The privacy-focused cryptocurrency Verge, is quickly becoming a running joke within the cryptocurrency industry, after repeatedly suffering 51% attacks and having hackers exploit a vulnerability that’s led to millions of dollars in Verge tokens being stolen.

It started back in April, when Verge suffered a small 51% attack that resulted in 250,000 XVG being stolen by hackers. Verge responded by hard-forking their blockchain, however, the 51% attack was repeated just last week when hackers added a second algorithm to exploit the same vulnerability previously used by the attackers.

51% attacks happen when hackers use a malicious code to mine multiple blocks per minute on a blockchain, allowing the attackers to gain majority control over network hashrates and move XVG to their wallets. At the peak of the second attack, the hackers were mining 25 blocks per minute, or roughly 8250 XVG or $950 a minute being stolen by thieves.

Verge downplayed the attack as nothing more than a DDoS attack, but according to reports, over 35 million in XVG tokens, amounting to over $1.7 million dollars, was stolen as a result of the attack.

Today, the prominent BitcoinTalk ocminer user who discovered the last two attacks, is reporting that Verge has yet again suffered a 51% attack. In the BitcoinTalk forum thread titled “Network Attack on XVG / Verge” ocminer says “Yup… attack again.. as already said, simply reducing drift time doesn’t fix it..”

Verge’s blockchain isn’t the only location hackers have targeted. Verge’s twitter account was also compromised this past March in an unrelated attack.

On a more positive note, Verge made news for becoming the first ever cryptocurrency to be accepted by adult entertainment website Pornhub for their premium subscription services. As one Redditor so cheekily said “Maybe they should take a note from Pornhub and learn to plug up the holes on their blockchain.”

The European Union (EU) General Data Protection Regulation (GDPR) is a law designed to enhance the protection of personal data and give individuals greater control over their own data.  While the law applies to individuals and personal data resident in the EU, many organizations and services are taking the opportunity to revise their policies and practices for all users.  As the GDPR comes into effect today, May 25, 2018, many cryptocurrency service providers have made changes to bring their policies and practices into compliance. 

GDPR and Blockchain

A key objective of the GDPR empowers individuals (or data subjects) with various rights.  Some of these rights align well with blockchain technology. For example, the GDPR includes a right to information, giving individuals the right to request how their personal data is being shared and processed.  The right to access is also a step towards greater transparency, as it allows individuals the opportunity to view their own personal data that has been collected by an organization or service.  IBM has released a white paper outlining some key ways that blockchain technology can be used to support the goals of GDPR and enhance compliance.

However, the GDPR also enforces “the right to be forgotten”, which provides individual data subjects with a right to request the deletion of personal data.  Immutability is a core feature of blockchain technology, and without a central authority to oversee the erasure of any personal data, this part of the GDPR presents a considerable challenge for any open blockchain network that has stored personal data on the blockchain.   

Andries Van Humbeeck, Blockchain consultant for TheLedger.be, highlights this potential clash between GDPR and the blockchain:

And here is the paradox: The goal of GPDR is to “give citizens back the control of their personal data, whilst imposing strict rules on those hosting and ‘processing’ this data, anywhere in the world.” Also, one of the things GDPR states is that data “should be erasable”. Since throwing away your encryption keys is not the same as ‘erasure of data’, GDPR prohibits us from storing personal data on a blockchain level. Thereby losing the ability to enhance control of your own personal data.

Source: The Blockchain-GDPR Paradox, Andries Van Humbeeck, November 21, 2017.

GDPR and Cryptocurrency Services

If you use cryptocurrency services, including exchanges, wallets, and peer-to-peer marketplaces, you probably have received emails over the past month advising you of revisions to privacy policies and terms of service.  While the specifics of these changes will vary, here is a brief overview of a few trends to be aware of:

  • Consolidation of personal data:  In anticipation of user requests to view, modify, move or delete personal data, you can expect some services to restrict users to the use of a single account.  You can also expect to see services implementing portals and tools that display all personal data connected to an individual user in a single location, and allow users to make requests regarding that data.
  • Detailed rationale around personal data collection & usage:  The GDPR expects service providers to provide clear, plain-language explanations of why your personal data is processed at a detailed, granular level.  This is an excellent opportunity to understand where data is being collected for regulatory purposes, where it’s being collected for the purposes of operating a given service, and where it’s being requested for the purposes of advertising and revenue-generation.
  • Identification of third parties with access to your data, and how they are using it:  Service providers often allow third-parties to access and process your data as part of service delivery.  These third parties may be processing your data for a wide range of purposes, including identity verification, transaction processing, tracking how a service is used, and identifying & correcting bugs or service errors.  Updates to privacy policies and terms of service should clarify where third parties may be used to process your personal data. To some extent, this also allows users to “peek behind the curtain” and learn more about how their chosen service providers conduct their businesses and who they partner with.
  • Restriction of service and features based on geographic location:  While some service providers are bringing changes into effect for all users, regardless of geographic location, others have established separate policies and practices for EU residents.  For example, Coinbase has implemented separate Privacy Policies for the UK and the US and is currently only allowing EU residents to access the privacy rights dashboard.  Some North American sites and news organizations have blocked EU residents from access or shuttered operations entirely, including peer-to-peer network CoinTouch, which announced its closure due to the costs of implementing GDPR compliance in early May.   

 

Is GDPR having an unexpected impact on a cryptocurrency or your preferred cryptocurrency service provider?  Let us know in the comments.

Included in the original Lightning Network specification is a proposal to use Onion routing for transactions. Onion routing, the same technology that powers the Tor network, would increase both security and privacy on the Lightning Network.

What this means for privacy

Currently, when sending transactions that cross multiple channels over the Lightning Network, each node in the chain knows everything about the transaction. Information such as who it came from, where it is going, and how much is being transferred is exposed. Having this information exposed is a privacy issue, as anyone can see who you are sending a transaction to. Onion routing intends to solve this issue. The content of the transaction is hidden to all but those involved when using Onion routing. Every other node in the chain simply knows enough to pass it along.

How Onion routing works

With Onion routing, each node is only told enough information to pass the transaction along to the next node on the route. This means that no-one can snoop on your transactions, but they will still get to their destination. Onion routing works by wrapping a packet (in this case a transaction) in more and more data. One piece of data for each node on the route. When passing through a node, the outermost data is decrypted and used to identify the next node. Before sending the packet, the node destroys the data that it used to figure out where the packet goes next and puts the data the next node will use in its place.

In the case of the Lightning Network, the node does the same process mentioned before but also collects its fee. The origin node calculates and adds each node’s fee during the creation of the transaction.

coin renders

Use our news to inform cryptocurrency trading decisions, stay up-to-date on happenings in the industry, and more!

5,104 BTC Later, The Bitcoin Pineapple Fund Announces It’s Time to Say Farewell
BlockExplorer’s Rebecca Campbell reports, “An anonymous donor who set up a philanthropic project using bitcoin for charitable causes has announced that it’s time to say goodbye.”

The Wild West of Crypto Hacks in One Graph
HowMuch.Net has analyzed the history of the most significant cryptocurrency hacks and scams by compiling data from CryptoAware.org, and creating a timeline graph of the data. HowMuch.net invites you to “see how often and to what extent the crypto-market has sustained attacks over the last several years.”

Bitcoin Developers Build Prototype of a Privacy Tool
An email sent to the bitcoin developers list today laid out the framework for the “Dandelion” privacy tool. “Bitcoin’s transaction spreading protocol is vulnerable to deanonymization attacks. Dandelion is a transaction routing mechanism that provides formal anonymity guarantees against these attacks.”

A New Show is Coming to CBS About Crypto
Crypto Crow YouTuber Jason Appleton has signed an agreement with CBS “to air 13 episodes of the Crypto Crow Show in select markets as a test market in hopes of spreading nationally.” The first season is scheduled to begin the week of June 25, 2018. “Each episode will feature educational information focused on helping newcomers to the crypto space such as researching, investing and how to stay secure in their efforts while featuring ICO and cryptocurrency companies and how they affect the industry.” Appleton says the series will be fully paid for by bitcoin.

Image courtesy of Carty Sewill, http://cartyisme.com/

One of the most powerful aspects of blockchain technology is that it is generic, and not limited to a few vertical applications. Recent examples reported here on Block Explorer News from widely-differing fields include using a blockchain to store publications, to manage real-time drone flight data, and as the basis of a mobile voting platform. To that growing list can be added the important domain of personal genomics – the sequencing and analysis of an individual’s DNA – thanks to a new service from the company Nebula Genomics:

We will spur genomic data growth by significantly reducing the costs of personal genome sequencing, enhancing genomic data protection, enabling buyers to efficiently acquire genomic data, and addressing the challenges of genomic big data. We will accomplish this through decentralization, cryptography, and utilization of the blockchain.

The potential of personal genomics has been clear for some time. By sequencing the DNA of many individuals, the hope is that the diagnosis and treatment of existing diseases will be improved, along with finding ways to prevent future health problems. Personal genomics potentially allows personalized therapies, tailored precisely to individuals on the basis of their DNA. And by combining millions of genomes it will be possible to understand diseases better, and come up with new drugs to treat them.

Current approaches have significant problems. The cost of sequencing an individual’s complete DNA has dropped significantly in recent years to around $1000, and is expected to fall below $100 in the near future. However, the equipment required to do so is still expensive, which means that sequencing is typically carried out by a few large organizations. They not only store the results in a central database, which represents a security risk for such sensitive information, but they typically retain ownership of that sequence data. Financial benefits from discoveries made using the genomic data also generally stay with the organizations or companies that hold the DNA. Nebula Genomics hopes to address all those problems using blockchain technology.

The central idea of the company’s approach is that individuals retain ownership and control of their sequenced genomic data, but sell access to it in a secure way. All data-sharing records are stored immutably in the Nebula blockchain, which is based on Ethereum, and plays a key role in mediating transactions between the individual and the companies that wish to use the genomic data. These will typically be pharmaceutical and biotech companies. Currently, they are buying DNA data in bulk from existing genomics companies, or are setting up their own sequencing programs.

Using the Nebula network, individuals would be paid by companies for access to their DNA using tokens purchased by the latter from Nebula Genomics, with fiat money. While sharing data and receiving payments, individuals remain pseudo-anonymous. Nebula network addresses are cryptographic identifiers that are not associated with any personal information. Individuals would in turn use the tokens to pay Nebula Genomics for the genome sequencing. In addition, companies could pay individuals tokens for completing surveys that provided health information to be used alongside their genomic data. The use of Ethereum smart contracts allows companies to create customized surveys:

data buyers may choose to pay all survey participants an equal amount of Nebula tokens or alternatively define different token amounts that will be awarded for different combinations of responses. For example, if a survey participant is found to be affected by a condition that is of interest to the data buyer, the highest token reward will be automatically paid out. Responses that suggest that the survey participant is not affected by the condition in question will trigger a lower token payment. Contradictory responses indicating dishonesty will not be rewarded.

The main Nebula network is built on top of the Blockstack framework: “an open-source effort to re-decentralize the internet; it builds a new internet for decentralized applications and enables users to own their application data directly.” It, too, depends on blockchain technology for critical aspects:

Identity is user-controlled and utilizes the blockchain for secure management of keys, devices and usernames. When users login with apps, they are anonymous by default and use an app-specific key, but their full identity can be revealed and proven at any time. Keys are for signing and encryption and can be changed as devices need to be added or removed.

Under the hood, Blockstack provides a decentralized domain name system (DNS), decentralized public key distribution system, and registry for apps and user identities.

The user-centric approach of Blockstack fits well with the philosophy behind Nebula Genomics. As a result, individuals not only retain control of their sequence data but are free to store it on any service that supports the Blockstack storage system. This portability ensures that users of the Nebula platform are not locked into the company, and can use their data outside the Nebula network. Nebula’s DNA software will be available as a Blockstack distributed app that is executed locally on a user’s personal data, allowing individuals to analyze their own DNA.

When other companies are granted permission by individuals to use personal genomic data within the Nebula Genomics framework, there are additional privacy safeguards. Once access to an individual’s DNA sequence has been purchased and recorded in the Nebula blockchain, the data is sent in an encrypted form to special compute nodes, which use two advanced technologies to protect sensitive personal data: Intel’s Software Guard Extensions (SGX) and homomorphic encryption.

SGX operates by allocating hardware-protected memory where code and data reside, called an enclave. By restricting processing of genomic data to enclaves on compute nodes, the risk of privacy loss is reduced. SGX can be combined with homomorphic encryption of DNA sequences to speed up certain operations. Homomorphic encryption allows data to be pre-processed without needing to decrypt it. It is then passed to an enclave for decryption and analysis. The Blockstack underpinning means that secure compute nodes can be operated by Nebula Genomics; on the servers of companies that have bought access to an individual’s genomic data; or through any third party that complies with the overall architecture.

As the above indicates, Nebula Genomic’s platform addresses several key challenges involving the storage and processing of highly personal data in a way that leaves the individual in control. Since similar problems exist across most industries, this suggests that these kinds of blockchain-based frameworks could be applicable far beyond the world of DNA sequencing and analysis.

Featured image by Nebula Genomics.