Reddit user /u/Aiwa4 has created a tool named Investor Data, which follows Reddit comments looking for specific keywords referencing cryptocurrencies. This data is used to track the popularity of various cryptocurrencies. The tool is available to anyone on the internet and is funded by donations.

Investor Data

Investor Data's main interface

 

Currently, Investor Data tracks  27 cryptocurrencies over 3 subreddits. Namely /r/CryptoCurrency, /r/CryptoMarkets, and /r/BitcoinMarkets are used as the data source. Aside from Bitcoin and its forks, due to an issue separating similar names, ‘most’ top 20 cryptocurrencies make up the list of 27. The data is placed on a table, with a percentage and time used to indicate popularity. The table is updated every 5 minutes and requires a reload to update locally.

Further planned features for Investor Data include interactive graphs and a JSON based API. Also mentioned is a plan to implement a similar tool for Google Trends and Twitter, and the possibility of putting all the data together for a more complete look at the cryptocurrency community.

Most popular currency on Reddit

EOS's rankings on Investor Data at the time of writing

Investor Data reported that the most talked about currency at the time of writing was EOS, with Ethereum and NANO tied for second place.

The spread of data over time provides a nice look into whether or not a given amount of activity is new. Short-term increases, for example, would indicate hype around a cryptocurrency, while long-term increases without similar short-term numbers could indicate sustained interest.

Issues

Currently, the site does not have a valid SSL certificate, meaning that malicious parties may be able to fake the site for their own benefit. Otherwise, as stated above, the tool currently does not differentiate between forks that have similar names, for example, Bitcoin and Bitcoin Cash. Therefore, any statistics referencing these coins will be for every fork. Investor Data’s FAQ does state that differentiating forks with similar names is being worked on. There is not a timeline available for when this will be fixed.

 

Update: /u/Aiwa4 has stated in a comment to BlockExplorer that they plan to procure an SSL certificate to remedy the above mentioned issues with SSL.

 

Included in the original Lightning Network specification is a proposal to use Onion routing for transactions. Onion routing, the same technology that powers the Tor network, would increase both security and privacy on the Lightning Network.

What this means for privacy

Currently, when sending transactions that cross multiple channels over the Lightning Network, each node in the chain knows everything about the transaction. Information such as who it came from, where it is going, and how much is being transferred is exposed. Having this information exposed is a privacy issue, as anyone can see who you are sending a transaction to. Onion routing intends to solve this issue. The content of the transaction is hidden to all but those involved when using Onion routing. Every other node in the chain simply knows enough to pass it along.

How Onion routing works

With Onion routing, each node is only told enough information to pass the transaction along to the next node on the route. This means that no-one can snoop on your transactions, but they will still get to their destination. Onion routing works by wrapping a packet (in this case a transaction) in more and more data. One piece of data for each node on the route. When passing through a node, the outermost data is decrypted and used to identify the next node. Before sending the packet, the node destroys the data that it used to figure out where the packet goes next and puts the data the next node will use in its place.

In the case of the Lightning Network, the node does the same process mentioned before but also collects its fee. The origin node calculates and adds each node’s fee during the creation of the transaction.

stop

“Due to false accusations from electrum.org, they have ruined our reputation and brand of Electrum Pro. They managed to trick several news outlets to slander us. We decided to go our seperate ways to work on different projects.“

Following the proof released and verified on may 9th, the site hosting the malware Electrum Pro seems to have been voluntarily shut down. A message on the site states Electrum Pro’s reputation has been ruined due to false accusations from electrum.org. The message further states that the domain is up for sale for 25BTC, and provides a contact email.

Claims of ‘False accusations’ by electrum.org

The Electrum Pro team states that they have been falsely accused by electrum.org. This statement is false, as electrum.org provided proof that can be externally verified. BlockExplorer verified this proof itself in its earlier article, in which the malicious wallet was decompiled and the code to steal keys proven to exist. The malicious code even goes so far as to hide its network activity in what looks like normal version analytics. Meaning that a quick glance over the network activity of the wallet could miss the malicious activity.

Further verification that the wallet steals seeds was found by Twitter user Gergely Eberhardt, who in a tweet showed the original code found in the Android app version of the malicious wallet.

It would seem that yes, there are false accusations here. But they are not from electrum.org. Instead, they are from the Electrum Pro team itself.

hack

“We now have proof that “Electrum Pro” is bitcoin-stealing malware. The sha256sum of ElectrumPro-4.0.2-Standalone.zip  is f497d2681dc00a7470fef7bcef8228964a2412889cd70b098cb8985aa1573e99. This hash can be confirmed independently using http://archive.org .”

On May 8th, @ElectrumWallet sent a tweet indicating that ‘ElectrumPro’ was malware, and that proof of this claim would follow. Another tweet that contained the proof referenced was sent by @ElectrumWallet a few hours later.

“Here is a verifiable proof that “Electrum Pro”, a fake version of @ElectrumWallet, is in fact Bitcoin-stealing malware: [ https://github.com/spesmilo/electrum-docs/blob/master/decompiling_guide.md ]”

Link changed to a direct GitHub link

The Proof

The proof given is a step by step guide to decompiling the python based binary. The proof claims that within the binary, where the seeds are created, an additional step exists which uploads the seed to electrum(dot)com. The official website for the Electrum wallet is electrum.org, which we can be sure of due to its link on the external site bitcoin.org.

In order to verify the claims, I followed the steps outlined. To begin I downloaded the zip file for Electrum Pro, and verified the hash of my file matched the one referenced in the proof:

Mine:   f497d2681dc00a7470fef7bcef8228964a2412889cd70b098cb8985aa1573e99
Theirs: f497d2681dc00a7470fef7bcef8228964a2412889cd70b098cb8985aa1573e99

The files are identical, meaning that I should see the same data further on that is stated in the proof, so long as it is true.

Following the steps, I extracted the zip file (in my case with unzip, rather than 7za), and extracted the pyc files from the .exe inside the zip. Once I extracted the pyc files, I decompiled them using uncompyle6 and found the following python 3 code:

The above code is the same as what is shown in the proof provide by @ElectrumWallet. And as such, I can externally verify that Electrum Pro contains the lines referenced in the proof.

What does this mean?

It is now proven that Electrum Pro steals wallet seeds on creation. Meaning that any coins stored in a wallet created with this tool are accessible to anyone with access to electrum(dot)com. If you mistakenly used this wallet, you should move your coins to a secure wallet as soon as possible.

How to avoid malware like this in future

When installing wallets, verify on every step that what you’re doing is correct. Make sure that URLs are correct, confirm said URLs with external sources if possible, and always verify hashes and signatures. In Electrum’s case, for signatures, all official binaries are signed with ThomasV’s PGP key. To verify other wallets, you should be able to use the keys and hashes provided on the wallet’s home page. This may seem like a lot of work, but it’s worth it to keep your coins secure.

Verify everything.

QuadrigaCX is a Vancouver, Canada based cryptocurrency exchange that hosts ten trading pairs. It finds itself at number 20 on BlockExplorer’s top 25 cryptocurrency exchanges of 2017 list.

QuadrigaCX is well equipped for any traders looking to trade with CAD. There are a large number of options for both CAD and USD deposit and withdrawal. QuadrigaCX offers an API for programmatic trading. As such, it is recommended for any level of Canadian trader looking for a local exchange.

QuadrigaCX

quadrigacx cryptoURL: www.quadrigacx.com
Launched: 2013
Trading pairs: 10
Deposit Fees: Yes (Not for crypto)
Withdrawal Fees: Yes (Not for crypto)
Trading fees: Yes 0.2% – 0.5%
Verification: Yes, two levels
Margin Trading: No

Registration

Registering on QuadrigaCX is a single step process that requires an email address, your first and last name, and a PIN that will be used when making transactions.

Verification

There are two methods of acquiring verification on QuadrigaCX. It is recommended you complete both, as some of the fiat funding methods available require you to have completed a specific verification method.

The first verification method is to upload a copy of your ID and a proof of residence. And the second asks you questions about your credit information, provided by Equifax.

Fees

QuadrigaCX does not use the usual maker/taker scheme for its fees. Instead, QuadrigaCX has flat fees for trading pairs. Specifically, 0.5% for BTC/CAD, BTC/USD, ETH/CAD, LTC/CAD, BCH/CAD and BTG/CAD, and 0.2% for ETH/BTC, LTC/BTC, BCH/BTC and BTG/BTC.

For deposits and withdrawals, QuadrigaCX charges no fees for crypto or most fiat, with only CAD having fees for some methods. You can see an overview of the fees on QuadrigaCX’s funding page. There are very small minimum limits on crypto deposit and withdrawal, while fiat has both minimums and maximums that change depending on the deposit or withdrawal method used.

Interface

The interface QuadrigaCX provides is an off-white with muted colors. While there is, unfortunately, no dark mode available, the off-white background with muted colors is not as overly bright as some other exchanges.

At the top of the page, you will find information about the currently selected trading pair, a place to select trading pairs and your current balances.

The trading interface is broken into tabs, and unfortunately, there is no way to get a chart, an order book, and an order submission form on the same page. All of the tabs have a vertical design, which leaves a substantial amount of dead space on either side of the interface. Overall, while the trading interface does provide enough information, it could be laid out more efficiently.

Security

QuadrigaCX has excellent security practices. When making any transaction, you are required to enter an additional pin for confirmation. The login page is protected from replay attacks by way of a timeout. You can secure your account with Two Factor Authentication, which can be either email based or Google Authenticator based. And to top it all off, you can have all email sent to you from QuadrigaCX encrypted with your PGP key.

Some ambiguous wording during the registration process implies that you will be emailed both your password and transaction pin. The resulting email does not contain any sensitive information other than your client ID.