Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Bitcoin Businesses Security The Almighty Buck

Hacker Allegedly Steals $7.4 Million In Ethereum After Hijacking ICO (vice.com) 64

An anonymous reader writes: An unknown hacker allegedly took over the website of an ethereum startup called Coindash, directing investors to send money to his or her own ethereum digital wallet, instead of the one controlled by Coindash. While Coindash noticed the hack almost immediately, the damage was done, and the hacker amassed more than $7 million in stolen cryptocurrency.
This discussion has been archived. No new comments can be posted.

Hacker Allegedly Steals $7.4 Million In Ethereum After Hijacking ICO

Comments Filter:
  • I don't know much about cryptocurrencies, but since this isn't physical tender, can't hacked currency be invalidated?
    • It can but it's a PITA and threatens to devalue currencies. See:
      http://www.coindesk.com/ethereum-classic-explained-blockchain/
    • by mysidia ( 191772 )

      Ethereum has done it before in a previous hacking. They could write a patch, in theory, to do a fork and invalidate all transactions to the Hacker's address.

      If that is their intention, they should announce it immediately to help mitigate damage (Make sure the hacker doesn't spend further and leave other people holding the bag).

      • by Luthair ( 847766 )
        Even if Ethereum doesn't split the currency, couldn't the coins and derivatives be blacklisted in the "legitimate" sphere making them relatively worthless? They're technically stolen property so dealing with them could be illegal in many jurisdictions.
        • by rtb61 ( 674572 )

          So what you want is a traceable untraceable currency, so that you can make anonymous registered purchases and receive anonymous fully recorded payments. So that all transfers can be tracked but kept secret because you at the core, want to do two things, cheat the tax man participating in criminal payments, whilst also participating in the who gets in early wins in the ponzi scheme coin mining scam. I'll bet you want digital currency to work when the power is out. You are not one of those survivalists with a

          • by kyrsjo ( 2420192 )

            > So what you want is a traceable untraceable currency, so that you can make anonymous registered purchases and receive anonymous fully recorded payments.

            So basically Bitcoin?

          • by gnick ( 1211984 )

            So what you want is a traceable untraceable currency, so that you can make anonymous registered purchases and receive anonymous fully recorded payments.

            Who said anything about untraceable? I thought these transactions were entirely traceable. Anonymous maybe, but not untraceable.

      • by Anonymous Coward

        There was no hacking. The people behind the contract wrote it horribly and someone took advantage of that fact. They didn't like it, because they and their friends lost some money, so they decided to fork it, and illegally invalidate the contract.

      • Ethereum has done it before in a previous hacking. They could write a patch, in theory, to do a fork and invalidate all transactions to the Hacker's address.

        If cryptocurrencies want to go legit as a legal tender, they need to do the same to ransomware addresses.

        • by mysidia ( 191772 )

          If cryptocurrencies want to go legit as a legal tender, they need to do the same to ransomware addresses.

          I guess what needs to be done is introduce trusted "Blacklisting" authorities that all users, and possibly all nodes will honor.

          If an address is BLACKLISTED, then all services and bitcoin nodes check the path coins have taken, and the coins that passed through a blacklisted address cannot be spent anywhere further, they are tainted: Both transaction/payment providers/exchanges/retailers or othe

    • by cunina ( 986893 ) on Monday July 17, 2017 @04:12PM (#54828527)
      Sure, but the precedent is very un-cryptocurrency. Reverting the transfer means that a central authority has the ability to invalidate transactions they don't like. Today it may be theft, but tomorrow it could be political contributions or purchases of "bad" items. It seems like that kind of thing would undermine the value of having a cryptocurrency in the first place.
      • by r0kk3rz ( 825106 )

        Sure, but the precedent is very un-cryptocurrency. Reverting the transfer means that a central authority has the ability to invalidate transactions they don't like. Today it may be theft, but tomorrow it could be political contributions or purchases of "bad" items. It seems like that kind of thing would undermine the value of having a cryptocurrency in the first place.

        Not quite, some central authority might suggest its a good idea but it's ultimately up to the miners to decide to follow through. This is what happened with TheDAO and not everyone agreed and so now we have Ethereum Classic fork as well.

        This is ultimately how blockchains work, its up to the miners to agree what the 'current state' of the chain is and they can change their mind at any time.

    • by Cyberax ( 705495 )
      No. Neither Etherum, nor Bitcoin offer ways to blacklist certain wallets. Once your money is gone, it's gone - just like stolen cash.

      Some alternative cryptocurrencies support wallet invalidation feature where a wallet maybe destroyed if enough miners agree on it for a certain time.
      • by Anonymous Coward

        No. Neither Etherum, nor Bitcoin offer ways to blacklist certain wallets. Once your money is gone, it's gone - just like stolen cash

        Etherum already undid some transactions that people didn't like. This lead to a fork of the block chain and the creation of Etherum Classic.

        Some alternative cryptocurrencies support wallet invalidation feature where a wallet maybe destroyed if enough miners agree on it for a certain time.

        All cryptocurrencies can revert transactions if enough people agree to it. Defeats part of the attraction to them, but it can still happen.

    • by Kjella ( 173770 )

      Of course you could. Technically it's not even a problem, create some kind of master key that clients will accept the signature of instead of the user's key and it'll be the almighty god of that crypto-currency. And who would you like to have sitting on that key? What makes them trustworthy, what standard of proof, what appeals process in what jurisdiction against having your assets seized? The Internet Court of public opinion and loose allegations? What happens if the hacker manages to spend the money firs

    • AFAIK, if enough miners (>50%?) want to invalidate the transactions, they can do it. Simply fork the blockchain, removing any transactions they don't want. Of course, they will have to collectively identify which transactions should be invalidated.

  • by __aaclcg7560 ( 824291 ) on Monday July 17, 2017 @04:00PM (#54828435)
    How do I hijack an icon file (*.ICO) to get $7.4M?
  • by 0100010001010011 ( 652467 ) on Monday July 17, 2017 @04:02PM (#54828451)

    No different than a hacker changing a mailing address to amass money sent to an address.

    Why the hell did they not sign it with a PGP key to authenticate that they were who they said they were?

    • Some people just make dumb mistakes. Others read the (admittedly pretty cool) descriptions of the mathematical properties of cryptocurrencies and foolishly assume that those properties somehow rub off on the decidedly less elegant infrastructure on which basically everything done with the cryptocurrencies depends.

      I'm not sure what the exact breakdown is; but it's practically a business model for the 'exchanges': Get people to hand you the mathematically validated cryptographic stuff in exchange for IOUs
  • a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference.

    or some shitty bitcoin thing, or both .... moving on

  • While Coindash noticed the hack almost immediately, the damage was done, and the hacker amassed more than $7 million in stolen cryptocurrency.

    Wow, I had no idea you could mine over $7million "almost immediately". No wonder Ethereum is so popular. Must have been using one of those out of stock NVidia or AMD video cards for that.

  • by thegarbz ( 1787294 ) on Monday July 17, 2017 @04:13PM (#54828535)

    Will only be worth $3.5million in 2 weeks anyway the way these currencies are going.

  • by GerryGilmore ( 663905 ) on Monday July 17, 2017 @05:02PM (#54828897)
    Some of my buddies were bemoaning not having bought some Bitcoin after one of its runups in price. I told them they'd be better off in Vegas. At least there you get free drinks while watching your money disappear.
    • I just bought a new motorcycle with the money I made selling some of my Bitcoin.

      If you invested any money in Bitcoin in the past and suffered a loss you are definitely doing it wrong.

  • Vendors are urged to examine the data directly. Repeating numbers like 111111111... or numbers like 55378008.... or even 1234567... these need to be examined closely. Right now vendors aren't even looking at cryptocurrency, so it's easy to pass off fakes.
  • The investors sent their money to the wrong address. Coindash will do its best to make good by still issuing tokens (shares) to investors. Now it's up to Coindash to tighten their budget and make a go with a $7M liability. Either way, the investors knew that their investments were always at the risk of Coindash failing. This setback just happened very early in the ICO lifecycle.
  • Whether it's Bitcoin or Etherium I find it humorous how people invest and put value into make believe things we associate with value. It's as if all of a sudden Monopoly money has become real to people and then news when someone steals made up currency. This is so reminiscent of the beanie babies craze. People bought these things in bulk thinking their value would increase over time and their purchases were investments.

    So while the value of Etherium ~$190US per Ether, the reality is it's worth nothing. Ye

"To IBM, 'open' means there is a modicum of interoperability among some of their equipment." -- Harv Masterson

Working...