500 million dollars in cryptocurrency flights: understanding the coincheck robbery in 3 questions
Half a billion dollars in cryptocurrency NEM was pointed at the
Japanese platform Coincheck, which ensures repayment to 260,000
customers affected. Security negligence would be involved.
The equivalent of more than $ 500 million in NEM, which ranks as the world's tenth largest cryptocurrency, was siphoned off the Japanese Coincheck exchange platform on Friday, January 26, at 3 am local time. 260,000 customers are affected. Coincheck, one of the largest cryptotrading sites in the country, has limited withdrawals of all currencies and all non-bitcoin trading activities.
Coincheck has pledged to repay its customers with its own funds. Tokyo had regulated in April 2017 to order all crypto-exchange sites to register with the government. Pre-existing platforms, such as Coincheck, were allowed to continue their activities during the approval process of their application. That of Coincheck had been submitted in September 2017 and has not yet been followed.
Amount stolenIs it really the biggest cryptobapping in history?
The gross amount of stolen cryptocurrency actually exceeds MtGox's infamous robbery in 2014 and its $ 450 million at the time. However, the cryptocurrency market was valued at only $ 10 billion at the time against more than 550 billion today, making Coincheck piracy much less spectacular in proportion. In comparison, the physical robbery of the City Bonds in London in 1990 caused the theft of 292 million pounds, or $ 780 million today.
The NEM lost 23% of its value as a result of the attack before returning to its original value after a day. 500 million NMS were stolen while the cryptocurrency was priced at about $ 1 per unit. The value of the treasure is caused to fluctuate with time. The loot of MtGox, of which 650,000 bitcoins are still in the wild, is now almost $ 7 billion (!).
Source: coinmarketcap.comThe keys of the chestWhere was the fault?
Normally, large quantities of cryptocurrency are stored for extra security in cold wallets, some sort of offline safes. However, like many cryptotrading platforms, Coincheck was overwhelmed by the influx of customers and could not keep up with infrastructure and staff. NMS have been warmed up in hot wallets, online portfolios.
However, these portfolios were devoid of multisignature, a rather important negligence of security. The multisig, of its small name, allows for example the following system: if Alice wants to send cryptocurrency to Bob, she transfers the funds on a multisig address. The two individuals must then "sign" jointly at this address for Bob to recover the money. If there is a dispute – let Alice have her wallet hacked and claim she never intended to give it to Bob – both parties are using a third party slice by signing one or the other.
Technical SolutionsHow did the developers of NEM react?
In the event of a major accident on a blockchain, it is customary for the development teams of the cryptodevise to perform a hard fork, that is to say, to split the chain of blocks in two to apply the equivalent state intervention and block misappropriated funds. This is what happened on Ethereum in 2016 with the bankruptcy of the DAO, investment fund that had to be bailed out after a massive piracy and caused the disconnection of the Ethereum Classic protesters.
Since hacking was linked to a particular platform vulnerability, the NEM team preferred to set up a tracking system to locate the loot. Imagine a security system in a bank that sprays an indelible spray on the burglars and ingots they steal. Thus, if hackers try to deposit their NEM on another platform to exchange or launder, this site can immediately know that it is dirty money. Applied retroactively to Coincheck siphoned bottoms, tracing would be effective for any subsequent NME robberies. The team congratulated itself on Twitter:
The equivalent of more than $ 500 million in NEM, which ranks as the world's tenth largest cryptocurrency, was siphoned off the Japanese Coincheck exchange platform on Friday, January 26, at 3 am local time. 260,000 customers are affected. Coincheck, one of the largest cryptotrading sites in the country, has limited withdrawals of all currencies and all non-bitcoin trading activities.
Coincheck has pledged to repay its customers with its own funds. Tokyo had regulated in April 2017 to order all crypto-exchange sites to register with the government. Pre-existing platforms, such as Coincheck, were allowed to continue their activities during the approval process of their application. That of Coincheck had been submitted in September 2017 and has not yet been followed.
Amount stolenIs it really the biggest cryptobapping in history?
The gross amount of stolen cryptocurrency actually exceeds MtGox's infamous robbery in 2014 and its $ 450 million at the time. However, the cryptocurrency market was valued at only $ 10 billion at the time against more than 550 billion today, making Coincheck piracy much less spectacular in proportion. In comparison, the physical robbery of the City Bonds in London in 1990 caused the theft of 292 million pounds, or $ 780 million today.
The NEM lost 23% of its value as a result of the attack before returning to its original value after a day. 500 million NMS were stolen while the cryptocurrency was priced at about $ 1 per unit. The value of the treasure is caused to fluctuate with time. The loot of MtGox, of which 650,000 bitcoins are still in the wild, is now almost $ 7 billion (!).
Source: coinmarketcap.comThe keys of the chestWhere was the fault?
Normally, large quantities of cryptocurrency are stored for extra security in cold wallets, some sort of offline safes. However, like many cryptotrading platforms, Coincheck was overwhelmed by the influx of customers and could not keep up with infrastructure and staff. NMS have been warmed up in hot wallets, online portfolios.
However, these portfolios were devoid of multisignature, a rather important negligence of security. The multisig, of its small name, allows for example the following system: if Alice wants to send cryptocurrency to Bob, she transfers the funds on a multisig address. The two individuals must then "sign" jointly at this address for Bob to recover the money. If there is a dispute – let Alice have her wallet hacked and claim she never intended to give it to Bob – both parties are using a third party slice by signing one or the other.
Technical SolutionsHow did the developers of NEM react?
In the event of a major accident on a blockchain, it is customary for the development teams of the cryptodevise to perform a hard fork, that is to say, to split the chain of blocks in two to apply the equivalent state intervention and block misappropriated funds. This is what happened on Ethereum in 2016 with the bankruptcy of the DAO, investment fund that had to be bailed out after a massive piracy and caused the disconnection of the Ethereum Classic protesters.
Since hacking was linked to a particular platform vulnerability, the NEM team preferred to set up a tracking system to locate the loot. Imagine a security system in a bank that sprays an indelible spray on the burglars and ingots they steal. Thus, if hackers try to deposit their NEM on another platform to exchange or launder, this site can immediately know that it is dirty money. Applied retroactively to Coincheck siphoned bottoms, tracing would be effective for any subsequent NME robberies. The team congratulated itself on Twitter:
2 / So the good news is that the money has been hacked via exchanges
can not leave. So please share this info. The largest hack in history
was solved by NEM in a matter of hours. That's the power of the NEM
platform and NEM team.
– Inside NEM (@Inside_NEM) January 26, 2018
– Inside NEM (@Inside_NEM) January 26, 2018
With regard to cryptocurrency holders, the basic rule always applies:
any important sum must be carefully kept in a physical cold wallet at
home. Provided, of course, not to be the type to lose his business all
the time …
0 التعليقات