Pages:
Author

Topic: Anyway to block usage of stolen coins? (Read 465 times)

legendary
Activity: 1666
Merit: 1196
STOP SNITCHIN'
June 08, 2019, 02:49:04 AM
#42
I am really curious what exchanges have a withdraw throttle from out of the ordinary amounts of withdraws or even exchanging alts in a short time span. I bet none and it is like the easiest fix.

If users withdraw = 1.5x or 1.25x normal volume stop all withdraws.
Will give them time to take a quick manual look at what is going on.

At least the hackers can`t steal massive amounts in seconds from many different accounts.

that is true if the hacker was actually withdrawing anything but they are not. they are "hacking" their system which means they have access to their wallets and the underlying system, for example have access to their wallets and private keys.

The recent Binance attack was a case where compromised accounts used the withdrawal system and Binance mistakenly authorized the withdrawal. I believe they mentioned plans to institute more comprehensive internal checks like TimeBits is talking about. They say their wallets weren't compromised, and I can see my deposit addresses haven't changed.

This appears to be the new frontier for exchange hackers: Compromise accounts, patiently wait, then try to slip through the withdrawal system unnoticed. Another similar attack on Gatehub just happened, where dozens of user accounts were compromised through API keys. The attack netted a $10 million reward for the hackers.
sr. member
Activity: 1008
Merit: 355
June 08, 2019, 01:33:27 AM
#41
Theoretically miners could refuse to mine a transaction that attempted to move stolen coins, but you'd need the majority to refuse and it's not as if they all work closely together. It also would be probably down to pools to do it as many miners won't check what they're actually processing.

Since they're only in it for the money you could include a ginormous fee to tempt them and I believe that's happened with hacks in the past.

Theoretically some entity can give miners a signed transaction with a good reward, and ask them to mine it if some unauthorized withdrawal is made from their wallet while hacker's transaction is still in the mempool, but it still requires a large amount of miners (ideally - having all miners on board), and the reward should be bigger than what hackers will offer, otherwise miners will be tempted to include hacker's transaction. It also requires real-time coordination with miners, to tell them whether transaction is authorized or not, and any delay just increases the chance that malicious transaction will get confirmed.

The efforts needed to get miners to act united on the hacked coins can be gargantuan and if it were possible maybe exchanges who were victims of hacking to the tune of millions in dollars might have done this. In other words, it seems impossible as there is no agreed protocol on this problem. We can never obliged miners to agree to do this.
legendary
Activity: 4410
Merit: 4766
June 07, 2019, 04:08:12 AM
#40
whats next..
someone 'buys a lambo' then 5 minutes later sends a special new tx declaring the coins that just moved are 'stolen'

hmm chargeback scamming 2.0

here is a secret.
1. dont give out private keys
2. exchanges should never have private keys on server
3. multisig funds, so if one key is found, its useless alone
4. dont hoard larg stash on one key
5. if your funds move and you didnt initiate it. confirms take 10min. so try CPFP to intercept the unconfirm
by creating a new parent child double tx and get it confirmed back to an address you prefer using more fee than the theif
6. in short, look after your funds because once they are out of your control. they are.. out of your control

other secrets
9 out of 10 'exchange hacks' are actually exchange ceo retirement plans
legendary
Activity: 3080
Merit: 1292
Hhampuz for Campaign management
June 07, 2019, 12:04:08 AM
#39
The only thing they can do is to track the lost coins, but they cannot block it since it's not part of the feature of crypto currency which is decentralized. Maybe if they can identify the hacker, there is a chance the coins will be recovered when they can get the private key.

Identifying the hacker is just the best way to do when hack happens, big exchanges have the resources to pay people helping them identify but hackers are just smart, they were still able to take the hack coins, maybe mixers can also be use for this.
legendary
Activity: 3472
Merit: 10611
June 06, 2019, 11:18:41 PM
#38
I am really curious what exchanges have a withdraw throttle from out of the ordinary amounts of withdraws or even exchanging alts in a short time span. I bet none and it is like the easiest fix.

If users withdraw = 1.5x or 1.25x normal volume stop all withdraws.
Will give them time to take a quick manual look at what is going on.

At least the hackers can`t steal massive amounts in seconds from many different accounts.

that is true if the hacker was actually withdrawing anything but they are not. they are "hacking" their system which means they have access to their wallets and the underlying system, for example have access to their wallets and private keys.
not to mention that most of these exchange "hack" cases weren't really a hack but an inside job or the exchanges scamming their users.

hmm yah you right but I am sure there is hacks where they use a bunch of logins leaked and withdraw mass amounts of accounts at the same time though, fuck exchanges anyways lol, p2p or your like giving another man your banana to hold on to.

well that depends on the exchange security. simply not letting larger size withdrawals is like the first thing an exchange should do in their security implementations. but not all of them are actually secure, like the small exchanges with so little volume and users which weren't the ones i was talking about. but if we also include them, then it is possible if their system has such obvious holes in it.
member
Activity: 224
Merit: 62
June 06, 2019, 11:04:51 PM
#37
I am really curious what exchanges have a withdraw throttle from out of the ordinary amounts of withdraws or even exchanging alts in a short time span. I bet none and it is like the easiest fix.

If users withdraw = 1.5x or 1.25x normal volume stop all withdraws.
Will give them time to take a quick manual look at what is going on.

At least the hackers can`t steal massive amounts in seconds from many different accounts.

that is true if the hacker was actually withdrawing anything but they are not. they are "hacking" their system which means they have access to their wallets and the underlying system, for example have access to their wallets and private keys.
not to mention that most of these exchange "hack" cases weren't really a hack but an inside job or the exchanges scamming their users.

hmm yah you right but I am sure there is hacks where they use a bunch of logins leaked and withdraw mass amounts of accounts at the same time though, fuck exchanges anyways lol, p2p or your like giving another man your banana to hold on to.
sr. member
Activity: 2436
Merit: 343
June 06, 2019, 10:47:06 PM
#36
We can only trace the transaction but to block it  absolutely a hard job for anyone, not sure if someone could give a hard time doing it. Cause a lot of things happen like this but nobody give us report that they could block the transactions, this means that we can't do anything to bring back loss coins to our wallet or just even freeze it. This is one of the disadvantage in crypto, once lost,  it will lost forever.
legendary
Activity: 3472
Merit: 10611
June 06, 2019, 10:17:18 PM
#35
I am really curious what exchanges have a withdraw throttle from out of the ordinary amounts of withdraws or even exchanging alts in a short time span. I bet none and it is like the easiest fix.

If users withdraw = 1.5x or 1.25x normal volume stop all withdraws.
Will give them time to take a quick manual look at what is going on.

At least the hackers can`t steal massive amounts in seconds from many different accounts.

that is true if the hacker was actually withdrawing anything but they are not. they are "hacking" their system which means they have access to their wallets and the underlying system, for example have access to their wallets and private keys.
not to mention that most of these exchange "hack" cases weren't really a hack but an inside job or the exchanges scamming their users.
hero member
Activity: 1316
Merit: 407
Top Crypto Casino
June 06, 2019, 08:36:29 PM
#34
Let`s us say that a exchange got hacked, Would there be anyway to ban those bitcoins? like blacklist the stolen coins so they cannot be used on the network? I know about going back in time with consensus of the network to a earlier block or forking and using that new chain, but could you just not ban the stolen coins?  I mean make a way to do that?

You can monitor the portfolio and consequently monitor the BTCs. I can only see this way of having the assurance that you will know which BTC is stolen or not. But if the robbery does not know the wallet, I can not imagine how to monitor
jr. member
Activity: 84
Merit: 1
June 06, 2019, 08:27:52 PM
#33
There should to be a have the way to block the stolen coins.Unfortunately we don't see or have way to block stolen coins.If the codes of the coin show somewhere in blockchain. There should have a way.A software detect it and blocking it.I think we can use the gas system.Everyone pay for transaction.Gas system in scan what they deliver and reject to deliver.So that become useless.You can't get cash from what you have.What is meaning of stealing?
sr. member
Activity: 1316
Merit: 257
June 06, 2019, 06:09:16 PM
#32
in fact coins from crime proceeds first before being used or circulated, crime coins will be washed using various methods so that they cannot be traced. if this is not done, this is very dangerous for them, and many exchanges will block their coins so they cannot be withdrawn.
member
Activity: 224
Merit: 62
June 06, 2019, 05:34:46 PM
#31
I am really curious what exchanges have a withdraw throttle from out of the ordinary amounts of withdraws or even exchanging alts in a short time span. I bet none and it is like the easiest fix.

If users withdraw = 1.5x or 1.25x normal volume stop all withdraws.
Will give them time to take a quick manual look at what is going on.

At least the hackers can`t steal massive amounts in seconds from many different accounts.
member
Activity: 224
Merit: 62
June 06, 2019, 05:29:52 PM
#30
Still boggles my mind, 144,336 Bitcoins seized and the fed got all the money.
600,000 to mark gots(mt gox + mark karpeles) that are still usable
7000 from a hacker in binance

and like 50 other exchanges.

Exchange: Cryptsy
    Amount: $9,500,000 (13,000 BTC and 300,000 LTC)

    Exchange: Mintpal
    Amount: $3,200,000 (3,894 BTC)

    Exchange: Bitstamp
    Amount: $5,100,000 (19,000 BTC)

    Exchange: Bter
    Amount: $1,750,000 (7,000 BTC)

    Exchange: Bitfinex
    Amount: $72,000,000 (120,000 BTC)

    Exchange: Nicehash
    Amount: $60,000,000 (4,000 BTC)

    Exchange: Coincheck
    Amount: $534,800,000 (523,000,000 NEM)

    Exchange: BitGrail
    Amount: $195,000,000 (17,000,000 NANO)

    Exchange: CoinSecure[1]
    Amount: $3,300,000 (438 BTC)

    Exchange: Coinrail
    Amount: $40,000,000 (in various tokens)

    Exchange: Zaif
    Amount: $60,000,000 (5,966 BTC)

    Exchange: MapleChange
    Amount: $6,000,000 (913 BTC)

    Exchange: HitBTC
    Amount: Unknown (A daily volume over $200 million)
legendary
Activity: 3052
Merit: 1273
June 06, 2019, 05:27:34 PM
#29
Let`s us say that a exchange got hacked, Would there be anyway to ban those bitcoins? like blacklist the stolen coins so they cannot be used on the network? I know about going back in time with consensus of the network to a earlier block or forking and using that new chain, but could you just not ban the stolen coins?  I mean make a way to do that?

First of all, the addresses where the coins were sent, needs to be tracked. Then, the exchange they were sent to, needs to be informed by the Cyber crime cell or anybody who is able to trace them down and the exchange can take the coins in (so not to let them trade them and withdraw anything in stable coins, fiat or dark coins), return it back to its original owner (from whom they stole the coins) after that owner proves to be the original one. That way, we can stop them. Another way is to expose them and their addresses publicly and ask everyone not to trade with such entities asking to sell a big lot of BTC to you for throw-away rates and even if they try to go based on market price, you should always ask for a Satoshi test and try to trace them if they actually sent from an address which is not related to the hack or they used any mixer.

I don't think that going back a few blocks would help but it would just mess up everything breaking the rules of the ongoing protocol and I never heard any such cases even got tried to be solved such way.
jr. member
Activity: 184
Merit: 1
June 06, 2019, 03:38:48 PM
#28
I would imagine the person would be able to find a way to offload the coins. There are cyber security firms like ciphertrace that can track these types of situations but blacklisting them seems kind of centralized no? Idk
legendary
Activity: 2772
Merit: 1028
Duelbits.com
June 02, 2019, 12:08:29 AM
#27
Let`s us say that a exchange got hacked, Would there be anyway to ban those bitcoins? like blacklist the stolen coins so they cannot be used on the network? I know about going back in time with consensus of the network to a earlier block or forking and using that new chain, but could you just not ban the stolen coins?  I mean make a way to do that?
After the hacked accounts on Binance, MCaffe talked about the re-org of the whole bitcoin network. It is possible but all miners should go back to the previous block before hacked coins transferred to an address in order to split the chain which called re-org. It is dangerous and will lead to centralization. Long story short: Unlikely, but it is possible.
sr. member
Activity: 1008
Merit: 355
June 01, 2019, 10:41:46 PM
#26
Let`s us say that a exchange got hacked, Would there be anyway to ban those bitcoins? like blacklist the stolen coins so they cannot be used on the network? I know about going back in time with consensus of the network to a earlier block or forking and using that new chain, but could you just not ban the stolen coins?  I mean make a way to do that?

I know what you mean...and I shared that kind of feeling that I think we are inutile in the face of the hackers and scammers all roaming this industry as they continue to sow discord and evils victimizing many people along the way. There must be a solid way we can effectively deal with these people. Unfortunately, it seems that there is nothing we can do as of now. I think there are suggestions on this problem but until the whole industry can decide which should we be using, these people are scot-free to continue bringing menace. Now, let's hope that the time will come when we can find a way to deal with these people. For now, all we can do is to ask platforms to fortify their defenses. And for us, individually, to be always careful not to be a part of the statistics.
member
Activity: 224
Merit: 62
June 01, 2019, 10:29:17 PM
#25
instead of focusing on preventing the hacker from spending the funds he stole and wanting to add restrictive conditions to bitcoin and ruin it, you should focus on how you can prevent the hack from happening in first place, which is a much easier task!

not to mention that 90% of exchange hacks are either inside job or a shady story that the exchange feeds its customer just to scam them out of their money.

true, yah there is a lot of small easy things exchanges could do.
legendary
Activity: 3472
Merit: 10611
June 01, 2019, 10:25:47 PM
#24
instead of focusing on preventing the hacker from spending the funds he stole and wanting to add restrictive conditions to bitcoin and ruin it, you should focus on how you can prevent the hack from happening in first place, which is a much easier task!

not to mention that 90% of exchange hacks are either inside job or a shady story that the exchange feeds its customer just to scam them out of their money.
legendary
Activity: 3024
Merit: 2148
June 01, 2019, 09:07:11 PM
#23
Theoretically miners could refuse to mine a transaction that attempted to move stolen coins, but you'd need the majority to refuse and it's not as if they all work closely together. It also would be probably down to pools to do it as many miners won't check what they're actually processing.

Since they're only in it for the money you could include a ginormous fee to tempt them and I believe that's happened with hacks in the past.

Theoretically some entity can give miners a signed transaction with a good reward, and ask them to mine it if some unauthorized withdrawal is made from their wallet while hacker's transaction is still in the mempool, but it still requires a large amount of miners (ideally - having all miners on board), and the reward should be bigger than what hackers will offer, otherwise miners will be tempted to include hacker's transaction. It also requires real-time coordination with miners, to tell them whether transaction is authorized or not, and any delay just increases the chance that malicious transaction will get confirmed.
Pages:
Jump to: