Ethereum Hacks

The press is reporting a $32M theft of the cryptocurrency Ethereum. Like all such thefts, they’re not a result of a cryptographic failure in the currencies, but instead a software vulnerability in the software surrounding the currency—in this case, digital wallets.

This is the second Ethereum hack this week. The first tricked people in sending their Ethereum to another address.

This is my concern about digital cash. The cryptography can be bulletproof, but the computer security will always be an issue.

Tags: , , , ,

Posted on July 20, 2017 at 9:12 AM46 Comments

Comments

Vesselin Bontchev July 20, 2017 10:06 AM

Bitcoin: What if your money was not backed by a state?
Ethereum: What if your money was made of JavaScript?

Bitcoin: What if our wallets were as secure as our software?
Ethereum: What if our legal system was as bug-free as our software?

Etienne July 20, 2017 10:18 AM

My feeling is, since these currencies only exist to aid criminals, it is like criminals stealing from criminals.

I’m glad they found a playground that keeps them all busy.

Hasteur July 20, 2017 10:19 AM

Any security system is only as good as it’s weakest link. Cheap, Secure, Fast: Chose 2 (or only one)

CallMeLateForSupper July 20, 2017 10:30 AM

This is my concern about on-line banking: the cryptography can be bulletproof, but the computer security will always be an issue.

Chris July 20, 2017 10:34 AM

@Etienne, These currencies do not only exist for criminals. The VAST majority are using them legally. There was even an FBI study on cryptocurrencies (I can not find the link at the moment) that concluded only a small fraction were used in crime.
An Ethereum especially is not intended as a currency but rather used in smart contracts.

Bob Dylan's Dirty Fingernail July 20, 2017 11:09 AM

@Callmelateforsupper

Computer security weaknesses such as shoulder surfing banking passwords….oh wait…that never happens.

Iggy July 20, 2017 11:35 AM

Possession is 9/10ths of the law. If you don’t have your money in your hand, then you are cooperating with a retail illusion of security… at your expense, regardless.

Chris July 20, 2017 11:45 AM

Cryptocurrencies behave like cash: possession is everything. There’s no way to undo a transaction — once the money’s gone, it’s gone.

My current thought on these cryptocurrency thefts: this is exactly what you’d expect if people did everything with large sums of cash:

  • For the $7.4 million dollar heist, imagine that it was common to invest in companies by giving them cash. You meet someone who takes your cash and promises to send you the stock certificate by mail. Two minutes later, the real CEO shows up, but it’s too late: the impostor has already run away with your money.
  • For the $32 million dollar one, imagine that everyone keeps large amounts of money in their real-world wallets. You’d expect there to be a lot more pickpockets, and you’d expect any weaknesses (e.g., a wallet without a chain) to be exploited.

Cryptocurrency behaves like cash, but in order for the crypto-ecosystem to prevent theft, we also need cryptosystems that behave like credit cards (ability to roll back transactions within a window of time) or banks (insurance, safe places to store money, ability to stop/report suspicious transactions). The downside is that these usually require trust in people/organizations in order to build them, as opposed to trust in cryptography alone.

Tree July 20, 2017 11:52 AM

And the other 1/10th lets the law give you your money back.

People using crypto-currencies are ceding their property rights to anyone able to steal it from them.

uh, Mike July 20, 2017 12:07 PM

I’m intrigued that the marijuana market in the USA is not using cryptocurrency.
The banks won’t allow credit card transactions for marijuana because they need the Fed to license them.
For that reason, millions of dollars of cash per week per store create a physical security problem.
As long as the Fed is a threat to state-sanctioned marijuana sales, a cryptocurrency would work well in the marijuana market.

Defilade July 20, 2017 12:14 PM

@Vesselin
Bitcoin: What if we got arrested and forced to legitimize or banking with FDIC or go to jail, effectively making us no different than any other bank?
Ethereum: Then a bitcoin would just be an obfuscated currency that provides another attack surface.

This is my surprised look.[_]

I told myself a long time ago that surfacing cards for digital wallet was BS. What did Kevin Mitnick say? Oh, that’s right… “There is no patch for stupidity.”

hmm. external security mechanism dependency. Algorithm vs. implementation analysis. It astonishes me every time; and how easy it is to sway lawyers into justification. China did right by going after Bitcoin. I could care less about block chain and distributed ledger. It will crumble if consumerized.

A better idea: cashless society, no digital currency. No “off the record” drug deals, arms trade, criminal activity. No wasting copper. Tax dollars saved on law enforcement hunting criminals. Visitors would need a visa cash card or international coop. Almost dreamy except the poor need a mechanism, but since free cash doesn’t fly around, almost no need for monthly service charge because the banks have flow control to invest against operating cost. Only countries with steep underclass stats, like India, would suffer… as they do from a money supply choke. People would hate the control though.

Anura July 20, 2017 12:24 PM

@uh, Mike

I suspect that the ATM fees outweigh the insurance costs, and the instability of bitcoin is a higher business risk than theft. Most of the dispensaries purchases are going to be in cash as well, as the growers and distributors have the same problem – so the dispensaries need some cash on-hand anyway.

That said, some dispensaries do take credit card transactions, mainly by running them through another business. Not sure whether this is legal, but they aren’t exactly secretive about it.

Richmond2000 July 20, 2017 1:04 PM

this is NOT a “crypt-currency” issue BUT a security VS value issue
this crime happened because the “wallets security was sub par VS the amount of VALUE there system contained
I remember reading about an in-game money/items being stolen and court cases treating them as actual possessions because REAL currency had traded hands to PURCHASE them

Ph July 20, 2017 1:35 PM

To call it a hack for theft is stretching it towards sensationalism
I only see a web site defacement where they changed the adress of where to send the monies.

Relevant XKCD

Freshnuts July 20, 2017 1:58 PM

@uh, Mike: your comment about “banks dont allow credit card transactions fot marijuana” is completely false. I live in. A state where weed is recreational. In ANY dispensary you can use debit, credit, and hell I even think people used their EBT card. Wells Fargo doesn’t stop it, nor Bof, nor local state banks stop these transactions.

MikeA July 20, 2017 3:39 PM

@Defilade: Cashless Society? Read “Handmaids Tale”. Or, since you mention India, note what happens when the government by fiat revokes some denomination, without printing enough of the smaller denominations to exchange for all the now-banned notes in circulation.

For those say “Well, India…”, note that there have been several attempts, dating back at least a few decades, to ban $100 bills in the U.S. Do you really think those clowns in D.C. would handle it better? Accidentally or deliberately.

If you carry cash, you are vulnerable to thieves near you. If you don’t you are vulnerable to a much larger population, some of whom can relieve the issue of complaints, or the complainers, via other means. Maybe we need to go back to the Ox standard (other than the mess from low-value transactions)

Nicholas Weaver July 20, 2017 5:37 PM

The Ethereum “hack” is particularly amusing. Ethereum is “lets make our FunBukx programmable in a language worse than JavaScript” called Solidity… I mean it is awful, truly awful. Even the best programmers are going to find it impossible to robustly build programs in this language.

But hey, since Ethereum is programmable, lets not put a lot of functionality in the core, instead built it on top in “smart” contracts [1], basically small programs.

With inevitable consequences. In this case, a very common wallet software, Parity, implemented multiple-access (multisig) functionality. Now Multisig on its own is essential: You don’t want to have someone compromise your computer and steal your money: after all, a Bitcoin wallet is a great host-based IDS. When your money gets stolen, you discover you were compromised.

So by requiring two signatures (or really M of N) you basically “2-factor” control your cryptocurrency to reduce the risk of theft to something meaningful.

However, this particular implementation (with no small irony being the company responsible involves one of the big initial people on Ethereum) , being built in Worse than JavaScript in the Ethereum language Solidity had a bug…

Namely, anybody could call the initialization function for a wallet: it was a public method. And you could call it repeatedly: not just when the wallet was created.

So the vulnerability is literally: “Hey, ‘multisig’ wallet on the public blockchain? You know your list of owners? well… Make me the only owner, kay, thanks”, and then transfer all the money out.

And in roughly 2 hours between public disclosure (saying ‘hey, everyone…’), two separate groups, one ‘white hat’ (allegedly), one confirmed as blackhat, used this to steal millions and millions.

[1] Smart contracts are a dumb idea. Not only does Solidity lack any robust exception handling, real world contracts have the ultimate in robust (but costly) exception handling: the legal system.

Iggy July 20, 2017 7:50 PM

Chris • July 20, 2017 11:45 AM said:

“Cryptocurrencies behave like cash: possession is everything. There’s no way to undo a transaction — once the money’s gone, it’s gone.”

Here’s the important difference: in meat space, someone who invests MILs of dollars in anything makes damn sure they have the heft and protection of the government on their side first under contract law. If you make a bad deal, then that’s on you. In meat space, stealing someone’s cash risks physical defense. Especially in America, you never know who will be armed. Over the internet? Just mean words.

Theft is a reality of humanity at this stage of our evolution. All any of us can do is make sure we don’t trade our cash for trash or rely on the self-serving claims of those eager to make their revenue stream a raging torrent.

When in doubt, do without. Especially if the service is sold as a “convenience” to you, the paying livestock.

Mike D. July 20, 2017 7:51 PM

It’s amusing that, after creating a digital currency that functions like cash (as Chris points out, once it’s gone, it’s gone), now we are encountering the problems that encouraged trade guilds to move away from cash and toward checks, contracts, and other accounting methods so long ago. What will be the cryptocurrency version of a reversible credit card charge? Or will we just have to pick an escrow agency to trust?

Clive Robinson July 20, 2017 10:09 PM

@ Rixhmond2000,

I remember reading about an in-game money/items being stolen and court cases treating them as actual possessions

It was probably in South Korea, which has been Multiplay Online Games mad for more than a couple of decades. Virtual Object Theft got real world imprisonment etc there back just after the turn of the century,

http://news.bbc.co.uk/2/hi/technology/3138456.stm

They now have specific laws relating to Virtual Object Crimes.

The Dutch have also had success in court for Virtual Object Theft as well,

http://m.huffpost.com/uk/entry/1250126

However as that article notes, don’t get your hopes up in the UK, or it seems the US either,

http://www.eurogamer.net/articles/us-police-refuse-to-investigate-mmo-theft

However as that article notes, it is very much a question of left sode zeros. Thus at some point most jurisdictions will get around to giving virtual objects real value.

After all what is a thousand dollar note or five hundred Euro note realy worth? About 4cents in manufacturing cost at one point. Thus even “hard coin” is realy virtual in nature, and one of the reasons inflation is possible (and inflation is desirable to an extent by banks and politicians as they profit by it).

Clive Robinson July 20, 2017 10:59 PM

@ Bruce,

This is my concern about digital cash. The cryptography can be bulletproof, but the computer security will always be an issue.

Actually in a perverse way digital coin may be very good for computer security.

Theft is almost a constant with population size, the real difference being what does and does not get reported as crime. Currently in the UK we have seen a fall in “in person” or street crime / burglary which the politicos are realy happy about because it makes them look good. But… this is only because the politicos are turning a blind eye to other “not in person” crime such as various types of fraud and online crime.

That is criminals with a modicum of sense are moving into “Low risk target rich environments” which currently cyber crime is[1].

If we look at physical security it’s complexity shows a historical linkage with local population density. That is in city areas security is much higher than it is in suburban or country areas. In the main because given a choice there is more oportunity and over all less risk in target rich environments.

There is an old saw of “You can not sell a lock to a man who has nothing of value” whilst not entirely true –think Eskimos and Fridges– people only tend to take physical security seriously when they “see crime around them” and the simple fact is nobody sees crime of no value as crime, they call it vandalism which tends to be seen more like accidents than crime in peoples minds.

Thus high value cyber crime will get seen as “targeted” rather than “random” and thus people will start to demand improved security.

And as simple economics indicates, where there is a need a market will arise to answer it. As history shows each new market generally has a lot of shysters and snake oil sales men, but given time real value products do rise to answer the need.

Thus, whilst I feel sorry for peoples loss as individuals, I also see it as a social good because it will as it gets worse improve security for everyone.

I know it’s a sad reflection on human thinking but we need a certain percentage of the population to suffer, in order that a market arises so that society in general benifits. It feeds into the “Defence Spending conundrum” of “You only know when you spend to little never when you spend to much, because somebody attacks you”.

[1] There are however differences between virtual crime and real world crime. In most cases of virtual crime a person is not present and the attacker requires tools that once designed has –near– zero cost to duplicate. This has a consequence in the shape of the crime curve with time which makes simple probability a lot less usefull as a predictive tool to assess risk, thus decide what are cost effective defences. This is made considerably worse by the way we currently deal with attack vectors. In general we treat them not as classes of attack but instances of attack. This could be seen easily in the early days of AV software where you looked for a signiture in the data. Such methods quickly become examples of “Chasing your tail”. Likewise the difference between white listing and black listing. Things will only improve as we get ahead of the game by “proactively” preventing classes of attack rather than acting “reactively” to instances of attack.

Clive Robinson July 20, 2017 11:37 PM

@ Nicholas Weaver,

Long time no post, it’s nice to see you are still reading the blog.

after all, a Bitcoin wallet is a great host-based IDS. When your money gets stolen, you discover you were compromised.

Yup it’s an old lesson, the same as with rats, “You normally only know you’ve got them when they chew you or yours up”.

Smart contracts are a dumb idea. Not only does Solidity lack any robust exception handling, real world contracts have the ultimate in robust (but costly) exception handling: the legal system.

It’s a case of words not meaning what they used to. In “Managment Speak” the word “Smart” is used as a replacment for “Efficient” which in turn is used as a replacment for “Cost reduction” or in common parlance “Doing it on the cheap”.

But there is a real security issue tucked away inside there. When you see “Efficient” or some synonym for it you need to be suspicious for two reasons,

1, It usually means things that are nor directly functional such as security checks get taken out.

2, As things are made more efficient one usual side effect is leakage bandwidth on side channels goes up.

There are other problems such as increasing complexity by reducing segregation which do not help code maintanence or security either.

It’s why for years I’ve been warning about “Efficiency-v-Security”, but in general those producing code ignore the issue as it’s not them but their users who suffer down the line.

The interesting thing to note is now the harm caused by poor coding is having “Real Value Losses” will the attitude of “Release now, debug and patch later” get punnished in the market?

Wael July 21, 2017 12:46 AM

@Clive Robinson,

The interesting thing to note is now the harm caused by poor coding …

Poor coding is just one area. Poor design or architecture is another. Weaknesses produced by “coding”, “design and architecture”, or “conceptual ideas” result in different security bug manifestations. Take for example Apple’s SSL “double goto” statement bug: Seems to be a “coding error”. If it were an architectural conscious decision then, obviously, it would be a deliberate “feature” (probable deniability.) Shellshock seems to be an architectural failure, and not a coding one.

You probably combined “concept”, “design and architecture”, and “software development” under the label: “coding”. Now:

Flawed concepts are caught by security-savvy architects
Flawed architectures, ditto
Flawed coding is caught by code reviews, static/dynamic analysis, Stress/Functional/Pen testing. Etc.

Suppose someone desiged an authentication component that returns the string “you’re getting warmer” after an invalid password attempt and effectively aids the illegitimate user to guess the password, say by successive approximation! Is that bad coding (or even bad implementation)? Or is it a “bad concept” or a “bad idea”?

Alain Coetmeur July 21, 2017 1:22 AM

@chris you are mostly right, crypto behave in a way like cash, but with the specific risk of IT, that you can steal huge amount of value as easily as small.

but in fact blockchain also ensure total tracability of transaction, until the borders, like a good accounting in banks.
Only limitation is pseudonimity, which is limited also to the borders.

anothe proint, and Ethereum is a good example, is that with a consensus of miners, you can undo transactions according to a rule.
It is risky, like QE or retroactive taxes, for the credibility of the currency and the trust, but if most agree it can work.

in a way Ethereum explains, like Sci-Fi film, the daily life, how justice work, by interpreting contracts that fraudsters abuse to do what the signers did not agree on.

My feeling is that we should introduce in cryptocurrency some kind of justice court, but Crypto have been introduced for the localized/crony/political/militarized national justice and regulation (like Fed QE or US sanctions) not to apply.
the intent of Crypto is to allows autonomous unstoppable organization to work as people expect, without US DoJ preventing you to buy or sell what you agreed.

in fact this is just a move, not in the absence of justice (which it is today by mistake), but into a community managed justice (the DAO fork is a good example) that put the Nation-State and all it’s clients out of the game.

My feeling is that one blockchain is not the future, but community block-chains connected by two phase commit transactions like HTLC allows.

By the way, coins are seldom used for crimes, since all is traced.
privacy is anothet huge problem with blocchains, and I believe in consortium blockchains, connected together in private, or to a public blockchain when something have to be made public.

ts July 21, 2017 3:44 AM

so, if you for example had 1000$ worth of crypto currenty, and those companies got robbed,. do you lose your money, or are the companies responsible for reimbursing you?

John Gotti July 21, 2017 4:12 AM

By the way, coins are seldom used for crimes, since all is traced.
privacy is anothet huge problem with blocchains, and I believe in consortium blockchains, connected together in private, or to a public blockchain when something have to be made public.

Credit cards and FINCEN obliterate privacy… unless you have cash in your wallet. That’s why they want a cashless society.

Carry cash down the highway, get pulled over, the cops steal it. Many banks fingerprint you for cashing a check.

222 July 21, 2017 4:16 AM

This is my concern about cash. The paper can be bulletproof, but the personal security will always be an issue.

Clive Robinson July 21, 2017 4:56 AM

@ Wael,

You probably combined “concept”, “design and architecture”, and “software development” under the label: “coding”.

And Managment, Marketing and share holders, all of whom are the real problem.

Thoth July 21, 2017 5:11 AM

@all

Quoting Adi Shamir as he has repeated many times and also by many people in this blog forum and and not in this blog forum,

“Cryptography is DEAD”

Nice crypto protocols and primitives but the implementation is just not making the cut to allow the crypto protocols and primitives to be executed securely.

Hardly anyone would bother attacking crypto protocols and primitives since it is so much easier to attack the endpoints and implementations as these are one of the weakest links besides their human operators.

They have hard forked Ethereum a couple of times because of multiple attacks on Ethereum, now I wonder if they are going to do hard fork on Ethereum or call it a quit on live with it ?

Just a head’s up on how bad is Ethereum’s implementations, Ethereum have already hard forked at least 4 TIMES (to my knowledge) in it’s entire history and counting…..

Imagine you have to hard fork a cryptocurrency that many times … it shows how bad it’s state is.

Link: http://www.coindesk.com/ethereum-forks-again-so-far-so-good/

Wael July 21, 2017 5:13 AM

@Clive Robinson,

And Managment, Marketing and share holders, all of whom are the real problem.

I see. The whole OSI extended stack!

Clive Robinson July 21, 2017 7:13 AM

@ Wael,

I see. The whole OSI extended stack!

I did not originaly mean to include the Political / LE / IC “pond scum”. But yes now you mention the evil toads I guess I should include them. As they used to say in the payola game “#1 with a bullet”…

Chris July 21, 2017 8:11 AM

@ts This is a great question and also a source of confusion with cryptocurrencies. The whole point of the cryptocurrencies is for you to control your money, no one else can control it. It is based on public key cryptography. If you hold the keys no one else can touch it. But many people buy their currencies on an exchange and then do not transfer the coins to their private wallets. In that case the exchange company has the private keys to your money and you do not. Now it is an easy target for hackers. If you properly store your keys offline in a paper wallet or in a hardware wallet they are very secure. But being a new technology and going through growing pains, the average person is going to make mistakes (think about keeping your own private pgp keys locked up vs letting WhatsApp controling everything for you). It is much easier to let a company handle it. That’s how people get in trouble.

JasonR July 21, 2017 11:49 AM

@Etienne – Plenty of legit uses for cryptocurrencies. One I saw this past weekend at a gun show was the ability to purchase perfectly legal firearms accessories and building parts using Bitcoin and 2 others I didn’t recognize. The purpose? Well, if you are building your own firearms to avoid government firearms registration, you don’t want to pay with credit card. 100% legal activity, just don’t want big brother watching. Cash is still king, but not all of us like walking around with large amounts of cash due to illegal cash forfeiture and confiscation being done here in the US.

In accordance with the Gun Control Act (GCA) of 1968, 18 U.S.C. Chapter 44, it is legal for an unlicensed individual to make a “firearm” as defined in the GCA for his own personal use, but not for sale or distribution.
http://www.atf.gov/firearms/faq/firearms-technology.html#commercial-parts-assembly

Defilade July 21, 2017 11:55 AM

@MikeA
You are right, there are a lot of hangups with cashless society. Understand though, money supply choke is not going cashless. India did that to prevent a run on banks, frying their underclass practically treated as acceptable loss. That is not exactly what I would call well thought out, or a formal phasing into forcing bank cards. I think I mentioned the underclass problem and availability. You would not want to “test the waters” by jacking with cash supply; not a slide-step.

After posting, I thought of several problems including mugging, free accounts, travelers, money transfer, emergency procedures. Most of those could be mitigated and planned for. Dealing with the poor would be a big deal, but many citizens already do not pull cash.

My point is, in the future of demographic growth, it will save on taxes to law enforcement and squelch border economy sprawl(ala Brownsville and El Paso). It is worth the risk and almost inevitable; not digital currency. The problem is the US took how long to deal with bank card chips(still not fully enforced)? We just have to get the US govt to understand that 30g a year will still get your car in the ditch and death from bacterial meningitis. People still die from poverty and have children they can not afford or raise properly.

albert July 21, 2017 12:18 PM

@Chris,

It’s not just a privacy issue. The whole point of neo-capitalism is to control the money. ‘Anti-crime’ arguments are BS smokescreens, just like ‘anti-terrorism’ arguments for increased surveillance and reduced cybersecurity.

Fiat currencies have no intrinsic value; they don’t even represent value. you get value by buying hard assets, like real estate, art, autos, etc. This is what the Elite do. Gold and silver are also hard assets, but their paper prices (like stock prices) are manipulated. Anyone here doubt that Wall Street runs the government?

Crypto-currencies were not intended to be investment mediums (although folks are using them as such). They are a medium of exchange. Used as such, they can completely bypass the banking sector. Gov’ts can prevent conversion, but stopping use is going to be difficult and expensive.

The Elite like The System; it’s not perfect(:) but it’s good enough. They’ll stop at nothing to keep it going.

https://en.wikipedia.org/wiki/HyperNormalisation

. .. . .. — ….

John Gotti July 21, 2017 6:05 PM

It’s not just a privacy issue. The whole point of neo-capitalism is to control the money. ‘Anti-crime’ arguments are BS smokescreens, just like ‘anti-terrorism’ arguments for increased surveillance and reduced cybersecurity.

The Elite like The System; it’s not perfect(:) but it’s good enough. They’ll stop at nothing to keep it going.

I know a few “elites” who now own a supercomputer.

They mine bitcoin, too.

Last but not least, they don’t even have to pay for the electricity. Taxpayers do.

He who owns a supercomputer(s) will pwn all the bitcoin.

Buyer beware.

TJ July 22, 2017 12:23 AM

If you don’t know what SQLi, XSS, CSRF, and code-injection are you have no business making crypto-currency services..

What’s amazing is people are investing while they are being hacked.. I’m no investment analyst but this looks idiotic..

A Nonny Bunny July 22, 2017 2:37 PM

@Nicholas Weaver

Namely, anybody could call the initialization function for a wallet: it was a public method. And you could call it repeatedly: not just when the wallet was created.

Do you mean something different by “initialization function” than the constructor of the (wallet)-contract?
Because the constructor doesn’t exist after the contract has been deployed; it’s simple not part of the runtime-code deployed on the chain.

Jon July 22, 2017 7:04 PM

The cryptocurrency promoters are either dishonest or just deluded. The main advantages they claim for cryptocurrency just are not so:
1) Cheaper. No it is actually more expensive because of extreme redundancy of copying information to thousands of nodes and in the case of bitcoin the electricity consumed in mining. The comparisons made in the sphere of payments and money transfer are just dishonest as they are not apples-to-apples comparison.

2) Security. This is also dishonest as money theft of fiat currencies don’t happen by altering records in central banks, but by hacks and attacks on end users and occasionally banking institutions. These same vulnerabilities exist in bitcoin and are actually worse because the misleading bitcoin propaganda encourages weaker security at these endpoints.

3) Freedom from government. Block chain just replaces government by elected officials with government by miners and node operators.

Defilade July 23, 2017 10:40 AM

@Jon
Resource cost is my general argument against it. It’s like telling everyone what I have in my wallet, and remember that just in case it gets stolen and I have to tell a judge. All of that resource uptime cost just for a judge to say he can’t do anything when my wallet got broke.

An integrity check is not inherent security; just a reinforcement mechanism. The clientware gets attacked by the hacker, if not for anything but DoS.

Consider this logic for a voting system. Let us say that the Dems are right and the voting system could be directly hacked by a contractor who happens to be Russian. How does block chain fix the direct manhandling? There are states that don’t require ID at the booth. There is currently no integrity check to prove the Democrats wrong or right. Then they don’t want to hand over data to prove either way… because they know. They’re jacking.

The bitcoin inventor did this to invest for himself. Real slick gimmick, and mind-numbing that the US let him stay alive. People get excited about it, like chihuahuas jumping up your leg.

Defilade July 24, 2017 5:15 PM

I am calling this asynchronous, or phased extortion. They want you to commit money with the buffer time for their investment model, regardless of whether you can spend it or not.

The gatekeepers are the market spaces. Amazon does not directly accept digital currency but the gift card secondary market will. Paypal accepts bitcoin but you would be consuming vicariously through Paypal, another system that ties up cash commitment to invest for itself. This is Bitcoin, not the umpteen other currencies that are about to explode in our face. This current lack of market acceptance is yet more lag time they have to invest your money.

You hate banks. Wallstreet hates banking regulation. So you potentially go from bad to worse with privateers that will still ultimately come under the gun, accepted or not. The board of directors have vested interest in other companies, coming together for a “take as fast as you can scheme” to leverage their debt on other projects. Otherwise, they wouldn’t be interested. The coins you earn for mining is chump change comparing to the “money lockup buffer.”

If you are bitcoin fanatic, at least Newegg accepts directly so you can burn cash on a server array for mining. Secure or not, good luck.

Benjamin Mord November 16, 2017 10:22 AM

Incorrect analysis re: 2nd “hack” (but correct on 1st), please beware confirmation bias. The 2nd hack was due to bug in smart contract, and NOT on-device software vulnerability. This is a very important distinction, and highlights need for smart contracting language designs that emphasize provability, a concept Ethereum lacks today. For the first good work in this direction that I’ve seen, consider:
https://blockstream.com/simplicity.pdf

We need to further extent the above research to prevent issues like the 2nd hack. Although this flavor of vulnerability is not new, it is a flavor of vulnerability that is about to become far more pervasive than ever before, as protocols themselves become increasingly programmable.

Bruce Schneier, cryptocurrencies deserve more of your attention than you presently allocate. Please see Hayek 1976 on denationalization of money, for a little glimpse of why. You could do a lot of good here, I refuse to believe there presently exists $100 billion of cryptographically sophisticated money today. We need your help. We need your mindshare.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.