SoylentNews is people
SoylentNews
Arthur T Knackerbracket has found the following story:
A cryptocurrency exchange in Canada has lost control of at least $137 million of its customers' assets following the sudden death of its founder, who was the only person known to have access the the offline wallet that stored the digital coins. British Columbia-based QuadrigaCX is unable to access most or all of another $53 million because it's tied up in disputes with third parties.
The dramatic misstep was reported in a sworn affidavit that was obtained by CoinDesk. The affidavit was filed Thursday by Jennifer Robertson, widow of QuadrigaCX's sole director and officer Gerry Cotten. Robertson testified that Cotten died of Crohn's disease in India in December at the age of 30.
Following standard security practices by many holders of cryptocurrency, QuadrigaCX stored the vast majority of its cryptocurrency holdings in a "cold wallet," meaning a digital wallet that wasn't connected to the Internet. The measure is designed to prevent hacks that regularly drain hot wallets of millions of dollars (Ars has reported on three such thefts here, here, and here.)
Thursday's court filing, however, demonstrates that cold wallets are by no means a surefire way to secure digital coins. Robertson testified that Cotten stored the cold wallet on an encrypted laptop that only he could decrypt. Based on company records, she said the cold wallet stored $180 million in Canadian dollars ($137 million in US dollars), all of which is currently inaccessible to QuadrigaCX and more than 100,000 customers.
"The laptop computer from which Gerry carried out the Companies' business is encrypted, and I do not know the password or recovery key," Robertson wrote. "Despite repeated and diligent searches, I have not been able to find them written down anywhere."
The expert, she added, has already accessed Cotten's personal and work email accounts and is now trying to gain access to an encrypted email account. Cotten also used an encrypted messaging system, but the chances of successfully reading the communications appear dim because, the expert has reported, "messages would disappear from the encrypted messaging system after a short period."
-- submitted from IRC
(Score: 4, Interesting) by Captival on Monday February 04 2019, @08:08PM (24 children)
With hundreds of millions on the line, they can't hire one good hacker to get into this laptop? I wouldn't be surprised if they're covering up some embezzling, or even the guy faked his own death.
(Score: 0) by Anonymous Coward on Monday February 04 2019, @08:23PM (3 children)
" or even the guy faked his own death"
I was guessing this, for market manipulation reasons.
(Score: 0) by Anonymous Coward on Monday February 04 2019, @08:31PM (2 children)
(Score: 1, Touché) by Anonymous Coward on Monday February 04 2019, @08:46PM (1 child)
(Score: 0) by Anonymous Coward on Monday February 04 2019, @11:27PM
"Gerry Cotten", hmm? Any relation to Jerry Cotton [wikipedia.org]?
(Score: 3, Informative) by Snow on Monday February 04 2019, @08:55PM (10 children)
Do you know how encryption works? You don't 'hack' properly implemented encryption. You brute force it.
Brute forcing the laptop is almost certainly a waste of time and energy. The keyspace is probably way too large to make it worthwhile, and that's assuming that the laptop is genuinely the laptop that has the info you want on it (instead of the real laptop being on an Indian beach with Gerald).
The laptop is almost certainly a dead end.
(Score: 2) by edIII on Monday February 04 2019, @09:41PM (5 children)
Technically you perform cryptanalysis, of which the secondary tool is brute forcing. The primary is looking for how the encryption may have been *improperly* implemented. There is a lot more improperly implemented encryption than there is properly implemented encryption. Unless you're a nation state, or willing to spend $50k for cloud resources, you're really not brute forcing anything properly implemented that is strong enough. I think that's why the NSA compromised a well used CSPRNG, to make sure that most encryption is improperly implemented.
In either case, you're assuming a single container. For highly sensitive data on my laptop you need to get through 5 containers. All individually encrypted. Main boot drive to start Ubuntu, second data drive to unlock access to secured data. Afterwards VeraCrypt containers within other VeraCrypt containers, each with hidden volumes. Hidden volumes are not so easy to brute force, because they're not so easy to find.
The solution to this not happening though is so very simple. I'm working on a project with other people right now where they can't lose what I have. I have the encryption keys in a folder with a paper that has the passphrases written out. This is stored in a safety deposit box at a bank with a lawyer having access to it in the event of my death.
That's what you do when you're not fucking idiots and are trying to be responsible, especially when you have investors in the project that had no problem asking what would happen if I died. I'm really surprised the people backing this guy didn't ask the same questions. I've had people balk at me building them platforms simply because I was a design team of 1. How this person got to manage nearly $200 million as a team of one person essentially is mind boggling.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by Snow on Monday February 04 2019, @09:48PM (1 child)
It's worse when you consider that Bitcoin has native multisignature capability that can require x of y keyholders to sign a transaction for it to be considered valid.
In any case, as mentioned elsewhere in this thread, the problem appears not so much to be that the funds are locked, but rather there are no funds.
(Score: 2) by Gaaark on Monday February 04 2019, @10:38PM
Heh...put the funds in a Swiss account and 'die', leaving the evidence highly encrypted.
NICE!
Wish I'd thought of it. :)
Kind of like hiding a body in a mass grave and pouring, what...lime?lye? all over it and building a data center over the whole shebang.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 3, Interesting) by lentilla on Monday February 04 2019, @11:59PM
Here's a possible solution (and apologies if this is not news to you): Shamir's Secret Sharing [wikipedia.org]. This splits a secret into a number of component parts, and even allows for redundancy. For example: I could share my key with Alice, Bob and Charlie, and set the rules such that only two sub-keys are required to unlock. In the event of Bob's untimely passing and my decampment to an Indian beach - Alice and Charlie together could unlock the goodies.
(Score: 2) by FatPhil on Tuesday February 05 2019, @10:13AM (1 child)
If you're referring to what I think you're referring to, I'd not describe it that way. They compromised a *suite* by adding a CPRNG that was: utterly inefficient; chock full of the most suspicious-looking "nothing up my sleeve" numbers ever seen; not independently crypto-analysed; completely optional to use; and almost universally shunned (for the priorly stated reasons).
If so, in other yeah-right-that's-gonna-work news, my 7-year-old son just built a death robot to protect the flat from flying spider aliens.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Tuesday February 05 2019, @03:06PM
Any flying spider aliens yet?
Just want to know if it is worth the effort of having my 7-year old build a death robot.
(Score: 2) by bzipitidoo on Monday February 04 2019, @10:00PM (1 child)
Exactly. But a lot of people just don't understand. They fail at basic logic. Well, many just don't get it about DRM either, so this isn't exactly surprising.
1. Either it's possible to communicate securely, or it isn't possible. As far as we can tell, it is possible to communicate securely. The only way to crack a properly implemented code is brute force, and there will be so many combinations it will take way more than 1 trillion years for 1 trillion computers to try them all. It will be utterly impractical, now, and forever. It won't be some idiotically short 3 letter combo such as OPE, Peace On Earth. Currently, the big joker in that could be quantum computing. If quantum computing makes it possible to simultaneously try as many combinations as desired, create a superposition of all possible combinations, then some forms of encryption, such as RSA, will be breakable.
2. Everyone can do it, or no one can do it. It simply won't be the case that some people can communicate securely, and others can't. WWII was an exception only because the Axis was too arrogant, and many believed their own propaganda that they were superior humans and thus dismissed out of hand the notion that the Allies might have cracked their communications. Thought they were too smart to make breakable encoding schemes, or, alternatively, that the Allies were too stupid to break it. If they couldn't break their own stuff, then of course the Allies couldn't break it either, so they thought. But today, it seems many in the military and government still think they can have it both ways like that, don't appreciate that the state of communication security that existed in WWII was the consequence of a bad blunder by the Axis, and think it can be replicated today, have it so we can read their messages, but they can't read ours. Thus, the push to plant backdoors everywhere, classify strong encryption as munitions and forbid its export, and other such nonsense.
The only real chance of cracking this cryptocurrency is the social engineering angle. Perhaps the keys were recorded in plaintext somewhere. Maybe they're in a password protected file on a personal computer, and the password is weak and can be guessed.
(Score: 2) by Spamalope on Tuesday February 05 2019, @01:25AM
It all depends on how smart 'our' side actually is.
Classifying strong encryption as munitions implies they think it'll work and are concerned. It implies that if our opponents get strong encryption they'd be safe.
That's exactly what you'd want them to think if you'd actually compromised their systems top to bottom and read everything in the clear. At the very least you'd want to sow confusion about what you're actually working on.
I'm doubt they're working on breaking good encryption head on, though sabotaging the method if possible would be on the list. Compromising the communications chain at another level is easier...
(Score: 0) by Anonymous Coward on Monday February 04 2019, @10:15PM
'Properly implemented' is the key word. Without details it's impossible to say how hard a job it would be, but no technology is perfect and the attack surface is too large for any one person to see all of it, much less protect it. Chances are this guy just pulled a fast one though.
(Score: 2) by FatPhil on Tuesday February 05 2019, @10:06AM
The only time you brute force is when you have absolutely no idea what the solution to the problem might be (or you know the problem's so trivial it's not even worth using anything non-brutish to solve it).
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by SomeGuy on Monday February 04 2019, @08:59PM (6 children)
You watch too much TV. In the real world it does not work like that. At least if everything is set up properly.
Without a decryption key, you simply CAN'T decrypt data. Or if you can without guessing until way past the heat death of the universe, then your encryption was worthless crap.
Then again, did they try 12345? :P
(Score: 3, Insightful) by turgid on Monday February 04 2019, @09:02PM (4 children)
It's only the hard drive that's encrypted. The 0s and 1s are just regular unscrambled binary. You can read it off with a very sharp magnetised knitting needle. My friend in the SAS showed me.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 3, Funny) by edIII on Monday February 04 2019, @09:25PM (3 children)
May I have some of what you're smoking? :)
You can't encrypt a hard drive and have unscrambled (plain-text) bits...
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 3, Informative) by Immerman on Monday February 04 2019, @10:45PM (2 children)
Sure you can -the bits on the hard drive are always unscrambled, perfectly ordinary zeros and ones*. It's only the data they're storing that can be scrambled...
*Actually often 2s,and 3s as well, and quite possibly many more. Very few modern storage media use binary-state physical data representations.
(Score: 0) by Anonymous Coward on Tuesday February 05 2019, @03:09PM (1 child)
Pretty sure magnetic storage is still ones and zeros, SSDs I know sometimes use other states.
Unless something has changed in the last two years since I was let go from that industry.
(Score: 2) by Immerman on Tuesday February 05 2019, @04:08PM
Yes SSDs mostly use 2-3 bits (4 or 8 potential charge levels) per physical storage location, but I'm fairly certain so do many modern hard drives. Not the new vertical-magnet style ones of course, but if you're storing data as a traditional horizontal magnetic alignment you can use a somewhat more sophisticated read-write head to set and detect N/S alignment as well as E/W, doubling the data density. Or go another step to an 8-point compass and you can store 3 bits per location.
Hmm, I could swear I had heard about new drives coming out that did that years ago, but Google is being uncooperative. I suppose it's possible I misremembered.
(Score: 4, Touché) by Immerman on Monday February 04 2019, @10:39PM
>In the real world it does not work like that. At least if everything is set up properly.
Make up your mind. Are we in the real world, or is everything set up properly? Generally speaking the two are postulates are incompatible.
(Score: 0) by Anonymous Coward on Tuesday February 05 2019, @02:50PM (1 child)
I find it highly questionable that this is stored on a single prone to dropping, spilling stuff on, breakable, laptop; which requires the CEO to manually unlock something and then probably manually transfer something every time one of their 100000 customers wants to use their crypto-money.
That's what I find the questionable bit.
(Score: 2) by Immerman on Tuesday February 05 2019, @04:15PM
That would be questionable, but that's not how you'd use a cold wallet.
Think of it like the vault at the bank. When you go in to make a withdrawal, they're not going to go get "your" money out of the vault - "your" money is just a tally on a ledger sheet. What they really do is give you some money from the limited-capacity register (a hot wallet) and update the ledger sheet. Then they periodically move money between the register and vault as needed to keep the register from getting empty (or overfull from deposits).