- Electric hacker
he stole 245 BTC
The Electrum portfolio was compromised yesterday by an attacker
phishing attack, which we talked about yesterday. New details on this hack
emerged today as the potential address of the hacker was revealed, alongside
its potential booty.
As a reminder, the phishing attack has seen hacking spam
Electricity network with fake controlled servers. When wallet users who
connected to a compromised server attempted to transmit a Bitcoin transaction,
would receive an error message, asking the owner of the wallet to download
an update. "The software downloaded this way was not a true update of Electrum
but rather a piece of malware designed to steal your Bitcoin.
The Reddit community managed to get the hacker's address,
indicating that an alarming amount of funds may have been stolen from this
attack. At the time of writing, the wallet contains 245 BTC (currently worth it
just over $ 880 thousand). The portfolio saw a total of five transactions sent to
it, with a user who apparently lost just over 200 BTCs in the attack. At the moment,
Electrum has released a quick solution that prevents the attacker from sending the error
messages to the victims. Even with this, the problem has not yet been completely solved
The cash remains behind compared to other popular cryptocurrencies
The popular LongHash cryptographic data aggregator has revealed some
interesting data on Bitcoin Cash. While the supporters of said
cryptocurrency likes to boast about the scalability of BCH, the block size adjustments and
low fees simply can not keep up with the best dogs in the market in various areas.
LongHash has examined the most popular cryptocurrencies online
transactions and determined that Dash, Dogecoin and Litecoin currently dominate
this specific segment of cryptographic markets. Bitcoin cash is behind these
coins mentioned, recording four times less transactions than a meme
cryptocurrency like Dogecoin.
These numbers become even more annoying if we look at what Bitcoin,
the currency that BCH was made to replace, is able to do. The blockchain processes of BTC
20 times the number of daily payments like Bitcoin Cash. Numbers become even more difficult
if we look at the daily active addresses that each of these payment solutions has. Fault
on the volatility of the market, the maximalism of Bitcoin, at the head of these
the currencies had been on BCH or the recent rigid fork controversy the project went
through, the fact remains that the market does not seem very interested in using
BCH for transfers of value.
vulnerable portfolios after all ?!
During the 35th Congress of Computer Chaos in Leipzig, Dmitry
Nedospasov, Thomas Roth and Josh Datko gave a presentation called wallet.fail,
where they tried presented a case on why hardware wallets like Ledger Nano S
or Trezor were vulnerable to different types of attacks.
The attacks made against the aforementioned hardware portfolios varied from
break the proprietary protection of the bootloader, breaking the web
interfaces used to interact with portfolios, including physical attacks
glitching to bypass the security implemented in the portfolio's IC. As a
As a result of their testing, individuals have found 5 types of vulnerabilities that
apparently every hardware solution on the market suffers from:
- Firmware vulnerability
Firmware vulnerabilities are vulnerabilities that affect running software
on the hardware portfolio. Because most of the wallets provide updating mechanisms for this class
of bugs can be patched in a future firmware version.
- Software vulnerability
Software vulnerabilities are vulnerabilities that affect the host software
it works on a PC or smartphone and communicates with the hardware portfolio. From
most portfolios provide updating mechanisms to this bug class a patch can be applied in to
future version of the host software.
- Hardware vulnerability
Hardware vulnerabilities are vulnerabilities that affect the device's hardware
the hardware portfolio. Hardware vulnerabilities are generally set incorrectly
configurations of the hardware during production or from the firmware.
If the configuration is set by the firmware, these vulnerabilities can be corrected
a future version of the firmware. Otherwise, they are unlikely to be repaired by
- Physical vulnerabilities
Physical vulnerabilities are vulnerabilities that affect the hardware design of
the hardware portfolio. Once the device has been manufactured, hardware
vulnerabilities can not be mitigated and can only be solved in a future hardware
review of the device. This class of vulnerability is unlikely to be resolved
from the seller.
- Architectural vulnerabilities
Architectural vulnerabilities are vulnerabilities that affect the complex
hardware portfolio architecture. These are design flaws inherent in the
device and can only be solved in an important hardware revision, such as a new version
of the device. This class of vulnerability is unlikely to be resolved by
Overall, the presentation of an hour of duration covered the architectures,
attack the sellers and the challenges of building a hardware portfolio solution, revealing
both the good and the bad of the current hardware portfolio lineup. Complete presentation
can be seen here.
The community has criticized analysts for not responsibly disclosing theirs
results to wallet manufacturers before going to live with the
The TREZOR producer SatoshiLabs replied to this
presentation through his chirping: "With
Concerns the discoveries of # 35c3 on @Trezor: we have not been informed through ours
Responsible disclosure program in advance, so we have learned from them since
stage. We need a little time to fix them and we will address them through
a firmware update at the end of January. "
Also SatoshiLabs replied, but through their subreddit: "According to my latest information (I'm not present
at the conference), we were not informed of this vulnerability via our own
Responsible disclosure process, and therefore we are working with the
information as they arrive. We will address this vulnerability as soon as possible
possible, even if we need time. Until then, you can mitigate it
using a passphrase (make sure you know how it works first, like in the case of
passphrase-loss your funds are unrecoverable), or making sure no
lose physical access to your device. To exploit the vulnerability, the
the malicious user must have physical access to the device, directly to his
- Cardano launches
an ambassador program
One of the Cardano market's cornerstones has decided to launch a
ambassador program. Through this initiative, the project seeks to exploit power
of their community to make the whole Cardano ecosystem a better place to be one
The Cardano ambassador program will try to recruit e
reward 4 types of community members: assistants to organize meetups, moderators
for forums and chats, professionals for creating content and translators in
Charles Hoskinson, the man behind IOHK (responsible body of
Development Cardano) explained that the Ambassadors will be selected according to their own
good work in the community; the position of the Ambassador is not something that is
assigned directly by IOHK or other project members. A complete list of requirements
an ambassador must be found here.
Join our Telegram channel
The writers and authors of CapitanAltcoin may or may not have a personal interest in any of the projects and activities mentioned. None of the contents on CaptainAltcoin is an investment advice, nor does it replace the advice of a certified financial planner.
The opinions expressed in this article are those of the author and do not necessarily reflect the official policy or position of CaptainAltcoin.com