Leave these small-scale Bitcoin robberies. The Mt Gox robbery, in which some $500 million worth of coins were stolen, happened almost 6 months ago. Still there is no reliable clue on who did it.
Right, compraed to Mt Gox this is dust collection 
Topic: [2014-08-13] Bitcoin theft: Canadian hacker could be to blame (Read 1648 times)
Leave these small-scale Bitcoin robberies. The Mt Gox robbery, in which some $500 million worth of coins were stolen, happened almost 6 months ago. Still there is no reliable clue on who did it.
Stratum protocol wasn't the subect of the attack vector either. From what I've read, it's an exploit of the way all TCP/IP (internet protcol) traffic is routed from source to destination. There is inevitably several hops where the infrastructure of the internet (run by big telecom corporations) makes decisions as to where to send TCP/IP packets next as a part of completing the trip. The hackers targetted this part of the infrastructure, redirecting hashing from known pools to other pools (or possibly to their own mining setup, which adds even more intrigue). Comment suggested that insiders at telecoms were potential suspects, although this new report suggests otherwise.
Thanks for clarification. Couldn't have an encryption protocol prevented that man-in-the-middle attack?
Stratum protocol wasn't the subect of the attack vector either. From what I've read, it's an exploit of the way all TCP/IP (internet protcol) traffic is routed from source to destination. There is inevitably several hops where the infrastructure of the internet (run by big telecom corporations) makes decisions as to where to send TCP/IP packets next as a part of completing the trip. The hackers targetted this part of the infrastructure, redirecting hashing from known pools to other pools (or possibly to their own mining setup, which adds even more intrigue). Comment suggested that insiders at telecoms were potential suspects, although this new report suggests otherwise.
Thanks for clarification. Couldn't have an encryption protocol prevented that man-in-the-middle attack?
There was no theft of any private keys. The miners were hit with a man-in-the-middle attack that redirected them to a malicious mining pool where they kept receiving new blocks to work on, but were not paid their share for that work. The technical analysis is here:
http://www.secureworks.com/cyber-threat-intelligence/threats/bgp-hijacking-for-cryptocurrency-profit/
Thanks. The thieves stole hashing power via the Stratum protocol. It has nothing to do with the Bitcoin protocol nor were Bitcoins stolen. The article is misleading.
Stratum protocol wasn't the subect of the attack vector either. From what I've read, it's an exploit of the way all TCP/IP (internet protcol) traffic is routed from source to destination. There is inevitably several hops where the infrastructure of the internet (run by big telecom corporations) makes decisions as to where to send TCP/IP packets next as a part of completing the trip. The hackers targetted this part of the infrastructure, redirecting hashing from known pools to other pools (or possibly to their own mining setup, which adds even more intrigue). Comment suggested that insiders at telecoms were potential suspects, although this new report suggests otherwise.
I am not interested how he did it, I was appalled to see yet another thief can get away with it!
Quote
"He's pretty good at covering his tracks," Di Iorio said. "The chance of prosecution is very low."
There was no theft of any private keys. The miners were hit with a man-in-the-middle attack that redirected them to a malicious mining pool where they kept receiving new blocks to work on, but were not paid their share for that work. The technical analysis is here:
http://www.secureworks.com/cyber-threat-intelligence/threats/bgp-hijacking-for-cryptocurrency-profit/
Thanks. The thieves stole hashing power via the Stratum protocol. It has nothing to do with the Bitcoin protocol nor were Bitcoins stolen. The article is misleading.
Can an expert explain, how this hack really worked? The technical information in this article is useless. As I understand the Bitcoin protocol the block reward is just a transfer like any other but with no input. Since only the block reward was stolen, it can't be a weakness of the protocol. The hacker must have gained access to the private keys of the miner. But why would a miner store the reward in a hot wallet with the private keys revealed and not notice the theft over a period of 4 months?
There was no theft of any private keys. The miners were hit with a man-in-the-middle attack that redirected them to a malicious mining pool where they kept receiving new blocks to work on, but were not paid their share for that work. The technical analysis is here:
http://www.secureworks.com/cyber-threat-intelligence/threats/bgp-hijacking-for-cryptocurrency-profit/
From the article:
Quote
Joe Stewart, director of malware research at SecureWorks, said the hacker targeted firms that hosted servers generating virtual currencies such as Bitcoin
Can an expert explain, how this hack really worked? The technical information in this article is useless. As I understand the Bitcoin protocol the block reward is just a transfer like any other but with no input. Since only the block reward was stolen, it can't be a weakness of the protocol. The hacker must have gained access to the private keys of the miner. But why would a miner store the reward in a hot wallet with the private keys revealed and not notice the theft over a period of 4 months?
But these governments withhold their "backing" to protect their own "fiat" currency, and use the fact that they not backing BTC as a warning, not to use the competing currency. How fair is that?
Nice insight, Kprawn! I hadn't thought of it that way ("use the fact that they not backing BTC as a warning"). You are right - the "no government backing" bogeyman is entirely of government making and easily within any government's power to solve, not that I agree with their problem definition and not that I would welcome any of their Procrustean attempts at problem-solving.
Once again they falling back to the old story.... "The Consumer Financial Protection Bureau issued an advisory warning, saying the currencies are not backed by the government, have volatile exchanges rates and are targeted by hackers and scammers. And unlike bank accounts, Bitcoin-based deposits are not federally insured."
So go on and back BTC and get on with it..... And then take out insurance on BTC transactions and be covered.
But these governments withhold their "backing" to protect their own "fiat" currency, and use the fact that they not backing BTC as a warning, not to use the competing currency. How fair is that?
So go on and back BTC and get on with it..... And then take out insurance on BTC transactions and be covered.
But these governments withhold their "backing" to protect their own "fiat" currency, and use the fact that they not backing BTC as a warning, not to use the competing currency. How fair is that?
http://www.cbc.ca/news/technology/bitcoin-theft-canadian-hacker-could-be-to-blame-1.2733693
A hacker with access to a Canadian internet provider hijacked net traffic from large foreign networks to steal more than $83,000 US in virtual currency over a four-month period, a cyber security company said Monday.
A hacker with access to a Canadian internet provider hijacked net traffic from large foreign networks to steal more than $83,000 US in virtual currency over a four-month period, a cyber security company said Monday.
Jump to: