Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Sunday January 28 2018, @09:07AM   Printer-friendly
from the keep-your-private-keys-offline dept.

There's a new contender for the largest theft of cryptocurrency ever:

A Japanese cryptocurrency exchange announced the theft Friday of $400 million in digital currency. Some estimates put the loss at the Coincheck exchange at over $520 million.

The stolen assets were stored in the cryptocurrency NEM, one of hundreds of digital currencies created in recent years. Bitcoin, the most well-known cryptocurrency, dropped precipitously on news of the hack but has since regained much of its value.

The incident could be one of the largest single losses of cryptocurrency ever, rivaling only the 2014 hack of online exchange Mt. Gox. Reports at the time put Mt. Gox's losses at over $400 million.

Coincheck says 500 million digital coins were lost. According to Cointelgraph, hackers stole the private key protecting access to Coincheck's accounts.

Does it matter that it was a $400 million theft if the value is going to collapse anyway?

Meanwhile, a stock trading app called Robinhood plans to allow users to buy and sell Bitcoin and Ethereum without any transaction fees.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by All Your Lawn Are Belong To Us on Monday January 29 2018, @02:16PM (2 children)

    by All Your Lawn Are Belong To Us (6553) on Monday January 29 2018, @02:16PM (#629805) Journal

    I believe it is just as possible to launder crypto, similar to but with slightly different methods than cash. As a person who has just barely gotten into cryptocurrency for fun, but not as an investor and not as a purchaser of goods, I think the breakdown of the system would lie like this:

    1) Stolen amount is transferred to a particular wallet.
    2) Amounts from that stolen wallet are shell-game transferred into different accounts, perhaps with multiple leaps. (Transfer 1 to wallet X, Transfer 2 to wallet Y1 and Y2, Transfer 3 to wallet Z... Z1... Z2.... Z3).
    Those different subsidiary wallets are either :
    3) Funneled into exchanges in countries with loose banking (the governments turn a blind eye, or regulators aren't very interested,) and then exchanged for cash/gold/whatever and cashed out under fictitious (or stolen) identities. OR
    3) Goods and services are indeed purchased with them, again to a fictitiously created identity. Wallet Z3, by the way, has been used dozens upon dozens of times for all sorts of transfer activity. So if traced back to owner Z3 at address A (and for that kind of money you can do all sorts of 1 month rentals of places that are empty and abandoned), but Z3 still has plausible deniability that he got the bitcoin from Y2 for selling Y2 his ________, and my account also has A1/B1/C3 transactions. Prove that it wasn't in good faith, copper!
    3) From the exchange rule above, the thief is well connected in that jurisdiction such that you can forget about getting him by anything less than extraordinary rendition.

    I know from my experience that I did have to provide a copy of my ID card and a photo of my face (IIRC) to open a trading account at Coinbase. But all it would take is a photocopy of a driver's license (you don't even have to "steal" it permanently - probably better that way). And you're already dealing with criminals - I'm sure they would go through less effort than I would to launder it because connections.

    This is the positive ethical side of why groups like FINCEN want to have all these stupid and chilling rules about monitoring all financial activity. Unless they can trace every step of a process they will get lost in the middlemen.

    At any rate, this is also proof of something very fundamental to working with cryptocurrency: You NEVER leave a negotiable amount in a trading account of exchange. Get it, shift it to a paper wallet, then reshift from paper back into the exchange when you're ready to cash out. Count the fees you'll pay as necessary costs of doing business in crypto, for the sake of security. That is, if you're doing anything but day trading it.... and anybody day (or second) trading had better be prepared to kiss the whole amount away in an instant for reasons other than hacking. Exchanges AIN'T banks, generally, and are always risky.

    --
    This sig for rent.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by hemocyanin on Wednesday January 31 2018, @06:13AM (1 child)

    by hemocyanin (186) on Wednesday January 31 2018, @06:13AM (#630833) Journal

    It seems to me that since all transactions are recorded, a coin could be reported stolen via some method [insert magic that makes it reliable and accurate] and thus marked. Could not future transactions be checked against the stolen list and thereby aborted? This would render stolen coins worthless until returned to the last valid owner.

    • (Score: 2) by All Your Lawn Are Belong To Us on Wednesday January 31 2018, @03:41PM

      by All Your Lawn Are Belong To Us (6553) on Wednesday January 31 2018, @03:41PM (#630980) Journal

      Interesting. Is it technically possible to tag things this way? A system could probably be designed that way. (Or "disputed" coin, perhaps). One would record a ledger entry this way.... the technical challenge being, what is the balance of the respective owner(s) while the dispute is ongoing? Do you take the balance away from the wallet so it can't be retransferred? Or are the next transfers out of that wallet to that amount marked as disputed and the new receiver carries the risk / or do you not permit any balance transfers from an account that is disputed?

      But aside from that, here's why it won't work in most public cryptos: Cryptocurrency has NO true central authority once the system is rolling - it only has the collectivity of the miners. So who allows a dispute to be "valid"? Can I just say, "Hey, I never got my stuff! Freeze those coins!" Literally nobody exists to judge the validity of such a claim, let alone rule on it. The proposal I had above for reversing a huge theft requires concurrency of enough of the blockchain creators (the miners) to all agree that a particular transaction is invalid. Last I heard, for Bitcoin, there were about 10,000 mining entities. A lot of those entities are collectives, maybe with a central dictator for any single entity but maybe not. Even without considering that, you're asking 5,001 people/groups to come to agreement that one single transaction should be changed. Will you do that for $500 million? Yeah, maybe. Will you do it for $100, EVERY time someone screams? Doubtful. But that's the ONLY method to reverse a transaction.

      And since cryptocurrency has something of a Libertarian bent, you're going to get a whole lot of those 10,000 saying, "too bad, so sad, thanks for playing." The system is designed with criteria in mind that every actor - the miners, the purchasers/transferrers, the exchanges, all of them have no reason to trust each other. Their validity comes from sharing agreement on the record of all previous transactions. And acknowledging a certain transaction is bad requires trust. (Not just emotionally, but the actual process of accepting that things should be different because X). They all only collectively agree on what is good, by the cementing of the blockchain with future blocks that incorporate all previous ones. It is a sort of technological Tower of Babel... and asking them to dismantle and reassemble the last X floors takes a tremendous effort. This decentralization is baked into the very core of what cryptocurrency is and why it is different from other systems.

      In private cryptos, where there is one agency at work who IS a central authority figure - yes.... that's possible. In fact, it would be interesting to find out from the big-bank (and other big business) players inventing their own cryptosystems what they do with such a thing. Because a bank must be able to admit it is wrong and reverse transactions.

      --
      This sig for rent.