackers”, which remain unnamed, were able to obtain a large number of user API keys, two-factor authentication codes, and “potentially other” tidbits of information, giving them access to users’ accounts on the platform, withdrawal permissions included. It was elaborated:
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks.”
Binance reports that the malicious group/entity used a serious of techniques to get their hands on this information, including phishing, viruses, potentially the extremely devious SIM swapping technique, and “other [vectors of] attack.” Once hackers managed to get their hands on the aforementioned bits of information, they were able to withdraw 7,000 BTC from Binance’s hot wallet. The company asserts that 7,000 BTC is peanuts:
“The above transaction is the only affected transaction. It impacted our BTC hot wallet only(which contained about 2% of our total BTC holdings). All of our other wallets are secure and unharmed.”
The $42 million that was lost will be reimbursed by Binance’s SAFU fund, ensuring that “no user funds will be affected”.
For now, Binance will conduct a “thorough security review”, and will thus be suspending its deposits and withdrawals for the time being.
Bitcoin Reacts Negatively
Just as seen with the news that Bitfinex and Tether may be financially unwell, Bitcoin began to plunge off this news. Prior to this news, BTC was trading at around $5,925 on platforms like Coinbase, and at $6,250 on Bitfinex specifically. But since this news has broke, the cryptocurrency has plummeted. As of the time of writing this, Bitcoin is down by around 3% since the news broke, finding itself at $5,720 on Coinbase and Bitstamp.
Altcoins, especially Ethereum and Binance Coin, have experienced losses too. Interestingly, however, the subset’s losses have outweighed that of BTC, leading to a slight 0.2% increase in overall Bitcoin dominance.
Title Image Courtesy of Marco Verch On Flickr
The post Bitcoin Plunges To $5,700 As Binance Loses 700 BTC In Hack: Crypto In Shock appeared first on Ethereum World News.
Bithumb Loses $19M in XRP, EOS
On Friday, rumors arose that Bithumb, South Korea’s largest crypto exchange, fell victim to a sudden hack. Hours after Bithumb’s deposit and withdrawal services were suddenly shut down, Primitive Ventures’ Dovey Wan, who cited data from local blockchain analytics teams, cybersecurity firms, and other sources, claimed that the exchange’s EOS hot wallet was hacked.
Wan explained that the account in question sent approximately 3.15 million EOS tokens ($13 million) to the hacker’s account, for subsequent distribution. The crypto was subsequently sent to exchanges like Changelly, ChangeNow, Huobi, and KuCoin presumably to be traded for more privacy-centric digital assets, like Monero (XMR).
Bithumb’s XRP hot wallet was purportedly cleaned too, with the attacker purportedly sending 20,000,000 XRP, worth $6 million, to their personal wallets.
Following Wan’s tweetstorm, Bithumb responded. In an update made on the company blog on Saturday morning, the firm claimed that it spotted an “abnormal withdrawal” from a company wallet, rather than what was assumed to be a hot wallet for consumers’ funds. Bithumb asserted that all “members’ assets are under the protection of a cold wallet.”
It added that the loss of company funds, valued at the aforementioned sum, was a result of an “accident involving insiders,” with Bithumb subsequently stating that it has contacted local authorities and cybersecurity firms. The popular platform mentioned neither “EOS” or “XRP”, but it is presumed that suspicious transactions regarding the latter crypto might just be an untimely coincidence.
Bithumb’s recent debacle comes less than 12 months after it lost $30 million (it recovered $14 million — $1 million of which was in XRP) in an external hack, which resulted in the shuttering of its services for a number of months.
Interestingly, this attack comes after DragonEx, a Singaporean exchange, was hacked for a relatively small sum that primarily consisted of Bitcoin. As reported by Ethereum World News previously, this firm is expected to issue an in-depth breakdown of the debacle in the coming week. In related news, CoinBene, a more popular platform suspected of facilitating false trades, is rumored to have lost cryptocurrencies to a value of $105 million.
News Not A Crypto Catalyst Anymore
While the cryptocurrency market seemingly dipped after Wan’s tweet went crypto-viral, with EOS falling by 2% within a few minutes’ time, the market rapidly recovered. And interestingly, this has become an industry theme over recent months.
Since the collapse from $6,000 to the low-$3,000s, fundamentals have failed to really spark a material movement in Bitcoin-specific markets (altcoins are a different story), even in terms of negative news. When Bakkt was delayed a number of times, for example, the market barely budged, in spite of the project being the most-awaited throughout late-2018. Many look to the fact that by and large, retail traders and whales, who drove the market in 2017, have either capitulated or lost sight of the news cycle, thus leading to non-action off devastating news. In other words, such traders are tone-deaf to the happenings of the underlying market, which could be precieved as either a positive or negative sign.
Title Image Courtesy of Marco Verch Via Flickr
The post Why Didn’t Crypto Markets React To Bithumb’s Loss Of XRP, EOS? appeared first on Ethereum World News.
Another Crypto Hack?
As hinted at in a previous Ethereum World News report, notable crypto exchange CoinBene is under suspicion of being hacked after a sudden maintenance session. Interestingly, a report from Elementus, a blockchain analytics firm, would confirm this. Per the company’s recent report of the exchange, on March 25th, $105 million worth of an array of cryptocurrencies, namely ERC-20 tokens and Ethereum, were spirited out of CoinBene’s hot wallets into an array of addresses. Here’s a quick breakdown; $70.7 million worth of Maximine, $14.2 million of CoinBene Coin, $2.5M worth of Ethereum, and so on and so forth.
Elementus’ Max Galka writes that following these sudden transfers, Coinbene’s hot wallets were shuttered, with the remaining funds subsequently routed to cold wallets, thus leading the exchange into a sudden maintenance session.
While $105 million worth of in-exchange crypto transactions within a short time frame is entirely possible, Elementus writes that it is unlikely that Coinbene moved much of the aforementioned sum to a new cold wallet system. Purportedly, much of the funds were “quickly moved to Etherdelta,” where they were subsequently traded for Ethereum. Binance, Huobi, and Bittrex, too, also received some of the funds, where they were presumably sold for Bitcoin or fiat. And with that in mind, Elementus made the following noticing:
The sequence of events — large amount of funds withdrawn quickly, period of inactivity, remaining funds secured into the cold wallet — is consistent with how exchange hacks commonly play out.
While Elementus seems to be postulating, this outlet would be remiss not to remind the reader that this data provider was the first to delve deep into Cryptopia’s ~$16 million hack, in which millions worth of Ethereum, ERC-20 tokens, and Bitcoin were swiped.
CoinBene Begs To Differ
In a tweet, however, CoinBene claims that it is entirely fine. It claimed that all assets on the exchange are “100% secure,” adding that its security team is actively monitoring anomalies at all time.
It adds that the sudden maintenance session earlier this week has much to do with “taking measures to upgrade the wallet immediately” as a result of recent hacks, rather than a hack on their own crypto holdings.
As reported by us previously, DragonEx, a Singapore-based exchange, was suddenly hacked.
The company announced this unfortunate happening via its Telegram channel, in which DragonEx’s PR staff claimed that funds of users and the platform itself were “transferred and stolen.”
DragonEx has yet to divulge the exact details of the crypto assets stolen, including the type and the nominal value. However, the company did post the addresses of the assumed hackers, of which there were about 20 pertaining to a series of assets (Bitcoin, XEM, EOS, XRP, ETC, etc.). From a brief look, a minimum of 135 BTC, 500 Ether, and 4,670 LTC were forcibly yanked from the exchange’s coffers. This, for those who are wondering, racks up to ~$800,000. The full amount hacked, however, could easily be much higher than this sum.
It isn’t clear who executed this attack, but all eyes are looking to Lazarus, a North Korean hacker group that has purportedly been racking up Bitcoin and other digital assets for the regime.
Photo by Markus Spiske on Unsplash
The post Blockchain Analytics: CoinBene’s $105 Million Crypto Transfers “Consistent With Hack” appeared first on Ethereum World News.
Cryptopia To Launch “Read Only” Site
The day has finally arrived. At long, long last, Cryptopia, an altcoin-centric exchange has revealed that it will be reopening its doors. Or in some capacity (not full), at least. The New Zealand-headquartered exchange, hacked approximately six weeks ago for reported millions in an array of crypto assets, took to Twitter to give information on this subject matter just recently.
According to the recent update from the firm, who has presumably got clearance from Christchurch authorities and other officials to restart its platform, a “read-only” version of the site will go live sometime today. This site, which will have trading, deposits, and withdrawals disabled, will show balances dated to January 14th, 2019, days before the hack.
Cryptopia intends this version of its site to allow users to reset passwords and their two-factor authentication credentials/details. Interestingly, the company didn’t divulge when it would totally reopen its services, but it did note that 24% of all wallets under its custody have been transitioned to new secure servers.
How Much Crypto Was Lost, And What’s Next?
That’s the question that remains on the minds of all Cryptopia users, now creditors to the exchange. Well, as reported by Ethereum World News previously, the company divulged that a “worst case 9.4%” of its holdings were stolen in the hack, meaning that a majority of the cold wallets were left untouched in this imbroglio. But interestingly, the exact dollar value of the crypto funds was not divulged. However, blockchain analytics group Elementus picked up where the hacked platform was slacking.
Per previous reports, Elementus, a New York-headquartered boutique, compiled an in-depth report on the matter that outlined the severity of the attack. The firm’s researchers concluded that over $16 million U.S. dollars worth of Ethereum and ERC20 tokens were stolen by the attackers. $3.57 million of the sum was in ETH, $2.446 million in Dentacoin, $1.948 million in Oyster Pearl, and the list goes on. Other prominent tokens, including TrueUSD, OmiseGO, Sirin Labs, ZRX, and Augur’s REP, were also snatched.
Just days after Elementus released its report, the New Zealand-headquartered exchange was hit again. According to a follow-up from Max Galka, the chief executive of the research boutique, 17,000 Cryptopia wallets saw 1,675 Ether leave their care.
As to what’s next for unfortunate victims to this debacle, Cryptopia claims that it is currently finalizing a “rebate process for affected users,” adding that details will follow. Will those affected by this fracas get reimbursed?
Photo by Mahesh Ranaweera on Unsplash
The post Hacked Crypto Startup Cryptopia To Open Its Doors Again, First Through “Read Only” Site appeared first on Ethereum World News.
A vulnerability in the code of Coinomi’s desktop wallet sent the users’ passphrases to google for a spell check, potentially affecting all of those who decide to restore their wallets.
Warith Al Maawali, a wallet user who allegedly lost his life savings after restoring his wallet with an approximate 60 – 70 k in cryptocurrencies, disclosed the information.
User Finds that Coinomi Sends Your Wallet Passphrase to Google for Spell Check
Warith tried several times to communicate with Coinomi’s team, yet could not reach a satisfactory solution, so he decided to write a post and raise awareness through social networks.
In a Reddit post, Warith explains that after using the passphrase of his Exodus wallet, he noticed a strange series of transactions, losing almost 90% of his funds. The first thing he verified was that the Coinomi Wallet was not signed, something that led him to think that it could contain some backdoor.
Later he contacted Coinomi, and they proceeded to fix this error, signing the app. However, he was able to verify that the software was exactly the same.
Then, he ran a program to monitor https, and https traffic and the results were surprising:
“I started monitoring the traffic by running Fiddler in the background and then started Coinomi wallet. The first thing I noticed is that Coinomi application starts downloading dictionary wordlist from the following web address:
Then I clicked on restore wallet and pasted a random passphrase and suddenly the screen screamed SURPRISE MOTHER******** (boom puzzle solved!)
The WHOLE passphrase in plain-text is sent to googleapis.com a domain name owned by Google! It was sending it as a spelling check function! Here is sample of the screenshot of the HTTP request:
To see the whole “experiment” click the video below:
After this, Coinomi issued an official statement. The team quickly patched the desktop app, confirming that it did not affect mobile wallets. They also explained that while Warith’s findings are accurate, it is improbable that a hack could have occurred.
The team explains that it looks more like a “bribe” since the communication goes directly from the wallet to the google server, without going through Coinomi. Likewise, Google automatically rejects the connection.
They explain that it is false that they have refused to solve the problem. According to Coinomi, they responded to Warith asking for more information; however, the user declined to collaborate:
During these days, Warith Al Maawali repeatedly refused to disclose his findings and kept threatened to take this public if we didn’t pay right away the ransom of 17 BTC which would make up for the “hacked” funds (stolen by Google, according to Warith Al Maawali) that are possibly still controlled by him and couldn’t have been hacked because of Coinomi for a series of reasons:
- Coinomi Team never had access to these seed phrases or funds
- No one else except from Google could read the contents of the encrypted packets that contained the seed phrases
- Google rejected these requests initiated by jxBrowser/Chromium as they were badly formed (didn’t contain a valid Google API key) and never actually processed them
To sum things up: was there an issue with our Desktop wallets? Yes, there was, and it was fixed hours only after it was disclosed to us. Could this issue have resulted in loss of funds?
- Practically, no, it couldn’t have.
Warith has stated that he is considering taking “legal actions against the company behind Coinomi if they don’t act and take the responsibility”, but he has not provided any further information or comment on Coinomi’s statements.
The use of hot wallets, while safe, also carries significant risks that must be taken into account when storing large amounts of funds in crypto.
If users are going to store large sums of money, the best option is a cold wallet or hardware wallet that eliminates any possibility of interception.
The post Coinomi Used to Send Your Wallet Passphrase to Google for Spell Check, User Reveals appeared first on Ethereum World News.
Nearly $1M In Bitcoin (BTC) Stolen
An anonymous hacker (or consortium of hackers) have purportedly stolen nearly $1 million worth of Bitcoin (BTC), reports technology media outlet ZDNet. Per the report, the Electrum Wallet, a popular open-source project founded in mid-June 2011, was breached in a “clever attack.”
The attack, which has since been confirmed by the team behind the venture, purportedly consisted of a false message appearing on users’ official Electrum-based applications, which beckoned consumers to visit a site.
If the link stipulated was clicked, it would lead victims to a seeming Electrum-branded GitHub repository, which contained a malicious version of Electrum that would steal consumers’ Bitcoin holdings.
There is an ongoing phishing attack against Electrum users. Our official website is https://t.co/aHiZIZH54e Do not download Electrum from any other source. More on the attack here: https://t.co/x5mPVspKfO
— Electrum (@ElectrumWallet) December 27, 2018
This specific attack purportedly began on December 21st but was recently ended (maybe only temporarily) by GitHub admins, who purged the malicious download files. But how exactly did the attack work?
Well, as explained by ZDNet, the hacker purportedly added dozens of “malicious servers” to the Electrum network, so when a user intends to make a transaction, the hacker-backed server replies with an error message that asks users to visit the false GitHub. When downloaded, the app would request for users to input a 2FA code, which was routed to the attacker, subsequently allowing BTC to be snatched.
Electrum admins have purportedly since disallowed the message from being mostly legible, so this medium of attack is likely breathing its last breaths. Yet, the fact of the matter is that in the end, the hackers netted 200+ BTC, approximately valued at ~$740,000 at the time of writing. Other reports indicate that the attack garnered 250+ BTC for hackers, but these numbers haven’t been confirmed.
Not The First Attack On Electrum
Interestingly, this isn’t the first time that the popular wallet solution has been attacked by bad actors. Earlier this year, in early-May, the Bleeping Computer reported that the Electrum team had seen an unnamed individual/group create a copycat of their flagship product, naming it “Electrum Pro.”
The app, which closely resembled its bonafide counterpart, was exposed as a vector of attack that malicious individuals can exploit, stealing Bitcoin private keys in the process.
In a post-mortem of the attack (of sorts), which went on for upwards of two months, it was explained that there were a number of glaring red flags. Electrum Pro purportedly used Electrum’s brand and logo without permission, while also purchasing the rights for the Electrum.com domain, which was near-identical to the legitimate group’s .org domain name.
Following analysis, it was also revealed that in Pro’s code, specifically lines 223-248 of electrumpro_keystore.py, a system was integrated that allowed attackers to upload users’ keys for nefarious purposes. While the Electrum Pro attack has since been dismantled, the two aforementioned cases show how hackers are still poised to attack the cryptosphere, even amid a bear market.
Title Image Courtesy of Luca Bravo on Unsplash
The post Bitcoin Electrum Wallet Attacked: Hacker Steals 200 BTC appeared first on Ethereum World News.