Bitcoin Price Today 📈 Live Bitcoin Value - Charts & Market ...

Bylls — the Canadian Bitcoin bill payment service by Bull Bitcoin — celebrates its 6th birthday

I sometimes find it hard to believe that it has already been 6 years since the public launch of Bylls on January 13 2014. What started out as a simple and humble “garage startup”, the world’s first Bitcoin bill payment service, evolved into so much more.
Bylls eventually became the company that people know today as Bull Bitcoin, and it is from Bylls’ UASF advocacy that sprouted the Cyphernode open-source project. I also like to think of Bylls as a “bitcoin culture” institution that served as the vanguard of the Bitcoin Maximalist and Cypherpunk movements within the Bitcoin exchange and payments industry.
Happy Birthday Bylls! 🎂

What is Bylls?

For those of you who don’t know about Bylls, here’s a short summary:

Short history of world’s first Bitcoin bill payment service

Bylls was founded in 2013 by Eric Spano, a Montreal entrepreneur part of the original Bitcoin Embassy team. Eric, one of my earliest and most influential mentors, is a true Bitcoin OG. Check out his 2014 Bitcoin Ted Talk or his 2019 Podcast on Tales From the Crypt which describes in great detail the inception of Bylls.
When Bylls was launched, I was Public Affairs Director at the Bitcoin Embassy, the world’s first physical Bitcoin hub (a 14,000 square feet building downtown Montreal). Bylls was effectively a one-man operation, with Eric doing pretty much everything himself. I wasn’t directly involved with the company, but Bylls was one of the startups in the Embassy’s incubator program, so I was helping out in various ways. My first “public appearance” in the Bitcoin industry was actually to man the Bylls booth at the Toronto Bitcoin Expo in 2014!
In 2015, Eric was offered a huge career opportunity that he couldn’t accept without stepping down from running Bylls. It was to me an inconceivable tragedy for Bitcoin to let Bylls quitely close down. For the past 2 years, whenever somebody asked me “what can you do with Bitcoin?”, I would always reply “well, for starters, you can pay all your bills in Canada, even your taxes and your credit card”. What was I going to say now?
I had just founded my company Satoshi Portal Inc. with the aim of developing a non-custodial Bitcoin exchange (which eventually became Bull Bitcoin). And so, I acquired Bylls from Eric and it immediately became the focus of all my energy. For the first year, our team consisted of only 2 people including our lead developer Arthur which is still working on Bylls features to this day. From the beginning until today, we are still 100% self-funded. We grew organically and slowly. My philosophy on entrepreneurship and startup scaling is articulated in this medium post.It has been an incredibly intense journey. I cannot think of a more challenging professional experience than being a startup founder and entrepreneur in the Bitcoin industry. The number of Bitcoin startups that have perished since is a stark reminder. Some of them sank quietly, but many went down in flames taking down their users with them. The fact that Bylls is still standing — without VC funding and with its reputation intact — is my proudest achievement.
Over the past 4 years. we completely redesigned the software, continuously adding new features, but the core of the service remained the same. Most importantly, we added the ability for users to pay any individual or business in Canada by creating a personal biller from their bank details. Previously, they were limited to Bylls’ biller list of around 9000 billers.
One of the defining moments in the history of Bylls was UASF. Bylls was one of the first Bitcoin companies to support BIP-148 for the activation of Segwit (second after Bitconic). Not only that, but we were the first to run a public BIP-148 block explorer and public UASF electrum server. We had done a “seppuku pledge” regarding BIP-148, meaning that we would only accept coins from the UASF segwit chain and would pay the Bitcoin market price for them. If UASF had failed, we would not have survived. This cemented our ideology of “skin-in-the-game”. We would never compromise on our values, no matter the cost. Our policy on forks (2017) was described here. But the jist of it is:
Satoshi Portal is a Bitcoin-only company and does not conduct any transaction in any altcoin, including altcoins that are the result of a fork of the Bitcoin blockchain and which can be spent with Bitcoin private keys. This includes, but is not limited to, the coins commonly referred to as BCash, Segwit2X, BGold, Clams and Lumens.We strongly oppose the “New York Agreement” and will under no circumstance ever recognize the Segwit2X blockchain (and BTC1 client) as Bitcoin, regardless of market response or hashing power. In the unlikely event that an overwhelming majority of the Bitcoin ecosystem migrates to the Segwit2X blockchain, Satoshi Portal will continue nevertheless to support the Bitcoin blockchain.
Following the UASF/NO2X “war” in 2017, we devoted a large prortion of ressources to building Cyphernode, an open-source project that makes it very easy for startups to build and deploy Bitcoin applies without any third-parties, using exclusively their own full nodes. We are still developing this project today and plan on actively maintaining it in the future.
It is also worth noting that Bylls has never accepted any altcoins and was one of the first company to pledge never to accept altcoins in the future, leading to what became the “Bitcoin-Only” movement. We were also the first Bitcoin exchange and payment processing company, to our knowledge, that has integrated coinjoin as part of its processes.

Unbanking yourself with Bylls

The coolest feature of Bylls is that you can pay pretty much all your expenses with Bitcoin without needing to go through a bank account. In Canada, you can obtain a credit card without having it linked to a bank account. In 2016, the last of my personal bank accounts was closed due to my activities in the Bitcoin industry. I decided not apply at another bank and try the experiment of living completely unbanked. I’m happy to report it was a success, and serves as a powerful testament for the use-cases provided by Bylls.
I really like the idea of not owning any fiat. You can pay pretty much all daily expenses with a credit card, and pay back the debt with Bitcoin. Of course you have fiat-denominated debts which conveniently tends to diminish in price over time.
You can withdraw cash from a credit card and pay it off instantly with Bylls, so you can get access to cash at any time, in any country across the world, without having a bank account. The only inconvenience is the cash advance fee.
When you have to pay larger amounts such as rent or whatever services don’t accept cash or credit card, you can find the biller in the Bylls list or ask the recipient for his banking details, the same as you would for a wire transfer.

The future of Bylls

Many people ask us if we intend to expand outside of Canada. The answer is, unequivocally, no. We will always be a Canada-only, Bitcoin-only company. That doesn’t mean that we stop working hard to improve our services. We will continue to be the first to integrate the cutting-edge Bitcoin technologies that
Here is are some of the features you can expect in 2020:
Thanks for reading! 🎂
Yours truly,
Francis
Original post here: https://medium.com/bull-bitcoin/bylls-the-canadian-bitcoin-bill-payment-service-by-bull-bitcoin-celebrates-its-6th-birthday-ef6d22acdf2a
submitted by FrancisPouliot to BitcoinCA [link] [comments]

The biggest cryptocurrency thefts in the last 10 years

In this article, we will try to remember all the major theft of cryptocurrencies over the past 10 years.
1. Bitstamp $5.3 mln (BTC), January 4th, 2015
On January 4, 2015, the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker and 19,000 Bitcoins (worth of $5 million) were lost.
The initiation of the attack fell on November 4, 2014. Then Damian Merlak, the CTO of the exchange, was offered free tickets to punk rock festival Punk Rock Holiday 2015 via Skype, knowing that Merlak is interested in such music and he plays in the band. To receive the tickets, he was asked to fill out a participant questionnaire by sending a file named “Punk Rock Holiday 2015 TICKET Form1.doc”. This file contained the VBA script. By opening the file, he downloaded the malware on his computer. Although Merlak did not suspect wrong and has opened the "application form", to any critical consequences, this did not open access to the funds of exchange.
The attackers, however, did not give up. The attack continued for five weeks, during which hackers presented themselves as journalists, then headhunters.
Finally, the attackers were lucky. On December 11, 2014, the infected word document was opened on his machine by Bitstamp system administrator Luka Kodric, who had access to the exchange wallet. The file came to the victim by email, allegedly on behalf of an employee of the Association for computer science, although in fact, as the investigation showed, the traces of the file lead deep into Tor. Hackers were not limited to just one letter. Skype attacker pretending to be an employee of the Association for computing machinery, convinced that his Frame though to make international honor society, which required some paperwork. Kodric believed.
By installing a Trojan on Kodriс's computer hackers were able to obtain direct access to the hot wallet of the exchange. The logs show that the attacker, under the account of Kodric, gained access to the server LNXSRVBTC, where he kept the wallet file.dat, and the DORNATA server where the password was stored. Then the servers were redirected to a certain IP address that belongs to one of the providers of Germany.
There are still no official reports of arrests in this case. Obviously, the case is complicated by the fact that the hackers are outside the UK, and the investigation has to cooperate with law enforcement agencies in other countries.
2. GateHub $9.5 mln (XRP), June 1th, 2019
Hackers have compromised nearly 100 XRP Ledger wallets on cryptocurrency wallet service GateHub. The incident was reported by GateHub in a preliminary statement on June 6.
XRP enthusiast Thomas Silkjær, who first noticed the suspicious activity, estimates that the hackers have stolen nearly $10 million worth of cryptocurrency (23,200,000 XRP), $5.5 million (13,100,000 XRP) of which has already been laundered through exchanges and mixer services.
GateHub notes that it is still conducting an investigation and therefore cannot publish any official findings. Also, GateHub advises victims to make complaints to the relevant authorities of their jurisdiction.
3. Tether, $30.9 mln (USDT), November 19th, 2017
Tether created a digital currency called "US tokens" (USDT) — they could be used to trade real goods using Bitcoin, Litecoin and Ether. By depositing $1 in Tether, the user received 1 USD, which can be converted back into fiat. On November 19, 2017, the attacker gained access to the main Tether wallet and withdrew $ 30.9 million in tokens. For the transaction, he used a Bitcoin address, which means that it was irreversible.
To fix the situation, Tether took action by which the hacker was unable to withdraw the stolen money to fiat or Bitcoin, but the panic led to a decrease in the value of Bitcoin.
4. Ethereum, $31 mln (ETH), July 20th, 2017
On July 20, 2017, the hacker transferred 153,037 Ethers to $31 million from three very large wallets owned by SwarmCity, Edgeless Casino and Eternity. Unknown fraudster managed to change the ownership of wallets, taking advantage of the vulnerability with multiple signatures.
First, the theft was noticed by the developers of SwarmCity.
Further events deserve a place in history: "white hackers" returned the stolen funds, and then protected other compromised accounts. They acted in the same way as criminals, who stole funds from vulnerable wallets — just not for themselves. And it all happened in less than a day.
5. Dao (Decentralized Autonomous Organization) $70 mln (ETH), June 18th, 2016
On June 18, 2016, members of the Ethereum community noticed that funds were being drained from the DAO and the overall ETH balance of the smart contract was going down. A total of 3.6 million Ether (worth around $70 million at the time) was drained by the hacker in the first few hours. The attack was possible because of an exploit found in the splitting function. The attackes withdrew Ether from the DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to "ask" the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main faults that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call, and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It's important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for the DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the Internet and any application based on Ethereum to a website: if a website is not working, it doesn't mean that the Internet is not working, it simply means that one website has a problem.
The hacker stopped draining the DAO for unknown reasons, even though they could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit. In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and came very close to being introduced. A few hours before it was set to be released, a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from the DAO.
6. NiceHash, 4736.42 (BTC), December 6th, 2017
NiceHash is a Slovenian cryptocurrency hash power broker with integrated marketplace that connects sellers of hashing power (miners) with buyers of hashing power using the sharing economy approach.
On December 6, 2017, the company's servers became the target of attack. At first, Reddit users reported that they could not access their funds and make transactions — when they tried to log in, they were shown a message about a service interruption. In the end, it became known that the service had undergone a major cyberattack and 4736,42 Bitcoins disappeared without a trace.
Despite heavy losses, NiceHash was able to continue working, but CEO and founder Marco Koval resigned, giving way to a new team. The company managed to maintain the trust of investors and began to strengthen the protection of its systems.
7. Mt.Gox, 850000 (BTC), June 19th, 2011
The Hacking Of Mt.Gox was one of the biggest Bitcoin thefts in history. It was the work of highly professional hackers using complex vulnerabilities.
A hacker (or a group of hackers) allegedly gained access to a computer owned by one of the auditors and used a security vulnerability to access Mt.Gox servers, then changed the nominal value of Bitcoin to 1 cent per coin.
Then they brought out about 2000 BTC. Some customers, without knowing it, conducted transactions at this low price, a total of 650 BTC, and despite the fact that the hacking hit the headlines around the world, no Bitcoin could be returned.
To increase investor confidence, the company has compensated all of the stolen coins, placed most of the remaining funds in offline storage, and the next couple of years was considered the most reliable Bitcoin exchanger in the world.
However, it was only an illusion of reliability.
The problems of the organization were much more serious, and the management probably did not even know about them.
CEO of Mt.Gox, Mark Karpeles, was originally a developer, but over time he stopped delving into technical details, basking in the rays of glory — because he created the world's largest platform for cryptocurrency exchange. At that time Mt.Gox handled over 70% of all Bitcoin transactions.
And, of course, there were those who wanted to take advantage of the technological weakness of the service. At some point, hackers made it so that Bitcoins could be bought at any price, and within minutes millions of dollars worth of coins were sold — mostly for pennies. World prices for Bitcoin stabilized in a few minutes, but it was too late.
As a result, Mt.Gox lost about 850,000 Bitcoins. The exchange had to declare bankruptcy, hundreds of thousands of people lost money, and the Japanese authorities arrested CEO Mark Karpeles for fraud. He pleaded not guilty and was subsequently released. In 2014, the authorities restored some of the Bitcoins remaining at the old addresses, but did not transfer them to the exchange, and created a trust to compensate for the losses of creditors.
8. Coincheck, $530 mln, January 26th, 2018
The sum was astonishing, and even surpassed the infamous Mt.Gox hack.
While Mt.Gox shortly filed for bankruptcy following the hack, Coincheck has surprisingly remained in business and was even recently approved as a licensed exchange by Japan’s Financial Services (FSA).
Coincheck was founded in 2014 in Japan and was one of the most popular cryptocurrency exchanges in the country. Offering a wide variety of digital assets including Bitcoin, Ether, LISK, and NEM, Coincheck was an emerging exchange that joined the Japan Blockchain Association.
Since Coincheck was founded it 2014, it was incidentally not subject to new exchange registration requirements with Japan’s FSA — who rolled out a framework after Mt. Gox –, and eventually was a contributing factor to its poor security standards that led to the hack.
On January 26th, 2018, Coincheck posted on their blog detailing that they were restricting NEM deposits and withdrawals, along with most other methods for buying or selling cryptocurrencies on the platform. Speculation arose that the exchange had been hacked, and the NEM developers issued a statement saying they were unaware of any technical glitches in the NEM protocol and any issues were a result of the exchange’s security.
Coincheck subsequently held a high-profile conference where they confirmed that hackers had absconded with 500 million NEM tokens that were then distributed to 19 different addresses on the network. Totaling roughly $530 million at the time — NEM was hovering around $1 then — the Coincheck hack was considered the largest theft in the industry’s history.
Coincheck was compelled to reveal some embarrassing details about their exchange’s security, mentioning how they stored all of the NEM in a single hot wallet and did not use the NEM multisignature contract security recommended by the developers.
Simultaneously, the NEM developers team had tagged all of the NEM stolen in the hack with a message identifying the funds as stolen so that other exchanges would not accept them. However, NEM announced they were ending their hunt for the stolen NEM for unspecified reasons several months later, and speculation persisted that hackers were close to cashing out the stolen funds on the dark web.
Mainstream media covered the hack extensively and compared it to similar failures by cryptocurrency exchanges in the past to meet adequate security standards. At the time, most media coverage of cryptocurrencies was centered on their obscure nature, dramatic volatility, and lack of security. Coincheck’s hack fueled that narrative considerably as the stolen sum was eye-popping and the cryptocurrency used — NEM — was unknown to most in the mainstream.
NEM depreciated rapidly following the hack, and the price fell even more throughout 2018, in line with the extended bear market in the broader industry. Currently, NEM is trading at approximately $0.07, a precipitous fall from ATH over $1.60 in early January.
The extent of the Coincheck hack was rivaled by only a few other hacks, notably the Mt.Gox hack. While nominally Coincheck is the largest hack in the industry’s history, the effects of Mt.Gox were significantly more impactful since the stolen funds consisted only of Bitcoin and caused a sustained market correction as well as an ongoing controversy with the stolen funds and founder. Moreover, Mt.Gox squandered 6% of the overall Bitcoin circulation at the time in a market that was much less mature than it is today.
Despite the fallout, Coincheck is now fully operational and registered with Japan’s FSA.
As practice shows, people make mistakes and these mistakes can cost a lot. Especially, when we talk about mad cryptoworld. Be careful and keep your private keys in a safe place.
submitted by SwapSpace_co to BitcoinMarkets [link] [comments]

Want to start fresh after the crypto crash? Here is a comprehensive guide on how to invest and prosper over the long term.

Well its happened, the crypto market just experienced the worst crash since 2014, the bubble has burst. The idiocy of newbies FOMO-ing into anything with low nominal value lead to endless twitter timelines like this, and now nobody has any idea where the market settles. What do you do now?
In the following weeks it will be a good time to rethink your investment approach and how you arrive at your decisions. Just buying whatever is shilled on Twitter or Reddit and jumping from one crypto to another isn't going to work like it did these last two months.
The good news is that we're finally back closer and closer to our long term moving average which is much more healthy for entrants, the bad news is that the fear might continue compounding if outstanding issues are not dealt with. Tether is the big concern for me personally for reasons I've stated many times, but some relief in the short term may come if the SEC and CFTC meeting on February 6th goes well. Nobody really knows where the bottom is but I think we're now past the "irrational exhuberance" stage and we're entering a period of more serious inspection where cryptos will actually have to prove themselves as useful. I suspect hype artists like CryptoNick and John McAfee will fall out of favor.
But perhaps most importantly use this as a learning experience, don't try to point fingers now. The type of dumb behavior that people were engaging in that was rewarded in a bull market (chasing pumps, going all in on a shillcoin, following hype..etc) could only ever lead to what we are experiencing now. Just like so many people jumped on the crypto bandwagon during the bull run, they will just as quickly jump on whatever bandwagon is to be used to blame for the deflation of the bubble. Nobody who pumped money into garbage without any use case will accept that they themselves with their own investing behavior were the real reason for the gross overvaluation of most cryptocurrencies, and the inevitable crash.
So if you're looking for a fresh start after the massacre (or just want to get in now), here is a guide:

Part A: Making a Investment Strategy

This is your money, put some effort into investing it with an actual strategy. Some simple yet essential advice that should apply to everyone, regardless of individual strategy:
  1. Slow down and research each crypto that you're buying for at least a week.
  2. Don't buy something just because it has risen.
  3. Don't exit a position just because it has declined.
  4. Invest only as much as you can afford to lose.
  5. Prepare enter and exit strategies in advance.
First take some time to think about your ROI target, set your hold periods for each position and how much you are actually ready to risk losing.
ROI targets
A lot of young investors who are in crypto have unrealistic expectations about returns and risk. A lot of them have never invested in any other type of financial asset, and hence many seem to consider a 5-10% ROI in a month to be unexciting.
But its important to temper your hype and realize why we had this exponential growth in the last year and how unlikely it is that we see 10x returns in the next year. What we saw recently was Greater Fool Theory in action. Those unexciting returns of 5-10% a month are much more of the norm, and much more healthy for an alternative investment class.
You can think about setting a target in terms of the market ROI over a relevant holding period and then add or decrease based on your own risk profile.
Example: Calculating a 2 year ROI target
Lets say you want to hold for 2 years now, how could you set a realistic target to strive for? You could look at a historical 2 year return as a base, preferably during a period similar to what we're facing now. Now that we had a major correction, I think we can look at the two year period starting in 2015 after we had the 2014 crash. To calculate a 2 year CAGR starting in 2015:
Year Total Crypto Market Cap
Jan 1, 2015: $5.5 billion
Jan 1, 2017: $18 billion
Compounded annual growth return (CAGR): [(18/5.5)1/2]-1 = 81%
This annual return rate of 81% comes out to about 4.9% compounded monthly. This may not sound exciting to the lambo moon crowd, but it will keep you grounded in reality. You can aim for a higher return (say 2x of that 81% rate) if you choose to take on more risky propositions. I can't tell you what return target you should set for yourself, but just make sure its not depended on you needing to achieve continual near vertical parabolic price action in small cap shillcoins because that isn't sustainable.
Once you have a target you can construct your risk profile (low risk vs. high risk category coins) in your portfolio based on your target.
Risk Management
Everything you buy in crypto is risky, but it still helps to think of these 3 risk categories:
How much risk should you take on? That depends on your own life situation for one, but also it should be proportional to how much expertise you have in both financial analysis and technology.
The general starting point I would recommend is:
Some more core principles on risk management to consider:
You can think of each crypto having a risk factor that is the summation of the general crypto market risk (Rm), but also its own inherent risk specific to its own goals (Ri).
Rt = Rm +Ri
The market risk is something you cannot avoid, it is essentially the risk that is carried by the entire market over things like regulations. What you can minimize though the Ri, the specific risks with your crypto. That will depend on the team composition, geographic risks (for example Chinese coins like NEO carry regulatory risks specific to China), competition within the space and likelihood of adoption and other factors, which I'll describe in Part 2: Crypto Picking Methodology.
Portfolio Allocation
Along with thinking about your portfolio in terms of risk categories described above, I really find it helpful to think about the segments you are in. OnChainFX has some segment categorization but I generally like to bring it down to:
Think about your "Circle of Competence", your body of knowledge that allows you to evaluate an investment. Your ability to properly judge risk and potential is going to largely correlated to your understanding of the subject matter. If you don't know anything about how supply chains functions, how can you competently judge whether VeChain or WaltonChain will achieve adoption? If you don't understand anything about the tech when you read the Cardano paper, are you really able to determine how likely it is to be adopted?
Consider the historic correlations between your holdings. Generally when Bitcoin pumps, altcoins dump but at what rate depends on the coin. When Bitcoin goes sideways we tend to see pumping in altcoins, while when Bitcoin goes down, everything goes down.
You should diversify but really shouldn't be in much more than around 12 cryptos, because you simply don't have enough competency to accurately access the risk across every segment and for every type of crypto you come across. If you have over 20 different cryptos in your portfolio you should probably think about consolidating to a few sectors you understand well.

Part B: Crypto Picking Methodology (Due Dilligence)

Do you struggle on how to fundamentally analyze cryptocurrencies? Here is a 3-step methodology to follow to perform your due dilligence:

Step 1: Filtering and Research

There is so much out there that you can get overwhelmed. The best way to start is to think back to your own portfolio allocation strategy and what you would like to get more off. For example in my view enterprise-focused blockchain solutions will be important in the next few years, and so I look to create a list of various cryptos that are in that segment.
Upfolio has brief descriptions of the top 100 cryptos and is filterable by categories, for example you can click the "Enterprise" category and you have a neat list of VEN, FCT, WTC...etc.
Once you have a list of potential candidates, its time to read about them:
  • Critically evaluate the website. If it's a cocktail of nonsensical buzzwords, if its unprofessional and poorly made, stay away. Always look for a roadmap, compare to what was actually delivered so far. Always check the team, try to find them on LinkedIn and what they did in the past.
  • Read the whitepaper or business development plan. You should fully understand how this crypto functions and how its trying to create value. If there is no use case or if the use case does not require or benefit from a blockchain, move on.
  • Check the blockchain explorer. How is the token distribution across accounts? Are the big accounts selling? Try to figure out who the whales are (not always easy!) and what the foundation/founder account is based on the initial allocation.
  • Look at the Github repos, does it look empty or is there plenty of activity?
  • Search out the subreddit and look at a few Medium or Steem blogs about the coin. How "shilly" is the community, and how much engagement is there between developer and the community?
  • I would also go through the BitcoinTalk thread and Twitter mentions, judge both the length and quality of the discussion.
You can actually filter out a lot of scams and bad investments by simply keeping your eye out on the following red flags:
  • allocations that give way too much to the founder
  • guaranteed promises of returns (Bitcooonnneeeect!)
  • vague whitepapers filled with buzzwords
  • vague timelines and no clear use case
  • Github with no useful code and sparse activity
  • a team that is difficult to find information on

Step 2: Passing a potential pick through a checklist

Once you feel fairly confident that a pick is worth analyzing further, run them through a standardized checklist of questions. This is one I use, you can add other questions yourself:
Crypto Analysis Checklist
What is the problem or transactional inefficiency the coin is trying to solve?
What is the Dev Team like? What is their track record? How are they funded, organized?
How big is the market they're targeting?
Who is their competition and what does it do better?
What is the roadmap they created and how well have they kept to it?
What current product exists?
How does the token/coin actually derive value for the holder? Is there a staking mechanism or is it transactional?
Is there any new tech, and is it informational or governance based?
Can it be easily copied?
What are the weaknesses or problems with this crypto?
The last question is the most important.
This is where the riskiness of your crypto is evaluated, the Ri I talked about above. Here you should be able to accurate place the crypto into one of the three risk categories. I also like to run through this checklist of blockchain benefits and consider which specific properties of the blockchain are being used by the specific crypto to provide some increased utility over the current transactional method:
Benefits of Cryptocurrency
Decentralization - no need for a third party to agree or validate transactions.
Transparency and trust - As blockchain are shared, everyone can see what transactions occur. Useful for something like an online casino.
Immutability - It is extremely difficult to change a transaction once its been put onto a blockchain
Distributed availability - The system is spread on thousands of nodes on a P2P network, so its difficult to take the system down.
Security - cryptographically secured transactions provide integrity
Simplification and consolidation - a blockchain can serve as a shared ledger in industries where multiple entities previously kept their own data sources
Quicker Settlement - In the financial industry when we're dealing with post-trade settlement, a blockchain can drastically increase the speed of verification
Cost - in some cases avoiding a third party verification would drastically reduce costs.

Step 3: Create a valuation model

You don't need to get into full modeling or have a financial background. Even a simple model that just tries to derive a valuation through relative terms will put you above most crypto investors. Some simple valuation methods that anyone can do:
Probablistic Scenario Valuation
This is all about thinking of scenarios and probability, a helpful exercise in itself. For example: Bill Miller, a prominent value investor, wrote a probabilistic valuation case for Bitcoin in 2015. He looked at two possible scenarios for probabalistic valuation:
  1. becoming a store-of-value equal to gold (a $6.4 trillion value), with a .25% probability of occurring
  2. replacing payment processors like VISA, MasterCard, etc. (a $350 million dollar value) with a 2.5% probability
Combining those scenarios would give you the total expected market cap: (0.25% x 6.4 trillion) + (2.5% x 350 million). Divide this by the outstanding supply and you have your valuation.
Metcalfe's Law
Metcalfe's Law which states that the value of a network is proportional to the square of the number of connected users of the system (n2). So you can compare various currencies based on their market cap and square of active users or traffic. We can alter this to crypto by thinking about it in terms of both users and transactions:
For example, compare the Coinbase pairs:
Metric Bitoin Ethereum Litecoin
Market Cap $152 Billion $93 Billion $7.3 Billion
Daily Transactions (last 24hrs) 249,851 1,051,427 70,397
Active Addresses (Peak 1Yr) 1,132,000 1,035,000 514,000
Metcalfe Ratio (Transactions Based) 2.43 0.08 1.47
Metcalfe Ratio (Address Based) 0.12 0.09 0.03
Generally the higher the ratio, the higher the valuation given for each address/transaction.
Market Cap to Industry comparisons
Another easy one is simply looking at the total market for the industry that the coin is supposedly targeting and comparing it to the market cap of the coin. Think of the market cap not only with circulating supply like its shown on CMC but including total supply. For example the total supply for Dentacoin is 1,841,395,638,392, and when multiplied by its price in early January we get a market cap that is actually higher than the entire industry it aims to disrupt: Dentistry.
More complex valuation models
If you would like to get into more fleshed out models with Excel, I highly recommend Chris Burniske's blog about using Quantity Theory of Money to build an equivalent of a DCF analysis for crypto.
Here is an Excel file example of OMG done by Nodar Janashia using Chris' model .
You should create multiple scenarios with multiple assumptions, both positive and negative. Have a base scenario and then moderately optimistic/pessimistic and highly optimistic/pessimistic scenario.
Personally I like to see at least a 50% upward potential before investing from my moderately pessimistic scenario, but you can set your own safety margin.
The real beneficial thing about modelling isn't even the price or valuation comparisons it spits out, but that it forces you to think about why the coin has value and what your own assumption about the future are. For example the discount rate you apply to the net present utility formula drastically affects the valuation, and it reflects your own assumptions of how risky the crypto is. What exactly would be a reasonable discount rate? What about the digital economy you are assuming for the coin, what levers affects its size and adoption and how likely are your assumptions to come true? You'll be a drastically more intelligent investor if you think about the fundamental variables that give your coin the market cap you think it should hold.

Summing it up

The time for lambo psychosis is over. But that's no reason to feel down, this is a new day and what many were waiting for. I've put together in one place here how to construct a portfolio allocation (taking into consideration risk and return targets), and how to go through a systematic crypto picking method. I'm won't tell you what to buy, you should always decide that for yourself and DYOR. But as long as you follow a rational and thorough methodology (feel free to modify anything I said above to suit your own needs) you will feel pretty good about your investments, even in times like these.
Edit: Also get a crypto prediction ferret. You won't regret it.
submitted by arsonbunny to CryptoCurrency [link] [comments]

The biggest cryptocurrency thefts in the last 10 years

In this article, we will try to remember all the major theft of cryptocurrencies over the past 10 years.
1. Bitstamp $5.3 mln (BTC), January 4th, 2015
On January 4, 2015, the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker and 19,000 Bitcoins (worth of $5 million) were lost.
The initiation of the attack fell on November 4, 2014. Then Damian Merlak, the CTO of the exchange, was offered free tickets to punk rock festival Punk Rock Holiday 2015 via Skype, knowing that Merlak is interested in such music and he plays in the band. To receive the tickets, he was asked to fill out a participant questionnaire by sending a file named “Punk Rock Holiday 2015 TICKET Form1.doc”. This file contained the VBA script. By opening the file, he downloaded the malware on his computer. Although Merlak did not suspect wrong and has opened the "application form", to any critical consequences, this did not open access to the funds of exchange.
The attackers, however, did not give up. The attack continued for five weeks, during which hackers presented themselves as journalists, then headhunters.
Finally, the attackers were lucky. On December 11, 2014, the infected word document was opened on his machine by Bitstamp system administrator Luka Kodric, who had access to the exchange wallet. The file came to the victim by email, allegedly on behalf of an employee of the Association for computer science, although in fact, as the investigation showed, the traces of the file lead deep into Tor. Hackers were not limited to just one letter. Skype attacker pretending to be an employee of the Association for computing machinery, convinced that his Frame though to make international honor society, which required some paperwork. Kodric believed.
By installing a Trojan on Kodriс's computer hackers were able to obtain direct access to the hot wallet of the exchange. The logs show that the attacker, under the account of Kodric, gained access to the server LNXSRVBTC, where he kept the wallet file.dat, and the DORNATA server where the password was stored. Then the servers were redirected to a certain IP address that belongs to one of the providers of Germany.
There are still no official reports of arrests in this case. Obviously, the case is complicated by the fact that the hackers are outside the UK, and the investigation has to cooperate with law enforcement agencies in other countries.
2. GateHub $9.5 mln (XRP), June 1th, 2019
Hackers have compromised nearly 100 XRP Ledger wallets on cryptocurrency wallet service GateHub. The incident was reported by GateHub in a preliminary statement on June 6.
XRP enthusiast Thomas Silkjær, who first noticed the suspicious activity, estimates that the hackers have stolen nearly $10 million worth of cryptocurrency (23,200,000 XRP), $5.5 million (13,100,000 XRP) of which has already been laundered through exchanges and mixer services.
GateHub notes that it is still conducting an investigation and therefore cannot publish any official findings. Also, GateHub advises victims to make complaints to the relevant authorities of their jurisdiction.
3. Tether, $30.9 mln (USDT), November 19th, 2017
Tether created a digital currency called "US tokens" (USDT) — they could be used to trade real goods using Bitcoin, Litecoin and Ether. By depositing $1 in Tether, the user received 1 USD, which can be converted back into fiat. On November 19, 2017, the attacker gained access to the main Tether wallet and withdrew $ 30.9 million in tokens. For the transaction, he used a Bitcoin address, which means that it was irreversible.
To fix the situation, Tether took action by which the hacker was unable to withdraw the stolen money to fiat or Bitcoin, but the panic led to a decrease in the value of Bitcoin.
4. Ethereum, $31 mln (ETH), July 20th, 2017
On July 20, 2017, the hacker transferred 153,037 Ethers to $31 million from three very large wallets owned by SwarmCity, Edgeless Casino and Eternity. Unknown fraudster managed to change the ownership of wallets, taking advantage of the vulnerability with multiple signatures.
First, the theft was noticed by the developers of SwarmCity.
Further events deserve a place in history: "white hackers" returned the stolen funds, and then protected other compromised accounts. They acted in the same way as criminals, who stole funds from vulnerable wallets — just not for themselves. And it all happened in less than a day.
5. Dao (Decentralized Autonomous Organization) $70 mln (ETH), June 18th, 2016
On June 18, 2016, members of the Ethereum community noticed that funds were being drained from the DAO and the overall ETH balance of the smart contract was going down. A total of 3.6 million Ether (worth around $70 million at the time) was drained by the hacker in the first few hours. The attack was possible because of an exploit found in the splitting function. The attackes withdrew Ether from the DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to "ask" the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main faults that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call, and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It's important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for the DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the Internet and any application based on Ethereum to a website: if a website is not working, it doesn't mean that the Internet is not working, it simply means that one website has a problem.
The hacker stopped draining the DAO for unknown reasons, even though they could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit. In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and came very close to being introduced. A few hours before it was set to be released, a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from the DAO.
6. NiceHash, 4736.42 (BTC), December 6th, 2017
NiceHash is a Slovenian cryptocurrency hash power broker with integrated marketplace that connects sellers of hashing power (miners) with buyers of hashing power using the sharing economy approach.
On December 6, 2017, the company's servers became the target of attack. At first, Reddit users reported that they could not access their funds and make transactions — when they tried to log in, they were shown a message about a service interruption. In the end, it became known that the service had undergone a major cyberattack and 4736,42 Bitcoins disappeared without a trace.
Despite heavy losses, NiceHash was able to continue working, but CEO and founder Marco Koval resigned, giving way to a new team. The company managed to maintain the trust of investors and began to strengthen the protection of its systems.
7. Mt.Gox, 850000 (BTC), June 19th, 2011
The Hacking Of Mt.Gox was one of the biggest Bitcoin thefts in history. It was the work of highly professional hackers using complex vulnerabilities.
A hacker (or a group of hackers) allegedly gained access to a computer owned by one of the auditors and used a security vulnerability to access Mt.Gox servers, then changed the nominal value of Bitcoin to 1 cent per coin.
Then they brought out about 2000 BTC. Some customers, without knowing it, conducted transactions at this low price, a total of 650 BTC, and despite the fact that the hacking hit the headlines around the world, no Bitcoin could be returned.
To increase investor confidence, the company has compensated all of the stolen coins, placed most of the remaining funds in offline storage, and the next couple of years was considered the most reliable Bitcoin exchanger in the world.
However, it was only an illusion of reliability.
The problems of the organization were much more serious, and the management probably did not even know about them.
CEO of Mt.Gox, Mark Karpeles, was originally a developer, but over time he stopped delving into technical details, basking in the rays of glory — because he created the world's largest platform for cryptocurrency exchange. At that time Mt.Gox handled over 70% of all Bitcoin transactions.
And, of course, there were those who wanted to take advantage of the technological weakness of the service. At some point, hackers made it so that Bitcoins could be bought at any price, and within minutes millions of dollars worth of coins were sold — mostly for pennies. World prices for Bitcoin stabilized in a few minutes, but it was too late.
As a result, Mt.Gox lost about 850,000 Bitcoins. The exchange had to declare bankruptcy, hundreds of thousands of people lost money, and the Japanese authorities arrested CEO Mark Karpeles for fraud. He pleaded not guilty and was subsequently released. In 2014, the authorities restored some of the Bitcoins remaining at the old addresses, but did not transfer them to the exchange, and created a trust to compensate for the losses of creditors.
8. Coincheck, $530 mln, January 26th, 2018
The sum was astonishing, and even surpassed the infamous Mt.Gox hack.
While Mt.Gox shortly filed for bankruptcy following the hack, Coincheck has surprisingly remained in business and was even recently approved as a licensed exchange by Japan’s Financial Services (FSA).
Coincheck was founded in 2014 in Japan and was one of the most popular cryptocurrency exchanges in the country. Offering a wide variety of digital assets including Bitcoin, Ether, LISK, and NEM, Coincheck was an emerging exchange that joined the Japan Blockchain Association.
Since Coincheck was founded it 2014, it was incidentally not subject to new exchange registration requirements with Japan’s FSA — who rolled out a framework after Mt. Gox –, and eventually was a contributing factor to its poor security standards that led to the hack.
On January 26th, 2018, Coincheck posted on their blog detailing that they were restricting NEM deposits and withdrawals, along with most other methods for buying or selling cryptocurrencies on the platform. Speculation arose that the exchange had been hacked, and the NEM developers issued a statement saying they were unaware of any technical glitches in the NEM protocol and any issues were a result of the exchange’s security.
Coincheck subsequently held a high-profile conference where they confirmed that hackers had absconded with 500 million NEM tokens that were then distributed to 19 different addresses on the network. Totaling roughly $530 million at the time — NEM was hovering around $1 then — the Coincheck hack was considered the largest theft in the industry’s history.
Coincheck was compelled to reveal some embarrassing details about their exchange’s security, mentioning how they stored all of the NEM in a single hot wallet and did not use the NEM multisignature contract security recommended by the developers.
Simultaneously, the NEM developers team had tagged all of the NEM stolen in the hack with a message identifying the funds as stolen so that other exchanges would not accept them. However, NEM announced they were ending their hunt for the stolen NEM for unspecified reasons several months later, and speculation persisted that hackers were close to cashing out the stolen funds on the dark web.
Mainstream media covered the hack extensively and compared it to similar failures by cryptocurrency exchanges in the past to meet adequate security standards. At the time, most media coverage of cryptocurrencies was centered on their obscure nature, dramatic volatility, and lack of security. Coincheck’s hack fueled that narrative considerably as the stolen sum was eye-popping and the cryptocurrency used — NEM — was unknown to most in the mainstream.
NEM depreciated rapidly following the hack, and the price fell even more throughout 2018, in line with the extended bear market in the broader industry. Currently, NEM is trading at approximately $0.07, a precipitous fall from ATH over $1.60 in early January.
The extent of the Coincheck hack was rivaled by only a few other hacks, notably the Mt.Gox hack. While nominally Coincheck is the largest hack in the industry’s history, the effects of Mt.Gox were significantly more impactful since the stolen funds consisted only of Bitcoin and caused a sustained market correction as well as an ongoing controversy with the stolen funds and founder. Moreover, Mt.Gox squandered 6% of the overall Bitcoin circulation at the time in a market that was much less mature than it is today.
Despite the fallout, Coincheck is now fully operational and registered with Japan’s FSA.
As practice shows, people make mistakes and these mistakes can cost a lot. Especially, when we talk about mad cryptoworld. Be careful and keep your private keys in a safe place.
submitted by SwapSpace_co to ethtrader [link] [comments]

batching in Bitcoin

On May 6th, 2017, Bitcoin hit an all-time high in transactions processed on the network in a single day: it moved 375,000 transactions which accounted for a nominal output of about $2.5b. Average fees on the Bitcoin network had climbed over a dollar for the first time a couple days prior. And they kept climbing: by early June average fees hit an eye-watering $5.66. This was quite unprecedented. In the three-year period from Jan. 1 2014 to Jan. 1 2017, per-transaction fees had never exceeded 31 cents on a weekly average. And the hits kept coming. Before 2017 was over, average fees would top out at $48 on a weekly basis. When the crypto-recession set in, transaction count collapsed and fees crept back below $1.
During the most feverish days of the Bitcoin run-up, when normal users found themselves with balances that would cost more to send than they were worth, cries for batching — the aggregation of many outputs into a single transaction — grew louder than ever. David Harding had written a blog post on the cost-savings of batching at the end of August and it was reposted to the Bitcoin subreddit on a daily basis.
The idea was simple: for entities sending many transactions at once, clustering outputs into a single transaction was more space- (and cost-) efficient, because each transaction has a fixed data overhead. David found that if you combined 10 payments into one transaction, rather than sending them individually, you could save 75% of the block space. Essentially, batching is one way to pack as many transactions as possible into the finite block space available on Bitcoin.
When fees started climbing in mid-2017, users began to scrutinize the behavior of heavy users of the Bitcoin blockchain, to determine whether they were using block space efficiently. By and large, they were not — and an informal lobbying campaign began, in which these major users — principally exchanges — were asked to start batching transactions and be good stewards of the scarce block space at their disposal. Some exchanges had been batching for years, others relented and implemented it. The question faded from view after Bitcoin’s price collapsed in Q1 2018 from roughly $19,000 to $6000, and transaction load — and hence average fee — dropped off.
But we remained curious. A common refrain, during the collapse in on-chain usage, was that transaction count was an obfuscated method of apprehending actual usage. The idea was that transactions could encode an arbitrarily large (within reason) number of payments, and so if batching had become more and more prevalent, those payments were still occurring, just under a regime of fewer transactions.

“hmmm”
Some sites popped up to report outputs and payments per day rather than transactions, seemingly bristling at the coverage of declining transaction count. However, no one conducted an analysis of the changing relationship between transaction count and outputs or payments. We took it upon ourselves to find out.
Table Of Contents:
Introduction to batching
A timeline
Analysis
Conclusion
Bonus content: UTXO consolidation
  1. Introduction to batching
Bitcoin uses a UTXO model, which stands for Unspent Transaction Output. In comparison, Ripple and Ethereum use an account/balance model. In bitcoin, a user has no balances, only UTXOs that they control. If they want to transfer money to someone else, their wallet selects one or more UTXOs as inputs that in sum need to add up to the amount they want to transfer. The desired amount then goes to the recipient, which is called the output, and the difference goes back to the sender, which is called change output. Each output can carry a virtually unlimited amount of value in the form of satoshis. A satoshi is a unit representing a one-hundred-millionth of a Bitcoin. This is very similar to a physical wallet full of different denominations of bills. If you’re buying a snack for $2.50 and only have a $5, you don’t hand the cashier half of your 5 dollar bill — you give him the 5 and receive some change instead.
Unknown to some, there is no hardcoded limit to the number of transactions that can fit in a block. Instead, each transaction has a certain size in megabytes and constitutes an economic incentive for miners to include it in their block. Because miners have limited space of 2 MB to sell to transactors, larger transactions (in size, not bitcoin!) will need to pay higher fees to be included. Additionally, each transaction can have a virtually unlimited number of inputs or outputs — the record stands at transactions with 20,000 inputs and 13,107 outputs.
So each transaction has at least one input and at one output, but often more, as well as some additional boilerplate stuff. Most of that space is taken up by the input (often 60% or more, because of the signature that proves they really belong to the sender), while the output(s) account for 15–30%. In order to keep transactions as small as possible and save fees, Bitcoin users have two major choices:
Use as few inputs as possible. In order to minimize inputs, you can periodically send your smaller UTXOs to yourself in times when fees are very low, getting one large UTXO back. That is called UTXO consolidation or consolidating your inputs.
Users who frequently make transfers (especially within the same block) can include an almost unlimited amount of outputs (to different people!) in the same transaction. That is called transaction batching. A typical single output transaction takes up 230 bytes, while a two output transaction only takes up 260 bytes, instead of 460 if you were to send them individually.
This is something that many casual commentators overlook when comparing Bitcoin with other payment systems — a Bitcoin transaction can aggregate thousands of individual economic transfers! It’s important to recognize this, as it is the source of a great deal of misunderstanding and mistaken analysis.
We’ve never encountered a common definition of a batched transaction — so for the purposes of this study we define it in the loosest possible sense: a transaction with three or more outputs. Commonly, batching is understood as an activity undertaken primarily by mining pools or exchanges who can trade off immediacy for efficiency. It is rare that a normal bitcoin user would have cause to batch, and indeed most wallets make it difficult to impossible to construct batched transactions. For everyday purposes, normal bitcoiners will likely not go to the additional effort of batching transactions.
We set the threshold at three for simplicity’s sake — a normal unbatched transaction will have one transactional output and one change output — but the typical major batched transaction from an exchange will have dozens if not hundreds of outputs. For this reason we are careful to provide data on various different batch sizes, so we could determine the prevalence of three-output transactions and colossal, 100-output ones.
We find it helpful to think of a Bitcoin transaction as a mail truck full of boxes. Each truck (transaction) contains boxes (outputs), each of contains some number of letters (satoshis). So when you’re looking at transaction count as a measure of the performance and economic throughput of the Bitcoin network, it’s a bit like counting mail trucks to discern how many letters are being sent on a given day, even though the number of letters can vary wildly. The truck analogy also makes it clear why many see Bitcoin as a settlement layer in the future — just as mail trucks aren’t dispatched until they’re full, some envision that the same will ultimately be the case for Bitcoin.

Batching
  1. A timeline
So what actually happened in the last six months? Let’s look at some data. Daily transactions on the Bitcoin network rose steadily until about May 2017, when average fees hit about $4. This precipitated the first collapse in usage. Then began a series of feedback loops over the next six months in which transaction load grew, fees grew to match, and transactions dropped off. This cycle repeated itself five times over the latter half of 2017.

more like this on coinmetrics.io
The solid red line in the above chart is fees in BTC terms (not USD) and the shaded red area is daily transaction count. You can see the cycle of transaction load precipitating higher fees which in turn cause a reduction in usage. It repeats itself five or six times before the detente in spring 2018. The most notable period was the December-January fee crisis, but fees were actually fairly typical in BTC terms — the rising BTC price in USD however meant that USD fees hit extreme figures.
In mid-November when fees hit double digits in USD terms, users began a concerted campaign to convince exchanges to be better stewards of block space. Both Segwit and batching were held up as meaningful approaches to maximize the compression of Bitcoin transactions into the finite block space available. Data on when exchanges began batching is sparse, but we collected information where it was available into a chart summarizing when exchanges began batching.

Batching adoption at selected exchanges
We’re ignoring Segwit adoption by exchanges in this analysis; as far as batching is concerned, the campaign to get exchanges to batch appears to have persuaded Bitfinex, Binance, and Shapeshift to batch. Coinbase/GDAX have stated their intention to begin batching, although they haven’t managed to integrate it yet. As far as we can tell, Gemini hasn’t mentioned batching, although we have some mixed evidence that they may have begun recently. If you know about the status of batching on Gemini or other major exchanges please get in touch.
So some exchanges have been batching all along, and some have never bothered at all. Did the subset of exchanges who flipped the switch materially affect the prevalence of batched transactions? Let’s find out.
  1. Analysis
3.1 How common is batching?
We measured the prevalence of batching in three different ways, by transaction count, by output value and by output count.

The tl;dr.
Batching accounts for roughly 12% of all transactions, 40% of all outputs, and 30–60% of all raw BTC output value. Not bad.
3.2 Have batched transactions become more common over time?
From the chart in 3.1, we can already see a small, but steady uptrend in all three metrics, but we want to dig a little deeper. So we first looked at the relationship of payments (all outputs that actually pay someone, so total outputs minus change outputs) and transactions.

More at transactionfee.info/charts
The first thing that becomes obvious is that the popular narrative — that the drop in transactions was caused by an increase in batching — is not the case; payments dropped by roughly the same proportion as well.
Dividing payment count by transaction count gives us some insight into the relationship between the two.

In our analysis we want to zoom into the time frame between November 2017 and today, and we can see that payments per transactions have actually been rallying, from 1.5 payments per transaction in early 2017 to almost two today.
3.3 What are popular batch sizes?
In this next part, we will look at batch sizes to see which are most popular. To determine which transactions were batched, we downloaded a dataset of all transactions on the Bitcoin network between November 2017 and May 2018from Blockchair.
We picked that period because the fee crisis really got started in mid-November, and with it, the demands for exchanges to batch. So we wanted to capture the effect of exchanges starting to batch. Naturally a bigger sample would have been more instructive, but we were constrained in our resources, so we began with the six month sample.
We grouped transactions into “batched” and “unbatched” groups with batched transactions being those with three or more outputs.

We then divided batched transactions into roughly equal groups on the basis of how much total output in BTC they had accounted for in the six-month period. We didn’t select the batch sizes manually — we picked batch sizes that would split the sample into equal parts on the basis of transaction value. Here’s what we ended up with:

All of the batch buckets have just about the same fraction of total BTC output over the period, but they account for radically different transaction and output counts over the period. Notice that there were only 183,108 “extra large” batches (with 41 or more outputs) in the six-month period, but between them there were 23m outputs and 30m BTC worth of value transmitted.
Note that output value in this context refers to the raw or unadjusted figure — it would have been prohibitively difficult for us to adjust output for change or mixers, so we’re using the “naive” estimate.
Let’s look at how many transactions various batch sizes accounted for in the sample period:


Batched transactions steadily increased relative to unbatched ones, although the biggest fraction is the small batch with between 3 and 5 outputs. The story for output counts is a bit more illuminating. Even though batched transactions are a relatively small fraction of overall transaction count, they contain a meaningful number of overall outputs. Let’s see how it breaks down:


Lastly, let’s look at output value. Here we see that batched transactions represent a significant fraction of value transmitted on Bitcoin.


As we can see, even though batched transactions make up an average of only 12% of all transactions, they move between 30%-60% of all Bitcoins, at peak times even 70%. We think this is quite remarkable. Keep in mind, however that the ‘total output’ figure has not been altered to account for change outputs, mixers, or self-churn; that is, it is the raw and unadjusted figure. The total output value is therefore not an ideal approximation of economic volume on the Bitcoin network.
3.4 Has transaction count become an unreliable measure of Bitcoin’s usage because of batching?
Yes. We strongly encourage any analysts, investors, journalists, and developers to look past mere transaction count from now on. The default measure of Bitcoin’s performance should be “payments per day” rather than transaction count. This also makes Bitcoin more comparable with other UTXO chains. They generally have significantly variable payments-per-transaction ratios, so just using payments standardizes that. (Stay tuned: Coinmetrics will be rolling out tools to facilitate this very soon.)
More generally, we think that the economic value transmitted on the network is its most fundamental characteristic. Both the naive and the adjusted figures deserve to be considered. Adjusting raw output value is still more art than science, and best practices are still being developed. Again, Coinmetrics is actively developing open-source tools to make these adjustments available.
  1. Conclusion
We started by revisiting the past year in Bitcoin and showed that while the mempool was congested, the community started looking for ways to use the blockspace more efficiently. Attention quickly fell on batching, the practice of combining multiple outputs into a single transaction, for heavy users. We showed how batching works on a technical level and when different exchanges started implementing the technique.
Today, around 12% of all transactions on the Bitcoin network are batched, and these account for about 40% of all outputs and between 30–60% of all transactional value. The fact such that a small set of transactions carries so much economic weight makes us hopeful that Bitcoin still has a lot of room to scale on the base layer, especially if usage trends continue.
Lastly, it’s worth noting that the increase in batching on the Bitcoin network may not be entirely due to deliberate action by exchanges, but rather a function of its recessionary behavior in the last few months. Since batching is generally done by large industrial players like exchanges, mixers, payment processors, and mining pools, and unbatched transactions are generally made by normal individuals, the batched/unbatched ratio is also a strong proxy for how much average users are using Bitcoin. Since the collapse in price, it is quite possible that individual usage of Bitcoin decreased while “industrial” usage remained strong. This is speculation, but one explanation for what happened.
Alternatively, the industrial players appear to be taking their role as stewards of the scarce block space more seriously. This is a significant boon to the network, and a nontrivial development in its history. If a culture of parsimony can be encouraged, Bitcoin will be able to compress more data into its block space and everyday users will continue to be able to run nodes for the foreseeable future. We view this as a very positive development. Members of the Bitcoin community that lobbied exchanges to add support for Segwit and batching should be proud of themselves.
  1. Bonus content: UTXO consolidation
Remember that we said that a second way to systematically save transaction fees in the Bitcoin network was to consolidate your UTXOs when fees were low? Looking at the relationship between input count and output count allows us to spot such consolidation phases quite well.

Typically, inputs and outputs move together. When the network is stressed, they decouple. If you look at the above chart carefully, you’ll notice that when transactions are elevated (and block space is at a premium), outputs outpace inputs — look at the gaps in May and December 2017. However, prolonged activity always results in fragmented UTXO sets and wallets full of dust, which need to be consolidated. For this, users often wait until pressure on the network has decreased and fees are lower. Thus, after transactions decrease, inputs become more common than outputs. You can see this clearly in February/March 2017.

Here we’ve taken the ratio of inputs to outputs (which have been smoothed on a trailing 7 day basis). When the ratio is higher, there are more inputs than outputs on that day, and vice versa. You can clearly see the spam attack in summer 2015 in which thousands (possibly millions) of outputs were created and then consolidated. Once the ratio spikes upwards, that’s consolidation. The spike in February 2018 after the six weeks of high fees in December 2017 was the most pronounced sigh of relief in Bitcoin’s history; the largest ever departure from the in/out ratio norm. There were a huge number of UTXOs to be consolidated.
It’s also interesting to note where inputs and outputs cluster. Here we have histograms of transactions with large numbers of inputs or outputs. Unsurprisingly, round numbers are common which shows that exchanges don’t publish a transaction every, say, two minutes, but instead wait for 100 or 200 outputs to queue up and then publish their transaction. Curiously, 200-input transactions were more popular than 100-input transactions in the period.


We ran into more curiosities when researching this piece, but we’ll leave those for another time.
Future work on batching might focus on:
Determining batched transactions as a portion of (adjusted) economic rather than raw volume
Looking at the behavior of specific exchanges with regards to batching
Investigating how much space and fees could be saved if major exchanges were batching transactions
Lastly, we encourage everyone to run their transactions through the service at transactionfee.info to assess the efficiency of their transactions and determine whether exchanges are being good stewards of the block space.
Update 31.05.2018
Antoine Le Calvez has created a series of live-updated charts to track batching and batch sizes, which you can find here.
We’d like to thank 0xB10C for their generous assistance with datasets and advice, the people at Blockchair for providing the core datasets, and David A. Harding for writing the initial piece and answering our questions.
submitted by miguelfranco1412 to 800cc [link] [comments]

The biggest cryptocurrency thefts in the last 10 years

In this article, we will try to remember all the major theft of cryptocurrencies over the past 10 years.
1. Bitstamp $5.3 mln (BTC), January 4th, 2015
On January 4, 2015, the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker and 19,000 Bitcoins (worth of $5 million) were lost.
The initiation of the attack fell on November 4, 2014. Then Damian Merlak, the CTO of the exchange, was offered free tickets to punk rock festival Punk Rock Holiday 2015 via Skype, knowing that Merlak is interested in such music and he plays in the band. To receive the tickets, he was asked to fill out a participant questionnaire by sending a file named “Punk Rock Holiday 2015 TICKET Form1.doc”. This file contained the VBA script. By opening the file, he downloaded the malware on his computer. Although Merlak did not suspect wrong and has opened the "application form", to any critical consequences, this did not open access to the funds of exchange.
The attackers, however, did not give up. The attack continued for five weeks, during which hackers presented themselves as journalists, then headhunters.
Finally, the attackers were lucky. On December 11, 2014, the infected word document was opened on his machine by Bitstamp system administrator Luka Kodric, who had access to the exchange wallet. The file came to the victim by email, allegedly on behalf of an employee of the Association for computer science, although in fact, as the investigation showed, the traces of the file lead deep into Tor. Hackers were not limited to just one letter. Skype attacker pretending to be an employee of the Association for computing machinery, convinced that his Frame though to make international honor society, which required some paperwork. Kodric believed.
By installing a Trojan on Kodriс's computer hackers were able to obtain direct access to the hot wallet of the exchange. The logs show that the attacker, under the account of Kodric, gained access to the server LNXSRVBTC, where he kept the wallet file.dat, and the DORNATA server where the password was stored. Then the servers were redirected to a certain IP address that belongs to one of the providers of Germany.
There are still no official reports of arrests in this case. Obviously, the case is complicated by the fact that the hackers are outside the UK, and the investigation has to cooperate with law enforcement agencies in other countries.
2. GateHub $9.5 mln (XRP), June 1th, 2019
Hackers have compromised nearly 100 XRP Ledger wallets on cryptocurrency wallet service GateHub. The incident was reported by GateHub in a preliminary statement on June 6.
XRP enthusiast Thomas Silkjær, who first noticed the suspicious activity, estimates that the hackers have stolen nearly $10 million worth of cryptocurrency (23,200,000 XRP), $5.5 million (13,100,000 XRP) of which has already been laundered through exchanges and mixer services.
GateHub notes that it is still conducting an investigation and therefore cannot publish any official findings. Also, GateHub advises victims to make complaints to the relevant authorities of their jurisdiction.
3. Tether, $30.9 mln (USDT), November 19th, 2017
Tether created a digital currency called "US tokens" (USDT) — they could be used to trade real goods using Bitcoin, Litecoin and Ether. By depositing $1 in Tether, the user received 1 USD, which can be converted back into fiat. On November 19, 2017, the attacker gained access to the main Tether wallet and withdrew $ 30.9 million in tokens. For the transaction, he used a Bitcoin address, which means that it was irreversible.
To fix the situation, Tether took action by which the hacker was unable to withdraw the stolen money to fiat or Bitcoin, but the panic led to a decrease in the value of Bitcoin.
4. Ethereum, $31 mln (ETH), July 20th, 2017
On July 20, 2017, the hacker transferred 153,037 Ethers to $31 million from three very large wallets owned by SwarmCity, Edgeless Casino and Eternity. Unknown fraudster managed to change the ownership of wallets, taking advantage of the vulnerability with multiple signatures.
First, the theft was noticed by the developers of SwarmCity.
Further events deserve a place in history: "white hackers" returned the stolen funds, and then protected other compromised accounts. They acted in the same way as criminals, who stole funds from vulnerable wallets — just not for themselves. And it all happened in less than a day.
5. Dao (Decentralized Autonomous Organization) $70 mln (ETH), June 18th, 2016
On June 18, 2016, members of the Ethereum community noticed that funds were being drained from the DAO and the overall ETH balance of the smart contract was going down. A total of 3.6 million Ether (worth around $70 million at the time) was drained by the hacker in the first few hours. The attack was possible because of an exploit found in the splitting function. The attackes withdrew Ether from the DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to "ask" the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main faults that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call, and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It's important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for the DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the Internet and any application based on Ethereum to a website: if a website is not working, it doesn't mean that the Internet is not working, it simply means that one website has a problem.
The hacker stopped draining the DAO for unknown reasons, even though they could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit. In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and came very close to being introduced. A few hours before it was set to be released, a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from the DAO.
6. NiceHash, 4736.42 (BTC), December 6th, 2017
NiceHash is a Slovenian cryptocurrency hash power broker with integrated marketplace that connects sellers of hashing power (miners) with buyers of hashing power using the sharing economy approach.
On December 6, 2017, the company's servers became the target of attack. At first, Reddit users reported that they could not access their funds and make transactions — when they tried to log in, they were shown a message about a service interruption. In the end, it became known that the service had undergone a major cyberattack and 4736,42 Bitcoins disappeared without a trace.
Despite heavy losses, NiceHash was able to continue working, but CEO and founder Marco Koval resigned, giving way to a new team. The company managed to maintain the trust of investors and began to strengthen the protection of its systems.
7. Mt.Gox, 850000 (BTC), June 19th, 2011
The Hacking Of Mt.Gox was one of the biggest Bitcoin thefts in history. It was the work of highly professional hackers using complex vulnerabilities.
A hacker (or a group of hackers) allegedly gained access to a computer owned by one of the auditors and used a security vulnerability to access Mt.Gox servers, then changed the nominal value of Bitcoin to 1 cent per coin.
Then they brought out about 2000 BTC. Some customers, without knowing it, conducted transactions at this low price, a total of 650 BTC, and despite the fact that the hacking hit the headlines around the world, no Bitcoin could be returned.
To increase investor confidence, the company has compensated all of the stolen coins, placed most of the remaining funds in offline storage, and the next couple of years was considered the most reliable Bitcoin exchanger in the world.
However, it was only an illusion of reliability.
The problems of the organization were much more serious, and the management probably did not even know about them.
CEO of Mt.Gox, Mark Karpeles, was originally a developer, but over time he stopped delving into technical details, basking in the rays of glory — because he created the world's largest platform for cryptocurrency exchange. At that time Mt.Gox handled over 70% of all Bitcoin transactions.
And, of course, there were those who wanted to take advantage of the technological weakness of the service. At some point, hackers made it so that Bitcoins could be bought at any price, and within minutes millions of dollars worth of coins were sold — mostly for pennies. World prices for Bitcoin stabilized in a few minutes, but it was too late.
As a result, Mt.Gox lost about 850,000 Bitcoins. The exchange had to declare bankruptcy, hundreds of thousands of people lost money, and the Japanese authorities arrested CEO Mark Karpeles for fraud. He pleaded not guilty and was subsequently released. In 2014, the authorities restored some of the Bitcoins remaining at the old addresses, but did not transfer them to the exchange, and created a trust to compensate for the losses of creditors.
8. Coincheck, $530 mln, January 26th, 2018
The sum was astonishing, and even surpassed the infamous Mt.Gox hack.
While Mt.Gox shortly filed for bankruptcy following the hack, Coincheck has surprisingly remained in business and was even recently approved as a licensed exchange by Japan’s Financial Services (FSA).
Coincheck was founded in 2014 in Japan and was one of the most popular cryptocurrency exchanges in the country. Offering a wide variety of digital assets including Bitcoin, Ether, LISK, and NEM, Coincheck was an emerging exchange that joined the Japan Blockchain Association.
Since Coincheck was founded it 2014, it was incidentally not subject to new exchange registration requirements with Japan’s FSA — who rolled out a framework after Mt. Gox –, and eventually was a contributing factor to its poor security standards that led to the hack.
On January 26th, 2018, Coincheck posted on their blog detailing that they were restricting NEM deposits and withdrawals, along with most other methods for buying or selling cryptocurrencies on the platform. Speculation arose that the exchange had been hacked, and the NEM developers issued a statement saying they were unaware of any technical glitches in the NEM protocol and any issues were a result of the exchange’s security.
Coincheck subsequently held a high-profile conference where they confirmed that hackers had absconded with 500 million NEM tokens that were then distributed to 19 different addresses on the network. Totaling roughly $530 million at the time — NEM was hovering around $1 then — the Coincheck hack was considered the largest theft in the industry’s history.
Coincheck was compelled to reveal some embarrassing details about their exchange’s security, mentioning how they stored all of the NEM in a single hot wallet and did not use the NEM multisignature contract security recommended by the developers.
Simultaneously, the NEM developers team had tagged all of the NEM stolen in the hack with a message identifying the funds as stolen so that other exchanges would not accept them. However, NEM announced they were ending their hunt for the stolen NEM for unspecified reasons several months later, and speculation persisted that hackers were close to cashing out the stolen funds on the dark web.
Mainstream media covered the hack extensively and compared it to similar failures by cryptocurrency exchanges in the past to meet adequate security standards. At the time, most media coverage of cryptocurrencies was centered on their obscure nature, dramatic volatility, and lack of security. Coincheck’s hack fueled that narrative considerably as the stolen sum was eye-popping and the cryptocurrency used — NEM — was unknown to most in the mainstream.
NEM depreciated rapidly following the hack, and the price fell even more throughout 2018, in line with the extended bear market in the broader industry. Currently, NEM is trading at approximately $0.07, a precipitous fall from ATH over $1.60 in early January.
The extent of the Coincheck hack was rivaled by only a few other hacks, notably the Mt.Gox hack. While nominally Coincheck is the largest hack in the industry’s history, the effects of Mt.Gox were significantly more impactful since the stolen funds consisted only of Bitcoin and caused a sustained market correction as well as an ongoing controversy with the stolen funds and founder. Moreover, Mt.Gox squandered 6% of the overall Bitcoin circulation at the time in a market that was much less mature than it is today.
Despite the fallout, Coincheck is now fully operational and registered with Japan’s FSA.
As practice shows, people make mistakes and these mistakes can cost a lot. Especially, when we talk about mad cryptoworld. Be careful and keep your private keys in a safe place.
submitted by SwapSpace_co to bitcoin_uncensored [link] [comments]

The biggest cryptocurrency thefts in the last 10 years

In this article, we will try to remember all the major theft of cryptocurrencies over the past 10 years.
1. Bitstamp $5.3 mln (BTC), January 4th, 2015
On January 4, 2015, the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker and 19,000 Bitcoins (worth of $5 million) were lost.
The initiation of the attack fell on November 4, 2014. Then Damian Merlak, the CTO of the exchange, was offered free tickets to punk rock festival Punk Rock Holiday 2015 via Skype, knowing that Merlak is interested in such music and he plays in the band. To receive the tickets, he was asked to fill out a participant questionnaire by sending a file named “Punk Rock Holiday 2015 TICKET Form1.doc”. This file contained the VBA script. By opening the file, he downloaded the malware on his computer. Although Merlak did not suspect wrong and has opened the "application form", to any critical consequences, this did not open access to the funds of exchange.
The attackers, however, did not give up. The attack continued for five weeks, during which hackers presented themselves as journalists, then headhunters.
Finally, the attackers were lucky. On December 11, 2014, the infected word document was opened on his machine by Bitstamp system administrator Luka Kodric, who had access to the exchange wallet. The file came to the victim by email, allegedly on behalf of an employee of the Association for computer science, although in fact, as the investigation showed, the traces of the file lead deep into Tor. Hackers were not limited to just one letter. Skype attacker pretending to be an employee of the Association for computing machinery, convinced that his Frame though to make international honor society, which required some paperwork. Kodric believed.
By installing a Trojan on Kodriс's computer hackers were able to obtain direct access to the hot wallet of the exchange. The logs show that the attacker, under the account of Kodric, gained access to the server LNXSRVBTC, where he kept the wallet file.dat, and the DORNATA server where the password was stored. Then the servers were redirected to a certain IP address that belongs to one of the providers of Germany.
There are still no official reports of arrests in this case. Obviously, the case is complicated by the fact that the hackers are outside the UK, and the investigation has to cooperate with law enforcement agencies in other countries.
2. GateHub $9.5 mln (XRP), June 1th, 2019
Hackers have compromised nearly 100 XRP Ledger wallets on cryptocurrency wallet service GateHub. The incident was reported by GateHub in a preliminary statement on June 6.
XRP enthusiast Thomas Silkjær, who first noticed the suspicious activity, estimates that the hackers have stolen nearly $10 million worth of cryptocurrency (23,200,000 XRP), $5.5 million (13,100,000 XRP) of which has already been laundered through exchanges and mixer services.
GateHub notes that it is still conducting an investigation and therefore cannot publish any official findings. Also, GateHub advises victims to make complaints to the relevant authorities of their jurisdiction.
3. Tether, $30.9 mln (USDT), November 19th, 2017
Tether created a digital currency called "US tokens" (USDT) — they could be used to trade real goods using Bitcoin, Litecoin and Ether. By depositing $1 in Tether, the user received 1 USD, which can be converted back into fiat. On November 19, 2017, the attacker gained access to the main Tether wallet and withdrew $ 30.9 million in tokens. For the transaction, he used a Bitcoin address, which means that it was irreversible.
To fix the situation, Tether took action by which the hacker was unable to withdraw the stolen money to fiat or Bitcoin, but the panic led to a decrease in the value of Bitcoin.
4. Ethereum, $31 mln (ETH), July 20th, 2017
On July 20, 2017, the hacker transferred 153,037 Ethers to $31 million from three very large wallets owned by SwarmCity, Edgeless Casino and Eternity. Unknown fraudster managed to change the ownership of wallets, taking advantage of the vulnerability with multiple signatures.
First, the theft was noticed by the developers of SwarmCity.
Further events deserve a place in history: "white hackers" returned the stolen funds, and then protected other compromised accounts. They acted in the same way as criminals, who stole funds from vulnerable wallets — just not for themselves. And it all happened in less than a day.
5. Dao (Decentralized Autonomous Organization) $70 mln (ETH), June 18th, 2016
On June 18, 2016, members of the Ethereum community noticed that funds were being drained from the DAO and the overall ETH balance of the smart contract was going down. A total of 3.6 million Ether (worth around $70 million at the time) was drained by the hacker in the first few hours. The attack was possible because of an exploit found in the splitting function. The attackes withdrew Ether from the DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to "ask" the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main faults that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call, and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It's important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for the DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the Internet and any application based on Ethereum to a website: if a website is not working, it doesn't mean that the Internet is not working, it simply means that one website has a problem.
The hacker stopped draining the DAO for unknown reasons, even though they could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit. In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and came very close to being introduced. A few hours before it was set to be released, a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from the DAO.
6. NiceHash, 4736.42 (BTC), December 6th, 2017
NiceHash is a Slovenian cryptocurrency hash power broker with integrated marketplace that connects sellers of hashing power (miners) with buyers of hashing power using the sharing economy approach.
On December 6, 2017, the company's servers became the target of attack. At first, Reddit users reported that they could not access their funds and make transactions — when they tried to log in, they were shown a message about a service interruption. In the end, it became known that the service had undergone a major cyberattack and 4736,42 Bitcoins disappeared without a trace.
Despite heavy losses, NiceHash was able to continue working, but CEO and founder Marco Koval resigned, giving way to a new team. The company managed to maintain the trust of investors and began to strengthen the protection of its systems.
7. Mt.Gox, 850000 (BTC), June 19th, 2011
The Hacking Of Mt.Gox was one of the biggest Bitcoin thefts in history. It was the work of highly professional hackers using complex vulnerabilities.
A hacker (or a group of hackers) allegedly gained access to a computer owned by one of the auditors and used a security vulnerability to access Mt.Gox servers, then changed the nominal value of Bitcoin to 1 cent per coin.
Then they brought out about 2000 BTC. Some customers, without knowing it, conducted transactions at this low price, a total of 650 BTC, and despite the fact that the hacking hit the headlines around the world, no Bitcoin could be returned.
To increase investor confidence, the company has compensated all of the stolen coins, placed most of the remaining funds in offline storage, and the next couple of years was considered the most reliable Bitcoin exchanger in the world.
However, it was only an illusion of reliability.
The problems of the organization were much more serious, and the management probably did not even know about them.
CEO of Mt.Gox, Mark Karpeles, was originally a developer, but over time he stopped delving into technical details, basking in the rays of glory — because he created the world's largest platform for cryptocurrency exchange. At that time Mt.Gox handled over 70% of all Bitcoin transactions.
And, of course, there were those who wanted to take advantage of the technological weakness of the service. At some point, hackers made it so that Bitcoins could be bought at any price, and within minutes millions of dollars worth of coins were sold — mostly for pennies. World prices for Bitcoin stabilized in a few minutes, but it was too late.
As a result, Mt.Gox lost about 850,000 Bitcoins. The exchange had to declare bankruptcy, hundreds of thousands of people lost money, and the Japanese authorities arrested CEO Mark Karpeles for fraud. He pleaded not guilty and was subsequently released. In 2014, the authorities restored some of the Bitcoins remaining at the old addresses, but did not transfer them to the exchange, and created a trust to compensate for the losses of creditors.
8. Coincheck, $530 mln, January 26th, 2018
The sum was astonishing, and even surpassed the infamous Mt.Gox hack.
While Mt.Gox shortly filed for bankruptcy following the hack, Coincheck has surprisingly remained in business and was even recently approved as a licensed exchange by Japan’s Financial Services (FSA).
Coincheck was founded in 2014 in Japan and was one of the most popular cryptocurrency exchanges in the country. Offering a wide variety of digital assets including Bitcoin, Ether, LISK, and NEM, Coincheck was an emerging exchange that joined the Japan Blockchain Association.
Since Coincheck was founded it 2014, it was incidentally not subject to new exchange registration requirements with Japan’s FSA — who rolled out a framework after Mt. Gox –, and eventually was a contributing factor to its poor security standards that led to the hack.
On January 26th, 2018, Coincheck posted on their blog detailing that they were restricting NEM deposits and withdrawals, along with most other methods for buying or selling cryptocurrencies on the platform. Speculation arose that the exchange had been hacked, and the NEM developers issued a statement saying they were unaware of any technical glitches in the NEM protocol and any issues were a result of the exchange’s security.
Coincheck subsequently held a high-profile conference where they confirmed that hackers had absconded with 500 million NEM tokens that were then distributed to 19 different addresses on the network. Totaling roughly $530 million at the time — NEM was hovering around $1 then — the Coincheck hack was considered the largest theft in the industry’s history.
Coincheck was compelled to reveal some embarrassing details about their exchange’s security, mentioning how they stored all of the NEM in a single hot wallet and did not use the NEM multisignature contract security recommended by the developers.
Simultaneously, the NEM developers team had tagged all of the NEM stolen in the hack with a message identifying the funds as stolen so that other exchanges would not accept them. However, NEM announced they were ending their hunt for the stolen NEM for unspecified reasons several months later, and speculation persisted that hackers were close to cashing out the stolen funds on the dark web.
Mainstream media covered the hack extensively and compared it to similar failures by cryptocurrency exchanges in the past to meet adequate security standards. At the time, most media coverage of cryptocurrencies was centered on their obscure nature, dramatic volatility, and lack of security. Coincheck’s hack fueled that narrative considerably as the stolen sum was eye-popping and the cryptocurrency used — NEM — was unknown to most in the mainstream.
NEM depreciated rapidly following the hack, and the price fell even more throughout 2018, in line with the extended bear market in the broader industry. Currently, NEM is trading at approximately $0.07, a precipitous fall from ATH over $1.60 in early January.
The extent of the Coincheck hack was rivaled by only a few other hacks, notably the Mt.Gox hack. While nominally Coincheck is the largest hack in the industry’s history, the effects of Mt.Gox were significantly more impactful since the stolen funds consisted only of Bitcoin and caused a sustained market correction as well as an ongoing controversy with the stolen funds and founder. Moreover, Mt.Gox squandered 6% of the overall Bitcoin circulation at the time in a market that was much less mature than it is today.
Despite the fallout, Coincheck is now fully operational and registered with Japan’s FSA.
As practice shows, people make mistakes and these mistakes can cost a lot. Especially, when we talk about mad cryptoworld. Be careful and keep your private keys in a safe place.
submitted by SwapSpace_co to Bitcoin [link] [comments]

The biggest cryptocurrency thefts in the last 10 years

In this article, we will try to remember all the major theft of cryptocurrencies over the past 10 years.
1. Bitstamp $5.3 mln (BTC), January 4th, 2015
On January 4, 2015, the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker and 19,000 Bitcoins (worth of $5 million) were lost.
The initiation of the attack fell on November 4, 2014. Then Damian Merlak, the CTO of the exchange, was offered free tickets to punk rock festival Punk Rock Holiday 2015 via Skype, knowing that Merlak is interested in such music and he plays in the band. To receive the tickets, he was asked to fill out a participant questionnaire by sending a file named “Punk Rock Holiday 2015 TICKET Form1.doc”. This file contained the VBA script. By opening the file, he downloaded the malware on his computer. Although Merlak did not suspect wrong and has opened the "application form", to any critical consequences, this did not open access to the funds of exchange.
The attackers, however, did not give up. The attack continued for five weeks, during which hackers presented themselves as journalists, then headhunters.
Finally, the attackers were lucky. On December 11, 2014, the infected word document was opened on his machine by Bitstamp system administrator Luka Kodric, who had access to the exchange wallet. The file came to the victim by email, allegedly on behalf of an employee of the Association for computer science, although in fact, as the investigation showed, the traces of the file lead deep into Tor. Hackers were not limited to just one letter. Skype attacker pretending to be an employee of the Association for computing machinery, convinced that his Frame though to make international honor society, which required some paperwork. Kodric believed.
By installing a Trojan on Kodriс's computer hackers were able to obtain direct access to the hot wallet of the exchange. The logs show that the attacker, under the account of Kodric, gained access to the server LNXSRVBTC, where he kept the wallet file.dat, and the DORNATA server where the password was stored. Then the servers were redirected to a certain IP address that belongs to one of the providers of Germany.
There are still no official reports of arrests in this case. Obviously, the case is complicated by the fact that the hackers are outside the UK, and the investigation has to cooperate with law enforcement agencies in other countries.
2. GateHub $9.5 mln (XRP), June 1th, 2019
Hackers have compromised nearly 100 XRP Ledger wallets on cryptocurrency wallet service GateHub. The incident was reported by GateHub in a preliminary statement on June 6.
XRP enthusiast Thomas Silkjær, who first noticed the suspicious activity, estimates that the hackers have stolen nearly $10 million worth of cryptocurrency (23,200,000 XRP), $5.5 million (13,100,000 XRP) of which has already been laundered through exchanges and mixer services.
GateHub notes that it is still conducting an investigation and therefore cannot publish any official findings. Also, GateHub advises victims to make complaints to the relevant authorities of their jurisdiction.
3. Tether, $30.9 mln (USDT), November 19th, 2017
Tether created a digital currency called "US tokens" (USDT) — they could be used to trade real goods using Bitcoin, Litecoin and Ether. By depositing $1 in Tether, the user received 1 USD, which can be converted back into fiat. On November 19, 2017, the attacker gained access to the main Tether wallet and withdrew $ 30.9 million in tokens. For the transaction, he used a Bitcoin address, which means that it was irreversible.
To fix the situation, Tether took action by which the hacker was unable to withdraw the stolen money to fiat or Bitcoin, but the panic led to a decrease in the value of Bitcoin.
4. Ethereum, $31 mln (ETH), July 20th, 2017
On July 20, 2017, the hacker transferred 153,037 Ethers to $31 million from three very large wallets owned by SwarmCity, Edgeless Casino and Eternity. Unknown fraudster managed to change the ownership of wallets, taking advantage of the vulnerability with multiple signatures.
First, the theft was noticed by the developers of SwarmCity.
Further events deserve a place in history: "white hackers" returned the stolen funds, and then protected other compromised accounts. They acted in the same way as criminals, who stole funds from vulnerable wallets — just not for themselves. And it all happened in less than a day.
5. Dao (Decentralized Autonomous Organization) $70 mln (ETH), June 18th, 2016
On June 18, 2016, members of the Ethereum community noticed that funds were being drained from the DAO and the overall ETH balance of the smart contract was going down. A total of 3.6 million Ether (worth around $70 million at the time) was drained by the hacker in the first few hours. The attack was possible because of an exploit found in the splitting function. The attackes withdrew Ether from the DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to "ask" the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main faults that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call, and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It's important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for the DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the Internet and any application based on Ethereum to a website: if a website is not working, it doesn't mean that the Internet is not working, it simply means that one website has a problem.
The hacker stopped draining the DAO for unknown reasons, even though they could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit. In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and came very close to being introduced. A few hours before it was set to be released, a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from the DAO.
6. NiceHash, 4736.42 (BTC), December 6th, 2017
NiceHash is a Slovenian cryptocurrency hash power broker with integrated marketplace that connects sellers of hashing power (miners) with buyers of hashing power using the sharing economy approach.
On December 6, 2017, the company's servers became the target of attack. At first, Reddit users reported that they could not access their funds and make transactions — when they tried to log in, they were shown a message about a service interruption. In the end, it became known that the service had undergone a major cyberattack and 4736,42 Bitcoins disappeared without a trace.
Despite heavy losses, NiceHash was able to continue working, but CEO and founder Marco Koval resigned, giving way to a new team. The company managed to maintain the trust of investors and began to strengthen the protection of its systems.
7. Mt.Gox, 850000 (BTC), June 19th, 2011
The Hacking Of Mt.Gox was one of the biggest Bitcoin thefts in history. It was the work of highly professional hackers using complex vulnerabilities.
A hacker (or a group of hackers) allegedly gained access to a computer owned by one of the auditors and used a security vulnerability to access Mt.Gox servers, then changed the nominal value of Bitcoin to 1 cent per coin.
Then they brought out about 2000 BTC. Some customers, without knowing it, conducted transactions at this low price, a total of 650 BTC, and despite the fact that the hacking hit the headlines around the world, no Bitcoin could be returned.
To increase investor confidence, the company has compensated all of the stolen coins, placed most of the remaining funds in offline storage, and the next couple of years was considered the most reliable Bitcoin exchanger in the world.
However, it was only an illusion of reliability.
The problems of the organization were much more serious, and the management probably did not even know about them.
CEO of Mt.Gox, Mark Karpeles, was originally a developer, but over time he stopped delving into technical details, basking in the rays of glory — because he created the world's largest platform for cryptocurrency exchange. At that time Mt.Gox handled over 70% of all Bitcoin transactions.
And, of course, there were those who wanted to take advantage of the technological weakness of the service. At some point, hackers made it so that Bitcoins could be bought at any price, and within minutes millions of dollars worth of coins were sold — mostly for pennies. World prices for Bitcoin stabilized in a few minutes, but it was too late.
As a result, Mt.Gox lost about 850,000 Bitcoins. The exchange had to declare bankruptcy, hundreds of thousands of people lost money, and the Japanese authorities arrested CEO Mark Karpeles for fraud. He pleaded not guilty and was subsequently released. In 2014, the authorities restored some of the Bitcoins remaining at the old addresses, but did not transfer them to the exchange, and created a trust to compensate for the losses of creditors.
8. Coincheck, $530 mln, January 26th, 2018
The sum was astonishing, and even surpassed the infamous Mt.Gox hack.
While Mt.Gox shortly filed for bankruptcy following the hack, Coincheck has surprisingly remained in business and was even recently approved as a licensed exchange by Japan’s Financial Services (FSA).
Coincheck was founded in 2014 in Japan and was one of the most popular cryptocurrency exchanges in the country. Offering a wide variety of digital assets including Bitcoin, Ether, LISK, and NEM, Coincheck was an emerging exchange that joined the Japan Blockchain Association.
Since Coincheck was founded it 2014, it was incidentally not subject to new exchange registration requirements with Japan’s FSA — who rolled out a framework after Mt. Gox –, and eventually was a contributing factor to its poor security standards that led to the hack.
On January 26th, 2018, Coincheck posted on their blog detailing that they were restricting NEM deposits and withdrawals, along with most other methods for buying or selling cryptocurrencies on the platform. Speculation arose that the exchange had been hacked, and the NEM developers issued a statement saying they were unaware of any technical glitches in the NEM protocol and any issues were a result of the exchange’s security.
Coincheck subsequently held a high-profile conference where they confirmed that hackers had absconded with 500 million NEM tokens that were then distributed to 19 different addresses on the network. Totaling roughly $530 million at the time — NEM was hovering around $1 then — the Coincheck hack was considered the largest theft in the industry’s history.
Coincheck was compelled to reveal some embarrassing details about their exchange’s security, mentioning how they stored all of the NEM in a single hot wallet and did not use the NEM multisignature contract security recommended by the developers.
Simultaneously, the NEM developers team had tagged all of the NEM stolen in the hack with a message identifying the funds as stolen so that other exchanges would not accept them. However, NEM announced they were ending their hunt for the stolen NEM for unspecified reasons several months later, and speculation persisted that hackers were close to cashing out the stolen funds on the dark web.
Mainstream media covered the hack extensively and compared it to similar failures by cryptocurrency exchanges in the past to meet adequate security standards. At the time, most media coverage of cryptocurrencies was centered on their obscure nature, dramatic volatility, and lack of security. Coincheck’s hack fueled that narrative considerably as the stolen sum was eye-popping and the cryptocurrency used — NEM — was unknown to most in the mainstream.
NEM depreciated rapidly following the hack, and the price fell even more throughout 2018, in line with the extended bear market in the broader industry. Currently, NEM is trading at approximately $0.07, a precipitous fall from ATH over $1.60 in early January.
The extent of the Coincheck hack was rivaled by only a few other hacks, notably the Mt.Gox hack. While nominally Coincheck is the largest hack in the industry’s history, the effects of Mt.Gox were significantly more impactful since the stolen funds consisted only of Bitcoin and caused a sustained market correction as well as an ongoing controversy with the stolen funds and founder. Moreover, Mt.Gox squandered 6% of the overall Bitcoin circulation at the time in a market that was much less mature than it is today.
Despite the fallout, Coincheck is now fully operational and registered with Japan’s FSA.
As practice shows, people make mistakes and these mistakes can cost a lot. Especially, when we talk about mad cryptoworld. Be careful and keep your private keys in a safe place.
submitted by SwapSpace_co to btc [link] [comments]

The biggest cryptocurrency thefts in the last 10 years

In this article, we will try to remember all the major theft of cryptocurrencies over the past 10 years.
1. Bitstamp $5.3 mln (BTC), January 4th, 2015
On January 4, 2015, the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker and 19,000 Bitcoins (worth of $5 million) were lost.
The initiation of the attack fell on November 4, 2014. Then Damian Merlak, the CTO of the exchange, was offered free tickets to punk rock festival Punk Rock Holiday 2015 via Skype, knowing that Merlak is interested in such music and he plays in the band. To receive the tickets, he was asked to fill out a participant questionnaire by sending a file named “Punk Rock Holiday 2015 TICKET Form1.doc”. This file contained the VBA script. By opening the file, he downloaded the malware on his computer. Although Merlak did not suspect wrong and has opened the "application form", to any critical consequences, this did not open access to the funds of exchange.
The attackers, however, did not give up. The attack continued for five weeks, during which hackers presented themselves as journalists, then headhunters.
Finally, the attackers were lucky. On December 11, 2014, the infected word document was opened on his machine by Bitstamp system administrator Luka Kodric, who had access to the exchange wallet. The file came to the victim by email, allegedly on behalf of an employee of the Association for computer science, although in fact, as the investigation showed, the traces of the file lead deep into Tor. Hackers were not limited to just one letter. Skype attacker pretending to be an employee of the Association for computing machinery, convinced that his Frame though to make international honor society, which required some paperwork. Kodric believed.
By installing a Trojan on Kodriс's computer hackers were able to obtain direct access to the hot wallet of the exchange. The logs show that the attacker, under the account of Kodric, gained access to the server LNXSRVBTC, where he kept the wallet file.dat, and the DORNATA server where the password was stored. Then the servers were redirected to a certain IP address that belongs to one of the providers of Germany.
There are still no official reports of arrests in this case. Obviously, the case is complicated by the fact that the hackers are outside the UK, and the investigation has to cooperate with law enforcement agencies in other countries.
2. GateHub $9.5 mln (XRP), June 1th, 2019
Hackers have compromised nearly 100 XRP Ledger wallets on cryptocurrency wallet service GateHub. The incident was reported by GateHub in a preliminary statement on June 6.
XRP enthusiast Thomas Silkjær, who first noticed the suspicious activity, estimates that the hackers have stolen nearly $10 million worth of cryptocurrency (23,200,000 XRP), $5.5 million (13,100,000 XRP) of which has already been laundered through exchanges and mixer services.
GateHub notes that it is still conducting an investigation and therefore cannot publish any official findings. Also, GateHub advises victims to make complaints to the relevant authorities of their jurisdiction.
3. Tether, $30.9 mln (USDT), November 19th, 2017
Tether created a digital currency called "US tokens" (USDT) — they could be used to trade real goods using Bitcoin, Litecoin and Ether. By depositing $1 in Tether, the user received 1 USD, which can be converted back into fiat. On November 19, 2017, the attacker gained access to the main Tether wallet and withdrew $ 30.9 million in tokens. For the transaction, he used a Bitcoin address, which means that it was irreversible.
To fix the situation, Tether took action by which the hacker was unable to withdraw the stolen money to fiat or Bitcoin, but the panic led to a decrease in the value of Bitcoin.
4. Ethereum, $31 mln (ETH), July 20th, 2017
On July 20, 2017, the hacker transferred 153,037 Ethers to $31 million from three very large wallets owned by SwarmCity, Edgeless Casino and Eternity. Unknown fraudster managed to change the ownership of wallets, taking advantage of the vulnerability with multiple signatures.
First, the theft was noticed by the developers of SwarmCity.
Further events deserve a place in history: "white hackers" returned the stolen funds, and then protected other compromised accounts. They acted in the same way as criminals, who stole funds from vulnerable wallets — just not for themselves. And it all happened in less than a day.
5. Dao (Decentralized Autonomous Organization) $70 mln (ETH), June 18th, 2016
On June 18, 2016, members of the Ethereum community noticed that funds were being drained from the DAO and the overall ETH balance of the smart contract was going down. A total of 3.6 million Ether (worth around $70 million at the time) was drained by the hacker in the first few hours. The attack was possible because of an exploit found in the splitting function. The attackes withdrew Ether from the DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to "ask" the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main faults that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call, and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It's important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for the DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the Internet and any application based on Ethereum to a website: if a website is not working, it doesn't mean that the Internet is not working, it simply means that one website has a problem.
The hacker stopped draining the DAO for unknown reasons, even though they could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit. In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and came very close to being introduced. A few hours before it was set to be released, a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from the DAO.
6. NiceHash, 4736.42 (BTC), December 6th, 2017
NiceHash is a Slovenian cryptocurrency hash power broker with integrated marketplace that connects sellers of hashing power (miners) with buyers of hashing power using the sharing economy approach.
On December 6, 2017, the company's servers became the target of attack. At first, Reddit users reported that they could not access their funds and make transactions — when they tried to log in, they were shown a message about a service interruption. In the end, it became known that the service had undergone a major cyberattack and 4736,42 Bitcoins disappeared without a trace.
Despite heavy losses, NiceHash was able to continue working, but CEO and founder Marco Koval resigned, giving way to a new team. The company managed to maintain the trust of investors and began to strengthen the protection of its systems.
7. Mt.Gox, 850000 (BTC), June 19th, 2011
The Hacking Of Mt.Gox was one of the biggest Bitcoin thefts in history. It was the work of highly professional hackers using complex vulnerabilities.
A hacker (or a group of hackers) allegedly gained access to a computer owned by one of the auditors and used a security vulnerability to access Mt.Gox servers, then changed the nominal value of Bitcoin to 1 cent per coin.
Then they brought out about 2000 BTC. Some customers, without knowing it, conducted transactions at this low price, a total of 650 BTC, and despite the fact that the hacking hit the headlines around the world, no Bitcoin could be returned.
To increase investor confidence, the company has compensated all of the stolen coins, placed most of the remaining funds in offline storage, and the next couple of years was considered the most reliable Bitcoin exchanger in the world.
However, it was only an illusion of reliability.
The problems of the organization were much more serious, and the management probably did not even know about them.
CEO of Mt.Gox, Mark Karpeles, was originally a developer, but over time he stopped delving into technical details, basking in the rays of glory — because he created the world's largest platform for cryptocurrency exchange. At that time Mt.Gox handled over 70% of all Bitcoin transactions.
And, of course, there were those who wanted to take advantage of the technological weakness of the service. At some point, hackers made it so that Bitcoins could be bought at any price, and within minutes millions of dollars worth of coins were sold — mostly for pennies. World prices for Bitcoin stabilized in a few minutes, but it was too late.
As a result, Mt.Gox lost about 850,000 Bitcoins. The exchange had to declare bankruptcy, hundreds of thousands of people lost money, and the Japanese authorities arrested CEO Mark Karpeles for fraud. He pleaded not guilty and was subsequently released. In 2014, the authorities restored some of the Bitcoins remaining at the old addresses, but did not transfer them to the exchange, and created a trust to compensate for the losses of creditors.
8. Coincheck, $530 mln, January 26th, 2018
The sum was astonishing, and even surpassed the infamous Mt.Gox hack.
While Mt.Gox shortly filed for bankruptcy following the hack, Coincheck has surprisingly remained in business and was even recently approved as a licensed exchange by Japan’s Financial Services (FSA).
Coincheck was founded in 2014 in Japan and was one of the most popular cryptocurrency exchanges in the country. Offering a wide variety of digital assets including Bitcoin, Ether, LISK, and NEM, Coincheck was an emerging exchange that joined the Japan Blockchain Association.
Since Coincheck was founded it 2014, it was incidentally not subject to new exchange registration requirements with Japan’s FSA — who rolled out a framework after Mt. Gox –, and eventually was a contributing factor to its poor security standards that led to the hack.
On January 26th, 2018, Coincheck posted on their blog detailing that they were restricting NEM deposits and withdrawals, along with most other methods for buying or selling cryptocurrencies on the platform. Speculation arose that the exchange had been hacked, and the NEM developers issued a statement saying they were unaware of any technical glitches in the NEM protocol and any issues were a result of the exchange’s security.
Coincheck subsequently held a high-profile conference where they confirmed that hackers had absconded with 500 million NEM tokens that were then distributed to 19 different addresses on the network. Totaling roughly $530 million at the time — NEM was hovering around $1 then — the Coincheck hack was considered the largest theft in the industry’s history.
Coincheck was compelled to reveal some embarrassing details about their exchange’s security, mentioning how they stored all of the NEM in a single hot wallet and did not use the NEM multisignature contract security recommended by the developers.
Simultaneously, the NEM developers team had tagged all of the NEM stolen in the hack with a message identifying the funds as stolen so that other exchanges would not accept them. However, NEM announced they were ending their hunt for the stolen NEM for unspecified reasons several months later, and speculation persisted that hackers were close to cashing out the stolen funds on the dark web.
Mainstream media covered the hack extensively and compared it to similar failures by cryptocurrency exchanges in the past to meet adequate security standards. At the time, most media coverage of cryptocurrencies was centered on their obscure nature, dramatic volatility, and lack of security. Coincheck’s hack fueled that narrative considerably as the stolen sum was eye-popping and the cryptocurrency used — NEM — was unknown to most in the mainstream.
NEM depreciated rapidly following the hack, and the price fell even more throughout 2018, in line with the extended bear market in the broader industry. Currently, NEM is trading at approximately $0.07, a precipitous fall from ATH over $1.60 in early January.
The extent of the Coincheck hack was rivaled by only a few other hacks, notably the Mt.Gox hack. While nominally Coincheck is the largest hack in the industry’s history, the effects of Mt.Gox were significantly more impactful since the stolen funds consisted only of Bitcoin and caused a sustained market correction as well as an ongoing controversy with the stolen funds and founder. Moreover, Mt.Gox squandered 6% of the overall Bitcoin circulation at the time in a market that was much less mature than it is today.
Despite the fallout, Coincheck is now fully operational and registered with Japan’s FSA.
As practice shows, people make mistakes and these mistakes can cost a lot. Especially, when we talk about mad cryptoworld. Be careful and keep your private keys in a safe place.
submitted by SwapSpace_co to dogecoin [link] [comments]

The biggest cryptocurrency thefts in the last 10 years

In this article, we will try to remember all the major theft of cryptocurrencies over the past 10 years.
1. Bitstamp $5.3 mln (BTC), January 4th, 2015
On January 4, 2015, the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker and 19,000 Bitcoins (worth of $5 million) were lost.
The initiation of the attack fell on November 4, 2014. Then Damian Merlak, the CTO of the exchange, was offered free tickets to punk rock festival Punk Rock Holiday 2015 via Skype, knowing that Merlak is interested in such music and he plays in the band. To receive the tickets, he was asked to fill out a participant questionnaire by sending a file named “Punk Rock Holiday 2015 TICKET Form1.doc”. This file contained the VBA script. By opening the file, he downloaded the malware on his computer. Although Merlak did not suspect wrong and has opened the "application form", to any critical consequences, this did not open access to the funds of exchange.
The attackers, however, did not give up. The attack continued for five weeks, during which hackers presented themselves as journalists, then headhunters.
Finally, the attackers were lucky. On December 11, 2014, the infected word document was opened on his machine by Bitstamp system administrator Luka Kodric, who had access to the exchange wallet. The file came to the victim by email, allegedly on behalf of an employee of the Association for computer science, although in fact, as the investigation showed, the traces of the file lead deep into Tor. Hackers were not limited to just one letter. Skype attacker pretending to be an employee of the Association for computing machinery, convinced that his Frame though to make international honor society, which required some paperwork. Kodric believed.
By installing a Trojan on Kodriс's computer hackers were able to obtain direct access to the hot wallet of the exchange. The logs show that the attacker, under the account of Kodric, gained access to the server LNXSRVBTC, where he kept the wallet file.dat, and the DORNATA server where the password was stored. Then the servers were redirected to a certain IP address that belongs to one of the providers of Germany.
There are still no official reports of arrests in this case. Obviously, the case is complicated by the fact that the hackers are outside the UK, and the investigation has to cooperate with law enforcement agencies in other countries.
2. GateHub $9.5 mln (XRP), June 1th, 2019
Hackers have compromised nearly 100 XRP Ledger wallets on cryptocurrency wallet service GateHub. The incident was reported by GateHub in a preliminary statement on June 6.
XRP enthusiast Thomas Silkjær, who first noticed the suspicious activity, estimates that the hackers have stolen nearly $10 million worth of cryptocurrency (23,200,000 XRP), $5.5 million (13,100,000 XRP) of which has already been laundered through exchanges and mixer services.
GateHub notes that it is still conducting an investigation and therefore cannot publish any official findings. Also, GateHub advises victims to make complaints to the relevant authorities of their jurisdiction.
3. Tether, $30.9 mln (USDT), November 19th, 2017
Tether created a digital currency called "US tokens" (USDT) — they could be used to trade real goods using Bitcoin, Litecoin and Ether. By depositing $1 in Tether, the user received 1 USD, which can be converted back into fiat. On November 19, 2017, the attacker gained access to the main Tether wallet and withdrew $ 30.9 million in tokens. For the transaction, he used a Bitcoin address, which means that it was irreversible.
To fix the situation, Tether took action by which the hacker was unable to withdraw the stolen money to fiat or Bitcoin, but the panic led to a decrease in the value of Bitcoin.
4. Ethereum, $31 mln (ETH), July 20th, 2017
On July 20, 2017, the hacker transferred 153,037 Ethers to $31 million from three very large wallets owned by SwarmCity, Edgeless Casino and Eternity. Unknown fraudster managed to change the ownership of wallets, taking advantage of the vulnerability with multiple signatures.
First, the theft was noticed by the developers of SwarmCity.
Further events deserve a place in history: "white hackers" returned the stolen funds, and then protected other compromised accounts. They acted in the same way as criminals, who stole funds from vulnerable wallets — just not for themselves. And it all happened in less than a day.
5. Dao (Decentralized Autonomous Organization) $70 mln (ETH), June 18th, 2016
On June 18, 2016, members of the Ethereum community noticed that funds were being drained from the DAO and the overall ETH balance of the smart contract was going down. A total of 3.6 million Ether (worth around $70 million at the time) was drained by the hacker in the first few hours. The attack was possible because of an exploit found in the splitting function. The attackes withdrew Ether from the DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to "ask" the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main faults that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call, and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It's important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for the DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the Internet and any application based on Ethereum to a website: if a website is not working, it doesn't mean that the Internet is not working, it simply means that one website has a problem.
The hacker stopped draining the DAO for unknown reasons, even though they could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit. In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and came very close to being introduced. A few hours before it was set to be released, a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from the DAO.
6. NiceHash, 4736.42 (BTC), December 6th, 2017
NiceHash is a Slovenian cryptocurrency hash power broker with integrated marketplace that connects sellers of hashing power (miners) with buyers of hashing power using the sharing economy approach.
On December 6, 2017, the company's servers became the target of attack. At first, Reddit users reported that they could not access their funds and make transactions — when they tried to log in, they were shown a message about a service interruption. In the end, it became known that the service had undergone a major cyberattack and 4736,42 Bitcoins disappeared without a trace.
Despite heavy losses, NiceHash was able to continue working, but CEO and founder Marco Koval resigned, giving way to a new team. The company managed to maintain the trust of investors and began to strengthen the protection of its systems.
7. Mt.Gox, 850000 (BTC), June 19th, 2011
The Hacking Of Mt.Gox was one of the biggest Bitcoin thefts in history. It was the work of highly professional hackers using complex vulnerabilities.
A hacker (or a group of hackers) allegedly gained access to a computer owned by one of the auditors and used a security vulnerability to access Mt.Gox servers, then changed the nominal value of Bitcoin to 1 cent per coin.
Then they brought out about 2000 BTC. Some customers, without knowing it, conducted transactions at this low price, a total of 650 BTC, and despite the fact that the hacking hit the headlines around the world, no Bitcoin could be returned.
To increase investor confidence, the company has compensated all of the stolen coins, placed most of the remaining funds in offline storage, and the next couple of years was considered the most reliable Bitcoin exchanger in the world.
However, it was only an illusion of reliability.
The problems of the organization were much more serious, and the management probably did not even know about them.
CEO of Mt.Gox, Mark Karpeles, was originally a developer, but over time he stopped delving into technical details, basking in the rays of glory — because he created the world's largest platform for cryptocurrency exchange. At that time Mt.Gox handled over 70% of all Bitcoin transactions.
And, of course, there were those who wanted to take advantage of the technological weakness of the service. At some point, hackers made it so that Bitcoins could be bought at any price, and within minutes millions of dollars worth of coins were sold — mostly for pennies. World prices for Bitcoin stabilized in a few minutes, but it was too late.
As a result, Mt.Gox lost about 850,000 Bitcoins. The exchange had to declare bankruptcy, hundreds of thousands of people lost money, and the Japanese authorities arrested CEO Mark Karpeles for fraud. He pleaded not guilty and was subsequently released. In 2014, the authorities restored some of the Bitcoins remaining at the old addresses, but did not transfer them to the exchange, and created a trust to compensate for the losses of creditors.
8. Coincheck, $530 mln, January 26th, 2018
The sum was astonishing, and even surpassed the infamous Mt.Gox hack.
While Mt.Gox shortly filed for bankruptcy following the hack, Coincheck has surprisingly remained in business and was even recently approved as a licensed exchange by Japan’s Financial Services (FSA).
Coincheck was founded in 2014 in Japan and was one of the most popular cryptocurrency exchanges in the country. Offering a wide variety of digital assets including Bitcoin, Ether, LISK, and NEM, Coincheck was an emerging exchange that joined the Japan Blockchain Association.
Since Coincheck was founded it 2014, it was incidentally not subject to new exchange registration requirements with Japan’s FSA — who rolled out a framework after Mt. Gox –, and eventually was a contributing factor to its poor security standards that led to the hack.
On January 26th, 2018, Coincheck posted on their blog detailing that they were restricting NEM deposits and withdrawals, along with most other methods for buying or selling cryptocurrencies on the platform. Speculation arose that the exchange had been hacked, and the NEM developers issued a statement saying they were unaware of any technical glitches in the NEM protocol and any issues were a result of the exchange’s security.
Coincheck subsequently held a high-profile conference where they confirmed that hackers had absconded with 500 million NEM tokens that were then distributed to 19 different addresses on the network. Totaling roughly $530 million at the time — NEM was hovering around $1 then — the Coincheck hack was considered the largest theft in the industry’s history.
Coincheck was compelled to reveal some embarrassing details about their exchange’s security, mentioning how they stored all of the NEM in a single hot wallet and did not use the NEM multisignature contract security recommended by the developers.
Simultaneously, the NEM developers team had tagged all of the NEM stolen in the hack with a message identifying the funds as stolen so that other exchanges would not accept them. However, NEM announced they were ending their hunt for the stolen NEM for unspecified reasons several months later, and speculation persisted that hackers were close to cashing out the stolen funds on the dark web.
Mainstream media covered the hack extensively and compared it to similar failures by cryptocurrency exchanges in the past to meet adequate security standards. At the time, most media coverage of cryptocurrencies was centered on their obscure nature, dramatic volatility, and lack of security. Coincheck’s hack fueled that narrative considerably as the stolen sum was eye-popping and the cryptocurrency used — NEM — was unknown to most in the mainstream.
NEM depreciated rapidly following the hack, and the price fell even more throughout 2018, in line with the extended bear market in the broader industry. Currently, NEM is trading at approximately $0.07, a precipitous fall from ATH over $1.60 in early January.
The extent of the Coincheck hack was rivaled by only a few other hacks, notably the Mt.Gox hack. While nominally Coincheck is the largest hack in the industry’s history, the effects of Mt.Gox were significantly more impactful since the stolen funds consisted only of Bitcoin and caused a sustained market correction as well as an ongoing controversy with the stolen funds and founder. Moreover, Mt.Gox squandered 6% of the overall Bitcoin circulation at the time in a market that was much less mature than it is today.
Despite the fallout, Coincheck is now fully operational and registered with Japan’s FSA.
As practice shows, people make mistakes and these mistakes can cost a lot. Especially, when we talk about mad cryptoworld. Be careful and keep your private keys in a safe place.
submitted by SwapSpace_co to BitcoinTutorial [link] [comments]

BITCOIN2020, How is the Value of Bitcoin Determined? (Investment) Online CryptoCurrency Calculator with multi-Cryptocurrencies Simple Bitcoin Converter What is Bitcoin's Intrinsic value? Bitcoin Price Prediction by Experts (Long Term) Why Bitcoin Keeps Falling Down?

Price Bitcoin Today shows the most accurate crypto live prices, charts and market rates from trusted top crypto exchanges globally. Price Bitcoin Today has over 1600+ cryptocurrencies, trusted historical data, and details of active, upcoming and finished initial coin offerings. February 6th Bitcoin Market, the first official cryptocurrency stock exchange, ... Bitcoin price loses one third of its value in 24 hours, dropping below $14,000. 5 February 2018 $6,200 Bitcoin's price drops 50 percent in 16 days, falling below $7,000. 31 October 2018 $6,300 On the 10 year anniversary of Bitcoin, price holds steady above $6,000 during a period of historically low volatility ... January 2020: $9,501.38 (January 31, 2020) $6,965.72 (January 3, 2019) Bitcoin Annual Closing Prices & % Return Bitcoin Annual Closing Prices and % Returns. YEAR CLOSING PRICE (% RETURN) 2019: $7,233.44 (93%) 2018: $3,743 (-74%) 2017: $14,156 (+1942%) 2016: $693 (+61%) 2015: $430 (+34%) 2014: $320 (-58%) 2013: $754: Biggest Moments in Bitcoin’s Price History. There have been a few defining ... In total, the price of bitcoin was above $1,000 for just 10 days in 2013, and only one day in 2014, according to BPI data. In 2013, prices quickly returned to the $600-$700 level, a low that, at ... Bitcoin price today is $13,073.32 USD with a 24-hour trading volume of $23,603,626,066 USD. Bitcoin is up 0.48% in the last 24 hours. The current CoinMarketCap ranking is #1, with a market cap of $242,210,721,011 USD. It has a circulating supply of 18,527,100 BTC coins and a max. supply of 21,000,000 BTC coins. You can find the top exchanges to trade Bitcoin listed on our

[index] [14588] [28384] [25429] [45624] [337] [28697] [35285] [32024] [46758] [46803]

BITCOIN2020, How is the Value of Bitcoin Determined? (Investment)

Published on Sep 6, 2014 Blagovest Belev explains how the price of bitcoins is determined. Blagovest Belev graduated from the American University in Bulgaria in 2009 and is currently a Managing ... BITCOIN, How is the Value of Bitcoin Determined? (Investment) Bitcoin is a currency that is a form of electronic currency. This is a decentralized currency which has no central bank or single ... Bitcoin is going to have an extremely deciding year in 2019. If the price goes below 2600, this will be the biggest crash in Bitcoin's history. If the market stays bearish after January 26th, 2019 ... 2018 for bitcoin wasn’t something we expected, but there is the reason why it happened what it happened. Bitcoin was in the bubble in 2017, it skyrocketed by 1,800% reaching its all time high ... Introduced as a "joke currency" on 6 December 2013, Dogecoin quickly developed its own online community and reached a capitalization of US$60 million in January 2014 What is Litecoin? Litecoin

#