Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Crypto Investors. Show all posts

Bitcoin Core Flaw Raises Concerns Regarding Blockchain Integrity

 

The renowned Bitcoin Core developer Luke Dashjr recently disclosed a serious flaw in the programme that he dubbed "Inscription," which is part of the Bitcoin Core. The blockchain's defence against spam may have a weakness, as this discovery has sparked concerns in the cryptocurrency community. 

Breaking down the issue 

According to Dashjr, Dashjr, Bitcoin Core users have been able to set limits on extra data in transactions using the -datacarriersize setting since 2013. The clever Inscription method, on the other hand, has found a way around this limitation by concealing its data as program code. 

This deft manoeuvre effectively circumvents the intended constraints, resulting in what Dashjr refers to as "spamming the blockchain." While Bitcoin Knots v25.1 addressed this issue, Bitcoin Core remains vulnerable in its upcoming v26 release. The community is hoping for a fix before the anticipated release of v27 next year. 

Community speaks out 

The cryptocurrency community is buzzing with different concerns and questions. One important question concerns the economic incentives for miners involved in inscription transactions. Dashjr emphasises Bitcoin's assumption that the majority of miners are honest. He also mentions that spam-filtered blocks frequently have higher fees for unknown reasons. 

Further questions look into the implications of addressing this vulnerability. A key point of contention is whether fixing the bug will result in the abolition of ordinals and brc-20 tokens. Dashjr confirms that resolving this issue would put an end to these practices. 

Another community member calls for further clarification on how regular Bitcoin holders are directly impacted by this vulnerability. Dashjr explains that although blockchain efficiency and integrity are the main technical concerns, security and value may also be indirectly impacted. 

Now what? 

The topic of actionable steps users can take to address this issue is also discussed. Dashjr suggests that in order to prevent the relaying of Inscription data, users of Bitcoin Knots set the datacarriersize to zero. In order to handle inscriptions correctly, he adds a warning not to activate the "Bitcoin Core policy" mode. 

With the release of Bitcoin Core v26 rapidly approaching, everyone is awaiting the resolution that could determine the direction of Bitcoin transactions in the future.

Hackers Stole Around $135 Million from VulcanForge Users

 

According to the company, hackers took over $135 million from users of the blockchain gaming company VulcanForge in the latest hack targeting cryptocurrency investors. The hack was announced by VulcanForge on Twitter and in its official Discord channel. 

“Over 4m PYR has been stolen from users’ wallets. It was premature to say this is [wallet management service] Venly’s end: we simply don’t know the cause,” the company wrote on Discord, asking users to move funds to Metamask, a popular wallet. “All funds stolen will be replaced once we’ve understood what’s happened.” 

Venly's CTO said that its services were not compromised. “No words can do much right now, we know that,” the company wrote on Twitter. 

The hackers acquired the private keys to 96 wallets, siphoning off 4.5 million PYR, VulcanForge's token that can be used across its ecosystem, according to a series of tweets from the firm on Sunday and Monday. VulcanForge's major business is generating games like VulcanVerse, which it defines as a "MMORPG," and Berserk, a card game. Both titles, like nearly all blockchain games, appear to be primarily built as platforms for buying and selling in-game products tied to NFTs utilizing PYR. Compromise of someone's private key is a clear "game over" in crypto because it gives complete access over the funds stored by the corresponding address on a blockchain. 

This is the third large cryptocurrency theft in the last eleven days. The total amount of cryptocurrency stolen in these three attacks is around $404 million. BadgerDAO, blockchain-based decentralized finance (DeFi) platform, lost $119 million on December 2. The company is requesting that the hacker "do the right thing" and refund the money. Then, four days later, the cryptocurrency exchange BitMart was hacked, resulting in a loss of $150 million. 

PYR, like many new tokens, trades on decentralized exchanges, making the VulcanForge hack noteworthy. Decentralized exchanges are powered by smart contracts, and because there is no centralized order book, investors trade against "liquidity pools" comprised of funds given by users in exchange for a "staking" reward. It also implies that there is no centralized authority to blocklist a fraudulent account attempting to cash out stolen funds. 

VulcanForge has encouraged users to remove their liquidity since the hack in order to make it difficult or impossible for the attacker to cash out. According to reports, the hacker has so far been able to cash out the majority of the tokens by trading tiny quantities at a time, but not without putting the PYR price into a downward spiral owing to selling pressure.

Shiba Inu Crypto Exploited by Scammers for their Scams

 

Since the Shiba Inu cryptocurrency, meme-based digital money, has struck its all-time high in October, it didn't take too long for fraudsters to capitalize on the craze. Shiba Inu token is a decentralized cryptocurrency established by an unidentified person or group identified as "Ryoshi" in August 2020. 

As per the information shared, live YouTube videos offering phony token giveaways had racked up hundreds of thousands of views, whilst Telegram groups supporting similar frauds have also proliferated. 

Tenable has uncovered numerous Shiba scams that all employ a remarkably identical strategy. Accounts live-stream outdated material from a June event involving Jack Dorsey and Elon Musk, a well-known figure amongst crypto enthusiasts, with on-screen directions for consumers to deposit an arbitrary amount of currency into a wallet in exchange for the promise of receiving twice as much or more. 

According to Satnam Narang, a researcher at Tenable, scammers have gained $239,000 in cryptocurrency since October 20 based on a study of internet wallet addresses related to dubious Shiba Inu-themed pages. 

Although Shiba may be one of the newest virtual currencies to draw attackers looking to prey on investors, it is merely the most recent step of a growing problem. In total, the FTC recorded more than $80 million in recorded consumer losses from cryptocurrency fraud in May. Victims' damages are not covered by the federal government since cryptocurrency exchanges lack the same statutory protections as standard finance exchanges. 

Customers have been reporting scams since at least May, as per the Shiba Inu token's official Reddit page. And phony-freebies aren't the only way crooks are taking advantage of the coin to deceive would-be investors. 

Tenable discovered one effort in which scammers lured customers to a phishing URL posing as the cryptocurrency wallet Trust. It's uncertain whether the link succeeded in duping any victims into disclosing their wallet information. 

The fraudulent giveaways reported by CyberScoop received over 500,000 views in total. Several streams originated from the very same Thailand-based account, "SHIBA INU." All of the live-streamed videos were in the top 10 search results, frequently outranking a cautionary video about the fraud with only 1,400 views. 

Scams involving the coin have become so prevalent that Shiba developers published a video on Twitter on Sunday, 21st of November, advising customers to avoid giveaway videos and not disclose their wallet addresses. In addition, the developers released a video warning of suspicious behavior on Telegram, in which fraudsters spoof accounts and establish bogus users.

Ex-SEC Enforcer: Crypto Investors are Enabling Hackers

 

The founder of the Securities and Exchange Commission's internet enforcement bureau warned Thursday that investors in bitcoin and other digital currencies are helping online hackers. 

“Ransomware is hitting everywhere and they’re all collecting it in bitcoin because there’s no way they’re going to get caught. So you’re also enabling it,” John Reed Stark, now head of his own cybersecurity firm told in an interview to CNBC. 

Stark stated cryptocurrencies have almost no practical use, in contrast trading them to the speculation that previously boosted AMC Entertainment and other meme stocks like GameStop to great heights. Cryptocurrencies also require registration and other procedures that would improve the visibility of U.S. capital markets, he added. 

“At least with GameStop and AMC you’re not necessarily hurting anyone. ... But with crypto, you are really hurting a lot of people, and that sort of risk I don’t think is a good one for society,” Stark said. 

He also called crypto the essence of ransomware, a type of malicious software that can disrupt and even block computer networks. 

Brazil's JBS, the world's largest meatpacker, has resumed most production after a weekend ransomware attack, the latest in a line of hacks. JBS blames hackers to have links with Russia.

In May, Colonial Pipeline, the largest US fuel pipeline, paid ransomware demands last month after its operations were shut down for nearly a week. The FBI estimates the attack on Colonial Pipeline was carried out by DarkSide, which is a Russian-linked group that demanded $5 million to restore service. DarkSide eventually shut down after receiving $90 million cryptocurrency payments and last year, roughly $406 million in crypto payments were made to cyberattackers. 

“The country is kind of falling apart from ransomware all because of crypto, and the main reason people own crypto is because they think someone else will buy it and make the price higher,” said Stark, who spent 18 years at the SEC’s Enforcement Division. “There’s no other reason to invest in it,” he stated.