Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Thursday February 01 2018, @02:37AM   Printer-friendly
from the handy-piece-of-code dept.

My old physics teacher always said: "It's the dumb criminals who get caught; you never catch the smart ones." He was a really smart guy, and he did live a nice lifestyle, hmmm...

Anyway, so IOTA. As with any digital currency, you need some random information - a passphrase typically - that is used when you create your wallet. In the case of IOTA, which is supposed to be IOT friendly, this means a string of 81 random characters, the generation of which could be pretty easily automated.

That's great, and the OSS world being full of helpful people, someone wrote a handy generator, put the code for all to see on GitHub, and put their generator onto a website where you could easily make use of it. Nice.

Actually, diabolical. The code on the website really was identical to the code on GitHub, except for one tiny, almost insignificant change: at some point, the owner swapped out the random seed to a value that he knew. Not even constant - that would have been too obvious - but known nonetheless.

And for many months, many people used his friendly little service. Until January 19th, when he emptied their IOTA wallets, erased his presence from the Interwebs, and quietly disappeared. $4 million or so richer.

This one won't be caught.

tl;dr for anyone who doesn't get it: The point of having a secret password, secret passphrase, or secret key is that it's secret. Which means that you don't have it generated for you by a public web service.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by bradley13 on Thursday February 01 2018, @06:58AM (1 child)

    by bradley13 (3053) on Thursday February 01 2018, @06:58AM (#631363) Homepage Journal

    Exactly. There are plenty of services that will transform one digital currency into another [shapeshift.io]. I've used shapeshift.io - it's fast, painless, simple, and doesn't even require a login. He probably ought to take a detour through Monero, or a mixer service, along the way. After that, any exchange will turn his digital currency into cash.

    His biggest worry should probably be the ordinary tax authorities, if he gets greedy or impatient. Living suddenly beyond your means, or having your bank accounts suddenly bulging for no apparent reason - the authorities watch for exactly this kind of stuff, so patience is called for.

    --
    Everyone is somebody else's weirdo.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by MrGuy on Thursday February 01 2018, @05:15PM

    by MrGuy (1007) on Thursday February 01 2018, @05:15PM (#631554)

    Sure. But the related question is what the exchange rate is, and how stable it is.

    Let's say I want to convert $50,000,000 US into Yen. I can do that - there are many markets which offer those exchanges, and the exchange rate is stable because my transaction is (relatively speaking) small compared to the rate of exchange of dollars to yen - there are many, many people who want to exchange these two things.

    Now consider if I want to convert $50,000,000 worth of Armenian Dram into Yen. Sure, there are still marketplaces out there that will do the exchange, but not nearly as many. And there's not a huge demand out there for people wanting to "buy in" to Armenian Dram who currently have Yen. If I try to sell that much, I'll likely crash the market - my supply exceeds the demand at the current price, so the price will have to fall (likely significantly) for me to sell this off. Or, I'll have to sell this off over a CONSIDERABLE period of time.

    Basically, the fact that two things CAN be exchanged is important, but the liquidity of the instruments will determine how quickly or effectively you can make the exchange.

    Your example of shapeshift is relevant - it's one of the bigger cryptocurrency exchanges. And, notably, they don't have a market for Iota - they can exchange about 50 different cryptocurrency flavors, but not that one. The smaller the market you have to go to, the smaller the pool of potential counterparties wanting to buy what you're selling with something you want, and the lower price you'll have to accept to move it.

    According to coinmarketcap [coinmarketcap.com], the TOTAL volume of transactions in Iota in a 24 hour period is about $80 million worth. That's compared to $8.5 BILLION worth of bitcoin. Iota isn't a high-demand currency. And that's before you factor in the potential that this story makes people way about Iota, further reducing demand (Iota's value is down about 17% in the last 24 hours - again, per coinmarketcap).

    None of this is to say that the thief can't extract some value that they can (eventually) exchange into real money (almost certainly by buying more desirable cryptocurrencies like bitcoin, using a mixer to hide the tracks, and then "cashing out"). But it's very unlikely the amount they eventually get out will be close to the $4 million "value" of the Iota that was originally stolen.