Solar Treehouse

Life Floating on the Breeze

Bitfinex attempts to retrieve stolen 120k bitcoin by negotiating with thief

 

Bitfinex to hacker: “Call Me Maybe”

heart-letter

In a bold move the Bitfinex exchange has decided to open negotiations with the hacker(s) who attacked them on August 2nd, 2016.

We would like to have the opportunity to securely communicate with you. It might be possible to reach a mutually agreeable arrangement in exchange for an enormous bug bounty.

While this may seem bizarre to pay money to your attackers, it has been successful before with the ~$230,000 in ShapeShift thefts earlier this year. While the amount is much smaller, the tactic is basically the same.

The press release outlines means of anonymous communication so the attacker may feel safe with their negotiations. If these negotiations are successful even in part it will mean Bitfinex can pay off their debts to both their investors and customers. In August they issued a ~36% haircut to all user accounts. Despite the protest of many, this was necessary to continue operations and allowed them to comply with regulatory oversight.

Overall volume at the exchange has dropped sharply due to the incident, and the price of bitcoin has not recovered from the ensuing fall from $660.

The recovery of funds would bring faith back for many of the customers as well as bolster the overall image of bitcoin. Many bitcoin traders are still feeling burned by the 2014 collapse of MtGox, and this recent theft has not been kind to the bitcoin community.  Bitfinex was perceived as a legitimate exchange, and where most serious traders kept their funds.

While many in the community are mocking this move, this may be the best choice for the exchange. Most of the criticism and speculation is that this was an inside job and/or that the exchange still does not know what the bug used in the theft was.  In any case, a dialogue resulting the recovery of the funds will result in a lot of very happy people.

The Fundamentals of Cryptocurrency

What in the world is cryptocurrency?

Via Wikipedia:

A cryptocurrency (or crypto currency) is a medium of exchange using cryptography to secure the transactions and to control the creation of additional units of the currency. Cryptocurrencies are a subset of alternative currencies, or specifically of digital currencies.

Hrm… That seems a bit complex, how about we start at the beginning?

What is money?
Different Currencies

Photo by epsos.de / CC BY

Money is that paper stuff you keep in your wallet, the coins in your pocket, or even those cards you swipe at the checkout stand. But where does it come from? You are thinking that money comes from your boss who writes your checks or from the government who issues the paper which you see everywhere. This is not wrong, but this way of thinking makes it difficult to discuss the philosophy behind money.


Here is a shocking truth which has been kept secret from you. Money can be literally anything people value. People have used: salt, gold, pepper, whale teeth, giant stones, seashells, volcanic glass,  tea, and so many more things as currency.

Well what is the official definition then!?

Again, the textbook definition is not much help:

Money is any item or verifiable record that is generally accepted as payment for goods and services and repayment of debts in a particular country or socio-economic context, or is easily converted to such a form.

Essentially money is a medium of exchange, unit of accounting, or store of value.

  • A medium of exchange is when you want to exchange your dollar bills for eggs and milk at the grocery store. The store doesn’t want the eggs, they want your dollars.
  • A unit of accounting is when you deposit your dollars at the bank which allows them to pay your credit cards, apartment rent, or any other purchase.
  • A store of value is when you store energy or value into your dollars. If you work hard and save money for 10 years, you want to keep that work from deteriorating. If you grew 50 tons of corn, you want to keep the value of what you created safe from decay long after people have eaten it.

So what does all this have to do with cryptocurrency?

At a very basic level cryptocurrency is an accounting ledger.

SONY DSC

Photo by Edinburgh City of Print / CC BY

Cryptocurrencies just track the currency/bills/coins/units of account from one account to another.

That is it.

Then why all the fuss you ask? All of this sounds older than recorded history!!

Cryptocurrency has done for money what the internet did for letters, newspapers, and video. It simply put them online and improved them.

  • Cryptocurrency is a lot more secure than regular money when properly handled.
  • It’s globally accepted to anyone who uses cryptocurrency, and is easily convertible into local paper currency in most large countries.
  • It is insanely portable, try carrying your life savings in cash form on your person sometime. And you can send it to anyone with a computer or phone connected to the internet.
  • It’s basically indestructible when properly handled. Unless you lose your wallet and all of your backups (You have multiple backups… Right!?) it can’t be lost, and it won’t degrade.
  • These currencies are extremely divisible. For example: a bitcoin can be divided into 100,000,000 pieces. (This is really cool for another reason I am about to cover.)
  • The cryptocurrencies are programmable. This means you can build tools into, and on top of your money.

What do you mean by programmable money?

Digitizing Dollar Bill

Photo by FamZoo Staff / CC BY

The experimental field of programmable money has more applications than I can list in this article. This is the real basis of the value of these assets, let’s just make a few examples:

  • Emails are plagued by spam, if you included a really tiny fee for each email, you could shut down spam cold. Spammers send emails to millions of people, if it cost them a nickle for each one, they might think twice, and normal emails would be unaffected by such a small fee.
  • You can verify that someone purchased your media with absolute certainty. Cryptocurrency allows you to create a permanent record of the transaction which can be verified by any third party connected to the internet.
  • If you allowed your computer to monitor your house, you could allow the house access to funds and it could repurchase everyday items as needed without the need of an outside bank account.
  • You could reliably bring voting online. The greatest risk to online voting is a centralized database where all of the votes are held. With a cryptocurrency you can distribute that data over the network and make it essentially impervious to attack.
  • You can issue and transfer stock for your company without need for a notary. This means companies have the complete ability to take control of their finances instead of having to list them on an exchange which can cost them money.
  • You can use cryptocurrency to increase transparency at governmental and corporate levels. Traditional banks are plagued by their opaque accounts when it comes to transparency, with cryptocurrency you can choose to open up all your books in a way that every single penny can be accounted forl
  • You could give your car a wallet and have it pay for all your parking fees, never worry about a ticket again!
  • You could have your router rent out wifi bandwidth when you aren’t using it. Neighbor doesn’t have internet? Just charge them for what they use, and you don’t even have to talk with them about it.
  • You could issue an international ID reliably because all of the data is stored by the cryptocurrency. The main hurdle to this type of project is that governments don’t agree where to store the data, we now have the ability to store it across the globe without fear of third party tampering.

Cryptocurrency is just another form of money. When we stopped trading in volcanic glass or gold, and moved to paper money, the economy boomed. The evolution of currency will help us equally as much this time.

The 5 Best Ways to Keep Your Cryptocurrency Secure

5. Use 2 Factor Authentication

You should be using this to secure your email and bank account already, but if you’ve never heard of 2 factor authentication (or 2FA for short) it basically means that attackers have to steal your phone or resort to complex MTM attacks to steal your Bitcoins.

Google Authenticator:

google-authenticator

This application is available for both Android and iPhone. Once installed and set up, the application generates a new code every 30 seconds. This means that in addition to your password, that you have a pseudo-random rotating code which has to be entered before someone can access your account.

Using the application is as simple as signing in with your normal password and email address, and then entering the code displayed on the screen of your phone. The passcode is displayed just like the above picture.

Here is Google’s guide to set you up with your gmail account.

Authy (I highly recommend this application for all 2FA users):

authy

Authy is identical to the above application with one key difference, your codes are stored in the cloud. This means you never have to worry about losing access to your accounts if your phone is lost, stolen, or broken. (Assuming you have remembered the password of course.)

Here is Authy’s guide to set you up.

Yubikey:

yubikey-neo-smartphone1
A Yubikey is a physical token which comes with the added security of being “unhackable.” Your phone or computer can be compromised with a software attack but the Yubikey cannot. The Yubikey is used by Google, the DOD, and some of the top organizations in the world. It is one of the best 2FA devices in the world.

Here is Yubikey’s setup guide.

If you are wondering if your bank or favorite website is compatible with 2FA, just examine this handy list.

4. Hardware Wallets

A hardware wallet keeps your Bitcoin’s private key secure by creating a physical barrier between your wallet and potential attackers. This is the go to method for just about anyone who wants top security with limited hassle. The only downside is cost compared to using paper wallets or free software wallets.

There are a number of hardware wallets but many are limited in the scope of their cryptocurrency compatibility. For example, if you own Ethereum your options are limited because Bitcoin’s widespread popularity means most hardware wallets are made for Bitcoin. So be sure that the wallet you purchase is compatible with your cypto of choice.

Trezor:

trezor-tx1

The Trezor is compatible with Windows, Mac, and Linux computers. All the software running on the Trezor is open-source. This means that anyone can audit it and verify the security of what is inside. This was one of the first hardware wallets ever commercially available for Bitcoin.

Here is a walk through for a bitcoin transaction using the Trezor for those who are curious.

KeepKey:

 

keepkey

Keepkey supports Bitcoin, Testnet, Litecoin, Namecoin, Dogecoin, and Dash. The wallet doesn’t support Ethereum as of yet but developers claim support is on the way.

KeepKey is a little bit cheaper than the Trezor despite having a very nice interface.

Ledger Wallets:

ledger-nano-s
Ledger has quite a few affordable wallets of differing styles. All the styles are great for different reasons, but the main difference is the price. Hardware wallets used to be prohibitively expensive and these are all very affordable. However only the Nano S supports anything other than Bitcoin. (The Nano S supports Ethereum as well as Bitcoin.)

3. Paper wallets

sample_bitcoin_paper_wallet

Paper wallets are easy to use (relative to the bitcoin system in general), cheap to make, and very secure. However they can be lost, stolen, or accidentally destroyed. Fortunately they can be printed multiple times or imprinted onto almost any material. There are plenty of guides about creating them out there, but this is my favorite because it’s easy. There are ways to make paper wallets even more secure which I will be generating in a later post.

2. Multi Signature Wallets

key-846706_960_720

These are very secure even when you use them for every day wallets.  But they are really complex for your average user, even when companies try to make them easy to use.

The principle is simple enough, split control of a wallet into multiple pieces and then require a majority of the pieces to release control of the funds.  However in practice it ends up confusing most users. I plan on covering these in more detail in a later post.

1.  Passwords!

login-570317_960_720

This is painfully obvious but I would be remiss if I did not comment on the necessity of good passwords.

  • The easiest way to create good passwords is to use a set of random words which are easy to remember such as, “wooden chandelier bakery burlap.”
  • Keep the password longer than 12 characters, the longer the better.
  • A great way to test passwords is to use howsecureismypassword.net, it gives you feedback about your password so that you can get a better idea about what makes a good password.
  • Adding symbols and numbers creates stronger passwords, but longer passwords create more entropy, which is a fancy way of saying “harder to break.”
  • Use a unique password for each site and service.
  • For really secure passwords, use a password generator and a password manager like LastPass.

© 2017 Solar Treehouse

Theme by Anders NorenUp ↑