Posted on

Malware Crypto Ransoms Rose By Almost 90% in Q1: Report

The average cryptocurrency payout for ransomware attacks rose dramatically in the first quarter of 2019, according to a firm that helps victims pay ransoms.

In its quarterly report, Coveware said that, while in Q4 last year the average ransom was $6,733, it shot up by 89 percent to $12,762 in the first three months of 2019.

The rapid hike in crypto demanded comes thanks to the increasing prevalence of more expensive strains of ransomware – which encrypt victims’ files and demand a payment in cryptocurrency to unlock them – such as Ryuk, Bitpaymer, and Iencrypt, according to the firm.

“These types of ransomware are predominantly used in bespoke targeted attacks on larger enterprise targets,” Coveware said.

The Ryuk ransomware strain in particular has shot up in prevalence. In Q1, in first and second place, respectively, Dharma and Crysis held their leading positions on the market share table (below), while Ryuk is now in third place. That’s a notable climb, since it was not a top-three placer in the previous quarter. 

Ryuk is also targeting larger organizations than other variants, the report says. Not only that but it is demanding far higher ransoms. For example, Dharma requires an average ransom of $9,742, while Ryuk demands $286,556 on average.

Bitcoin is still, and is likely to continue to be, the most popular cryptocurrency demanded by bad actors deploying ransomware, Coveware adds, although privacy coins like dash make up around 2 percent of demands.

Malware image via Shutterstock

Posted on

Next Bitcoin Core Release to Finally Let Hardware Wallets Connect to Full Nodes

It’s a moment true bitcoin nerds have been waiting for.

In the coming release of Bitcoin Core, the 18th major version of the cryptocurrency’s most widely used software, the code will finally, natively allow users to connect bitcoin full nodes to hardware wallets.

It sounds technical, but it’s a big step for the security for users. Bitcoin full nodes allow users to verify that transactions actually took place, meanwhile, hardware wallets are considered one of the most secure ways to store bitcoin. Thus, making it easier to join the two together is a big win for users who don’t want full control of their bitcoin – and don’t want to lose it.

Bitcoin Core lead maintainer Wladimir van der Laan, who is in charge of coordinating the coming upgrade, told CoinDesk it’s one of the features he’s been most excited about for quite some time.

Still, the change is part of a much broader effort to make bitcoin full nodes easier to use for people other than just tech geeks. Casa, for example, has launched a node that works without much setup necessary, while developers of the bitcoin protocol are constantly trying to reduce how much data users need to store to run one (as users need to store every transaction ever sent on the blockchain, it’s pretty weighty).

As Bitcoin Core contributor Andrew Chow, one of the lead developers on the project, put it on Twitter:

“With this [pull request] merged, the upcoming Bitcoin Core 0.18 release will be finally usable with hardware wallets by using [Hardware Wallet Interface (HWI)].”

He admits it’s “still command line only and manual,” but argued “it’s a big step forward” because the functionality is finally there, even if in a somewhat clunky form. Developers will continue to make it easier to use down the line.

Eating your cake

So first off, why use a bitcoin full node in the first place?

In order to send a transaction on the bitcoin network, users need to connect to a bitcoin node. Full nodes now require a couple of hundred gigabytes of data, which is a lot, enough to fill a small laptop.

But it does serve a purpose, as rather than trust that someone else is feeding you the correct financial information, such as whether you really received a transaction or not, you’re able to validate this information yourself.

As the value proposition of bitcoin is to not trust others, some developers go as far as to argue that using bitcoin in a way that removes the full node defeats the purpose of bitcoin.

Bitcoin Core contributor Sjors Provoost, for example, has argued that running a full node is helpful for “knowing your bitcoin is real,” offering the example of Segwit2x, a proposed bitcoin fork from 2017 in which some companies, miners, and users proposed upgrading bitcoin to a larger block size.

There was concern that in the case Segwit2x broke bitcoin into two, mobile wallets relying on Simplified Payment Verification (SPV) technology would be susceptible to trickery from miners.

“That server can in theory also lie about your balance. In a scenario like SegWit2x, it could decide which side of the fork it wants to show you. With a full node you don’t have to worry about that,” Provoost told CoinDesk.

Then there’s the issue of privacy.

“The wallet software that normally comes with hardware wallets reveals your addresses to a third-party server,” Provoost continued. The full node would replace this wallet software, giving users privacy again.

“At the end of the day, it comes down to the trade-off between convenience and trust,” Bitcoin Core wallet maintainer Samuel Dobson told CoinDesk.

These problems are what’s fueling the idea that maybe one day “everyone” should run this full node software, so they don’t have to trust anyone else to send them accurate financial information.

“Yes, I believe that everybody will eventually run a full node. I wish a future where not having a full node will severely limit your user experience and the realm of things you can do with bitcoin,” as BTCPay creator Nicolas Dorier wrote in a recent blog post.

Secure, offline bitcoin

The other piece is hardware wallets are considered the most secure way to store bitcoin. That’s especially true when compared to storing them on internet-connected computers, which are often totally exposed to hackers.

“PCs are a much larger attack surface than a small dedicated device to store your keys, designed specifically with security in mind. They’re also less prone to random crashes or corruption which could cause you to lose un-backed-up keys on your computer,” Dobson told CoinDesk.

With this new tech in place in the Bitcoin Core software, users can store their bitcoin on an offline hardware wallet, then use their full node to verify the data they’re getting fed, such as transaction data, is correct.

The technology has been a long-time coming. Connecting hardware to a full node is also one of the key goals of Electrum Personal Server, pioneered by developer Chris Belcher. “Hopefully this software can be part of the plan to get full node wallets into the hands of as many people as possible,” he said in the project announcement post last year.

There are pros and cons to each project, though, Provoost admitted.

“The HWI project should reduce the number of separate software components needed, though at the moment I think it’s still less user-friendly [than Electrum Personal Server],” he said.

And there’s still a ways to go to get the graphical interface totally working. “Maybe one day in the future we’ll have this graphical picture that I showed you – and after that we’ll have unicorns,” Provoost said in his presentation on the topic.

Further features

While hardware wallet support in 0.18 has generated much excitement, As usual, the release is filled with other contributions from the pool of global Bitcoin Core contributors.

Dobson told CoinDesk about a few features he finds “exciting,” including refinements to a new “language” that the groundwork was laid for in an earlier version of Bitcoin Core. New commands will allow developers to use this language to “import descriptors.”

“You can provide such a descriptor to Core […] and it will parse it and import the keys, scripts, etc. into your wallet for you,” Dobson said, explaining further:

“This is the first step in a longer term goal to rework the wallet and support these descriptors natively within it, which will clean things up immensely and provide a much more natural behaviours, in line with how you would expect things to behave (and which don’t exactly behave that way currently).”

Dobson also pointed to a new “multiwallet” command, which will allow users to pair with multiple wallets within their bitcoin core full node. While the ability to use multiple wallets at once has existed in the code previously, 0.18.0 plugs the feature in the graphical user interface for the first time, so people no longer have to be full-blown developers using the command line to take advantage of the feature.

“Version 0.18 adds support to the GUI to do that, as well as a few improvements in how it works too,” Dobson said.

As of now, version 0.18 is in the “release candidate” stage of the software development cycle, meaning passionate bitcoin developers and companies are still testing it, picking away at the code in an effort to eradicate any bugs, before it’s released to the larger public to download.

According to project developers, it will be available for users to download in the coming weeks.

Bitcoin image via Shutterstock

Posted on

Insurance Giant AXA XL Launches Security Token and Crowdfunding Insurance Service

Insurance Giant AXA XL partnered with insurance technology startup Assurely to jointly launch a new insurance product covering equity crowdfunding and security token offerings.

Insurance giant AXA XL and insurance technology startup Assurely have jointly launched a new insurance product covering equity crowdfunding and Security Token Offerings (STOs), according to a press release published on March 6.

The new product dubbed CrowdProtector is designed for issuers and investors, and purportedly protects new online capital formation strategies like equity crowdfunding and STOs. The product also aims increase trust, confidence and safety to potential investors guaranteeing that the issuer is insured. According to Ty Sagalow, CEO of Assurely, the parties have managed to increase underwriting. The releases states:

“CrowdProtector provides Issuers protection against investor complaints and lawsuits as well as serve as a communication to investors that they may get their principal investment returned should the issuer misuse the funds, purposefully misrepresent information in their offering documents, or steal the money.”

In the release, it is noted that until recently, investing in private companies has been available to accredited investors, —  having a net worth of higher than $1 million, or earned income exceeding $200,000 — leaving a large amount of potential investors on the sidelines.

AXA XL is reportedly the second largest insurer in Europe, also providing risk management and reinsurance services to insurance companies globally. In 2018, the company’s net profit was reportedly 2.14 billion euro ($2.42 billion), having fallen by 66 percent from a year earlier. At the same time, the company’s earnings in 2018 rose by three percent, with dividends up by six percent to 1.34 euro ($1.52) per share.

Back in 2015, AXA XL revealed its plans to use Bitcoin (BTC) for remittances in order to streamline payments around the world. At the time, the company stated that many use cases related to Bitcoin had not yet been explored.

As Cointelegraph reported in February, blockchain security firm and crypto wallet service BitGo announced plans to offer crypto insurance through Lloyd’s of London. BitGo Business Wallet clients will purportedly be able to acquire insurance for their digital assets held on BitGo’s Business Wallet service and Custodial offering.

Additional reporting by Adrian Zmudzinski

Posted on

Coinomi Wallet Addresses Vulnerability Concerns

Coinomi Wallet denied recent claims that its software sends wallet recovery seed phrases to Google’s remote spellchecker servers in unencrypted text.

Coinomi Wallet denied recent claims that its software sends wallet recovery seed phrases to Google’s remote spell checker servers in plain (unencrypted) text. The company refuted the claims in an official statement published on Feb. 27.

In the statement, Coinomi claims that, unlike what was reported, the seed phrase transmission was encrypted via SSL (HTTPS), with Google being the only recipient capable of decrypting the message.

Coinomi notes that the phrase was only transmitted if the user chose to restore his wallet and only on the desktop version. Finally, Coinomi states that the spell-check requests sent to Google were not cached or stored, since they were flagged as bad requests by the servers and were not processed further.

The cause of the problem was reportedly a bad configuration in a plug-in software contained in the desktop version of Coinomi wallets.

The company claims that on Feb. 22 Warith Al Maawali created a support request on their board regarding a vulnerability contained in their wallet which, according to Maawali, has led to a wallet being hacked, as he claims on the dedicated website AvoidCoinomi.

Coinomi purportedly flagged the request as high priority and investigated into the matter. The company COO Angelos Leoussis said on the firm’s official Telegram group that the user kept “threatening, swearing, and blackmailing us for insane amounts.”

While a video posted on AvoidCoinomi aims to demonstrate the alleged vulnerability, it appears to show that the option to decrypt HTTPS is selected in the software.

Leoussis shared an alleged copy of the conversation with Maawali with Cointelegraph, where the user suggests that the wallet contains a backdoor and declares:

“You have few hours to return my assets back or I will go public with all the the [sic] evidence against you.”

According to information shared with Cointelegraph, on Feb. 23 Maawali requested the company to refund the allegedly stolen crypto assets or their equivalent in dollars, stating that otherwise he has “no choice other than reporting this in social media.” Still, he did not share the details of his findings, saying that he will wait until the company shows its willingness to refund the allegedly stolen funds.

Per Leoussis , Coinomi responded that the company did not consider this to be a responsible disclosure and asked for details concerning the alleged vulnerability. Maawali seemingly responded to the request by stating that he will not disclose details without assurance of a refund.

On Feb. 26 Coinomi purportedly declared that the company will report the stolen assets to Chainalysis, which will blacklist the funds so no exchange will accept them.

In December 2018, researchers were reportedly able to demonstrate that they were able to hack the Trezor One, Ledger Nano S and Ledger Blue hardware wallets. At the 35C3 Refreshing Memories conference researchers used several different strategies to attempt to compromise the wallets. The Ledger team also claimed that the alleged vulnerabilities discovered in its hardware wallets were not critical.

Posted on

51% Attacks for Rent : The Trouble with a Liquid Mining Market

Anthony Xie is the founder of HodlBot, a tool that helps investors diversify their portfolios and automate their trading strategies.


In order to remain decentralized, cryptocurrencies using a proof-of-work system must not allow a single party to control the majority of total hashing power.

But as the global pool of hashing power grows more liquid, cryptocurrencies need to pass another important test. They must be able to resist an attack from the total rentable global hashing power for their specific algorithm. Otherwise, arbitrageurs may find it financially attractive to rent hashing power in order to perform 51% attacks.

There are a few things preventing this from happening:

  • Algorithm-specific miners — Many rigs are optimized for a certain hashing algorithm, and switching to another, e.g. SHA-256 → X11, is unfeasible.
  • Illiquid mining market — Most of the global hash power is illiquid and not rentable. Therefore, a large upfront investment is required to build significant hashing power. The upfront cost for an attack is almost always not worth it.
  • Opportunity cost — Cryptocurrencies are usually designed to heavily favor good actors by providing them with greater rewards for acting in the benefit of the entire network. Any attack must outweigh the risk of failure including loss of mining rewards, loss of reputation and damage to the network. Long-term miners do not want to destroy their future earning potential by successfully attacking a network, shaking market confidence, and causing the price to fall.

But times are changing. The mining market is becoming more liquid.

Why is the liquid mining market growing?

Computer storage was once an illiquid market, now it is an extremely liquid online commodity. The same thing is happening to hash power.

There are two major forces driving this.

  1. The long-run price increase of cryptocurrency will incentivize miners to invest in hashing power until any incremental gain is equal to the cost. In other words, if prices continue to go up, so will global hashing power.
  2. The total percentage of hashing power for rent will increase because buyers and sellers both benefit from the ability to rent and lend respectively. Separation of concern leads to higher degrees of specialization and increased operational efficiency. This is why hardware manufacturers sell their mining rigs and don’t mine themselves. If renters focus all of their time on finding opportunities with the highest amount of ROI, they are likely going to be the best at extracting value per unit of hashing power.Conversely, lenders can de-risk their business because their rental income is implicitly diversified across each entire hashing algorithm. In this world, lenders can simply focus on rental relations, asset utilization, and upkeep.

Rent-a-miner attacks are already possible

Crypto51 calculates how much it would cost to rent enough hashing power to match the given network hashing power for an hour. NiceHash does not have enough hashing power for most larger coins, so this figure is sometimes theoretically above 100 percent.

Hash rates are from Mine the Coin, coin prices are from CoinMarketCap, and rental pricing is from NiceHash.

A few caveats:

  • The quoted attack costs do not include the money you earn in the form of block rewards, so in many cases, the costs will actually be substantially lower.
  • Crypto51 is quoting the spot price for what is available on NiceHash. In real life, the more you rent, the more expensive it will be because of supply and demand.

Coins vulnerable to rent-a-miner attacks

Ranked by Market Cap

ETP is the #91 ranked coin on CMC. You can rent up to 21x the network’s hashing power. The cost of an attack is only $162 per hour. ETP/BTC and ETP/USD pairs are available on Bitfinex.

Vulnerable coins assuming 2x the rental capacity

Currently, these coins are out of reach since the total rental capacity available on NiceHash is not enough to fully match the network’s hashing power.

But let’s imagine the likely circumstance that NiceHash is able to 2x their total rental capacity. Now coins like ETC (rank 18), BCN (rank 40), are easily in reach.

Vulnerable coins assuming 5x the rental capacity

A 5x increase in rental capacity puts coin like DASH (rank 15) and BTG (rank 28) in danger.

So what if 51% attacks are possible? How do attackers make money?

Fortunately, it’s impossible to ever create a transaction for a wallet that you do not own the private key to. But, controlling the majority hashing power means you can execute a double spend attack by temporarily reverting certain transactions on the ledger.

The mechanics of a double spend attack

When miners find a new block, they are supposed to broadcast this to all other miners so that they can verify it, and add a new block to the blockchain. However, a corrupt miner can create their own blockchain in stealth.

To execute a double-spend, the attacker will spend his or her coins on the truthful chain. But they will leave out these transactions on the stealth chain.

If the corrupted miner can build a longer chain faster than all the other miners on the network, they can broadcast the stealth chain to the rest of the network.

Because the protocol adheres to the longest chain, the newly broadcasted corrupt chain will become the de facto, truthful blockchain. The transaction history for the attacker’s previous spend will be erased.

Note that just because a miner controls 51% of hashing power, does not mean they will always have a longer chain. In long-run they will probably have a longer chain. To guarantee this in the short-run, an attacker would likely want to control closer to 80% of the network power.

Where to spend the coins? Exchanges are likely the target

For a double-spend to pay-off, you need to find a way to actually extract value from the spent coins. If you can’t spend the coins in the first place, there’s no point.

The most likely place an attacker would spend their coins on is an exchange because they are the single biggest buyers of various cryptocurrencies.

Here’s what the attack would look like:

  • Choose a target network that looks profitable
  • Accumulate a significant amount of coins on the target network
  • Rent NiceHash hashing power and silently grow the stealth chain
  • Trade these coins on an exchange for another currency e.g. BTC
  • Withdraw BTC to another wallet.
  • Broadcast the stealth chain to the network
  • Get the initial coins back
  • Repeat with a different exchange.

How exchanges will likely respond

As you can probably imagine, exchanges do not enjoy being bamboozled. If this kind of behavior becomes too costly for them, they will likely respond by increasing security surrounding withdrawal periods, deposit periods, and account verification.

Waiting longer for withdrawal will make it more costly for attackers, as they must then maintain the majority hashing power for longer. But this also draws the ire of legitimate traders and exchange users who already complain about the inordinate time it takes to get their cryptocurrencies out.

Another way exchanges may respond is by carefully screening coins that are so easily compromised. However, delisting coins also mean a reduction in trading volume and revenue. I hope this happens, because altcoins that are solely used for speculation, are in dire need of an existential threat.

Ultimately, we’ll likely see a combination of both. The harder it becomes to successfully get away with a double-spend attack, the less money an attacker can justify spending. In the long-run, the balance of these two forces will converge on some market equilibrium.

How cryptocurrencies will respond

Altcoins may find new ways to combat this threat by:

  • Using more obscure algorithms for which there are few miners. This is at best a band-aid solution. Fewer miners for your algorithm means it’s difficult to grow your hashing power. If your network grows, then the algorithm will no longer be obscure.
  • New projects may be to stake their security on the blockchains of larger networks. e.g. ERC-20. Pushing for new consensus algorithms that are more resilient to 51% attacks e.g. proof of stake. POS isn’t perfect though and has challenges of its own.

Big is beautiful

How much larger is the rental market going to grow? It’s not inconceivable to witness a 100x increase, so how many coins are really safe?

Coins with high market caps and low cost of attack are particularly fallible. Given that this is true, will the market respond accordingly by discounting insecure coins? Conversely, will the market place a premium on cryptocurrencies with mammoth mining networks?

To quote a Hacker News comment:

“Rent-a-miner attacks seem like another amusing example of when the emergence of a market can break a system. Satoshi foresaw people trying to mount a 51% attack by buying a ton of machines, and so he went to great lengths to ensure this was unlikely using mining. I don’t think Satoshi foresaw the liquid AWS-like market for instant hashing power. The ability to mount a limited-time 51% attack makes the attack literally 1000x easier than a buy-machine 51% attack.”

Oil slick image via Shutterstock