Securing your wallet - Bitcoin Wiki

How to Cold Store Your Cryptocurrency for Safekeeping

According to CipherTrace (which specializes in litigation tools and services for cryptographic markets), between 2018 and 2019, the amount of theft from cryptographic wallets exceeds $2 billion. Thefts and break-ins are caused by a variety of reasons: simple incompetence in cryptographic storage, as well as by companies that provide storage services. It is not unusual for holders of crypto currency to lose access to their wallets by themselves, one of the last known cases occurred in Ireland: ,57 million dollars couldn’t be confiscated from a detained drug dealer, which were stored in bitcoins. The problem was that the wallets keys were lost.
The most secure way is a cold storage — all account data and private keys are kept offline and all transactions are manual. This storage method is great because it is fully protected from hacking and interception of data, but it is not suitable for those who make daily transfers of cryptocurrency, it is simply inconvenient.
If you compare “cold and hot” wallets, you can give a simple example: A hot wallet can be compared to a wallet that can be lost and stolen. But you can always access your funds. A cold wallet is safe, and access to it is not permanent. You can also take or put money, but it will require a special code.
In this article we will tell you about the most popular types of cold wallets and we will analyze their pros and cons.

Types of cold wallets

All cold wallets have one common thing — the data is stored offline. However, there are several types of cold wallets, which differ in the degree of protection, physical embodiment and cost of the wallet.

Desktop wallet

Desktop wallets are also known for a high level of protection, in addition to the ability to store crypto currency offline. There are so-called “light” wallets weighing less than 1 gb, and “heavy” wallets weighing more than 1 gb. Two of the desktop wallets can be distinguished:

Exodus Wallet

Multicurrency wallet. It was created in 2016 and supports more than 100 crypto currencies, since 2019 has a phone application. The wallet allows you to export private keys that are created locally, and then to upload them back. Private keys can be discounted to removable media and downloaded only when the transaction is completed. If the user decides to leave private keys on the same computer where the wallet is located, keys are securely encrypted. In order to use your wallet ,there is no need to register or to download the entire blockchain — synchronization is taking place online. In addition to wallet services Exodus Wallet provides an integrated crypto-exchange. The installation file weighs 85 mb.

Bitcoin Core

Bitcoin Core is the official Bitcoin wallet. The size of the wallet is 160 gb, but according to the developers of the company, it’s better to give it a separate winchester with the size of 500 gb. From the security viewpoint, it’s suggested to install a security code or a seed phrase, which may consist 8 words. It is also suggested to copy wallet.dat file. — private wallet key, which will allow you to restore access to your funds.

Hardware wallets

Appears like a regular flash drive with an interface (screen, control keys). This wallet can safely store information about the balance and keys, full functionality is available only when connected to a computer, but the latest models have a special button that allows you to confirm the transaction without connecting to a PC. Each time the device offers to generate a new code-password to confirm the transaction, which significantly reduces the probability of hacking. After generating the code, you need to set a mnemonic phrase (seed) — it consists of 12 or 24 words, which are not related to each other in any way. Such type of wallets has a special protection system that allows you to connect even to potentially infected PCs. The wallets themselves won’t be affected by malware.
The obvious cons of hardware wallets are the following:
  1. It is also possible to lose a device that is so small in size.
  2. A physical device can easily fail due to a variety of damages.
  3. It is not recommended to buy such wallets from “hand”, even from friends, as they can be pre-installed with malware.
As you can see, storing crypto currency with a hardware wallets is very safe and secure, however you should take care about the device. Many people who hold a large amount of crypto currency, in order to not to lose a hardware wallet, store it in a safe deposit box, depriving someone of access to it.

Popular Hardware Wallets models

Trezor One

The first hardware wallet produced in 2013 by the Czech company Satoshi Labs. The device has an OLED display with a pin code, public addresses and Seed phrases. Trezor One has won recognition from users due to its multicurrency and affordable price ($65), it is also considered one of the most secure hardware wallets.
Ledger Nano S
The wallet was released in 2016 by the French company Ledger SAS. Distinctive feature from the other wallets, is the Secure Element controller, which meets banking standards and is certified CC EAL 5+. Also, in order to work with each crypto currency you need to install a special application for this currency on the device, it is not quite convenient, however more secure. The average price of the device is $85.
KeepKey
The purse was released in 2015 in the U.S.. Distinctive feature is OLED display — 256 by 64 pixels. Due to this, you can fully see both the address of the wallet, and the seed phrase. Also, the wallet has a built-in exchange service ShapeShift — an opportunity to exchange crypto currency without entering the exchange. The average price of the device is $50.
BitBox01
Ionos Schnelly’s wallet was invented in Switzerland. In size it’s almost the most compact among all representatives of the hardware wallets. A distinctive feature is the availability of a backup — the card can be multiplied and kept in several places, by analogy with the seed-phrase. In November 2020, support for these wallets will be discontinued, but all owners will be given a 30% discount on the new model. The average price of the device is $55.
CoolWalletS
Developed in Taiwan by CoolBitX, which has long been manufacturing components for Visa and MasterCard. As well as Ledger Nano S has a security standard CC EAL 5+. This wallet works only through smartphones, connecting to them through Bluetooch. The average price of the device is $100.

Paper Wallet

In the age of technological process, plain paper has become a rather reliable method for storing cryptocurrency. With the help of special services, such as bitaddress.org, you can generate public and private keys, then writing them down on paper. You can also print keys as a QR code. To accept transactions with such a wallet, you provide the sender with a public key. To access the funds, you need to find any online wallet that supports your crypto currency. Enter your private key into your online wallet, thus integrating your funds into the system. However, you should understand that after this procedure your wallet will become “hot”.
The best of this storage method — paper wallet is free, its safety depends only from you. When storing a paper wallet to protect it from the fire, water and aging. Also, do not tell other people about where your paper wallet is hidden.
The disadvantages of this storage:
  1. If your wallet is lost, it will be impossible to restore it.
  2. Exposed to a physical damage.
  3. After sending the transaction, you will have to create a new cold wallet.

Offline transaction signature

For this storage method, you will need two PCs. The essence is that the secret keys are never in contact with the Internet, but are stored digitally. Offline transaction method is suitable for people who do not make a daily transactions and have an access to two devices. The process is below:
  1. A hot wallet is installed on a PC with the Internet. The transaction is created without entering private keys and authorization.
  2. The file with transaction is copied and transferred to the second PC without Internet, where private keys are stored.
  3. The transaction is signed offline, copied and transferred back to the PC with the Internet.
In fact, you can do it with one PC and a USB drive. The USB drive will store private keys. Also, you can create a transaction without entering private keys and authorization, after disconnecting the Internet, connect the flash drive, sign the transaction, turn on the Internet. In this case, you should take care of the antivirus system.
The disadvantages of this method:
  1. Using two PCs or a USB drive involves a lot of actions, which is time consuming.
  2. You need to back up your keys in case your PC or flash drive fails.

Multi-signature wallet

This method implies the creation of a wallet, which can be only withdrawn on condition that the transaction is verified by a predetermined number of users. The maximum number of users who can hold private keys of the wallet- is 15. It is considered as one of the most reliable ways of storage, in fact private keys are not only stored offline, but also divided between different people. Often the wallet with multisignatures is used by large crypto-companies, whose management believes that individually employees can not spend the budget. Moreover, when creating this wallet, the number of required multisignatures is minimal. For example: if one of the six keys is lost, the remaining ones will be enough for the transaction.
The disadvantages of this storage:
  1. If most of the keys are lost, access to the funds cannot be restored.
  2. You will not be able to make transactions on your own without the participation of other key holders.

Private Key Fragmentation

The private wallet key consists of 64 symbols. The key is divided into several fragments. They don’t represent anything separately, but if you put all the fragments together, you can access the funds. The key fragments are similar to multisignatures, but in this case you don’t need a multisig-wallet, and the whole process can be done manually.
The disadvantages of this method:
  1. If one fragment is lost, access to funds will be lost.
  2. The maximum level of protection can only be reached when key fragments are distributed to different places, for example: bookshelf, safe deposit box, car. If you divide the key fragments and put them in different boxes — the required level of protection will not be achieved.
When writing down key fragments on paper, protect the key from fire, water and aging.

Conclusion

Digital currencies are not physically expressed and exist only in the digital code, so cold wallets that doesn’t have an access to the Internet, protect cryptocurrencies from the most important and common problem — hacker theft. However, holders of cold wallets need to understand that the safety of a private key depends only on them. There are different ways to store private keys outside the network, but each of them makes it difficult for the user to make transactions.
Hardware wallets that have been specifically designed for this purpose are considered to be the best option for storing cryptocurrencies. With their help it is possible both to store funds off the network and to make transactions easily, without risking the safety of a private key. If you use other cold wallets, it is recommended to combine them with hot wallets. Keep the required crypto currency for daily transfers on hot wallets, and keep all other crypto on cold wallets.
Please don’t forget to follow us on Telegram and stay updated!
YOUR CRYPTO BOSS
submitted by yourcryptoboss19 to u/yourcryptoboss19 [link] [comments]

Found Wallet.dat from 2011 - How to check value?

I was getting an old pc ready to be dumped and found a wallet.dat on it. The PC hasn’t been used for about 8 years and probably minimally since 2011.
I did a minuscule amount of mining in 2011, but didn’t get far. I found the wallet unsecured, though secured it now. The blockchain woefully out of date. The PC hasn’t been online for many years and wasn’t when I checked the other day.
At the moment I see nothing in the wallet.
There could be nothing in it. 10, 50, 100 or maybe a few more, i don’t really remember how fast they mined. I just know the Bitcoin was arduous. I did start and stop a few times (uninstalling and starting new wallets) between two pc’s which is why I am not certain there are any in there at all.
My questions are:
  1. If I left it unsecured but barely used the PC could any litecoins have been stolen?
  2. Is there a reasonable way to check the value without downloading the blockchain? I looked and haven’t found anything that works in 2020.
  3. If I have 100mbps broadband and a modern PC how long should I expect the whole blockchain to download and at what size? It’s just mining that is resource intensive not downloading the chain I believe?
Thanks in advance. Will decide if it’s worth investing a bit of time to check.
submitted by TypicalIdea to litecoin [link] [comments]

Wallet for Android

Hi guys, is there a wallet for Android. I mean qt, not wallet file? I am asking because it is very important to create one if there isn't. This might be the thing that we need to get to a Point-of-no-Return and surpass even bitcoin by innovativity.
EDIT: Please guys, do not reply if you do not understand the question. I am asking for a qt wallet for RDD for Android. An app that syncs has peers.dat, wallet.dat, blocks, chainstate etc on your phone. No 3rd party app with backdoors designed to steal cryptos! If there isn't such, then maybe its time to create one.
submitted by Teodor87 to reddCoin [link] [comments]

The biggest cryptocurrency thefts in the last 10 years

In this article, we will try to remember all the major theft of cryptocurrencies over the past 10 years.
1. Bitstamp $5.3 mln (BTC), January 4th, 2015
On January 4, 2015, the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker and 19,000 Bitcoins (worth of $5 million) were lost.
The initiation of the attack fell on November 4, 2014. Then Damian Merlak, the CTO of the exchange, was offered free tickets to punk rock festival Punk Rock Holiday 2015 via Skype, knowing that Merlak is interested in such music and he plays in the band. To receive the tickets, he was asked to fill out a participant questionnaire by sending a file named “Punk Rock Holiday 2015 TICKET Form1.doc”. This file contained the VBA script. By opening the file, he downloaded the malware on his computer. Although Merlak did not suspect wrong and has opened the "application form", to any critical consequences, this did not open access to the funds of exchange.
The attackers, however, did not give up. The attack continued for five weeks, during which hackers presented themselves as journalists, then headhunters.
Finally, the attackers were lucky. On December 11, 2014, the infected word document was opened on his machine by Bitstamp system administrator Luka Kodric, who had access to the exchange wallet. The file came to the victim by email, allegedly on behalf of an employee of the Association for computer science, although in fact, as the investigation showed, the traces of the file lead deep into Tor. Hackers were not limited to just one letter. Skype attacker pretending to be an employee of the Association for computing machinery, convinced that his Frame though to make international honor society, which required some paperwork. Kodric believed.
By installing a Trojan on Kodriс's computer hackers were able to obtain direct access to the hot wallet of the exchange. The logs show that the attacker, under the account of Kodric, gained access to the server LNXSRVBTC, where he kept the wallet file.dat, and the DORNATA server where the password was stored. Then the servers were redirected to a certain IP address that belongs to one of the providers of Germany.
There are still no official reports of arrests in this case. Obviously, the case is complicated by the fact that the hackers are outside the UK, and the investigation has to cooperate with law enforcement agencies in other countries.
2. GateHub $9.5 mln (XRP), June 1th, 2019
Hackers have compromised nearly 100 XRP Ledger wallets on cryptocurrency wallet service GateHub. The incident was reported by GateHub in a preliminary statement on June 6.
XRP enthusiast Thomas Silkjær, who first noticed the suspicious activity, estimates that the hackers have stolen nearly $10 million worth of cryptocurrency (23,200,000 XRP), $5.5 million (13,100,000 XRP) of which has already been laundered through exchanges and mixer services.
GateHub notes that it is still conducting an investigation and therefore cannot publish any official findings. Also, GateHub advises victims to make complaints to the relevant authorities of their jurisdiction.
3. Tether, $30.9 mln (USDT), November 19th, 2017
Tether created a digital currency called "US tokens" (USDT) — they could be used to trade real goods using Bitcoin, Litecoin and Ether. By depositing $1 in Tether, the user received 1 USD, which can be converted back into fiat. On November 19, 2017, the attacker gained access to the main Tether wallet and withdrew $ 30.9 million in tokens. For the transaction, he used a Bitcoin address, which means that it was irreversible.
To fix the situation, Tether took action by which the hacker was unable to withdraw the stolen money to fiat or Bitcoin, but the panic led to a decrease in the value of Bitcoin.
4. Ethereum, $31 mln (ETH), July 20th, 2017
On July 20, 2017, the hacker transferred 153,037 Ethers to $31 million from three very large wallets owned by SwarmCity, Edgeless Casino and Eternity. Unknown fraudster managed to change the ownership of wallets, taking advantage of the vulnerability with multiple signatures.
First, the theft was noticed by the developers of SwarmCity.
Further events deserve a place in history: "white hackers" returned the stolen funds, and then protected other compromised accounts. They acted in the same way as criminals, who stole funds from vulnerable wallets — just not for themselves. And it all happened in less than a day.
5. Dao (Decentralized Autonomous Organization) $70 mln (ETH), June 18th, 2016
On June 18, 2016, members of the Ethereum community noticed that funds were being drained from the DAO and the overall ETH balance of the smart contract was going down. A total of 3.6 million Ether (worth around $70 million at the time) was drained by the hacker in the first few hours. The attack was possible because of an exploit found in the splitting function. The attackes withdrew Ether from the DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to "ask" the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main faults that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call, and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It's important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for the DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the Internet and any application based on Ethereum to a website: if a website is not working, it doesn't mean that the Internet is not working, it simply means that one website has a problem.
The hacker stopped draining the DAO for unknown reasons, even though they could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit. In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and came very close to being introduced. A few hours before it was set to be released, a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from the DAO.
6. NiceHash, 4736.42 (BTC), December 6th, 2017
NiceHash is a Slovenian cryptocurrency hash power broker with integrated marketplace that connects sellers of hashing power (miners) with buyers of hashing power using the sharing economy approach.
On December 6, 2017, the company's servers became the target of attack. At first, Reddit users reported that they could not access their funds and make transactions — when they tried to log in, they were shown a message about a service interruption. In the end, it became known that the service had undergone a major cyberattack and 4736,42 Bitcoins disappeared without a trace.
Despite heavy losses, NiceHash was able to continue working, but CEO and founder Marco Koval resigned, giving way to a new team. The company managed to maintain the trust of investors and began to strengthen the protection of its systems.
7. Mt.Gox, 850000 (BTC), June 19th, 2011
The Hacking Of Mt.Gox was one of the biggest Bitcoin thefts in history. It was the work of highly professional hackers using complex vulnerabilities.
A hacker (or a group of hackers) allegedly gained access to a computer owned by one of the auditors and used a security vulnerability to access Mt.Gox servers, then changed the nominal value of Bitcoin to 1 cent per coin.
Then they brought out about 2000 BTC. Some customers, without knowing it, conducted transactions at this low price, a total of 650 BTC, and despite the fact that the hacking hit the headlines around the world, no Bitcoin could be returned.
To increase investor confidence, the company has compensated all of the stolen coins, placed most of the remaining funds in offline storage, and the next couple of years was considered the most reliable Bitcoin exchanger in the world.
However, it was only an illusion of reliability.
The problems of the organization were much more serious, and the management probably did not even know about them.
CEO of Mt.Gox, Mark Karpeles, was originally a developer, but over time he stopped delving into technical details, basking in the rays of glory — because he created the world's largest platform for cryptocurrency exchange. At that time Mt.Gox handled over 70% of all Bitcoin transactions.
And, of course, there were those who wanted to take advantage of the technological weakness of the service. At some point, hackers made it so that Bitcoins could be bought at any price, and within minutes millions of dollars worth of coins were sold — mostly for pennies. World prices for Bitcoin stabilized in a few minutes, but it was too late.
As a result, Mt.Gox lost about 850,000 Bitcoins. The exchange had to declare bankruptcy, hundreds of thousands of people lost money, and the Japanese authorities arrested CEO Mark Karpeles for fraud. He pleaded not guilty and was subsequently released. In 2014, the authorities restored some of the Bitcoins remaining at the old addresses, but did not transfer them to the exchange, and created a trust to compensate for the losses of creditors.
8. Coincheck, $530 mln, January 26th, 2018
The sum was astonishing, and even surpassed the infamous Mt.Gox hack.
While Mt.Gox shortly filed for bankruptcy following the hack, Coincheck has surprisingly remained in business and was even recently approved as a licensed exchange by Japan’s Financial Services (FSA).
Coincheck was founded in 2014 in Japan and was one of the most popular cryptocurrency exchanges in the country. Offering a wide variety of digital assets including Bitcoin, Ether, LISK, and NEM, Coincheck was an emerging exchange that joined the Japan Blockchain Association.
Since Coincheck was founded it 2014, it was incidentally not subject to new exchange registration requirements with Japan’s FSA — who rolled out a framework after Mt. Gox –, and eventually was a contributing factor to its poor security standards that led to the hack.
On January 26th, 2018, Coincheck posted on their blog detailing that they were restricting NEM deposits and withdrawals, along with most other methods for buying or selling cryptocurrencies on the platform. Speculation arose that the exchange had been hacked, and the NEM developers issued a statement saying they were unaware of any technical glitches in the NEM protocol and any issues were a result of the exchange’s security.
Coincheck subsequently held a high-profile conference where they confirmed that hackers had absconded with 500 million NEM tokens that were then distributed to 19 different addresses on the network. Totaling roughly $530 million at the time — NEM was hovering around $1 then — the Coincheck hack was considered the largest theft in the industry’s history.
Coincheck was compelled to reveal some embarrassing details about their exchange’s security, mentioning how they stored all of the NEM in a single hot wallet and did not use the NEM multisignature contract security recommended by the developers.
Simultaneously, the NEM developers team had tagged all of the NEM stolen in the hack with a message identifying the funds as stolen so that other exchanges would not accept them. However, NEM announced they were ending their hunt for the stolen NEM for unspecified reasons several months later, and speculation persisted that hackers were close to cashing out the stolen funds on the dark web.
Mainstream media covered the hack extensively and compared it to similar failures by cryptocurrency exchanges in the past to meet adequate security standards. At the time, most media coverage of cryptocurrencies was centered on their obscure nature, dramatic volatility, and lack of security. Coincheck’s hack fueled that narrative considerably as the stolen sum was eye-popping and the cryptocurrency used — NEM — was unknown to most in the mainstream.
NEM depreciated rapidly following the hack, and the price fell even more throughout 2018, in line with the extended bear market in the broader industry. Currently, NEM is trading at approximately $0.07, a precipitous fall from ATH over $1.60 in early January.
The extent of the Coincheck hack was rivaled by only a few other hacks, notably the Mt.Gox hack. While nominally Coincheck is the largest hack in the industry’s history, the effects of Mt.Gox were significantly more impactful since the stolen funds consisted only of Bitcoin and caused a sustained market correction as well as an ongoing controversy with the stolen funds and founder. Moreover, Mt.Gox squandered 6% of the overall Bitcoin circulation at the time in a market that was much less mature than it is today.
Despite the fallout, Coincheck is now fully operational and registered with Japan’s FSA.
As practice shows, people make mistakes and these mistakes can cost a lot. Especially, when we talk about mad cryptoworld. Be careful and keep your private keys in a safe place.
submitted by SwapSpace_co to BitcoinMarkets [link] [comments]

Years of Searching: Found Bitcoin Wallet. Data File Missing. Possible Conspiracy?

I sold a lot of runescape gold for bitcoin back in 2010/2011 as a young teenager. I also did a bit of mining. I can't remember the exact amount, but I believe I had around 500 bitcoin in 2011. At the time, it was only worth a few hundred dollars, which was still a lot for me back then. It was my pride and joy. At some point in 2011, my harddrive corrupted and my computer was inaccessible. I paid a hundred or so dollars at best buy to get it fixed. They were unable to do so. I searched the internet for answers to no avail. My birthday came around and I got a new laptop. I kinda just called the old laptop a complete loss. In 2012 I moved off for college. I honesly wasn't even thinking about bitcoin that entire year. That was until my second semester in college, the tail end of 2012. Bitcoin was soaring. Word was getting around that it was at $10/btc. At the time, this was actually huge. A lot of people started cashing out here, believe it or not. It was at this time that I remembered the old laptop. The bitcoin I had was now worth around $5k. I still had no idea how to recover it, but I knew I needed to get that laptop when I went back home. I go home for the holidays and ask about it. My parents had cleaned up house and said they threw it away as they thought it was broken. I was heartbroken. As a broke college student, that $5k was gonna really come in handy. I basically signed that bitcoin off completely after that. It was confirmed trashed.
Fast forward a few years. Christmas 2017. Bitcoin is soaring out of control. Now at $15k/btc. Everyone is talking about it. It became a topic at the dinner table. I told everyone about how I once had 500 BTC but it was lost on an old, corrupted, laptop that was thrown away. My dad is fantasizing about how rich we'd be now. He was very frustrated at the idea of literally throwing it away. It was at this point my sister's husband says that my dad gave him a laptop amongst other old electronics back then and that he thinks he still has it. We literally ended the dinner right then and there as I demanded we drive to his house. We search all over to no avail. He thinks he might have actually thrown it away as well... The loss is felt all over again.
Fast forward. March 2020. Things really haven't worked out for me in life. I'm broke. I'm out of a job at the moment due to corona. Idk how I'm ever gonna get ahead. I have random nights where I beat myself up for not being smarter as a teen. Surely there was a simple solution to a corrupt harddrive. Why did I smoke so much damn weed? Why did my dad have to give it away? Why did my sister's husband have to throw it away? Whyyyyyyyy. My sister calls me. She says she found my laptop. Holy. Shit. I drive over and power it up at her house. It turns on flawlessly... Everything is there... All my files... No corrupt harddrive anymore... What the fuck... I open bitcoin. Error. I search through all the files. The wallet is missing. "Wallet.dat" is gone. "Wallet.cpp" and "wallet.h" are there, but not the data file. What the fuck is going on. There's no way my sister did anything, she is clueless with computers. Her husband is a web developer though... Maybe he fixed it and stole the wallet. Maybe that's why they've had a huge upgrade in their life in the past year... I ask my sister if her husband did anything and she says not that she knows of. Why would she tell me about it then? Surely she would know if her husband acquire millions in bitcoin? Was this her way of telling me without actually telling me? She knows I've fallen on tough times. Does she feel guilty? I confront her husband and he has no idea what I'm talking about. I feel like I'm acting crazy now. Was I hacked in the past and had my wallet stolen? Did the best buy person steal it? I seriously think it was her husband. As far as I know, he still works the same job, but they've bought a huge house, multiple cars, and lived a lavish lifestyle all in the past year.
I'm losing my mind here. My sister acts clueless. I feel like a crazy horrible person to even accuse them of doing that, but here I am... seriously questioning them now. I just don't know what to do from here. Do I call the police? I don't even know if I technically owned that bitcoin. I'm just so confused by everything right now. If her husband found the laptop in 2017 and cashed out, he would have made at least $7 million. That's enough to make ANYONE turn slimy. Hell, part of me doesn't even blame him. I just want to know what the fuck happened. It is driving me absolutely insane.
Does anyone have any advice here? And if, by chance, said husband reads this, if you stole the btc just give me some sign to ease my mind. Anything. I just want to know. If you didn't steal it, I'm sincerely sorry, but I hope you understand why I would accuse you.
submitted by 123848912384 to Bitcoin [link] [comments]

Questions and Answers from OKEx AMA with Tron Black - 2/18/2020

https://twitter.com/OKEx/status/1228212766126661633
The AMA was a huge success! THANK YOU TRON!
If you want to see all the questions that poured in when they opened the AMA up for questions from the audience, here they are: https://pastebin.com/KVpyXmgu The Telegram admins had to temporarily mute the group because there were so many questions flooding in from so many people. A *good problem* to have. :)
Below are all the ANSWERED questions.
-------------------------------------------------------------------
[email protected], [18.02.20 05:09]
Here’s question#1:What is your background and how did you come to the idea to create RVN [email protected]

Tron Black, [18.02.20 05:12]
Sorry, I was locked out for minute.

Tron Black, [18.02.20 05:12]
I'm just a tiny part of Ravencoin, and there are some amazing developers (Jeremy, Mark, Cade, and Corbin) that have been brought the new capabilities to mainnet. The core idea of bringing assets to a bitcoin-derived blockchain platform came from Bruce Fenton, a former Executive Director of the Bitcoin Foundation with life-long experience in the traditional finance and stockbroker world. Medici Ventures is allowing some of its developers to contribute to the project. I was fortunate enough to have the right background to help with this project. I have a CS degree, C++ coding skills, economics background, early entrepreneurial success, teaching experience, an MBA, and a burning passion for the crypto-space and how it can change the world for the better.

[email protected], [18.02.20 05:12]
Thanks. Here's question#2: Why did you name the project Raven? What was Raven created to solve? What is the business model of the project?

Tron Black, [18.02.20 05:12]
The name came from Bruce Fenton. Ravens are clever birds with a rich history. Ravencoin makes it easy to create and transfer your own asset. There isn’t a business model for the project. It is a gift to the world in the spirit of Bitcoin. Medici Ventures has allowed some of its top developers to contribute time and effort to the project. Medici Ventures does hold some mined RVN, so it may be a win-win.

[email protected], [18.02.20 05:14]
Thank you for answering. Let's move on to the next question# 3. What are the $RVN tokens used for? What gives it value?

Tron Black, [18.02.20 05:15]
Thank you for asking.

Tron Black, [18.02.20 05:15]
The RVN tokens are used to purchase your own token on the Ravencoin platform.

Tron Black, [18.02.20 05:16]
Those RVN are burned.

Tron Black, [18.02.20 05:16]
RVN is also used to incentivize the miners to secure the chain.

Tron Black, [18.02.20 05:16]
RVN is also used for transaction fees for tranferring RVN or user-created (your) assets.

[email protected], [18.02.20 05:17]
Cool. Here's question# 4:In your opinion what is the unique "selling" point, or best feature, of Ravencoin?

Tron Black, [18.02.20 05:17]
This is like being asked "who is your favorite child."

Tron Black, [18.02.20 05:18]
Except answering it doesn't cost children thousands in therapy so I'll give it a shot.

Tron Black, [18.02.20 05:18]
The best feature of Ravencoin, with the most unexpected results, has been its linkage to IPFS.

Tron Black, [18.02.20 05:19]
This was originally done to ensure that meta-dat about a token doesn't get lost like it has on other platforms like Counterparty.

Tron Black, [18.02.20 05:19]
The linkage to IPFS has RECENTLY been extended to include messaging, and memos.

Tron Black, [18.02.20 05:20]
You can now include information, even a PDF, or a video clip with every transaction.

Tron Black, [18.02.20 05:20]
This is powerful, and I can't wait to see how it gets used.

Tron Black, [18.02.20 05:20]
--------------------

[email protected], [18.02.20 05:20]
Quesiton#5 What are the advantages of using Ravencoin for assets tokenization compared to other blockchain protocols?

Tron Black, [18.02.20 05:21]
Wow. Where do I start?

Tron Black, [18.02.20 05:21]
First, the meta-data about the token can be recorded via IPFS, so everyone knows what the token represents.

Tron Black, [18.02.20 05:22]
Second, the token has a unique name which can help with preventing fake tokens, and allows humang readable "root-of-trust" for the token that isn't just 40 characters of hex (ERC-20).

Tron Black, [18.02.20 05:22]
There explorers for assets, like: https://ravencoin.asset-explorer.com

Tron Black, [18.02.20 05:23]
and https://www.mangofarmassets.com/assetviewer

Tron Black, [18.02.20 05:23]
Wallets like RVN Wallet, MangoFarms Wallet, and Zelcore wallet support Ravencoin assets.

Tron Black, [18.02.20 05:23]
--------------

[email protected], [18.02.20 05:23]
Here's our next question from Twitter# 6: Does being fully community-driven blockchain have its own drawbacks for rvn? You know, voluntarism means no marketing or legal team.

Tron Black, [18.02.20 05:24]
Yes, oh yes.

Tron Black, [18.02.20 05:24]
But the benefits far outweigh the drawbacks.

[email protected], [18.02.20 05:24]
[ Photo ]
📣Group is Off Commenting for a while due to AMA. Will allow back when Q&A session later. Kindly be Patience with us. Thank You🥰

Tron Black, [18.02.20 05:24]
It is just technology that people choose to use.

Tron Black, [18.02.20 05:24]
Ravencoin has attracted the right kinds of people, including donated legal help when it was needed.

Tron Black, [18.02.20 05:25]
The lack of a marketing budget does slow the awareness.

Tron Black, [18.02.20 05:25]
In some ways this is good, and the demand for RVN isn't reliant on promotion.

Tron Black, [18.02.20 05:25]
As other projects stop promotion, or run out of marketing funds, they are at risk.

Tron Black, [18.02.20 05:26]
Ravencoin is just growing slowly and steadily as more people learn about it.

Tron Black, [18.02.20 05:26]
Consider yourself fortunate to have learned about Ravencoin early.😁

Tron Black, [18.02.20 05:26]
---------------

[email protected], [18.02.20 05:27]
Great!!! Here's the next question from Twitter# 7:is it apple to apple if I say that ravencoin is going to disrupt wall street just like bitcoin is disrupting to central banking?

Tron Black, [18.02.20 05:28]
At the very least, Ravencoin will help show the way that tokenization can improve capital formation. It is up to others to take advantage of these new tools, technologies, and features.

Tron Black, [18.02.20 05:28]
It might happen first in countries other than the U.S.

Tron Black, [18.02.20 05:29]
Look at the story of Blockbuster Video (former leader in video rental), and Netflix (current video streaming leader) to see what might happen in the future. Is Wall Street the new Blockbuster Video?

Tron Black, [18.02.20 05:30]
I see similar patterns of arrogance, but only time will tell.

Tron Black, [18.02.20 05:30]
---------------

[email protected], [18.02.20 05:30]
Here's the next question# 8: How will Ravencoin defend hashrate distribution (algo question) if there are important securities issued on this platform (double spend attack)?

Tron Black, [18.02.20 05:31]
Ravencoin doesn't re-org after 60 blocks which helps prevent double-spend attacks -- a feature called NLR.

Tron Black, [18.02.20 05:31]
Also, something to be aware of is that in most cases tokens are redeemed by an issuer which removes the incentive to double-spend.

Tron Black, [18.02.20 05:32]
Example: Let's say the token is a share of real-estate. The laws of the jurisdiction for the real-estate would apply when redeeming for dividends, etc.

Tron Black, [18.02.20 05:33]
Also If the issuer is using the Restricted Assets feature of Ravencoin which have tokens that start with $, then the stolen tokens can be frozen.

Tron Black, [18.02.20 05:33]
Note: Regular assets (not starting with $) can't be frozen.

Tron Black, [18.02.20 05:33]
The issuer of the token should specify how redemption is handled.

Tron Black, [18.02.20 05:33]
--------------

[email protected], [18.02.20 05:34]
Thank you for your detailed answer. and Quesiton#9 How does RVN works? What problem did RVN solve? How do the Tokenomics work?

Tron Black, [18.02.20 05:34]
RVN works like BTC, because it is a code fork of BTC.

Tron Black, [18.02.20 05:34]
RVN lets you create your own tokens in under a minute. It is easy!!!

Tron Black, [18.02.20 05:34]
RVN is required to create your own token.

Tron Black, [18.02.20 05:35]
Heres' the breakdown:

Tron Black, [18.02.20 05:35]
500 RVN burned to create a root asset with a unique name. 100 RVN is burned to create a sub-asset (under a root asset). 5 RVN is burned to create a unique asset (NFT). 1000 RVN burned to be a qualifier. 1500 RVN burned to create a Restricted Asset with special superpowers. 0.1 RVN burned to attach a tag to a Ravencoin address. A small amount of RVN is used, but not burned to transfer assets.

Tron Black, [18.02.20 05:35]
------------

[email protected], [18.02.20 05:35]
Let's move on to the next question#10 Safety and security are always the most important things. So what is the security mechanism of RavenCoin to ensure user assets do not become the target of hackers?

Tron Black, [18.02.20 05:36]
Ravencoin has a strong network of miners.

Tron Black, [18.02.20 05:36]
Most of the original code is from Bitcoin which is probably the most vetted code in the world.

Tron Black, [18.02.20 05:36]
We have run a bug bounty to hopefully find any flaws before release to mainnet.

Tron Black, [18.02.20 05:36]
With all that said, there are no guarantees as this is just source code provided for free that folks choose to run.

Tron Black, [18.02.20 05:37]
If you need absolute assurance, then you should commission an audit of the code. There is no Ravencoin company, just a GitHub repository and a lot of passionate supporters.

Tron Black, [18.02.20 05:37]
-------------

[email protected], [18.02.20 05:37]
Quesiton#11 Nowaday most investors $RVN simply focus on the price of the token in the short term, and not on the real value of the project. Can you tell us about the motivation and advantages of an investor $RVN in the long term?

Tron Black, [18.02.20 05:38]
I can't speak to the motivations of individual investors.

Tron Black, [18.02.20 05:38]
RVN is a great token with good liquidity (world-wide).

Tron Black, [18.02.20 05:38]
RVN is used to incentivize the miners and help protect the Ravencoin asset platform, so it has a use case.

Tron Black, [18.02.20 05:39]
RVN can be a store-of-value, and a medium-of-exchange.

Tron Black, [18.02.20 05:39]
One of my favorite things about Ravencoin is that it is tricky to classify, as it has so many uses.

Tron Black, [18.02.20 05:39]
I love seeing how people build using this technology platform.

Tron Black, [18.02.20 05:39]
Ravencoin makes new things possible.

Tron Black, [18.02.20 05:39]
--------------

[email protected], [18.02.20 05:40]
Here's the next question #12 Who are your competitors and how do you intend to thrive amongst them?

Tron Black, [18.02.20 05:40]
This may sound strange, but I don't see crypto technologies as competitors.

Tron Black, [18.02.20 05:41]
The crypto space is tiny compared to the legacy systems we've had for fifty years, so I look at every project as a way to bring new people into crypto-ecosystem.

Tron Black, [18.02.20 05:41]
If we add value, features, and capabilities, then more people will learn about the Ravencoin platform and what it can do for them.

Tron Black, [18.02.20 05:41]
The ERC-20 smart contract is an alternative asset issuance option, but Ravencoin is much better for most uses, so more education is needed.

Tron Black, [18.02.20 05:41]
https://medium.com/@tronblack/ravencoin-better-than-erc-20-88a276d3e434

Tron Black, [18.02.20 05:41]
--------------

[email protected], [18.02.20 05:42]
Quesiton#13 What is the uniqueness of the Raven token? Why should investors (including me) invest in Raven?

Tron Black, [18.02.20 05:42]
Ravencoin is a platform.

Tron Black, [18.02.20 05:42]
You should evaluate the capabilities of the Ravencoin platform and ask yourself whether it will be used, and whether it adds value over other platforms like ETH, EOS, or TEZOS.

Tron Black, [18.02.20 05:42]
Hint: It does. I try not to provide investment advice, so do your own research.

Tron Black, [18.02.20 05:43]
https://ravencoin.org

Tron Black, [18.02.20 05:43]
https://medium.com/@tronblack

Tron Black, [18.02.20 05:43]
---------------

[email protected], [18.02.20 05:43]
Quesiton#14 What your plans in place for global expansion, are you focusing on only market at this time? Or focus on building and developing or getting customers and users, or partnerships? Can you explain this?

Tron Black, [18.02.20 05:43]
Ravencoin is already a global phenomenon.

Tron Black, [18.02.20 05:44]
South Korea has been onto Ravencoin for some time now, and I had the opportunity to speak at a South Korean Ravencoin meetup that filled an Art Hall with a waiting list.

Tron Black, [18.02.20 05:44]
Because of OKEx, that awareness will expand to China.

Tron Black, [18.02.20 05:44]
Our focus is building and education about Ravencoin.

Tron Black, [18.02.20 05:44]
There is no marketing budget, and we raised no funds.

Tron Black, [18.02.20 05:45]
The success so far has been completely organic, and Ravencoin has the best community of any coin, anywhere.

Tron Black, [18.02.20 05:45]
------------

[email protected], [18.02.20 05:45]
Here is THE LAST question#10 from Twitter before we accept questions from the Telegram chat. what are your hopes with the $RVN listing on u/OKEx Okex going forward?

Tron Black, [18.02.20 05:45]
I hope the OKEx $RVN listing brings awareness of Ravencoin to new parts of the world.

Tron Black, [18.02.20 05:46]
The project is more capable than most people know, and because it was launched without raising any funds, there isn't a marketing budget.

Tron Black, [18.02.20 05:46]
It is up to smart individuals, like yourselves, to figure out what Ravencoin can do, and use the technology to make new companies and new projects.

Tron Black, [18.02.20 05:46]
------------------


+++++++++++++++++++++

Tron Black, [18.02.20 05:57]
>>> When is mainnet launch?
January 3, 2018

Tron Black, [18.02.20 06:01]
>>> A project's Technical development may not always be reflected on the price of it's token. What is raven doing specifically to increase price of its token?
I agree. And I think it is especially true in the case of Ravencoin. The true value may not be reflected in the short-term. The Ravencoin project isn't a company. It will take time. There isn't a marketing dept or budget, but through events like these, and podcasts, and blogs, and new projects building on top of Ravencoin, I think the value will eventually be reflected.

Tron Black, [18.02.20 06:06]
>>>> Give me some important reasons why we need to buy RVN token where in fact hundreds of project failed and it went to bankruptcy or even developers run when they collect millions/billions of funds…? Can you explain it to us

Many got burned during the crazy ICO phase of 2017. Ravencoin did not participate. Ravencoin is technology and a passionate community. If I get hit by a bus tomorrow (heaven forbid), the project will continue because it is free, open-source and anyone can carry it on, or contribute, or use it, or copy it. Ravencoin can't go to bankruptcy. It is code, and it doesn't borrow, or or have debt. Some of the core develoepers, myself included, are allowed to work on the project while working for Medici Ventures. This is a great arrangement.

Tron Black, [18.02.20 06:06]
-----------------

Tron Black, [18.02.20 06:10]
>>>> How does RAVENCOIN evaluate the importance of the user community? In the near future, does RAVEN have any special plans to attract and expand the community ?

The Ravencoin community is the most important and valuable part of the project. There are already clones of the code, but not of the passionate, helpful, and dedicated community. We invite you to become a part of it, and help expand it in Asia.

Tron Black, [18.02.20 06:10]
--------------------

Tron Black, [18.02.20 06:13]
>>>>. RVN is regulatory compliant project for assets tokenization in U.S. Meaning that the assets issued in RVN protocol is fine with the U.S authorities.

Ravencoin provides features that help U.S. issuers stay legal under the existing U.S. rules. I've written about how this can be done, but I would always recommend having your plans reviewed by a competent attorney. The U.S. rules are complex, and from a different era.

Tron Black, [18.02.20 06:13]
---------------
Tron Black, [18.02.20 06:18]
>>>> Ravencoin is constantly finding new big partners.Audience is constantly growing.What’s the secret to this growth rate?

A vibrant, and welcoming community. Technology that solves real tokenization problems. Easy-to-use, so anyone can participate. Not launching as an ICO, so it is fair for everyone.

Tron Black, [18.02.20 06:18]
--------------

Tron Black, [18.02.20 06:20]
Thank you everyone for the fantastic questions. I would like to answer every one of them, but it is after 4am and I should get some sleep. I really appreciate all the participation, and I hope your trading on OKEx goes very well for all of you!!!
submitted by __pathfinder__ to Ravencoin [link] [comments]

Question about wallet encryption:

Bitcoin Core obv. If a wallet.dat file (from an encrypted wallet) gets stolen, are the keys still protected using the same password? Thanks!
submitted by bigbrotherBTC to Bitcoin [link] [comments]

The biggest cryptocurrency thefts in the last 10 years

In this article, we will try to remember all the major theft of cryptocurrencies over the past 10 years.
1. Bitstamp $5.3 mln (BTC), January 4th, 2015
On January 4, 2015, the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker and 19,000 Bitcoins (worth of $5 million) were lost.
The initiation of the attack fell on November 4, 2014. Then Damian Merlak, the CTO of the exchange, was offered free tickets to punk rock festival Punk Rock Holiday 2015 via Skype, knowing that Merlak is interested in such music and he plays in the band. To receive the tickets, he was asked to fill out a participant questionnaire by sending a file named “Punk Rock Holiday 2015 TICKET Form1.doc”. This file contained the VBA script. By opening the file, he downloaded the malware on his computer. Although Merlak did not suspect wrong and has opened the "application form", to any critical consequences, this did not open access to the funds of exchange.
The attackers, however, did not give up. The attack continued for five weeks, during which hackers presented themselves as journalists, then headhunters.
Finally, the attackers were lucky. On December 11, 2014, the infected word document was opened on his machine by Bitstamp system administrator Luka Kodric, who had access to the exchange wallet. The file came to the victim by email, allegedly on behalf of an employee of the Association for computer science, although in fact, as the investigation showed, the traces of the file lead deep into Tor. Hackers were not limited to just one letter. Skype attacker pretending to be an employee of the Association for computing machinery, convinced that his Frame though to make international honor society, which required some paperwork. Kodric believed.
By installing a Trojan on Kodriс's computer hackers were able to obtain direct access to the hot wallet of the exchange. The logs show that the attacker, under the account of Kodric, gained access to the server LNXSRVBTC, where he kept the wallet file.dat, and the DORNATA server where the password was stored. Then the servers were redirected to a certain IP address that belongs to one of the providers of Germany.
There are still no official reports of arrests in this case. Obviously, the case is complicated by the fact that the hackers are outside the UK, and the investigation has to cooperate with law enforcement agencies in other countries.
2. GateHub $9.5 mln (XRP), June 1th, 2019
Hackers have compromised nearly 100 XRP Ledger wallets on cryptocurrency wallet service GateHub. The incident was reported by GateHub in a preliminary statement on June 6.
XRP enthusiast Thomas Silkjær, who first noticed the suspicious activity, estimates that the hackers have stolen nearly $10 million worth of cryptocurrency (23,200,000 XRP), $5.5 million (13,100,000 XRP) of which has already been laundered through exchanges and mixer services.
GateHub notes that it is still conducting an investigation and therefore cannot publish any official findings. Also, GateHub advises victims to make complaints to the relevant authorities of their jurisdiction.
3. Tether, $30.9 mln (USDT), November 19th, 2017
Tether created a digital currency called "US tokens" (USDT) — they could be used to trade real goods using Bitcoin, Litecoin and Ether. By depositing $1 in Tether, the user received 1 USD, which can be converted back into fiat. On November 19, 2017, the attacker gained access to the main Tether wallet and withdrew $ 30.9 million in tokens. For the transaction, he used a Bitcoin address, which means that it was irreversible.
To fix the situation, Tether took action by which the hacker was unable to withdraw the stolen money to fiat or Bitcoin, but the panic led to a decrease in the value of Bitcoin.
4. Ethereum, $31 mln (ETH), July 20th, 2017
On July 20, 2017, the hacker transferred 153,037 Ethers to $31 million from three very large wallets owned by SwarmCity, Edgeless Casino and Eternity. Unknown fraudster managed to change the ownership of wallets, taking advantage of the vulnerability with multiple signatures.
First, the theft was noticed by the developers of SwarmCity.
Further events deserve a place in history: "white hackers" returned the stolen funds, and then protected other compromised accounts. They acted in the same way as criminals, who stole funds from vulnerable wallets — just not for themselves. And it all happened in less than a day.
5. Dao (Decentralized Autonomous Organization) $70 mln (ETH), June 18th, 2016
On June 18, 2016, members of the Ethereum community noticed that funds were being drained from the DAO and the overall ETH balance of the smart contract was going down. A total of 3.6 million Ether (worth around $70 million at the time) was drained by the hacker in the first few hours. The attack was possible because of an exploit found in the splitting function. The attackes withdrew Ether from the DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to "ask" the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main faults that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call, and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It's important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for the DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the Internet and any application based on Ethereum to a website: if a website is not working, it doesn't mean that the Internet is not working, it simply means that one website has a problem.
The hacker stopped draining the DAO for unknown reasons, even though they could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit. In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and came very close to being introduced. A few hours before it was set to be released, a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from the DAO.
6. NiceHash, 4736.42 (BTC), December 6th, 2017
NiceHash is a Slovenian cryptocurrency hash power broker with integrated marketplace that connects sellers of hashing power (miners) with buyers of hashing power using the sharing economy approach.
On December 6, 2017, the company's servers became the target of attack. At first, Reddit users reported that they could not access their funds and make transactions — when they tried to log in, they were shown a message about a service interruption. In the end, it became known that the service had undergone a major cyberattack and 4736,42 Bitcoins disappeared without a trace.
Despite heavy losses, NiceHash was able to continue working, but CEO and founder Marco Koval resigned, giving way to a new team. The company managed to maintain the trust of investors and began to strengthen the protection of its systems.
7. Mt.Gox, 850000 (BTC), June 19th, 2011
The Hacking Of Mt.Gox was one of the biggest Bitcoin thefts in history. It was the work of highly professional hackers using complex vulnerabilities.
A hacker (or a group of hackers) allegedly gained access to a computer owned by one of the auditors and used a security vulnerability to access Mt.Gox servers, then changed the nominal value of Bitcoin to 1 cent per coin.
Then they brought out about 2000 BTC. Some customers, without knowing it, conducted transactions at this low price, a total of 650 BTC, and despite the fact that the hacking hit the headlines around the world, no Bitcoin could be returned.
To increase investor confidence, the company has compensated all of the stolen coins, placed most of the remaining funds in offline storage, and the next couple of years was considered the most reliable Bitcoin exchanger in the world.
However, it was only an illusion of reliability.
The problems of the organization were much more serious, and the management probably did not even know about them.
CEO of Mt.Gox, Mark Karpeles, was originally a developer, but over time he stopped delving into technical details, basking in the rays of glory — because he created the world's largest platform for cryptocurrency exchange. At that time Mt.Gox handled over 70% of all Bitcoin transactions.
And, of course, there were those who wanted to take advantage of the technological weakness of the service. At some point, hackers made it so that Bitcoins could be bought at any price, and within minutes millions of dollars worth of coins were sold — mostly for pennies. World prices for Bitcoin stabilized in a few minutes, but it was too late.
As a result, Mt.Gox lost about 850,000 Bitcoins. The exchange had to declare bankruptcy, hundreds of thousands of people lost money, and the Japanese authorities arrested CEO Mark Karpeles for fraud. He pleaded not guilty and was subsequently released. In 2014, the authorities restored some of the Bitcoins remaining at the old addresses, but did not transfer them to the exchange, and created a trust to compensate for the losses of creditors.
8. Coincheck, $530 mln, January 26th, 2018
The sum was astonishing, and even surpassed the infamous Mt.Gox hack.
While Mt.Gox shortly filed for bankruptcy following the hack, Coincheck has surprisingly remained in business and was even recently approved as a licensed exchange by Japan’s Financial Services (FSA).
Coincheck was founded in 2014 in Japan and was one of the most popular cryptocurrency exchanges in the country. Offering a wide variety of digital assets including Bitcoin, Ether, LISK, and NEM, Coincheck was an emerging exchange that joined the Japan Blockchain Association.
Since Coincheck was founded it 2014, it was incidentally not subject to new exchange registration requirements with Japan’s FSA — who rolled out a framework after Mt. Gox –, and eventually was a contributing factor to its poor security standards that led to the hack.
On January 26th, 2018, Coincheck posted on their blog detailing that they were restricting NEM deposits and withdrawals, along with most other methods for buying or selling cryptocurrencies on the platform. Speculation arose that the exchange had been hacked, and the NEM developers issued a statement saying they were unaware of any technical glitches in the NEM protocol and any issues were a result of the exchange’s security.
Coincheck subsequently held a high-profile conference where they confirmed that hackers had absconded with 500 million NEM tokens that were then distributed to 19 different addresses on the network. Totaling roughly $530 million at the time — NEM was hovering around $1 then — the Coincheck hack was considered the largest theft in the industry’s history.
Coincheck was compelled to reveal some embarrassing details about their exchange’s security, mentioning how they stored all of the NEM in a single hot wallet and did not use the NEM multisignature contract security recommended by the developers.
Simultaneously, the NEM developers team had tagged all of the NEM stolen in the hack with a message identifying the funds as stolen so that other exchanges would not accept them. However, NEM announced they were ending their hunt for the stolen NEM for unspecified reasons several months later, and speculation persisted that hackers were close to cashing out the stolen funds on the dark web.
Mainstream media covered the hack extensively and compared it to similar failures by cryptocurrency exchanges in the past to meet adequate security standards. At the time, most media coverage of cryptocurrencies was centered on their obscure nature, dramatic volatility, and lack of security. Coincheck’s hack fueled that narrative considerably as the stolen sum was eye-popping and the cryptocurrency used — NEM — was unknown to most in the mainstream.
NEM depreciated rapidly following the hack, and the price fell even more throughout 2018, in line with the extended bear market in the broader industry. Currently, NEM is trading at approximately $0.07, a precipitous fall from ATH over $1.60 in early January.
The extent of the Coincheck hack was rivaled by only a few other hacks, notably the Mt.Gox hack. While nominally Coincheck is the largest hack in the industry’s history, the effects of Mt.Gox were significantly more impactful since the stolen funds consisted only of Bitcoin and caused a sustained market correction as well as an ongoing controversy with the stolen funds and founder. Moreover, Mt.Gox squandered 6% of the overall Bitcoin circulation at the time in a market that was much less mature than it is today.
Despite the fallout, Coincheck is now fully operational and registered with Japan’s FSA.
As practice shows, people make mistakes and these mistakes can cost a lot. Especially, when we talk about mad cryptoworld. Be careful and keep your private keys in a safe place.
submitted by SwapSpace_co to ethtrader [link] [comments]

I steal bitcoin wallets

I steal bitcoin wallets submitted by TA_bitcoinguy to AdviceAnimals [link] [comments]

The biggest cryptocurrency thefts in the last 10 years

In this article, we will try to remember all the major theft of cryptocurrencies over the past 10 years.
1. Bitstamp $5.3 mln (BTC), January 4th, 2015
On January 4, 2015, the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker and 19,000 Bitcoins (worth of $5 million) were lost.
The initiation of the attack fell on November 4, 2014. Then Damian Merlak, the CTO of the exchange, was offered free tickets to punk rock festival Punk Rock Holiday 2015 via Skype, knowing that Merlak is interested in such music and he plays in the band. To receive the tickets, he was asked to fill out a participant questionnaire by sending a file named “Punk Rock Holiday 2015 TICKET Form1.doc”. This file contained the VBA script. By opening the file, he downloaded the malware on his computer. Although Merlak did not suspect wrong and has opened the "application form", to any critical consequences, this did not open access to the funds of exchange.
The attackers, however, did not give up. The attack continued for five weeks, during which hackers presented themselves as journalists, then headhunters.
Finally, the attackers were lucky. On December 11, 2014, the infected word document was opened on his machine by Bitstamp system administrator Luka Kodric, who had access to the exchange wallet. The file came to the victim by email, allegedly on behalf of an employee of the Association for computer science, although in fact, as the investigation showed, the traces of the file lead deep into Tor. Hackers were not limited to just one letter. Skype attacker pretending to be an employee of the Association for computing machinery, convinced that his Frame though to make international honor society, which required some paperwork. Kodric believed.
By installing a Trojan on Kodriс's computer hackers were able to obtain direct access to the hot wallet of the exchange. The logs show that the attacker, under the account of Kodric, gained access to the server LNXSRVBTC, where he kept the wallet file.dat, and the DORNATA server where the password was stored. Then the servers were redirected to a certain IP address that belongs to one of the providers of Germany.
There are still no official reports of arrests in this case. Obviously, the case is complicated by the fact that the hackers are outside the UK, and the investigation has to cooperate with law enforcement agencies in other countries.
2. GateHub $9.5 mln (XRP), June 1th, 2019
Hackers have compromised nearly 100 XRP Ledger wallets on cryptocurrency wallet service GateHub. The incident was reported by GateHub in a preliminary statement on June 6.
XRP enthusiast Thomas Silkjær, who first noticed the suspicious activity, estimates that the hackers have stolen nearly $10 million worth of cryptocurrency (23,200,000 XRP), $5.5 million (13,100,000 XRP) of which has already been laundered through exchanges and mixer services.
GateHub notes that it is still conducting an investigation and therefore cannot publish any official findings. Also, GateHub advises victims to make complaints to the relevant authorities of their jurisdiction.
3. Tether, $30.9 mln (USDT), November 19th, 2017
Tether created a digital currency called "US tokens" (USDT) — they could be used to trade real goods using Bitcoin, Litecoin and Ether. By depositing $1 in Tether, the user received 1 USD, which can be converted back into fiat. On November 19, 2017, the attacker gained access to the main Tether wallet and withdrew $ 30.9 million in tokens. For the transaction, he used a Bitcoin address, which means that it was irreversible.
To fix the situation, Tether took action by which the hacker was unable to withdraw the stolen money to fiat or Bitcoin, but the panic led to a decrease in the value of Bitcoin.
4. Ethereum, $31 mln (ETH), July 20th, 2017
On July 20, 2017, the hacker transferred 153,037 Ethers to $31 million from three very large wallets owned by SwarmCity, Edgeless Casino and Eternity. Unknown fraudster managed to change the ownership of wallets, taking advantage of the vulnerability with multiple signatures.
First, the theft was noticed by the developers of SwarmCity.
Further events deserve a place in history: "white hackers" returned the stolen funds, and then protected other compromised accounts. They acted in the same way as criminals, who stole funds from vulnerable wallets — just not for themselves. And it all happened in less than a day.
5. Dao (Decentralized Autonomous Organization) $70 mln (ETH), June 18th, 2016
On June 18, 2016, members of the Ethereum community noticed that funds were being drained from the DAO and the overall ETH balance of the smart contract was going down. A total of 3.6 million Ether (worth around $70 million at the time) was drained by the hacker in the first few hours. The attack was possible because of an exploit found in the splitting function. The attackes withdrew Ether from the DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to "ask" the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main faults that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call, and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It's important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for the DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the Internet and any application based on Ethereum to a website: if a website is not working, it doesn't mean that the Internet is not working, it simply means that one website has a problem.
The hacker stopped draining the DAO for unknown reasons, even though they could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit. In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and came very close to being introduced. A few hours before it was set to be released, a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from the DAO.
6. NiceHash, 4736.42 (BTC), December 6th, 2017
NiceHash is a Slovenian cryptocurrency hash power broker with integrated marketplace that connects sellers of hashing power (miners) with buyers of hashing power using the sharing economy approach.
On December 6, 2017, the company's servers became the target of attack. At first, Reddit users reported that they could not access their funds and make transactions — when they tried to log in, they were shown a message about a service interruption. In the end, it became known that the service had undergone a major cyberattack and 4736,42 Bitcoins disappeared without a trace.
Despite heavy losses, NiceHash was able to continue working, but CEO and founder Marco Koval resigned, giving way to a new team. The company managed to maintain the trust of investors and began to strengthen the protection of its systems.
7. Mt.Gox, 850000 (BTC), June 19th, 2011
The Hacking Of Mt.Gox was one of the biggest Bitcoin thefts in history. It was the work of highly professional hackers using complex vulnerabilities.
A hacker (or a group of hackers) allegedly gained access to a computer owned by one of the auditors and used a security vulnerability to access Mt.Gox servers, then changed the nominal value of Bitcoin to 1 cent per coin.
Then they brought out about 2000 BTC. Some customers, without knowing it, conducted transactions at this low price, a total of 650 BTC, and despite the fact that the hacking hit the headlines around the world, no Bitcoin could be returned.
To increase investor confidence, the company has compensated all of the stolen coins, placed most of the remaining funds in offline storage, and the next couple of years was considered the most reliable Bitcoin exchanger in the world.
However, it was only an illusion of reliability.
The problems of the organization were much more serious, and the management probably did not even know about them.
CEO of Mt.Gox, Mark Karpeles, was originally a developer, but over time he stopped delving into technical details, basking in the rays of glory — because he created the world's largest platform for cryptocurrency exchange. At that time Mt.Gox handled over 70% of all Bitcoin transactions.
And, of course, there were those who wanted to take advantage of the technological weakness of the service. At some point, hackers made it so that Bitcoins could be bought at any price, and within minutes millions of dollars worth of coins were sold — mostly for pennies. World prices for Bitcoin stabilized in a few minutes, but it was too late.
As a result, Mt.Gox lost about 850,000 Bitcoins. The exchange had to declare bankruptcy, hundreds of thousands of people lost money, and the Japanese authorities arrested CEO Mark Karpeles for fraud. He pleaded not guilty and was subsequently released. In 2014, the authorities restored some of the Bitcoins remaining at the old addresses, but did not transfer them to the exchange, and created a trust to compensate for the losses of creditors.
8. Coincheck, $530 mln, January 26th, 2018
The sum was astonishing, and even surpassed the infamous Mt.Gox hack.
While Mt.Gox shortly filed for bankruptcy following the hack, Coincheck has surprisingly remained in business and was even recently approved as a licensed exchange by Japan’s Financial Services (FSA).
Coincheck was founded in 2014 in Japan and was one of the most popular cryptocurrency exchanges in the country. Offering a wide variety of digital assets including Bitcoin, Ether, LISK, and NEM, Coincheck was an emerging exchange that joined the Japan Blockchain Association.
Since Coincheck was founded it 2014, it was incidentally not subject to new exchange registration requirements with Japan’s FSA — who rolled out a framework after Mt. Gox –, and eventually was a contributing factor to its poor security standards that led to the hack.
On January 26th, 2018, Coincheck posted on their blog detailing that they were restricting NEM deposits and withdrawals, along with most other methods for buying or selling cryptocurrencies on the platform. Speculation arose that the exchange had been hacked, and the NEM developers issued a statement saying they were unaware of any technical glitches in the NEM protocol and any issues were a result of the exchange’s security.
Coincheck subsequently held a high-profile conference where they confirmed that hackers had absconded with 500 million NEM tokens that were then distributed to 19 different addresses on the network. Totaling roughly $530 million at the time — NEM was hovering around $1 then — the Coincheck hack was considered the largest theft in the industry’s history.
Coincheck was compelled to reveal some embarrassing details about their exchange’s security, mentioning how they stored all of the NEM in a single hot wallet and did not use the NEM multisignature contract security recommended by the developers.
Simultaneously, the NEM developers team had tagged all of the NEM stolen in the hack with a message identifying the funds as stolen so that other exchanges would not accept them. However, NEM announced they were ending their hunt for the stolen NEM for unspecified reasons several months later, and speculation persisted that hackers were close to cashing out the stolen funds on the dark web.
Mainstream media covered the hack extensively and compared it to similar failures by cryptocurrency exchanges in the past to meet adequate security standards. At the time, most media coverage of cryptocurrencies was centered on their obscure nature, dramatic volatility, and lack of security. Coincheck’s hack fueled that narrative considerably as the stolen sum was eye-popping and the cryptocurrency used — NEM — was unknown to most in the mainstream.
NEM depreciated rapidly following the hack, and the price fell even more throughout 2018, in line with the extended bear market in the broader industry. Currently, NEM is trading at approximately $0.07, a precipitous fall from ATH over $1.60 in early January.
The extent of the Coincheck hack was rivaled by only a few other hacks, notably the Mt.Gox hack. While nominally Coincheck is the largest hack in the industry’s history, the effects of Mt.Gox were significantly more impactful since the stolen funds consisted only of Bitcoin and caused a sustained market correction as well as an ongoing controversy with the stolen funds and founder. Moreover, Mt.Gox squandered 6% of the overall Bitcoin circulation at the time in a market that was much less mature than it is today.
Despite the fallout, Coincheck is now fully operational and registered with Japan’s FSA.
As practice shows, people make mistakes and these mistakes can cost a lot. Especially, when we talk about mad cryptoworld. Be careful and keep your private keys in a safe place.
submitted by SwapSpace_co to bitcoin_uncensored [link] [comments]

The biggest cryptocurrency thefts in the last 10 years

In this article, we will try to remember all the major theft of cryptocurrencies over the past 10 years.
1. Bitstamp $5.3 mln (BTC), January 4th, 2015
On January 4, 2015, the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker and 19,000 Bitcoins (worth of $5 million) were lost.
The initiation of the attack fell on November 4, 2014. Then Damian Merlak, the CTO of the exchange, was offered free tickets to punk rock festival Punk Rock Holiday 2015 via Skype, knowing that Merlak is interested in such music and he plays in the band. To receive the tickets, he was asked to fill out a participant questionnaire by sending a file named “Punk Rock Holiday 2015 TICKET Form1.doc”. This file contained the VBA script. By opening the file, he downloaded the malware on his computer. Although Merlak did not suspect wrong and has opened the "application form", to any critical consequences, this did not open access to the funds of exchange.
The attackers, however, did not give up. The attack continued for five weeks, during which hackers presented themselves as journalists, then headhunters.
Finally, the attackers were lucky. On December 11, 2014, the infected word document was opened on his machine by Bitstamp system administrator Luka Kodric, who had access to the exchange wallet. The file came to the victim by email, allegedly on behalf of an employee of the Association for computer science, although in fact, as the investigation showed, the traces of the file lead deep into Tor. Hackers were not limited to just one letter. Skype attacker pretending to be an employee of the Association for computing machinery, convinced that his Frame though to make international honor society, which required some paperwork. Kodric believed.
By installing a Trojan on Kodriс's computer hackers were able to obtain direct access to the hot wallet of the exchange. The logs show that the attacker, under the account of Kodric, gained access to the server LNXSRVBTC, where he kept the wallet file.dat, and the DORNATA server where the password was stored. Then the servers were redirected to a certain IP address that belongs to one of the providers of Germany.
There are still no official reports of arrests in this case. Obviously, the case is complicated by the fact that the hackers are outside the UK, and the investigation has to cooperate with law enforcement agencies in other countries.
2. GateHub $9.5 mln (XRP), June 1th, 2019
Hackers have compromised nearly 100 XRP Ledger wallets on cryptocurrency wallet service GateHub. The incident was reported by GateHub in a preliminary statement on June 6.
XRP enthusiast Thomas Silkjær, who first noticed the suspicious activity, estimates that the hackers have stolen nearly $10 million worth of cryptocurrency (23,200,000 XRP), $5.5 million (13,100,000 XRP) of which has already been laundered through exchanges and mixer services.
GateHub notes that it is still conducting an investigation and therefore cannot publish any official findings. Also, GateHub advises victims to make complaints to the relevant authorities of their jurisdiction.
3. Tether, $30.9 mln (USDT), November 19th, 2017
Tether created a digital currency called "US tokens" (USDT) — they could be used to trade real goods using Bitcoin, Litecoin and Ether. By depositing $1 in Tether, the user received 1 USD, which can be converted back into fiat. On November 19, 2017, the attacker gained access to the main Tether wallet and withdrew $ 30.9 million in tokens. For the transaction, he used a Bitcoin address, which means that it was irreversible.
To fix the situation, Tether took action by which the hacker was unable to withdraw the stolen money to fiat or Bitcoin, but the panic led to a decrease in the value of Bitcoin.
4. Ethereum, $31 mln (ETH), July 20th, 2017
On July 20, 2017, the hacker transferred 153,037 Ethers to $31 million from three very large wallets owned by SwarmCity, Edgeless Casino and Eternity. Unknown fraudster managed to change the ownership of wallets, taking advantage of the vulnerability with multiple signatures.
First, the theft was noticed by the developers of SwarmCity.
Further events deserve a place in history: "white hackers" returned the stolen funds, and then protected other compromised accounts. They acted in the same way as criminals, who stole funds from vulnerable wallets — just not for themselves. And it all happened in less than a day.
5. Dao (Decentralized Autonomous Organization) $70 mln (ETH), June 18th, 2016
On June 18, 2016, members of the Ethereum community noticed that funds were being drained from the DAO and the overall ETH balance of the smart contract was going down. A total of 3.6 million Ether (worth around $70 million at the time) was drained by the hacker in the first few hours. The attack was possible because of an exploit found in the splitting function. The attackes withdrew Ether from the DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to "ask" the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main faults that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call, and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It's important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for the DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the Internet and any application based on Ethereum to a website: if a website is not working, it doesn't mean that the Internet is not working, it simply means that one website has a problem.
The hacker stopped draining the DAO for unknown reasons, even though they could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit. In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and came very close to being introduced. A few hours before it was set to be released, a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from the DAO.
6. NiceHash, 4736.42 (BTC), December 6th, 2017
NiceHash is a Slovenian cryptocurrency hash power broker with integrated marketplace that connects sellers of hashing power (miners) with buyers of hashing power using the sharing economy approach.
On December 6, 2017, the company's servers became the target of attack. At first, Reddit users reported that they could not access their funds and make transactions — when they tried to log in, they were shown a message about a service interruption. In the end, it became known that the service had undergone a major cyberattack and 4736,42 Bitcoins disappeared without a trace.
Despite heavy losses, NiceHash was able to continue working, but CEO and founder Marco Koval resigned, giving way to a new team. The company managed to maintain the trust of investors and began to strengthen the protection of its systems.
7. Mt.Gox, 850000 (BTC), June 19th, 2011
The Hacking Of Mt.Gox was one of the biggest Bitcoin thefts in history. It was the work of highly professional hackers using complex vulnerabilities.
A hacker (or a group of hackers) allegedly gained access to a computer owned by one of the auditors and used a security vulnerability to access Mt.Gox servers, then changed the nominal value of Bitcoin to 1 cent per coin.
Then they brought out about 2000 BTC. Some customers, without knowing it, conducted transactions at this low price, a total of 650 BTC, and despite the fact that the hacking hit the headlines around the world, no Bitcoin could be returned.
To increase investor confidence, the company has compensated all of the stolen coins, placed most of the remaining funds in offline storage, and the next couple of years was considered the most reliable Bitcoin exchanger in the world.
However, it was only an illusion of reliability.
The problems of the organization were much more serious, and the management probably did not even know about them.
CEO of Mt.Gox, Mark Karpeles, was originally a developer, but over time he stopped delving into technical details, basking in the rays of glory — because he created the world's largest platform for cryptocurrency exchange. At that time Mt.Gox handled over 70% of all Bitcoin transactions.
And, of course, there were those who wanted to take advantage of the technological weakness of the service. At some point, hackers made it so that Bitcoins could be bought at any price, and within minutes millions of dollars worth of coins were sold — mostly for pennies. World prices for Bitcoin stabilized in a few minutes, but it was too late.
As a result, Mt.Gox lost about 850,000 Bitcoins. The exchange had to declare bankruptcy, hundreds of thousands of people lost money, and the Japanese authorities arrested CEO Mark Karpeles for fraud. He pleaded not guilty and was subsequently released. In 2014, the authorities restored some of the Bitcoins remaining at the old addresses, but did not transfer them to the exchange, and created a trust to compensate for the losses of creditors.
8. Coincheck, $530 mln, January 26th, 2018
The sum was astonishing, and even surpassed the infamous Mt.Gox hack.
While Mt.Gox shortly filed for bankruptcy following the hack, Coincheck has surprisingly remained in business and was even recently approved as a licensed exchange by Japan’s Financial Services (FSA).
Coincheck was founded in 2014 in Japan and was one of the most popular cryptocurrency exchanges in the country. Offering a wide variety of digital assets including Bitcoin, Ether, LISK, and NEM, Coincheck was an emerging exchange that joined the Japan Blockchain Association.
Since Coincheck was founded it 2014, it was incidentally not subject to new exchange registration requirements with Japan’s FSA — who rolled out a framework after Mt. Gox –, and eventually was a contributing factor to its poor security standards that led to the hack.
On January 26th, 2018, Coincheck posted on their blog detailing that they were restricting NEM deposits and withdrawals, along with most other methods for buying or selling cryptocurrencies on the platform. Speculation arose that the exchange had been hacked, and the NEM developers issued a statement saying they were unaware of any technical glitches in the NEM protocol and any issues were a result of the exchange’s security.
Coincheck subsequently held a high-profile conference where they confirmed that hackers had absconded with 500 million NEM tokens that were then distributed to 19 different addresses on the network. Totaling roughly $530 million at the time — NEM was hovering around $1 then — the Coincheck hack was considered the largest theft in the industry’s history.
Coincheck was compelled to reveal some embarrassing details about their exchange’s security, mentioning how they stored all of the NEM in a single hot wallet and did not use the NEM multisignature contract security recommended by the developers.
Simultaneously, the NEM developers team had tagged all of the NEM stolen in the hack with a message identifying the funds as stolen so that other exchanges would not accept them. However, NEM announced they were ending their hunt for the stolen NEM for unspecified reasons several months later, and speculation persisted that hackers were close to cashing out the stolen funds on the dark web.
Mainstream media covered the hack extensively and compared it to similar failures by cryptocurrency exchanges in the past to meet adequate security standards. At the time, most media coverage of cryptocurrencies was centered on their obscure nature, dramatic volatility, and lack of security. Coincheck’s hack fueled that narrative considerably as the stolen sum was eye-popping and the cryptocurrency used — NEM — was unknown to most in the mainstream.
NEM depreciated rapidly following the hack, and the price fell even more throughout 2018, in line with the extended bear market in the broader industry. Currently, NEM is trading at approximately $0.07, a precipitous fall from ATH over $1.60 in early January.
The extent of the Coincheck hack was rivaled by only a few other hacks, notably the Mt.Gox hack. While nominally Coincheck is the largest hack in the industry’s history, the effects of Mt.Gox were significantly more impactful since the stolen funds consisted only of Bitcoin and caused a sustained market correction as well as an ongoing controversy with the stolen funds and founder. Moreover, Mt.Gox squandered 6% of the overall Bitcoin circulation at the time in a market that was much less mature than it is today.
Despite the fallout, Coincheck is now fully operational and registered with Japan’s FSA.
As practice shows, people make mistakes and these mistakes can cost a lot. Especially, when we talk about mad cryptoworld. Be careful and keep your private keys in a safe place.
submitted by SwapSpace_co to Bitcoin [link] [comments]

The biggest cryptocurrency thefts in the last 10 years

In this article, we will try to remember all the major theft of cryptocurrencies over the past 10 years.
1. Bitstamp $5.3 mln (BTC), January 4th, 2015
On January 4, 2015, the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker and 19,000 Bitcoins (worth of $5 million) were lost.
The initiation of the attack fell on November 4, 2014. Then Damian Merlak, the CTO of the exchange, was offered free tickets to punk rock festival Punk Rock Holiday 2015 via Skype, knowing that Merlak is interested in such music and he plays in the band. To receive the tickets, he was asked to fill out a participant questionnaire by sending a file named “Punk Rock Holiday 2015 TICKET Form1.doc”. This file contained the VBA script. By opening the file, he downloaded the malware on his computer. Although Merlak did not suspect wrong and has opened the "application form", to any critical consequences, this did not open access to the funds of exchange.
The attackers, however, did not give up. The attack continued for five weeks, during which hackers presented themselves as journalists, then headhunters.
Finally, the attackers were lucky. On December 11, 2014, the infected word document was opened on his machine by Bitstamp system administrator Luka Kodric, who had access to the exchange wallet. The file came to the victim by email, allegedly on behalf of an employee of the Association for computer science, although in fact, as the investigation showed, the traces of the file lead deep into Tor. Hackers were not limited to just one letter. Skype attacker pretending to be an employee of the Association for computing machinery, convinced that his Frame though to make international honor society, which required some paperwork. Kodric believed.
By installing a Trojan on Kodriс's computer hackers were able to obtain direct access to the hot wallet of the exchange. The logs show that the attacker, under the account of Kodric, gained access to the server LNXSRVBTC, where he kept the wallet file.dat, and the DORNATA server where the password was stored. Then the servers were redirected to a certain IP address that belongs to one of the providers of Germany.
There are still no official reports of arrests in this case. Obviously, the case is complicated by the fact that the hackers are outside the UK, and the investigation has to cooperate with law enforcement agencies in other countries.
2. GateHub $9.5 mln (XRP), June 1th, 2019
Hackers have compromised nearly 100 XRP Ledger wallets on cryptocurrency wallet service GateHub. The incident was reported by GateHub in a preliminary statement on June 6.
XRP enthusiast Thomas Silkjær, who first noticed the suspicious activity, estimates that the hackers have stolen nearly $10 million worth of cryptocurrency (23,200,000 XRP), $5.5 million (13,100,000 XRP) of which has already been laundered through exchanges and mixer services.
GateHub notes that it is still conducting an investigation and therefore cannot publish any official findings. Also, GateHub advises victims to make complaints to the relevant authorities of their jurisdiction.
3. Tether, $30.9 mln (USDT), November 19th, 2017
Tether created a digital currency called "US tokens" (USDT) — they could be used to trade real goods using Bitcoin, Litecoin and Ether. By depositing $1 in Tether, the user received 1 USD, which can be converted back into fiat. On November 19, 2017, the attacker gained access to the main Tether wallet and withdrew $ 30.9 million in tokens. For the transaction, he used a Bitcoin address, which means that it was irreversible.
To fix the situation, Tether took action by which the hacker was unable to withdraw the stolen money to fiat or Bitcoin, but the panic led to a decrease in the value of Bitcoin.
4. Ethereum, $31 mln (ETH), July 20th, 2017
On July 20, 2017, the hacker transferred 153,037 Ethers to $31 million from three very large wallets owned by SwarmCity, Edgeless Casino and Eternity. Unknown fraudster managed to change the ownership of wallets, taking advantage of the vulnerability with multiple signatures.
First, the theft was noticed by the developers of SwarmCity.
Further events deserve a place in history: "white hackers" returned the stolen funds, and then protected other compromised accounts. They acted in the same way as criminals, who stole funds from vulnerable wallets — just not for themselves. And it all happened in less than a day.
5. Dao (Decentralized Autonomous Organization) $70 mln (ETH), June 18th, 2016
On June 18, 2016, members of the Ethereum community noticed that funds were being drained from the DAO and the overall ETH balance of the smart contract was going down. A total of 3.6 million Ether (worth around $70 million at the time) was drained by the hacker in the first few hours. The attack was possible because of an exploit found in the splitting function. The attackes withdrew Ether from the DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to "ask" the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main faults that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call, and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It's important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for the DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the Internet and any application based on Ethereum to a website: if a website is not working, it doesn't mean that the Internet is not working, it simply means that one website has a problem.
The hacker stopped draining the DAO for unknown reasons, even though they could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit. In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and came very close to being introduced. A few hours before it was set to be released, a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from the DAO.
6. NiceHash, 4736.42 (BTC), December 6th, 2017
NiceHash is a Slovenian cryptocurrency hash power broker with integrated marketplace that connects sellers of hashing power (miners) with buyers of hashing power using the sharing economy approach.
On December 6, 2017, the company's servers became the target of attack. At first, Reddit users reported that they could not access their funds and make transactions — when they tried to log in, they were shown a message about a service interruption. In the end, it became known that the service had undergone a major cyberattack and 4736,42 Bitcoins disappeared without a trace.
Despite heavy losses, NiceHash was able to continue working, but CEO and founder Marco Koval resigned, giving way to a new team. The company managed to maintain the trust of investors and began to strengthen the protection of its systems.
7. Mt.Gox, 850000 (BTC), June 19th, 2011
The Hacking Of Mt.Gox was one of the biggest Bitcoin thefts in history. It was the work of highly professional hackers using complex vulnerabilities.
A hacker (or a group of hackers) allegedly gained access to a computer owned by one of the auditors and used a security vulnerability to access Mt.Gox servers, then changed the nominal value of Bitcoin to 1 cent per coin.
Then they brought out about 2000 BTC. Some customers, without knowing it, conducted transactions at this low price, a total of 650 BTC, and despite the fact that the hacking hit the headlines around the world, no Bitcoin could be returned.
To increase investor confidence, the company has compensated all of the stolen coins, placed most of the remaining funds in offline storage, and the next couple of years was considered the most reliable Bitcoin exchanger in the world.
However, it was only an illusion of reliability.
The problems of the organization were much more serious, and the management probably did not even know about them.
CEO of Mt.Gox, Mark Karpeles, was originally a developer, but over time he stopped delving into technical details, basking in the rays of glory — because he created the world's largest platform for cryptocurrency exchange. At that time Mt.Gox handled over 70% of all Bitcoin transactions.
And, of course, there were those who wanted to take advantage of the technological weakness of the service. At some point, hackers made it so that Bitcoins could be bought at any price, and within minutes millions of dollars worth of coins were sold — mostly for pennies. World prices for Bitcoin stabilized in a few minutes, but it was too late.
As a result, Mt.Gox lost about 850,000 Bitcoins. The exchange had to declare bankruptcy, hundreds of thousands of people lost money, and the Japanese authorities arrested CEO Mark Karpeles for fraud. He pleaded not guilty and was subsequently released. In 2014, the authorities restored some of the Bitcoins remaining at the old addresses, but did not transfer them to the exchange, and created a trust to compensate for the losses of creditors.
8. Coincheck, $530 mln, January 26th, 2018
The sum was astonishing, and even surpassed the infamous Mt.Gox hack.
While Mt.Gox shortly filed for bankruptcy following the hack, Coincheck has surprisingly remained in business and was even recently approved as a licensed exchange by Japan’s Financial Services (FSA).
Coincheck was founded in 2014 in Japan and was one of the most popular cryptocurrency exchanges in the country. Offering a wide variety of digital assets including Bitcoin, Ether, LISK, and NEM, Coincheck was an emerging exchange that joined the Japan Blockchain Association.
Since Coincheck was founded it 2014, it was incidentally not subject to new exchange registration requirements with Japan’s FSA — who rolled out a framework after Mt. Gox –, and eventually was a contributing factor to its poor security standards that led to the hack.
On January 26th, 2018, Coincheck posted on their blog detailing that they were restricting NEM deposits and withdrawals, along with most other methods for buying or selling cryptocurrencies on the platform. Speculation arose that the exchange had been hacked, and the NEM developers issued a statement saying they were unaware of any technical glitches in the NEM protocol and any issues were a result of the exchange’s security.
Coincheck subsequently held a high-profile conference where they confirmed that hackers had absconded with 500 million NEM tokens that were then distributed to 19 different addresses on the network. Totaling roughly $530 million at the time — NEM was hovering around $1 then — the Coincheck hack was considered the largest theft in the industry’s history.
Coincheck was compelled to reveal some embarrassing details about their exchange’s security, mentioning how they stored all of the NEM in a single hot wallet and did not use the NEM multisignature contract security recommended by the developers.
Simultaneously, the NEM developers team had tagged all of the NEM stolen in the hack with a message identifying the funds as stolen so that other exchanges would not accept them. However, NEM announced they were ending their hunt for the stolen NEM for unspecified reasons several months later, and speculation persisted that hackers were close to cashing out the stolen funds on the dark web.
Mainstream media covered the hack extensively and compared it to similar failures by cryptocurrency exchanges in the past to meet adequate security standards. At the time, most media coverage of cryptocurrencies was centered on their obscure nature, dramatic volatility, and lack of security. Coincheck’s hack fueled that narrative considerably as the stolen sum was eye-popping and the cryptocurrency used — NEM — was unknown to most in the mainstream.
NEM depreciated rapidly following the hack, and the price fell even more throughout 2018, in line with the extended bear market in the broader industry. Currently, NEM is trading at approximately $0.07, a precipitous fall from ATH over $1.60 in early January.
The extent of the Coincheck hack was rivaled by only a few other hacks, notably the Mt.Gox hack. While nominally Coincheck is the largest hack in the industry’s history, the effects of Mt.Gox were significantly more impactful since the stolen funds consisted only of Bitcoin and caused a sustained market correction as well as an ongoing controversy with the stolen funds and founder. Moreover, Mt.Gox squandered 6% of the overall Bitcoin circulation at the time in a market that was much less mature than it is today.
Despite the fallout, Coincheck is now fully operational and registered with Japan’s FSA.
As practice shows, people make mistakes and these mistakes can cost a lot. Especially, when we talk about mad cryptoworld. Be careful and keep your private keys in a safe place.
submitted by SwapSpace_co to btc [link] [comments]

The biggest cryptocurrency thefts in the last 10 years

In this article, we will try to remember all the major theft of cryptocurrencies over the past 10 years.
1. Bitstamp $5.3 mln (BTC), January 4th, 2015
On January 4, 2015, the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker and 19,000 Bitcoins (worth of $5 million) were lost.
The initiation of the attack fell on November 4, 2014. Then Damian Merlak, the CTO of the exchange, was offered free tickets to punk rock festival Punk Rock Holiday 2015 via Skype, knowing that Merlak is interested in such music and he plays in the band. To receive the tickets, he was asked to fill out a participant questionnaire by sending a file named “Punk Rock Holiday 2015 TICKET Form1.doc”. This file contained the VBA script. By opening the file, he downloaded the malware on his computer. Although Merlak did not suspect wrong and has opened the "application form", to any critical consequences, this did not open access to the funds of exchange.
The attackers, however, did not give up. The attack continued for five weeks, during which hackers presented themselves as journalists, then headhunters.
Finally, the attackers were lucky. On December 11, 2014, the infected word document was opened on his machine by Bitstamp system administrator Luka Kodric, who had access to the exchange wallet. The file came to the victim by email, allegedly on behalf of an employee of the Association for computer science, although in fact, as the investigation showed, the traces of the file lead deep into Tor. Hackers were not limited to just one letter. Skype attacker pretending to be an employee of the Association for computing machinery, convinced that his Frame though to make international honor society, which required some paperwork. Kodric believed.
By installing a Trojan on Kodriс's computer hackers were able to obtain direct access to the hot wallet of the exchange. The logs show that the attacker, under the account of Kodric, gained access to the server LNXSRVBTC, where he kept the wallet file.dat, and the DORNATA server where the password was stored. Then the servers were redirected to a certain IP address that belongs to one of the providers of Germany.
There are still no official reports of arrests in this case. Obviously, the case is complicated by the fact that the hackers are outside the UK, and the investigation has to cooperate with law enforcement agencies in other countries.
2. GateHub $9.5 mln (XRP), June 1th, 2019
Hackers have compromised nearly 100 XRP Ledger wallets on cryptocurrency wallet service GateHub. The incident was reported by GateHub in a preliminary statement on June 6.
XRP enthusiast Thomas Silkjær, who first noticed the suspicious activity, estimates that the hackers have stolen nearly $10 million worth of cryptocurrency (23,200,000 XRP), $5.5 million (13,100,000 XRP) of which has already been laundered through exchanges and mixer services.
GateHub notes that it is still conducting an investigation and therefore cannot publish any official findings. Also, GateHub advises victims to make complaints to the relevant authorities of their jurisdiction.
3. Tether, $30.9 mln (USDT), November 19th, 2017
Tether created a digital currency called "US tokens" (USDT) — they could be used to trade real goods using Bitcoin, Litecoin and Ether. By depositing $1 in Tether, the user received 1 USD, which can be converted back into fiat. On November 19, 2017, the attacker gained access to the main Tether wallet and withdrew $ 30.9 million in tokens. For the transaction, he used a Bitcoin address, which means that it was irreversible.
To fix the situation, Tether took action by which the hacker was unable to withdraw the stolen money to fiat or Bitcoin, but the panic led to a decrease in the value of Bitcoin.
4. Ethereum, $31 mln (ETH), July 20th, 2017
On July 20, 2017, the hacker transferred 153,037 Ethers to $31 million from three very large wallets owned by SwarmCity, Edgeless Casino and Eternity. Unknown fraudster managed to change the ownership of wallets, taking advantage of the vulnerability with multiple signatures.
First, the theft was noticed by the developers of SwarmCity.
Further events deserve a place in history: "white hackers" returned the stolen funds, and then protected other compromised accounts. They acted in the same way as criminals, who stole funds from vulnerable wallets — just not for themselves. And it all happened in less than a day.
5. Dao (Decentralized Autonomous Organization) $70 mln (ETH), June 18th, 2016
On June 18, 2016, members of the Ethereum community noticed that funds were being drained from the DAO and the overall ETH balance of the smart contract was going down. A total of 3.6 million Ether (worth around $70 million at the time) was drained by the hacker in the first few hours. The attack was possible because of an exploit found in the splitting function. The attackes withdrew Ether from the DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to "ask" the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main faults that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call, and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It's important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for the DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the Internet and any application based on Ethereum to a website: if a website is not working, it doesn't mean that the Internet is not working, it simply means that one website has a problem.
The hacker stopped draining the DAO for unknown reasons, even though they could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit. In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and came very close to being introduced. A few hours before it was set to be released, a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from the DAO.
6. NiceHash, 4736.42 (BTC), December 6th, 2017
NiceHash is a Slovenian cryptocurrency hash power broker with integrated marketplace that connects sellers of hashing power (miners) with buyers of hashing power using the sharing economy approach.
On December 6, 2017, the company's servers became the target of attack. At first, Reddit users reported that they could not access their funds and make transactions — when they tried to log in, they were shown a message about a service interruption. In the end, it became known that the service had undergone a major cyberattack and 4736,42 Bitcoins disappeared without a trace.
Despite heavy losses, NiceHash was able to continue working, but CEO and founder Marco Koval resigned, giving way to a new team. The company managed to maintain the trust of investors and began to strengthen the protection of its systems.
7. Mt.Gox, 850000 (BTC), June 19th, 2011
The Hacking Of Mt.Gox was one of the biggest Bitcoin thefts in history. It was the work of highly professional hackers using complex vulnerabilities.
A hacker (or a group of hackers) allegedly gained access to a computer owned by one of the auditors and used a security vulnerability to access Mt.Gox servers, then changed the nominal value of Bitcoin to 1 cent per coin.
Then they brought out about 2000 BTC. Some customers, without knowing it, conducted transactions at this low price, a total of 650 BTC, and despite the fact that the hacking hit the headlines around the world, no Bitcoin could be returned.
To increase investor confidence, the company has compensated all of the stolen coins, placed most of the remaining funds in offline storage, and the next couple of years was considered the most reliable Bitcoin exchanger in the world.
However, it was only an illusion of reliability.
The problems of the organization were much more serious, and the management probably did not even know about them.
CEO of Mt.Gox, Mark Karpeles, was originally a developer, but over time he stopped delving into technical details, basking in the rays of glory — because he created the world's largest platform for cryptocurrency exchange. At that time Mt.Gox handled over 70% of all Bitcoin transactions.
And, of course, there were those who wanted to take advantage of the technological weakness of the service. At some point, hackers made it so that Bitcoins could be bought at any price, and within minutes millions of dollars worth of coins were sold — mostly for pennies. World prices for Bitcoin stabilized in a few minutes, but it was too late.
As a result, Mt.Gox lost about 850,000 Bitcoins. The exchange had to declare bankruptcy, hundreds of thousands of people lost money, and the Japanese authorities arrested CEO Mark Karpeles for fraud. He pleaded not guilty and was subsequently released. In 2014, the authorities restored some of the Bitcoins remaining at the old addresses, but did not transfer them to the exchange, and created a trust to compensate for the losses of creditors.
8. Coincheck, $530 mln, January 26th, 2018
The sum was astonishing, and even surpassed the infamous Mt.Gox hack.
While Mt.Gox shortly filed for bankruptcy following the hack, Coincheck has surprisingly remained in business and was even recently approved as a licensed exchange by Japan’s Financial Services (FSA).
Coincheck was founded in 2014 in Japan and was one of the most popular cryptocurrency exchanges in the country. Offering a wide variety of digital assets including Bitcoin, Ether, LISK, and NEM, Coincheck was an emerging exchange that joined the Japan Blockchain Association.
Since Coincheck was founded it 2014, it was incidentally not subject to new exchange registration requirements with Japan’s FSA — who rolled out a framework after Mt. Gox –, and eventually was a contributing factor to its poor security standards that led to the hack.
On January 26th, 2018, Coincheck posted on their blog detailing that they were restricting NEM deposits and withdrawals, along with most other methods for buying or selling cryptocurrencies on the platform. Speculation arose that the exchange had been hacked, and the NEM developers issued a statement saying they were unaware of any technical glitches in the NEM protocol and any issues were a result of the exchange’s security.
Coincheck subsequently held a high-profile conference where they confirmed that hackers had absconded with 500 million NEM tokens that were then distributed to 19 different addresses on the network. Totaling roughly $530 million at the time — NEM was hovering around $1 then — the Coincheck hack was considered the largest theft in the industry’s history.
Coincheck was compelled to reveal some embarrassing details about their exchange’s security, mentioning how they stored all of the NEM in a single hot wallet and did not use the NEM multisignature contract security recommended by the developers.
Simultaneously, the NEM developers team had tagged all of the NEM stolen in the hack with a message identifying the funds as stolen so that other exchanges would not accept them. However, NEM announced they were ending their hunt for the stolen NEM for unspecified reasons several months later, and speculation persisted that hackers were close to cashing out the stolen funds on the dark web.
Mainstream media covered the hack extensively and compared it to similar failures by cryptocurrency exchanges in the past to meet adequate security standards. At the time, most media coverage of cryptocurrencies was centered on their obscure nature, dramatic volatility, and lack of security. Coincheck’s hack fueled that narrative considerably as the stolen sum was eye-popping and the cryptocurrency used — NEM — was unknown to most in the mainstream.
NEM depreciated rapidly following the hack, and the price fell even more throughout 2018, in line with the extended bear market in the broader industry. Currently, NEM is trading at approximately $0.07, a precipitous fall from ATH over $1.60 in early January.
The extent of the Coincheck hack was rivaled by only a few other hacks, notably the Mt.Gox hack. While nominally Coincheck is the largest hack in the industry’s history, the effects of Mt.Gox were significantly more impactful since the stolen funds consisted only of Bitcoin and caused a sustained market correction as well as an ongoing controversy with the stolen funds and founder. Moreover, Mt.Gox squandered 6% of the overall Bitcoin circulation at the time in a market that was much less mature than it is today.
Despite the fallout, Coincheck is now fully operational and registered with Japan’s FSA.
As practice shows, people make mistakes and these mistakes can cost a lot. Especially, when we talk about mad cryptoworld. Be careful and keep your private keys in a safe place.
submitted by SwapSpace_co to dogecoin [link] [comments]

The biggest cryptocurrency thefts in the last 10 years

In this article, we will try to remember all the major theft of cryptocurrencies over the past 10 years.
1. Bitstamp $5.3 mln (BTC), January 4th, 2015
On January 4, 2015, the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker and 19,000 Bitcoins (worth of $5 million) were lost.
The initiation of the attack fell on November 4, 2014. Then Damian Merlak, the CTO of the exchange, was offered free tickets to punk rock festival Punk Rock Holiday 2015 via Skype, knowing that Merlak is interested in such music and he plays in the band. To receive the tickets, he was asked to fill out a participant questionnaire by sending a file named “Punk Rock Holiday 2015 TICKET Form1.doc”. This file contained the VBA script. By opening the file, he downloaded the malware on his computer. Although Merlak did not suspect wrong and has opened the "application form", to any critical consequences, this did not open access to the funds of exchange.
The attackers, however, did not give up. The attack continued for five weeks, during which hackers presented themselves as journalists, then headhunters.
Finally, the attackers were lucky. On December 11, 2014, the infected word document was opened on his machine by Bitstamp system administrator Luka Kodric, who had access to the exchange wallet. The file came to the victim by email, allegedly on behalf of an employee of the Association for computer science, although in fact, as the investigation showed, the traces of the file lead deep into Tor. Hackers were not limited to just one letter. Skype attacker pretending to be an employee of the Association for computing machinery, convinced that his Frame though to make international honor society, which required some paperwork. Kodric believed.
By installing a Trojan on Kodriс's computer hackers were able to obtain direct access to the hot wallet of the exchange. The logs show that the attacker, under the account of Kodric, gained access to the server LNXSRVBTC, where he kept the wallet file.dat, and the DORNATA server where the password was stored. Then the servers were redirected to a certain IP address that belongs to one of the providers of Germany.
There are still no official reports of arrests in this case. Obviously, the case is complicated by the fact that the hackers are outside the UK, and the investigation has to cooperate with law enforcement agencies in other countries.
2. GateHub $9.5 mln (XRP), June 1th, 2019
Hackers have compromised nearly 100 XRP Ledger wallets on cryptocurrency wallet service GateHub. The incident was reported by GateHub in a preliminary statement on June 6.
XRP enthusiast Thomas Silkjær, who first noticed the suspicious activity, estimates that the hackers have stolen nearly $10 million worth of cryptocurrency (23,200,000 XRP), $5.5 million (13,100,000 XRP) of which has already been laundered through exchanges and mixer services.
GateHub notes that it is still conducting an investigation and therefore cannot publish any official findings. Also, GateHub advises victims to make complaints to the relevant authorities of their jurisdiction.
3. Tether, $30.9 mln (USDT), November 19th, 2017
Tether created a digital currency called "US tokens" (USDT) — they could be used to trade real goods using Bitcoin, Litecoin and Ether. By depositing $1 in Tether, the user received 1 USD, which can be converted back into fiat. On November 19, 2017, the attacker gained access to the main Tether wallet and withdrew $ 30.9 million in tokens. For the transaction, he used a Bitcoin address, which means that it was irreversible.
To fix the situation, Tether took action by which the hacker was unable to withdraw the stolen money to fiat or Bitcoin, but the panic led to a decrease in the value of Bitcoin.
4. Ethereum, $31 mln (ETH), July 20th, 2017
On July 20, 2017, the hacker transferred 153,037 Ethers to $31 million from three very large wallets owned by SwarmCity, Edgeless Casino and Eternity. Unknown fraudster managed to change the ownership of wallets, taking advantage of the vulnerability with multiple signatures.
First, the theft was noticed by the developers of SwarmCity.
Further events deserve a place in history: "white hackers" returned the stolen funds, and then protected other compromised accounts. They acted in the same way as criminals, who stole funds from vulnerable wallets — just not for themselves. And it all happened in less than a day.
5. Dao (Decentralized Autonomous Organization) $70 mln (ETH), June 18th, 2016
On June 18, 2016, members of the Ethereum community noticed that funds were being drained from the DAO and the overall ETH balance of the smart contract was going down. A total of 3.6 million Ether (worth around $70 million at the time) was drained by the hacker in the first few hours. The attack was possible because of an exploit found in the splitting function. The attackes withdrew Ether from the DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to "ask" the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main faults that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call, and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It's important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for the DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the Internet and any application based on Ethereum to a website: if a website is not working, it doesn't mean that the Internet is not working, it simply means that one website has a problem.
The hacker stopped draining the DAO for unknown reasons, even though they could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit. In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and came very close to being introduced. A few hours before it was set to be released, a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from the DAO.
6. NiceHash, 4736.42 (BTC), December 6th, 2017
NiceHash is a Slovenian cryptocurrency hash power broker with integrated marketplace that connects sellers of hashing power (miners) with buyers of hashing power using the sharing economy approach.
On December 6, 2017, the company's servers became the target of attack. At first, Reddit users reported that they could not access their funds and make transactions — when they tried to log in, they were shown a message about a service interruption. In the end, it became known that the service had undergone a major cyberattack and 4736,42 Bitcoins disappeared without a trace.
Despite heavy losses, NiceHash was able to continue working, but CEO and founder Marco Koval resigned, giving way to a new team. The company managed to maintain the trust of investors and began to strengthen the protection of its systems.
7. Mt.Gox, 850000 (BTC), June 19th, 2011
The Hacking Of Mt.Gox was one of the biggest Bitcoin thefts in history. It was the work of highly professional hackers using complex vulnerabilities.
A hacker (or a group of hackers) allegedly gained access to a computer owned by one of the auditors and used a security vulnerability to access Mt.Gox servers, then changed the nominal value of Bitcoin to 1 cent per coin.
Then they brought out about 2000 BTC. Some customers, without knowing it, conducted transactions at this low price, a total of 650 BTC, and despite the fact that the hacking hit the headlines around the world, no Bitcoin could be returned.
To increase investor confidence, the company has compensated all of the stolen coins, placed most of the remaining funds in offline storage, and the next couple of years was considered the most reliable Bitcoin exchanger in the world.
However, it was only an illusion of reliability.
The problems of the organization were much more serious, and the management probably did not even know about them.
CEO of Mt.Gox, Mark Karpeles, was originally a developer, but over time he stopped delving into technical details, basking in the rays of glory — because he created the world's largest platform for cryptocurrency exchange. At that time Mt.Gox handled over 70% of all Bitcoin transactions.
And, of course, there were those who wanted to take advantage of the technological weakness of the service. At some point, hackers made it so that Bitcoins could be bought at any price, and within minutes millions of dollars worth of coins were sold — mostly for pennies. World prices for Bitcoin stabilized in a few minutes, but it was too late.
As a result, Mt.Gox lost about 850,000 Bitcoins. The exchange had to declare bankruptcy, hundreds of thousands of people lost money, and the Japanese authorities arrested CEO Mark Karpeles for fraud. He pleaded not guilty and was subsequently released. In 2014, the authorities restored some of the Bitcoins remaining at the old addresses, but did not transfer them to the exchange, and created a trust to compensate for the losses of creditors.
8. Coincheck, $530 mln, January 26th, 2018
The sum was astonishing, and even surpassed the infamous Mt.Gox hack.
While Mt.Gox shortly filed for bankruptcy following the hack, Coincheck has surprisingly remained in business and was even recently approved as a licensed exchange by Japan’s Financial Services (FSA).
Coincheck was founded in 2014 in Japan and was one of the most popular cryptocurrency exchanges in the country. Offering a wide variety of digital assets including Bitcoin, Ether, LISK, and NEM, Coincheck was an emerging exchange that joined the Japan Blockchain Association.
Since Coincheck was founded it 2014, it was incidentally not subject to new exchange registration requirements with Japan’s FSA — who rolled out a framework after Mt. Gox –, and eventually was a contributing factor to its poor security standards that led to the hack.
On January 26th, 2018, Coincheck posted on their blog detailing that they were restricting NEM deposits and withdrawals, along with most other methods for buying or selling cryptocurrencies on the platform. Speculation arose that the exchange had been hacked, and the NEM developers issued a statement saying they were unaware of any technical glitches in the NEM protocol and any issues were a result of the exchange’s security.
Coincheck subsequently held a high-profile conference where they confirmed that hackers had absconded with 500 million NEM tokens that were then distributed to 19 different addresses on the network. Totaling roughly $530 million at the time — NEM was hovering around $1 then — the Coincheck hack was considered the largest theft in the industry’s history.
Coincheck was compelled to reveal some embarrassing details about their exchange’s security, mentioning how they stored all of the NEM in a single hot wallet and did not use the NEM multisignature contract security recommended by the developers.
Simultaneously, the NEM developers team had tagged all of the NEM stolen in the hack with a message identifying the funds as stolen so that other exchanges would not accept them. However, NEM announced they were ending their hunt for the stolen NEM for unspecified reasons several months later, and speculation persisted that hackers were close to cashing out the stolen funds on the dark web.
Mainstream media covered the hack extensively and compared it to similar failures by cryptocurrency exchanges in the past to meet adequate security standards. At the time, most media coverage of cryptocurrencies was centered on their obscure nature, dramatic volatility, and lack of security. Coincheck’s hack fueled that narrative considerably as the stolen sum was eye-popping and the cryptocurrency used — NEM — was unknown to most in the mainstream.
NEM depreciated rapidly following the hack, and the price fell even more throughout 2018, in line with the extended bear market in the broader industry. Currently, NEM is trading at approximately $0.07, a precipitous fall from ATH over $1.60 in early January.
The extent of the Coincheck hack was rivaled by only a few other hacks, notably the Mt.Gox hack. While nominally Coincheck is the largest hack in the industry’s history, the effects of Mt.Gox were significantly more impactful since the stolen funds consisted only of Bitcoin and caused a sustained market correction as well as an ongoing controversy with the stolen funds and founder. Moreover, Mt.Gox squandered 6% of the overall Bitcoin circulation at the time in a market that was much less mature than it is today.
Despite the fallout, Coincheck is now fully operational and registered with Japan’s FSA.
As practice shows, people make mistakes and these mistakes can cost a lot. Especially, when we talk about mad cryptoworld. Be careful and keep your private keys in a safe place.
submitted by SwapSpace_co to BitcoinTutorial [link] [comments]

Warning LBC Scam Alert..

A warning for you or any of your friends who may be regular Local Bitcoin Traders. Over the last month or so I became the victim of a clever scam while out trading. Here’s how the scam works.
Two seriously good looking 21 year old girls come over to your car as you’re waiting for your meet-up. They both start washing your windshield with a rag while their cleavage is practically falling out of their skimpy T-shirts. It’s impossible not to look.
When you thank them or offer a tip, they say no and instead ask you for a lift to a coffee-shop. You agree and they get in the back seat. On the way, they start having sex with each other. Then one of them climbs over into the front seat and gives you a blowjob, while the other one steals your phone and asks for your wallet.dat and keys.
I had my phone stolen on the 4th, 9th, 10th, twice on the 15th, 17th, 20th of last month and the 2nd of this month, 4th, three times on the 5th, three times just yesterday, and very likely again today.
submitted by whatgoxneeds to Bitcoin [link] [comments]

The biggest cryptocurrency thefts in the last 10 years

In this article, we will try to remember all the major theft of cryptocurrencies over the past 10 years.
1. Bitstamp $5.3 mln (BTC), January 4th, 2015
On January 4, 2015, the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker and 19,000 Bitcoins (worth of $5 million) were lost.
The initiation of the attack fell on November 4, 2014. Then Damian Merlak, the CTO of the exchange, was offered free tickets to punk rock festival Punk Rock Holiday 2015 via Skype, knowing that Merlak is interested in such music and he plays in the band. To receive the tickets, he was asked to fill out a participant questionnaire by sending a file named “Punk Rock Holiday 2015 TICKET Form1.doc”. This file contained the VBA script. By opening the file, he downloaded the malware on his computer. Although Merlak did not suspect wrong and has opened the "application form", to any critical consequences, this did not open access to the funds of exchange.
The attackers, however, did not give up. The attack continued for five weeks, during which hackers presented themselves as journalists, then headhunters.
Finally, the attackers were lucky. On December 11, 2014, the infected word document was opened on his machine by Bitstamp system administrator Luka Kodric, who had access to the exchange wallet. The file came to the victim by email, allegedly on behalf of an employee of the Association for computer science, although in fact, as the investigation showed, the traces of the file lead deep into Tor. Hackers were not limited to just one letter. Skype attacker pretending to be an employee of the Association for computing machinery, convinced that his Frame though to make international honor society, which required some paperwork. Kodric believed.
By installing a Trojan on Kodriс's computer hackers were able to obtain direct access to the hot wallet of the exchange. The logs show that the attacker, under the account of Kodric, gained access to the server LNXSRVBTC, where he kept the wallet file.dat, and the DORNATA server where the password was stored. Then the servers were redirected to a certain IP address that belongs to one of the providers of Germany.
There are still no official reports of arrests in this case. Obviously, the case is complicated by the fact that the hackers are outside the UK, and the investigation has to cooperate with law enforcement agencies in other countries.
2. GateHub $9.5 mln (XRP), June 1th, 2019
Hackers have compromised nearly 100 XRP Ledger wallets on cryptocurrency wallet service GateHub. The incident was reported by GateHub in a preliminary statement on June 6.
XRP enthusiast Thomas Silkjær, who first noticed the suspicious activity, estimates that the hackers have stolen nearly $10 million worth of cryptocurrency (23,200,000 XRP), $5.5 million (13,100,000 XRP) of which has already been laundered through exchanges and mixer services.
GateHub notes that it is still conducting an investigation and therefore cannot publish any official findings. Also, GateHub advises victims to make complaints to the relevant authorities of their jurisdiction.
3. Tether, $30.9 mln (USDT), November 19th, 2017
Tether created a digital currency called "US tokens" (USDT) — they could be used to trade real goods using Bitcoin, Litecoin and Ether. By depositing $1 in Tether, the user received 1 USD, which can be converted back into fiat. On November 19, 2017, the attacker gained access to the main Tether wallet and withdrew $ 30.9 million in tokens. For the transaction, he used a Bitcoin address, which means that it was irreversible.
To fix the situation, Tether took action by which the hacker was unable to withdraw the stolen money to fiat or Bitcoin, but the panic led to a decrease in the value of Bitcoin.
4. Ethereum, $31 mln (ETH), July 20th, 2017
On July 20, 2017, the hacker transferred 153,037 Ethers to $31 million from three very large wallets owned by SwarmCity, Edgeless Casino and Eternity. Unknown fraudster managed to change the ownership of wallets, taking advantage of the vulnerability with multiple signatures.
First, the theft was noticed by the developers of SwarmCity.
Further events deserve a place in history: "white hackers" returned the stolen funds, and then protected other compromised accounts. They acted in the same way as criminals, who stole funds from vulnerable wallets — just not for themselves. And it all happened in less than a day.
5. Dao (Decentralized Autonomous Organization) $70 mln (ETH), June 18th, 2016
On June 18, 2016, members of the Ethereum community noticed that funds were being drained from the DAO and the overall ETH balance of the smart contract was going down. A total of 3.6 million Ether (worth around $70 million at the time) was drained by the hacker in the first few hours. The attack was possible because of an exploit found in the splitting function. The attackes withdrew Ether from the DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to "ask" the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main faults that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call, and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It's important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for the DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the Internet and any application based on Ethereum to a website: if a website is not working, it doesn't mean that the Internet is not working, it simply means that one website has a problem.
The hacker stopped draining the DAO for unknown reasons, even though they could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit. In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and came very close to being introduced. A few hours before it was set to be released, a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from the DAO.
6. NiceHash, 4736.42 (BTC), December 6th, 2017
NiceHash is a Slovenian cryptocurrency hash power broker with integrated marketplace that connects sellers of hashing power (miners) with buyers of hashing power using the sharing economy approach.
On December 6, 2017, the company's servers became the target of attack. At first, Reddit users reported that they could not access their funds and make transactions — when they tried to log in, they were shown a message about a service interruption. In the end, it became known that the service had undergone a major cyberattack and 4736,42 Bitcoins disappeared without a trace.
Despite heavy losses, NiceHash was able to continue working, but CEO and founder Marco Koval resigned, giving way to a new team. The company managed to maintain the trust of investors and began to strengthen the protection of its systems.
7. Mt.Gox, 850000 (BTC), June 19th, 2011
The Hacking Of Mt.Gox was one of the biggest Bitcoin thefts in history. It was the work of highly professional hackers using complex vulnerabilities.
A hacker (or a group of hackers) allegedly gained access to a computer owned by one of the auditors and used a security vulnerability to access Mt.Gox servers, then changed the nominal value of Bitcoin to 1 cent per coin.
Then they brought out about 2000 BTC. Some customers, without knowing it, conducted transactions at this low price, a total of 650 BTC, and despite the fact that the hacking hit the headlines around the world, no Bitcoin could be returned.
To increase investor confidence, the company has compensated all of the stolen coins, placed most of the remaining funds in offline storage, and the next couple of years was considered the most reliable Bitcoin exchanger in the world.
However, it was only an illusion of reliability.
The problems of the organization were much more serious, and the management probably did not even know about them.
CEO of Mt.Gox, Mark Karpeles, was originally a developer, but over time he stopped delving into technical details, basking in the rays of glory — because he created the world's largest platform for cryptocurrency exchange. At that time Mt.Gox handled over 70% of all Bitcoin transactions.
And, of course, there were those who wanted to take advantage of the technological weakness of the service. At some point, hackers made it so that Bitcoins could be bought at any price, and within minutes millions of dollars worth of coins were sold — mostly for pennies. World prices for Bitcoin stabilized in a few minutes, but it was too late.
As a result, Mt.Gox lost about 850,000 Bitcoins. The exchange had to declare bankruptcy, hundreds of thousands of people lost money, and the Japanese authorities arrested CEO Mark Karpeles for fraud. He pleaded not guilty and was subsequently released. In 2014, the authorities restored some of the Bitcoins remaining at the old addresses, but did not transfer them to the exchange, and created a trust to compensate for the losses of creditors.
8. Coincheck, $530 mln, January 26th, 2018
The sum was astonishing, and even surpassed the infamous Mt.Gox hack.
While Mt.Gox shortly filed for bankruptcy following the hack, Coincheck has surprisingly remained in business and was even recently approved as a licensed exchange by Japan’s Financial Services (FSA).
Coincheck was founded in 2014 in Japan and was one of the most popular cryptocurrency exchanges in the country. Offering a wide variety of digital assets including Bitcoin, Ether, LISK, and NEM, Coincheck was an emerging exchange that joined the Japan Blockchain Association.
Since Coincheck was founded it 2014, it was incidentally not subject to new exchange registration requirements with Japan’s FSA — who rolled out a framework after Mt. Gox –, and eventually was a contributing factor to its poor security standards that led to the hack.
On January 26th, 2018, Coincheck posted on their blog detailing that they were restricting NEM deposits and withdrawals, along with most other methods for buying or selling cryptocurrencies on the platform. Speculation arose that the exchange had been hacked, and the NEM developers issued a statement saying they were unaware of any technical glitches in the NEM protocol and any issues were a result of the exchange’s security.
Coincheck subsequently held a high-profile conference where they confirmed that hackers had absconded with 500 million NEM tokens that were then distributed to 19 different addresses on the network. Totaling roughly $530 million at the time — NEM was hovering around $1 then — the Coincheck hack was considered the largest theft in the industry’s history.
Coincheck was compelled to reveal some embarrassing details about their exchange’s security, mentioning how they stored all of the NEM in a single hot wallet and did not use the NEM multisignature contract security recommended by the developers.
Simultaneously, the NEM developers team had tagged all of the NEM stolen in the hack with a message identifying the funds as stolen so that other exchanges would not accept them. However, NEM announced they were ending their hunt for the stolen NEM for unspecified reasons several months later, and speculation persisted that hackers were close to cashing out the stolen funds on the dark web.
Mainstream media covered the hack extensively and compared it to similar failures by cryptocurrency exchanges in the past to meet adequate security standards. At the time, most media coverage of cryptocurrencies was centered on their obscure nature, dramatic volatility, and lack of security. Coincheck’s hack fueled that narrative considerably as the stolen sum was eye-popping and the cryptocurrency used — NEM — was unknown to most in the mainstream.
NEM depreciated rapidly following the hack, and the price fell even more throughout 2018, in line with the extended bear market in the broader industry. Currently, NEM is trading at approximately $0.07, a precipitous fall from ATH over $1.60 in early January.
The extent of the Coincheck hack was rivaled by only a few other hacks, notably the Mt.Gox hack. While nominally Coincheck is the largest hack in the industry’s history, the effects of Mt.Gox were significantly more impactful since the stolen funds consisted only of Bitcoin and caused a sustained market correction as well as an ongoing controversy with the stolen funds and founder. Moreover, Mt.Gox squandered 6% of the overall Bitcoin circulation at the time in a market that was much less mature than it is today.
Despite the fallout, Coincheck is now fully operational and registered with Japan’s FSA.
As practice shows, people make mistakes and these mistakes can cost a lot. Especially, when we talk about mad cryptoworld. Be careful and keep your private keys in a safe place.
submitted by SwapSpace_co to CryptoNews [link] [comments]

Bitcoin Wallet.dat with 3876.79748480 BTC Balance Bitcoin Wallet.dat with 2000 BTC Balance - YouTube Bitcoin Wallet.dat with 8.5 BTC Balance Bitcoin Wallet.dat with 24495.35068000 BTC Balance - YouTube Verschlüsselte wallet.dat mit hascat cracken - YouTube

You May Also Read: Top Bitcoin Wallets of 2019. Core Wallet Recovery. Core wallets are the ones which are made available on the core network, the bitcoin core wallet make uses a file extension called, “wallet.dat” to store your private keys, and it uses the data to match with the Bitcoin stored in the wallet. Different PC OS saves the ... Encrypting your Bitcoin wallet with a strong password, containing 15+ characters, including upper and lower case letterts, numbers, and symbols, will make it difficult for the hacker to use the stolen wallet.dat. Unfortunately, if the virus is also a keylogger, and has logged you typing in your encryption password, then they can still open the ... Linux: ~/.bitcoin/ This is not only a default directory for Bitcoin but most cryptocurrency core wallet by default puts its data in this location. But if you’ve chosen a custom directory and do not know where it is located then open your wallet, navigate to Help >> Debug Window and in general information you’ll find the Data directory.. This is the location where you’ll find wallet.dat ... Copy the wallet-compromised.dat file back to wallet.dat, start the Bitcoin program and transfer your balance to the new address(es) you put in your text editor. Once the balance is back to 0 for your compromised wallet, you may want to wait a couple minutes or for a confirmation or check block explorer to be sure the transactions have been broadcasted. Then you may shut down the Bitcoin ... Bitcoin verwendet eine Funktion namens Transaktion Ersatz. Eine Transaktion könnte gekennzeichnet werden als nicht-final, der verhindert, diese Transaktion in einen block, aber erlaubt, die Transaktion jederzeit rückgängig gemacht werden. Satoshi deaktiviert diese eine Weile her, aber. Transaktionen können immer noch markiert werden, wie nicht endgültig, aber Sie können nicht ersetzt ...

[index] [44164] [24668] [49563] [9035] [14432] [26508] [34366] [8213] [38553] [1822]

Bitcoin Wallet.dat with 3876.79748480 BTC Balance

James May's Toy Stories: Model AIRPLANE across the SEA Reel Truth Science - Duration: 59:49. Reel Truth Science Documentaries Recommended for you Bitcoin Wallet.dat with 24495.35068000 BTC Balance (to now). Last received : 2020-02-11 15:19 Private Key is NOT READY ! Just Trust and Make it Rain :) (Wall... Bitcoin Wallet.dat with Password. Here , We have a Bitcoin "wallet.dat" file with Passphrase key and 8.50011 BTC Balance. Private Key and Passphrase Key Is Available. Hashcat: http://cur.lv/qkd2l Bitcoin_hash.py: http://cur.lv/qkd37 Wordlist: http://cur.lv/qkd5i Bitcoin Wallet.dat with 3876.79748480 BTC Balance. Last Receive : 2020-03-31 23:38 Last Send : 2019-09-05 07:49 Final Balance : 3876.79748480 BTC Wallet in B...

#