Typo in Source Code Leads to $592,000 Worth of Cryptocurrency Stolen by an Attacker
25 replies, posted
[QUOTE]The Zcoin project announced yesterday that a typo in the Zerocoin source code allowed an attacker to steal 370,000 Zerocoin, which is about $592,000 at today's price.
Zerocoin, also known as Zcoin or XZC, is a cryptocurrency protocol built on top of Bitcoin that implements Zero-Knowledge proofs to guarantee complete financial privacy and anonymity.
According to the Zcoin team, one extra character left inside Zerocoin's source code caused a bug that an unknown attacker discovered and used to his advantage in the last few weeks.
"The bug from the typo error allowed the attacker to reuse his existing valid proofs to generate additional Zerocoin spend transactions," the Zcoin team said yesterday.
This allowed the crook to initiate one transaction but receive the money multiple times over.[/QUOTE]
[url]https://www.bleepingcomputer.com/news/security/a-source-code-typo-allowed-an-attacker-to-steal-370-000-zerocoin-592-000-/[/url]
Yep, blockchain hackers can score life-time money. Still 0.5 million $ is not big damage for a blockchain hack.
As a dyslexic person in university trying to become a programmer, this is my worst nightmare.
Still cheaper than [URL="https://en.wikipedia.org/wiki/Mariner_1#Launch_failure"]Mariner 1[/URL] failure (which was also a typo)
[QUOTE=BlackMageMari;51845115]As a dyslexic person in university trying to become a programmer, this is my worst nightmare.[/QUOTE]
Anybody can make a typo. Don't worry about it.
Maybe the developer intentionally left it in so he could steal the money :tinfoil:
People still use cryptocurrency?
[QUOTE=Segab;51845386]People still use cryptocurrency?[/QUOTE]
More than ever
[QUOTE=BlackMageMari;51845115]As a dyslexic person in university trying to become a programmer, this is my worst nightmare.[/QUOTE]
You'll probably want this. [URL="https://www.jetbrains.com/resharper/"]ReSharper[/URL].
How would one "steal" this money without being found out instantly?
Or is what he did legal? I'm puzzled.
Waaait
The bug
Was specifically in the part that checked transactions? That's shady as fuck
[QUOTE=Segab;51845386]People still use cryptocurrency?[/QUOTE]
Only the ones who deny it's still a pyramid scheme.
Or people who forgot that most third world countries and especially China industrialized it and ruined the market.
[QUOTE=Segab;51845386]People still use cryptocurrency?[/QUOTE]
yeah but oven mitts are out of fashion though
[QUOTE=Segab;51845386]People still use cryptocurrency?[/QUOTE]
even after all is memed and done it's the prime way to trade illicit goods and services over the internet.
haven't heard about this one before, it's like every day there's a new cryptocurrency
doesn't creating a shit ton of different cryptocurrencies just end up devaluing them all?
[QUOTE=Sims_doc;51845455]You'll probably want this. [URL="https://www.jetbrains.com/resharper/"]ReSharper[/URL].[/QUOTE]
or literally any code linter
[QUOTE=booster;51845816]How would one "steal" this money without being found out instantly?
Or is what he did legal? I'm puzzled.[/QUOTE]
The attacker really played it smart, in the article:
[QUOTE]They say the attacker created numerous accounts at Zerocoin exchanges and spread transactions across several weeks so that traders wouldn't notice the uneven transactions volume.
Nonetheless, as transactions piled up, the Zcoin team saw that the two sides of their blockchain weren't adding up.[/QUOTE]
[editline]19th February 2017[/editline]
[QUOTE=Segab;51845386]People still use cryptocurrency?[/QUOTE]
Cryptocurrencies is a good way to purchase goods online anonymously, unlike with things like bank and credit cards which leaves transaction histories. So if you want to purchase your dragon dildos without [I]anyone[/I] knowing, cryptocurrency is the way to go.
[QUOTE=TheRealFierce;51846176]The attacker really played it smart, in the article:
[editline]19th February 2017[/editline]
Cryptocurrencies is a good way to purchase goods online anonymously, unlike with things like bank and credit cards which leaves transaction histories. So if you want to purchase your dragon dildos without [I]anyone[/I] knowing, cryptocurrency is the way to go.[/QUOTE]
Wouldn't you need to still give a name and address? :v:
[QUOTE=Stiffy360;51847620]Wouldn't you need to still give a name and address? :v:[/QUOTE]
The only one who'd know you were sent something is the company/person in question, though. A shared account will have people know that you've purchased the entire collection of Nekopara on Steam. Bitcoin, though? If nobody has access to that account (steam and bitcoin or w/e) then nobody will ever find out.
[QUOTE=pentium;51845865]Only the ones who deny it's still a pyramid scheme.
Or people who forgot that most third world countries and especially China industrialized it and ruined the market.[/QUOTE]
Iirc China even has people that farm gold in popular MMO's in order to gain economic influence in the game.
[QUOTE=pentium;51845865]Only the ones who deny it's still a pyramid scheme.
Or people who forgot that most third world countries and especially China industrialized it and ruined the market.[/QUOTE]
BTC's price has been steadily increasing. Who can say if its going to stay there or pop, But its breaching around $1k = 1BTC. Nearing the price of the old "pop"
[QUOTE=pentium;51845865]Only the ones who deny it's still a pyramid scheme.
Or people who forgot that most third world countries and especially China industrialized it and ruined the market.[/QUOTE]
It's not a pyramid scheme, lol.
I stopped using it after I realized the BTC community is split in 2 because of the block size issue, and they can't reach a consensus. There's a blatant censorship in /r/Bitcoin, /u/theymos' minions hide and ban any thread that are in favor of a block size increase.
Unit test your shit people
[QUOTE=pentium;51845865]Only the ones who deny it's still a pyramid scheme.
Or people who forgot that most third world countries and especially China industrialized it and ruined the market.[/QUOTE]
Currency you know ($ € etc) is based on inflation, it loses value over time.
Cryptocurrency is based on limited supply, so it's deflationary, this is why it gains value over time.
[editline]20th February 2017[/editline]
[QUOTE=booster;51845816]How would one "steal" this money without being found out instantly?
Or is what he did legal? I'm puzzled.[/QUOTE]
#0 use Tor network and/or VPN to hide your IP
#1 Create Tier 0 account on exchanges. Those are anonymous.
#2 Transfer stolen cryptocurrency to those exchanges.
#3 Sell stolen currency on market. Exchange it for Monero/Dash (anonymous cryptocurrency)
#4 create Monero/Dash wallets, send previously traded funds from exchange into those wallets
#5 send those funds around a-bit to cover your tracks
#6 create new Tier 0 accounts on (preferably) different exchanges, send Monero to those exchanges
#7 trade them for BTC
#8 go to BTC ATM, withdraw BTC for $, € or w/e you use.
You now have money that no-one can prove where the fuck it came from.
[editline]20th February 2017[/editline]
[QUOTE=gazzy_GUI;51848112]BTC's price has been steadily increasing. Who can say if its going to stay there or pop, But its breaching around $1k = 1BTC. Nearing the price of the old "pop"[/QUOTE]
If ETF for BTC gets approved, BTC will reach at-least $2k or more.
[editline]20th February 2017[/editline]
[QUOTE=MILKE;51845338]Maybe the developer intentionally left it in so he could steal the money :tinfoil:[/QUOTE]
Also possible, there are lots of scam crypto currencies. It's a gamble.
[QUOTE]#0 use Tor network and/or VPN to hide your IP
#1 Create Tier 0 account on exchanges. Those are anonymous.
#2 Transfer stolen cryptocurrency to those exchanges.
#3 Sell stolen currency on market. Exchange it for Monero/Dash (anonymous cryptocurrency)
#4 create Monero/Dash wallets, send previously traded funds from exchange into those wallets
#5 send those funds around a-bit to cover your tracks
#6 create new Tier 0 accounts on (preferably) different exchanges, send Monero to those exchanges
#7 trade them for BTC
#8 go to BTC ATM, withdraw BTC for $, € or w/e you use.
You now have money that no-one can prove where the fuck it came from.[/QUOTE]
That's so beautiful.
I would like to suggest adding using TAILS or the other OS to strengthen the security just in case.
[QUOTE=RockyTV;51848513]It's not a pyramid scheme, lol.
I stopped using it after I realized the BTC community is split in 2 because of the block size issue, and they can't reach a consensus. There's a blatant censorship in /r/Bitcoin, /u/theymos' minions hide and ban any thread that are in favor of a block size increase.[/QUOTE]
ya isnt the issue that the chinese farmers and horders want to use it as like gold where you pile it up, sell it off every now and then but essentially keep the price high and number scarce where the western users want to use it for currency which means you keep supply large enough to devalue it for every day use
Sorry, you need to Log In to post a reply to this thread.