crypto   27366

« earlier    

The Verge [cryptocurrency] hack, explained • The Abacus
Daniel Goldman on a cryptocurrency hack where a hacker began spoofing the time on "blocks", suggesting they'd happened earlier than they had:
<p>The algorithm that Verge [the crryptocurrency, unrelated to the tech news website] uses to calculate the current difficulty [of mining] is known as Dark Gravity Wave; it involves taking a weighted average of the rate of block confirmations over a moving two-hour window. It’s a bit complex, and the details don’t really matter here — what matters is this: mining difficulty is a function of recent block frequency, and running calculations on block frequency naturally involves looking at blocks’ timestamps.

And hence the problem: if enough faulty timestamps are getting created, all bets are off. And this is what the hacker did — examining the blockchain data reveals that throughout the duration of the hack(s), every other block was submitted with a timestamp roughly one hour before the present time, tragically confusing the protocol’s mining adjustment algorithm. If the protocol were sentient and fluent in English, it would be saying something like “Oh no! Not enough blocks have been submitted recently! Mining must be too difficult — let’s make it easier!” Since timestamps were continuously being spoofed, the protocol continuously lowered the difficulty, until mining got laughably easy. To give a general idea, the average difficulty in the hours before the initial attack was 1393093.39131, while during the attack, it got as low as 0.00024414, a decrease in difficulty of over 99.999999%. Lower difficulty in submitting a block means more blocks get submitted— in this case, roughly a block every second.
The cleverness of this attack is in how it circumvents the barrier of mining difficulty instead of attempting to burst through it. If the security provided by mining power is a gate surrounding the network — a gate that’s far too strong to break through and too high to climb over — this hack gets past it by finding a way to lower it so close to the ground that it can be stepped over.

If it isn’t already obvious, this is, in and of itself, bad news.</p>

Yeah, it was obvious. It's also obvious that there's no obvious way to fix this (though it's more complicated just than this; there's also an algorithmic attack). Anyone determined enough can do the exact same hack again - though the hacker here clearly got a lot of ducks in a row.
Crypto  hacking 
2 hours ago by charlesarthur
Let’s Create a Secure HD Bitcoin Wallet in Electron + React.js
As the planet is bracing for an exciting future in crypto, so do we, developers keep up to date with the technology. As there are still few posts written about programming the blockchain, I decided…
crypto  wallet  electron 
9 hours ago by pferdefleisch
What’s the matter with PGP? – A Few Thoughts on Cryptographic Engineering
Last Thursday, Yahoo announced their plans to support end-to-end encryption using a fork of Google's end-to-end email extension. This is a Big Deal. With providers like Google and Yahoo onboard, email encryption is bound to get a big kick in the ass. This is something email badly needs. So great work by Google and Yahoo!…
email  pgp  security  crypto  privacy  Bookmarks_Toolbar  critique  Cryptography  encryption  essays 
20 hours ago by websitejk

« earlier    

related tags

0x  ada  ads  advertising  ai  alltimehigh  altcoin  analysis  api  app  arstechnica  articles  australia  bch  bestpractices  bitcoin  bletchley-park  block-producer  block  blockchain  blockchainweeknyc  blockstack  blog  blueteam  bookmarks_toolbar  btc  business  cardano  career  challenges  charts  climate  code  colossus  comms  communication  community  computers  consensus  consensus2018  critique  crowdsale  crypto-markets  cryptocurrency  cryptography  cryptoprojects  cybersecurity  dapp  dapps  data  database  datascience  dbet  decentralized  dev  development  disclosure  dmp  docs  ecc  economics  efail  electron  email  encryption  energy  eos  essays  ethereum  facebook  finance  finances  fintech  flash  flashcoin  fomo  format  free  freedom  funding  future  golang  government  gpg  hacking  healthtech  highway  history  hodl  holo  hosting  humor  ico  infosec  innovation  interest  interesting  investment  ipfs  it  javascript  kata  keybase  lorentz  market  marketing  markets  math  messaging  myths  neo  network  networking  newsletter  og  onlinetools  opensource  organization  pac  paper  password  performance  pgp  politics  portfolio  pos  privacy  producer  productivity  programming  projects  protocol  publickey  python  read  reading-queue  reddit  reference  regulation  research  scam  security  securitytoken  signal  smartcash  spam  speeches  ssh  stake-pools  stakepools  staking  tech  technical  technology  thunderbird  todo  tokens  tools  towatch  trading  traffic  tutorial  twitter  ven  video  visualizations  vitalik  vpn  wallet  webdev  wiki 

Copy this bookmark: