weekly blockchain security roundup

More scams, hacks and exploits this week – starting the new year out with lots of activity! First up – the biggest theft of tokens ever reported.

Japanese exchange Coincheck got hacked a couple days ago for $533 million USD worth of NEM tokens. Apparently the exchange was overwhelmed with activity and never got around to fixing their system, which was simply to conduct all trades from an online “hot” wallet. This is one of the classic fail moves memorialized by MT Gox back in the day – not keeping most money offline in cold storage, then getting hacked.

User trades are easily settled when all funds are kept online, and the private keys hang around in memory as transactions are getting signed a lot. Private keys to a large wallet being online all the time? That is a tempting target! Of course the obvious strategy for an exchange is to be justifiably anxious, and simply keep as much as possible offline in hardware and paper wallets.

Speaking of wallets, there continue to be fake wallet software out there faking people out. Fake wallets are in fashion now, and a fake MyEthereum wallet app showed up this week on Google Play claiming to be a MyEthereum wallet app. Trouble is, there is no legit MyEthereum Android app.

The huge BitConnect ponzi scheme is a jaw-dropping example of what’s crazy about the ICO world. This project shut down, as ponzi schemes ultimately do, yet the token continues to be traded, the website is still live and the coin still has a market cap even today at the time of writing this of over $67 million USD. I have no idea why.

Another ponzi scheme was busted up recently, as My Big Coin founders were charged with fraud and misappropriation of funds by the US CFTC. Their gold-backed token was simply a ponzi scheme. When it comes to ponzi schemes, it makes no sense to ask why, people just love these. My evidence: PonziCoin.

Stay tuned – loads of bad actors hard at work again this week!

Author: chain rat

crawlin around where nobody's lookin, gnawing on the crufty bits

Leave a Reply

Your email address will not be published. Required fields are marked *