Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Thursday July 20 2017, @05:25PM   Printer-friendly
from the ephemeral-ethereal-wealth dept.

Some time ago, I wrote that I had given up on Ethereum. While the problems coming from the DAO hack are now in the past Ethereum has had a few other problems.

Granted, these problems have nothing to do with Ethereum itself. They are all exploits in the surrounding ecosystem. Hacking the CoinDash website to replace their public wallet address was particularly cheeky. This all reminds me of tales of the Wild West, when money was transferred between banks by stagecoach or by train. The technology simply didn't exist to provide the necessary security way the heck out on the prairie.

Seems like that's where we are now. The necessary technology does not exist, to provide the security that currencies like Ethereum and Bitcoin really require. Website hacks are a dime a dozen, and when a hack can be worth $millions... The same for software: When professional programmers still write code vulnerable to SQL injection - when our platforms even allow this as a possibility - then we simply do not have the technology to secure the stagecoach.

Previously:
$30 Million Below Parity: Ethereum Wallet Bug Fingered in Mass Heist
Hacker Allegedly Steals $7.4 Million in Ethereum During ICO
Used GPUs Flood the Market as Ethereum's Price Crashes Below $150
Ethereum Mining Craze Leads to GPU Shortages
Ethereum Unusable, DAO Refunds Possible


Original Submission

Related Stories

Ethereum Unusable, DAO Refunds Possible 13 comments

[Ed note: According to Wikipedia, Ethereum "... is a public blockchain-based distributed computing platform, featuring smart contract functionality. It provides a decentralized virtual machine, the Ethereum Virtual Machine, that can execute peer-to-peer contracts using a cryptocurrency called ether."]

I've been experimenting with digital currencies over the past few months. As of today, I give up on Ethereum. After the DAO mess, and the hard-fork, the block chain has become huge. I tried a fresh resync today, and gave up after it reached more than 70GB; restarted with --fast (which uses an abbreviated format), and it has been running for hours. Ethereum has apparently become unusable unless you trust an online service, which kind of defeats the point.

On a related note: It is now possible to get a refund from The DAO [The Decentralized Autonomous Organization -Ed.] I received an informative email from the BTC/ETH broker I use, explaining how to do this. In a nutshell:

  1. Visit https://www.myetherwallet.com/#the-dao. This will take you to a page called "Withdraw DAO"
  2. Locate your wallet - you will have to give the service access (if you don't trust them, create a new wallet). Mist users: Your wallet is a "keystore file", you can locate it under Accounts:Backup:Accounts.
  3. You will then have to provide your password, to unlock your wallet.
  4. Select Withdraw DAO for ETH

If you bought The DAO near the end, when you were paying a premium, you can repeat the process in the tab "Withdraw extraBalance" to reclaim the premium that you paid. You can also repeat the process, to withdraw into the ETC hard-fork. I went through all of this today, and it was a surprisingly easy process.

Then - since synchronization appears to be impossible - you can use that same online service to get rid of your ETH:

  1. Go to your broker, and tell them you want to buy BTC with ETH.
  2. Go to MyEtherWallet, select "Send Ether and Tokens", and complete the payment in ETH.
  3. Note: You may want to leave 0.05 ETH or so in your wallet, if you think you might want to try ETH again someday. This would pay for "gas" for some future transaction.

Meanwhile, I've not only done all of that, but also submitted this story, and the ETH "fast" synchronization still isn't finished. Bye bye Ethereum...

P.S. I have no connection to bity.com except as a happy customer.


Original Submission

Ethereum Mining Craze Leads to GPU Shortages 30 comments

German retailer MindFactory has removed many AMD and Nvidia graphics cards from sale because the products have a delivery time of 3 months. According to them, the GPU shortage affects "the whole of Germany" or even the "whole Europe".

The demand for GPUs to mine cryptocurrencies, particularly Ethereum, has led to OEMs creating products specifically tailored to cryptocurrency mining. For example, new cards that are smaller, have fewer display ports, with cooling systems:

While the GPU shortage continues, there are some signs of improvement. There are now several models of Nvidia's GeForce GTX 1070 in stock from various OEMs, but prices remain high and relatively close to the price of the GTX 1080. There are also a few more GTX 1060 6GB graphics cards available, and the price on the least expensive one has dropped significantly, down from $484.80 to $259.99.

At the same time, however, the price on the least expensive GTX 1050 Ti has climbed by about $10, and several models now cost around $200. The price on the least expensive Geforce GTX 1060 3GB has also climbed by roughly $20, as well. This likely indicates that sales of these cards have increased somewhat, pushing prices up accordingly.

Meanwhile, several OEMs, including Asus, Biostar, Sapphire, and Zotac, have announced new mining graphics cards that are tailored for cryptocurrency mining. We have also seen a new motherboard from Asrock that can support up to 13 GPUs for mining. Biostar has a similar board for AM4 CPUs that can support six GPUs. Although we haven't seen them yet, EVGA and MSI also have mining GPUs coming soon, and MSI will also have a motherboard designed for mining. Although these may be attractive to cryptocurrency miners, one source told us that they use the same GPU cores as traditional graphics cards, and thus don't address the underlying supply problem.

The shortages go all the way to the source. OEMs are reportedly having trouble getting GPU cores from Nvidia, and Nvidia can't get enough from TSMC. This is presumably the same situation for AMD and GlobalFoundries.

Previously: BitCoin, Ethereum and Gold
Cryptocoin GPU Bubble?


Original Submission

Used GPUs Flood the Market as Ethereum's Price Crashes Below $150 22 comments

Submitted via IRC for Bytram

Over the past few months, there has been a GPU shortage, forcing the prices of mid-range graphics cards up as cryptocurrency miners from across the world purchased hardware in bulk in search for quick and easy profits.

This has forced the prices of most modern AMD and certain Nvidia GPUs to skyrocket, but now these GPUs are starting to saturate the used market as more and more Ethereum miners sell up and quit mining. Some other miners are starting to look at other emerging Cryptocurrencies, though it is clear that the hype behind Ethereum is dying down.

Earlier this week Ethereum's value dropped below $200, as soon as the currency experienced a new difficulty spike, making the currency 20% harder to mine and significantly less profitable. This combined with its decrease in value has made mining Ethereum unprofitable for many miners, especially in regions with higher than average electricity costs.

Now Ethereum is valued at less than $150, with the currency costing $134.97 at the time of writing, which is less than half of the currency's peak value. The currency has the potential to bounce back, though it is difficult to see the currency go back over £250 [sic*] in the near future.

On second-hand sales websites like eBay and Gumtree, we have seen a lot of new GPU listing appear in recent days, with plenty of used AMD RX series GPUs appearing over the weekend. More hardware is expected to hit these sites over the coming days as some miners wind down their operations, though many will simply move to a more profitable currency or to invest their computing power into an emerging Cryptocurrency that has the prospect of high values in the future.

Source: https://www.overclock3d.net/news/gpu_displays/used_gpus_flood_the_market_as_ethereum_s_price_crashes_below_150/1

Recent related Ethereum/GPU coverage: Ethereum Mining Craze Leads to GPU Shortages; and Cryptocoin GPU Bubble?

[* I'm not sure where they got a pound value from, or why, but a little bit of research shows ethereum peaked at $401 on June 13. (Needs javascript from *.coindesk.com and *.hotjar.com). Ooops, spent too long editing this, it went out before I'd completed my changes, sorry -- Ed.(FP)]


Original Submission

Hacker Allegedly Steals $7.4 Million in Ethereum During ICO 12 comments

A hacker has allegedly just stolen around $7.4 million dollars worth of ether, the cryptocurrency that underpins the app platform ethereum, by tricking victims into sending money to the wrong address during an Initial Coin Offering, or ICO. This is according to a company called Coindash that says its investors were sending their funds to a hacker.

On Monday, Coindash, which offers a trading platform for ether, was slated to launch its Initial Coin Offering. These are essentially crowdfunding drives that allow investors to own a stake in the app by buying digital assets called tokens. Initial Coin Offerings are an incredibly popular method of funding an app on ethereum, and some ICOs have raked in millions of dollars within minutes of going live. Even the silliest apps have been able to raise thousands of dollars in token investments during recent ICOs.

Coindash's ICO, like many others, launched simply by posting a string of text representing an ethereum address for investors to send money to on the app's website. However, mere minutes into what was supposed to be another successful ICO, Coindash warned that its website had been hacked and asked people not to send ethereum to the posted address.

It's still unclear exactly what happened, but it seems like the hack was incredibly simple: The hacker allegedly took control of the Coindash official website and changed the text on the site, publishing their own ether wallet address instead of Coindash's. When people went to "invest" in Coindash, they actually sent their ether to the hacker, not the company.

Even though Coindash noticed the hack and warned investors quickly—just three minutes after the ICO launch—the damage was done.

Source: MotherBoard


Original Submission

$30 Million Below Parity: Ethereum Wallet Bug Fingered in Mass Heist 11 comments

Submitted via IRC for Bytram

A vulnerability in Parity's Ethereum wallet software has been exploited by thieves to rob victims on a massive scale.

A few hours ago, Parity told its users to move their ETH holdings from their in-browser wallets to more secure accounts immediately:

The warning came after three transactions appeared on Etherscan.io, in which accounts were drained of 150,000 coins worth just over US$30 million at the current price. It's understood a trivial programming blunder in Parity's code allowed crooks to hijack strangers' wallets at will.

Coindesk reports 377,000 more Ether were at risk of theft, but were drained into holding accounts by white hats. That gallant action was outlined by Kurt Knudsen on Parity's Gitter channel:

The White Hat Group were made aware of a vulnerability in a specific version of a commonly used multisig contract. This vulnerability was trivial to execute, so they took the necessary action to drain every vulnerable multisig they could find as quickly as possible. Thank you to the greater Ethereum Community that helped finding these vulnerable contracts. The White Hat account currently holding the rescued funds is [here].

Source: https://www.theregister.co.uk/2017/07/20/us30_million_below_parity_ethereum_bug_leads_to_big_coin_heist/


Original Submission

Cryptocurrency Market Evolves with Pre-ICO Options 11 comments

ICOs [Initial Coin Offerings] are becoming so hot that one issuer has been able to sell options prior to the funding round. Monkey Capital, a decentralised hedge fund that invests in SpaceX supply contracts, hostile public company takeovers and Blockchain systems, while simultaneously speculating on large blocks of Crypto, made history Thursday by becoming the first ICO to successfully sell options.

The options, called COEVAL, trade on Waves Decentralised Exchange (DEX), and did robust business out of the gate during a discussion in which Monkey Capital's CEO talked to hundreds of investors in the company's Slack about valuation premiums.

[...] Earlier in the week, Huffington Post labelled Monkey Capital's ICO "the billion dollar baboon" with senior writer Azeem Khan reporting that "chat rooms already have the offering pegged to raise a billion dollars or more, becoming the first ever 10-digit sum raised in a crowdfunding campaign."

[...] On July 15, Monkey Capital will launch its ICO when buyers will have a chance to subscribe for Monkey (MNY). Some months ago however, the management team distributed tokens called COEVAL out to friends and family, as well as "hot girls" according to Harrison.

Source: Coinspeaker.com

Previously:

https://soylentnews.org/article.pl?sid=17/07/27/1640225

https://soylentnews.org/article.pl?sid=17/07/20/1430212

https://soylentnews.org/article.pl?sid=17/07/19/0123201


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 0) by Anonymous Coward on Thursday July 20 2017, @05:44PM (1 child)

    by Anonymous Coward on Thursday July 20 2017, @05:44PM (#541992)

    Entanglement will solve everything.

    • (Score: 0) by Anonymous Coward on Thursday July 20 2017, @05:48PM

      by Anonymous Coward on Thursday July 20 2017, @05:48PM (#541995)

      Oh to be young and so optimistic. The next new shiny will soon be tarnished too.

  • (Score: 2) by pendorbound on Thursday July 20 2017, @05:49PM (10 children)

    by pendorbound (2688) on Thursday July 20 2017, @05:49PM (#541996) Homepage

    There are plenty of ways to secure crypto currency. All of the mentioned hacks were cases where existing security systems weren't used or were used improperly. Websites can be made to be secure. Client wallets likewise. Comparing these to a stage coach robbery while colorful is way off the mark.

    If you need a less-techy analogy, the CoinDash hack was more like a bank's night drop box left unattended and someone sticking their own box in front of it to collect any money dropped by unwitting depositors. The Ethereum wallet hack was a safe that also took the combination "12345" in addition to whatever the owner set for it.

    Lousy code and lax security practices all around. The technology to secure these things exists. It takes money to hire people who know what they're doing and the commitment from management and investors to not undermine them for budgetary or schedule concerns.

    • (Score: 0) by Anonymous Coward on Thursday July 20 2017, @06:01PM

      by Anonymous Coward on Thursday July 20 2017, @06:01PM (#542004)

      Sure does. It's called insurance against theft.

    • (Score: 5, Insightful) by bob_super on Thursday July 20 2017, @06:04PM (2 children)

      by bob_super (1357) on Thursday July 20 2017, @06:04PM (#542007)

      In related news, it's 2017 and we just had a discussion about a popular web library being vulnerable to a freaking buffer overflow.

      • (Score: 0) by Anonymous Coward on Thursday July 20 2017, @06:06PM

        by Anonymous Coward on Thursday July 20 2017, @06:06PM (#542008)

        Buffer overflow, must not be Rusty enough!

      • (Score: 0) by Anonymous Coward on Friday July 21 2017, @02:55AM

        by Anonymous Coward on Friday July 21 2017, @02:55AM (#542154)

        Buffers are still overflowing
        It's been going on for quite a while
        Perhaps it's quite fashionable
        It hasn't gone out of style

    • (Score: 2) by Fnord666 on Thursday July 20 2017, @06:35PM (4 children)

      by Fnord666 (652) on Thursday July 20 2017, @06:35PM (#542018) Homepage

      There are plenty of ways to secure crypto currency. All of the mentioned hacks were cases where existing security systems weren't used or were used improperly. Websites can be made to be secure. Client wallets likewise. Comparing these to a stage coach robbery while colorful is way off the mark.

      If you need a less-techy analogy, the CoinDash hack was more like a bank's night drop box left unattended and someone sticking their own box in front of it to collect any money dropped by unwitting depositors. The Ethereum wallet hack was a safe that also took the combination "12345" in addition to whatever the owner set for it.

      Lousy code and lax security practices all around. The technology to secure these things exists. It takes money to hire people who know what they're doing and the commitment from management and investors to not undermine them for budgetary or schedule concerns.

      CoinDash aside, Ethereum hacks are a bit more than just lax security practices. Ethereum is not just a cryptocurrency, it's also a platform where you can build "smart contracts", the terms of which are defined programmatically. A bug in the programming of Parity.io's multisig contract, for instance, allowed a thief to subvert the contract and transfer a bunch of Ether into their own wallet [financemagnates.com]. Programming these smart contracts is a relatively new field, and it must be done exactly right or someone will find a way around it. You can expect this to happen again and again until the developer of the smart contract is held liable for any losses incurred due to a flaw in that contract's code. That will be the only way to insure that these contracts get the scrutiny they truly need and companies can rely on them to do business on the Ethereum (or any similar) platform.

      • (Score: 2) by JNCF on Thursday July 20 2017, @07:36PM (2 children)

        by JNCF (4317) on Thursday July 20 2017, @07:36PM (#542033) Journal

        You can expect this to happen again and again until the developer of the smart contract is held liable for any losses incurred due to a flaw in that contract's code. That will be the only way to insure that these contracts get the scrutiny they truly need and companies can rely on them to do business on the Ethereum (or any similar) platform.

        This is a realm that is particularly difficult to regulate; there is practically no physical supply chain. Software can be released pseudonymously on the blockchain itself. You can't touch what you can't see. There will be solutions to this problem, and they will be solutions that your courts can't even dream of. I have no idea how long they will take to create, but your wigs and gavels aren't going to help.

        • (Score: 0) by Anonymous Coward on Friday July 21 2017, @02:48PM (1 child)

          by Anonymous Coward on Friday July 21 2017, @02:48PM (#542382)

          i don't think anyone was talking about bringing the useless fucking courts and government into the equation...

          • (Score: 2) by JNCF on Friday July 21 2017, @03:09PM

            by JNCF (4317) on Friday July 21 2017, @03:09PM (#542398) Journal

            held liable for any losses incurred

            I see no sensible interpretations that don't involve jackboots, but I'm open to new ideas. Care to enlighten me?

      • (Score: 2) by rigrig on Thursday July 20 2017, @07:48PM

        by rigrig (5129) <soylentnews@tubul.net> on Thursday July 20 2017, @07:48PM (#542040) Homepage

        You can expect this to happen again and again until the developer of the smart contract is held liable for any losses incurred due to a flaw in that contract's code. That will be the only way to insure that these contracts get the scrutiny they truly need and companies can rely on them to do business on the Ethereum (or any similar) platform.

        It isn't like people gave the developer a bunch of smartcoins and told him to write a secure contract: the contract was there first, so everybody could(and should) have had a look at it themselves before storing their money in it.
        And if you can't properly verify a contract (or know someone who you trust who can), maybe don't trust it with your savings?

        As this tweet [twitter.com] about the pull request that introduced the bug [github.com] points out:

        2000+ line changeset containing critical code merged w/out security review or formal signoff, 1 person commenting. Maybe not best practices

        --
        No one remembers the singer.
    • (Score: 2) by Justin Case on Friday July 21 2017, @04:33PM

      by Justin Case (4239) on Friday July 21 2017, @04:33PM (#542436) Journal

      Websites can be made to be secure.

      Wow! You've discovered something that millions of other developers have not. Please share your techniques!

      (Hint: In 1999 when Cross Site Scripting was discovered, 95% of all web sites were vulnerable -- not because of flaws in the site's code, but because of routine error messages returned by practically every web server platform in existence. And here we are now almost 20 years along and Cross Site Scripting is still in the Top Ten [owasp.org]. You know, right along with the other nine.)

      Once you get your own code perfect, and the lasagna layers of platforms are also perfect, and the OS is perfect, then all you have to deal with is that your hardware is pwned from the factory and your firewalls are obedient slaves of the NSA. And oh yes the https certificate system is thoroughly broken swiss cheese. But other than that, securing a web site is easy! It is a wonder more people don't do it!

      Oh, wait, I forgot Security Vulnerability Number One: your users. There's no patch for that.

  • (Score: 3, Insightful) by Thexalon on Thursday July 20 2017, @06:45PM (2 children)

    by Thexalon (636) on Thursday July 20 2017, @06:45PM (#542021)

    If you get involved in projects like Bitcoin and Ethereum, you're dealing mostly with folks that hate the government getting involved in their business. That's perfectly understandable. But guess who else doesn't like the government getting involved in their business? Criminals! And I don't mean invented crimes like speeding the libertarians usually complain about, I mean con artists, drug dealers, thieves, murderers, extortionists, and so forth.

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    • (Score: 2) by JNCF on Thursday July 20 2017, @07:42PM

      by JNCF (4317) on Thursday July 20 2017, @07:42PM (#542037) Journal

      Criminals! And I don't mean invented crimes like speeding the libertarians usually complain about, I mean con artists, drug dealers, thieves, murderers, extortionists, and so forth.

      With the exception of speeding, all of the crimes you listed were invented.

    • (Score: 2) by tonyPick on Friday July 21 2017, @05:47AM

      by tonyPick (1237) on Friday July 21 2017, @05:47AM (#542214) Homepage Journal

      folks that hate the government getting involved in their business.

      Good-oh. Economics Anti-Vaxxers running through a combined history of finance system and computer programming blunders, all while betting real world money on their Dunning-Krugerrands. When we put it like that, what could go possibly wrong? :D

  • (Score: 2) by takyon on Thursday July 20 2017, @10:09PM

    by takyon (881) <{takyon} {at} {soylentnews.org}> on Thursday July 20 2017, @10:09PM (#542081) Journal
    --
    [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(1)