bitcoin hacks

$927 million worth of cryptocurrency was stolen in 2018 according to a new report by CipherTrace.  The vast majority of this money was taken from cryptocurrency exchanges in high-profile hacks.

Block Explorer decided to review the biggest crypto hacks of 2018 to remind our readers about the importance of taking all the possible measures to keep their digital fortunes safe. Meet the notorious winners:

January: Coincheck ($532.6 Million Hack)

This year started with one of the biggest crypto heists ever. Around 500 million XEM coins (native cryptocurrency of the NEM project) were stolen from the hot wallet of Tokyo-based crypto exchange Coincheck. 

At the date of the incident, the coins were worth roughly $532.6 million, beating the well-known disastrous Mt. Gox hack, when 850,000 of Bitcoins disappeared. The damage at the time was around $450 million.

Coincheck’s misadventures led to its acquisition by Monex Inc., a Japanese financial services group in April 2018. Monex was interested to increase the company’s international outreach.

It took ten months for the dust to settle, but Coincheck has now resumed its trading services.

February: BitGrail ($170 Million Hack)

Another month, another hack. This time the bad luck happened to BitGrail, a small Italian crypto exchange. And even though its trading volumes were not impressive, it was a perfect place for trading Nano (XRB). The asset went from $0.1 back in November 2017 to as high as $34 in January 2018 and was trading around $9-$18 at the moment of the hack. Its volatility made it very attractive for speculative traders, and the prospect of potential gains made them blind to the risk of using the non-mainstream exchange. 

And so it happened: BitGrail reported that hackers get away with 17 million nano, worth around $170 million at the time of the incident. Francesco Firano, known as @bomberfrancy on Twitter, the man behind the exchange, tried to put the blame on the Nano developers and claiming that they didn’t want to collaborate.

Firano offered the project’s team a solution for recovery after the hack: to modify the ledger. But the answer was negative. 

This story quickly became more and more controversial due to the endless discussions and theories suggested by social media users. They included the hypothesis that the nano hack was an exit scam.   

April: Ian Balina ($2 Million Hack on YouTube Live Stream)

Ian Balina, quite an established crypto influencer, investor and advisor, was hacked during his live stream ironically named “Hacking the System”. Approximately $2 million worth of tokens were snatched during this attack. Some participants of the crypto sphere speculated that it was a foxy trick to avoid taxes. 

Later in September, two young men, Fletcher Robert Childers, 23 and Joseph Harris, 21 (believed to go by the alias ‘Doc’), were arrested on suspicion of carrying out the attack. As reported by Motherboard, Balina confirmed he thought persons named Doc and Veri were behind the hack. 

June: Coinrail ($40 Million Hack)

June started with some noise in South Korea when a tiny exchange Coinrail lost more than $40 million worth of crypto in yet another hack. The biggest hit was taken by payment processing startup called Pundi X, with around 3% of total NPXS token supply affected. 

The project’s team was very eager to cooperate by freezing the stolen tokens immediately and halting trading to help with the investigation.

To this date, there are no major announcements on identifying the criminal behind the Coinrail’s heist. 

June: Bithumb ($31 Million Hack)

Bithumb is one of the most popular crypto exchanges in South Korea; one of the top ten in the world by volume for trading bitcoin cash and ethereum at the time of the hack. 

In spite of being a mainstream exchange, Bithumb was the subject of a hack in June 2018. During the attack, approximately 35 billion of Korean won worth of crypto was stolen ($31 million equivalent).  

According to some reports, the exchange’s management was aware of security issues prior to the breach and took measures to enhance the exchange’s safety, but it still didn’t work out. 

After the hack was discovered, the exchange’s management made a pledge to refund the losses to all affected customers from its own reserves. 

The investigation of the event was held by South Korea’s National Police Agency and its cybersecurity division. However, at the moment of writing, no definite suspects were found. 

September: Zaif ($60 Million Hack)

Another Japanese exchange came under attack. Hackers accessed the exchange’s hot wallets, which resulted in the loss of $60 million worth of crypto assets, including monacoin, bitcoin cash, and bitcoin.

The owner of the exchange, Tech Bureau Corp., promised to cover the losses of all affected customer and to do so got into a deal with Fisco Ltd. They agreed to exchange the major stake of Zaif exchange for financial support to resolve the issue. The total amount received was 5 billion yen (approximately $45 million). 

October: MapleChange (Unknown Figures)

Later in October, MapleChange, a tiny Canadian crypto exchange reported a hack, losing practically all the funds the exchange had at their disposal. The announcement was followed by the company’s management shutting down its website and social media accounts. They deleted everything that might have led to identifying the owner’s names. Many of MapleChange’s customers were not buying the “hack” story and suspected that it was a scam exit. 

October: Trade.io ($8 million Hack)

Another crypto exchange was hacked in October. Swiss-based Trade.io reported the loss of about $8 million worth of TIO tokens, apparently stolen from a company’s cold wallet. 

The stolen tokens were intended to be used as a project’s liquidity pool. Therefore, the management performed a fork to get the funds back. 

Interestingly enough the team stored the wallet itself in a local bank’s deposit safe. And since it was reported that the safe wasn’t compromised the only explanation is that hackers somehow managed to access the wallet details for making the transfers, that normally indicates an “inside job”. 

SIM Swap Hacks Turn Mainstream. Millions of Dollars Lost

 Towards the end of the year, we saw a new trend emerge: sim swap hacks.

By November these got completely out of hand and became a real pain for the members of the crypto community. 

In the nutshell, the SIM swap method gives the criminal the access to someone’s crypto wallets. By using SMS backup it’s possible to bypass two-factor authentication commonly used to protect the digital fortunes. 

Among the possible scenarios of a perfect SIM swap heist are: 

  • Bribing the mobile operator’s employees to get some inside help with the crime
  • Intentional abuse of customers’ data by former or current employees
  • Employees tricking innocent colleagues to swap the potential target’s SIM cards. 

As for the victims… Robert Ross, an angel investor from San Francisco, lost around $1 million due to the SIM swap. Christian Ferri, the head of BlockStar lost over $100,000. Michael Terpin, a well-known veteran of crypto space, is suing AT&T over a SIM swap that cost Terpin around $23.8 million at the time. And that’s just to name a few.

The list is living proof that with the evolution of blockchain-based projects comes the increased level of sophistication and persistence of crypto criminals. Don’t let them get you and be safe! 

Please don’t keep your crypto on an exchange

It might be simple and convenient, but it is not safe. Instead, move your funds to a secure wallet of your own where it is less vulnerable to hacks.

Essential further reading: 12 Best Bitcoin Wallets (For Safe and Secure Crypto Storage in 2018)

 

Mike Novogratz

Galaxy Digital Holdings has lost $136 million in nine months, according to Bloomberg. However, that hasn’t dampened the spirit of founder Mike Novogratz who says he is “all-in” on crypto.

Novogratz, a former trader at Goldman Sachs and Fortress, says his strategy as head of the company hasn’t changed despite the market massacre. “We have a business that we think can break even next year, if not make money. We’re not nervous; we’re frustrated that our investors have lost money. We’ve got plenty of cash to run the business for a long time.” 

Galaxy Digital is a merchant bank specializing in digital assets and blockchain. Services include digital asset management, trading, advisory services, and principal investments.

In the last nine months, the Galaxy Digital Holdings reported $136 million in losses, attributed to investments in XRP, bitcoin, and ethereum.

Novogratz points the finger at bitcoin cash for bitcoin’s latest drop below $6,000. He thought bitcoin “was going to hold at $6,200 […] but then bitcoin cash decided to fork again.”

Despite the ongoing bear market, Novogratz remains optimistic, affirming that bitcoin is “not going to zero.”

Source: Bloomberg

Crypto Curious? Subscribe to the Block Explorer newsletter to get exclusive crypto insights before they appear on the site.

Remember the spring of 2017? Altcoins were booming. Every other week new ERC-20 tokens were minted, shilled, pumped, and dumped. For the day-trader, it was a feeding frenzy like no other. Newbies went broke as the skilled got rich. And early adopters sat staring at green for months. 

All of it seemingly based on obscure whitepapers, contemporary looking websites, hype, and Twitter announcements. Now, it’s happening again. This time you can leave your Ethereum at the door. The star of this show is Monero.

Monero, as you know, is everyone’s favorite untraceable and fungible cryptocurrency. It’s a community project and open source, using a proof-of-work mining algorithm CryptoNight. Like Bitcoin before it, it’s going through a sort of renaissance; forks aplenty. With over 50 different CryptoNight coins, including Monero forks such as Wownero, there’s a lot of ideas brewing.

You can forget Initial Coin Offerings (ICOs) too. These projects are focusing on development first. Build a product and let it grow naturally. Here are some of the most intriguing projects in the space.

Figure 1. Wownero Doge.

Top CryptoNight Projects

Wownero plans to meme its way to the moon and become Monero’s DogeCoin with over-the-top ring signatures and bulletproofs. Others like Loki plan on bringing Monero’s famous anonymity to messenger applications. While less-inspired projects like Sumokoin and MoneroV have embraced the status quo and ASICs. And projects like Masari promising the ever elusive low hanging fruit that is ‘scalability.’

Others are a bit more ambitious. Projects such as Haven Protocol hope to create a stable off-shore banking system utilizing a dual coin blockchain. While Graft aims to become the Paypal of crypto by servicing real-time payment solutions and atomic swaps. Not to mention BitTube; the anti-censorship Youtube clone with a built-in cryptocurrency payment system.

There’s even an “Ethereum of Monero” named Dero looking to bring proof-of-work and anonymity to smart contracts. Using the familiar Golang coding language. Like in the golden age of ERC-20 tokens, the possibilities seem endless.

No ICOs; Development First, Funding Later

These aren’t Initial Coin Offerings (ICOs) either. As Turtle Coin’s homepage points out; there are all too many projects pumped on promises and no product. For the most part, Monero forks and the CryptoNight coins like them are unfunded projects with nothing more than a few passionate devs and lofty goals; believing value will create itself.

Turtlecoin
Figure 2. Turtlecoin.lol Homepage.

There’s no shortage of ideas or coins. With small market capitalizations and lots of room for ‘mooning,’ it’s a penny trader’s dreamland; an early adopters clearinghouse. Even in this bear market, these little-known coins are being pumped and dumped on a daily basis. All happening on courageous homebrew exchanges like TradeOgre.com.

The “Penny Stocks” of Crypto

TradeOgre
Figure 2. Tradeogre.com

Established in January 2018 Trade Ogre has become a consistent, and little known, exchange with coin offerings rarely seen on major exchanges. Offering more than just Monero forks and CryptoNight coins, such as Ethereum and XRP,  Trade Ogre’s is an altcoin feeding frenzy all to itself. Its user interface is simple and Trade Ogre is K.Y.C free (no need to verify your ID). It even has 2FA.

Intuitive and easy-to-use, Trade Ogre’s offerings may even seem overwhelming; much like Cryptopia’s. All you need is some Bitcoin, or Litecoin, an email you can verify and you’re ready to go. You may need to invest some time downloading, learning how to use new wallets, and visiting a couple Githubs. But that’s part of the fun.

If you’d like to join Monero’s renaissance without trading, your Bitcoin mining is always an option as well. You can view a list of CryptoNight coins and mine at https://cryptoknight.cc/. Most of which are listed for trade at Trade Ogre and Cryptopia.

Figure 4. Cryptoknight.cc Mining Pools.

Either way, let’s hope this trend continues and more exchanges like Trade Ogre begin popping up; as well as a few more coins. Be careful out there!

Disclaimer: the author is involved in the Wownero project as a designer and artist.

Learned something new in this article? Subscribe to the Block Explorer newsletter to get exclusive crypto insights before they appear on the site.

Ripple XRP

A version of this article first appeared in our exclusive newsletter. If you’d like Block Explorer’s cutting-edge analysis before it hits our website, sign up now.

November was a rough month in the world of crypto. Despite a spirited bounce last week, we’ve seen $70 billion wiped out across the board since the start of November.

But some cryptocurrencies held up better than others in the last couple of weeks. Here are the numbers since November 14th:

XRP – down 30%

Bitcoin – down 37%

Ethereum – down 45%

Notice how XRP hung on much better than Ethereum and ultimately surpassed it in terms of market capitalization? 

It’s not the first time Ripple’s XRP token has “flippened” ethereum, but this is now the longest it has ever stayed there.

Here are some possible reasons for the flippening:

1. Cryptocurrency Mining Concerns (Yeah, I’m Looking at you, Bitcoin Cash)

As we all know, Bitcoin Cash terrified the markets by splitting in two this month. Miners went to war, threatening to launch attacks on each other and hold the network hostage.

It showed a possible weakness in “mining” cryptocurrencies in that miners can exert a huge influence over the network.

It’s no coincidence that Proof-of-Work mining cryptocurrencies like ethereum, bitcoin, and bitcoin cash fell harder than others.

XRP, which uses a consensus protocol instead, held its value better during the crash, as did others with a consensus network like Stellar (XLM).

2. Utility?

As market prices fall, traders look to put their money in projects with real-world use. Ripple has been on a headline-grabbing spree this year, shouting about their high-profile partnerships with banks like Santander and American Express.

In reality, only a small handful of partners are actually using XRP, but Ripple has successfully given the impression that XRP has real-world utility which may have convinced people to keep their money in the token.

3. All Quiet on Ethereum

While Ripple is shouting from the rooftops about XRP, developers at Ethereum have got their head down. Ethereum enjoyed all the attention in 2017, but the team is now quietly working on the next upgrade, dubbed Ethereum 1x, due next year.

It doesn’t necessarily mean activity or innovation has died down on Ethereum, it just means there are fewer headline-grabbing announcements.

4. The Demise of ICOs

If you wanted to invest in an ICO (initial coin offering) last year, you typically needed to fund it with ether. Now that some ICOs have lost as much as 98% of their value, that excitement has vanished.

Not only is there a lack of ICO hunger, some ICOs are reportedly liquidating their ETH to meet costs. As the premier platform for ICOs, Ethereum is taking a bigger hit than many other major cryptocurrencies.

What do you think?

Is the XRP flippening permanent? Will Ethereum’s big upgrade trigger a resurgence? Leave your comments below!

A version of this article first appeared in our exclusive newsletter. If you’d like Block Explorer’s cutting-edge analysis before it hits our website, sign up now.

Mining crypto currency. Farm for mining bitcoins. Vector flat illustration
  • Proof of Work is the algorithm that powers various blockchains, like Bitcoin, Ethereum, Litecoin, and Monero.
  • Miners solve complex mathematical puzzles using computer power to produce a “block” of transactions.
  • When a block is produced, the miner is rewarded with the native cryptocurrency: bitcoin, ether, or litecoin, for example.
  • Proof of work ensures that blocks are produced at a stable rate and are accurately verified.

Cryptocurrencies work on the principle of a blockchain, where blocks containing transactions are added to the chain to make transactions happen. 

The issue is, the speed and validity of blocks must be kept in check. Proof of Work solves this issue, let’s check out how.

The Problem

Blocks on the blockchain are quite powerful as they confirm the transaction of money between addresses. They also distribute new currency by issuing rewards to the block creator. 

For these reasons, there are two important rules for block production.

  • Blocks need to be verified some way, so that we know what order transactions happened, among other things.
  • We need to control the speed at which blocks are added. If the speed is not controlled, block rewards are added to the network quickly and the worth of the currency plummets.

Bitcoin, for example, has a target block time of ten minutes. If blocks are created too fast, too much bitcoin will be given out to miners, thus flooding the market. Something has to keep that block time regulated.

Enter Proof Of Work

Proof of work solves both of our issues. It’s based on the idea that we include some data in the block that is hard to calculate, but easy to verify. 

In most proof of work cryptocurrencies, this comes in the form of a cryptographic hash.

What is a Hash Function?

A hash function takes a message or piece of data and scrambles it into a long cryptographic, alphanumeric code. 

But the smallest change to the message or data creates huge changes in the code. 

For example:

The SHA1 hash of “Armin Davis” is: 397d23a20e7cf5065238d7cdda5430d62a68445b

But change the capital letters to lower-case…

The SHA1 hash of “armin davis” is: b1371918c95f4693273757a2bc51514dcdfd1697

The hashes are completely different and seemingly random.

But it’s not random. The same input data will always return the same hash. Meaning that we can easily verify that a given hash is right for a given block easily. 

And, if we include the hash of the previous block in ours, we can prove order too.

Enjoying this article? Subscribe to the Block Explorer newsletter to get exclusive crypto insights before they appear on the site.

proof of work
Proof of work compared against alternative algorithm “proof of stake” Credit: CryptoTechies

What About the Timing Issue?

Hash algorithms are perfect for our verification problem but don’t fix the issue of timing on their own. 

Hashes are designed to be fast to compute, very fast in fact. The time it took to calculate the above two hashes was less than one-hundredth of a second.

But we need to regulate the time, so blocks aren’t produced too quickly.

We have a simple solution to this: network difficulty. 

Simply put, you can change how long it takes to create a block by making it harder to solve the cryptographic puzzle.

bitcoin difficulty chart
As more and more miners devote hash power to the Bitcoin network, the “difficulty” has increased dramatically to keep block production in check. Source: Bitinfocharts

Usually, that means including a constraint that the hash must be below a specific number. And that that number is calculated at specific intervals. 

Now miners have to hash their blocks many times, with each one taking up some time and lots of computer power. In order for the block creator to change the hash of their block, an additional bit of information is added to the block called the nonce. 

A nonce is simply a number that can be modified as the block creator sees fit to change the output hash.

Each time a hash is calculated and does not meet the requirements of the network at that time, the nonce is incremented or otherwise changed and the hash re-calculated.

Often a miner will try a very large number of different nonces before they find one that will be accepted by the network. The total time all miners take to find a block should be somewhere around the block time (ten minutes for Bitcoin). 

And if not, the difficulty is adjusted to keep the timing in line.

Not all Proof of Work Algorithms are the Same…

The hashing algorithm a cryptocurrency uses directly affects how difficulty will work, and what hardware you can run the mining software on. 

To use Bitcoin as an example again; Bitcoin uses the algorithm SHA-256, which is an industry standard hashing algorithm used in many places. 

If you’ve saved a password on a website, odds are it was hashed with Secure Hash Algorithm (SHA)-256 before it was stored. Using industry standard hashing algorithms means they are proven secure and worked on by massive communities.

However, using industry-standard algorithms is both a blessing and a curse. 

A blessing because most hardware will be able to run your software. But a curse (depending on how you look at it) due to one word: ASICs.

ASIC (Application Specific Integrated Circuits) are mining hardware that gives your network a massive amount of mining power. That increases centralization due to price and power demands. The more ASICs you own or control, the more of the network you command.

Some other cryptocurrencies, like Monero, use their own hashing algorithm specifically designed for use in proof of work systems. These have the advantage that developers have complete control over what hardware the algorithm works on best.

Downsides to Proof of Work

There are a few downsides to Proof of Work when compared to other solutions.

First, Proof of Work requires a lot of computing power. And, the more mining power on the network, the higher the difficulty. Meaning that you very quickly run into a situation where those with the cash to buy hardware do. And when you have a lot of hardware, you tend to store all their hardware in one place, leading to centralization.

At worst, this could lead to a 51% attack, whereby one actor, or group of actors, control more than half of the network. If that happens, they could theoretically “double spend” the cryptocurrency on the network.

And second, that computing power needs a lot of electricity to run, and at the high end, miners go looking for the cheapest power possible. This means that miners start to congregate in cities or countries where the power is cheap, again leading to centralization.

Learned something new in this article? Subscribe to the Block Explorer newsletter to get exclusive crypto insights before they appear on the site.