It is high time—no,
long past time to better warn people about the
billion-dollar scam with a centralized kill switch.
Please support:
From Coindesk, with my red boldface added:
Iota’s blockchain solves the following problems of its blockchain cousin:
Centralization of control
As history shows, small miners form big groups to reduce variation of the reward. This leads to concentration of power (computational and political) in hands of few pool operators and gives them ability to apply wide spectrum of policies (filtering, postponing) on certain transactions. Although there are no known cases where pool operators abused their power, there have been several instances where the opportunity were present. This possibility in a monetary system powering a multibillion (in USD) industry is completely unacceptable.
“Obsolete” cryptography
Although large scale quantum computers do not exist yet, future oriented companies have already begun initiating the steps towards quantum-resistant cryptography. From a security point of view it makes perfect sense to assume that hardware capable of cracking classical cryptoalgorithms may appear in the very near future, so preparation is the only defense.
Let me get this straight: IOTA avoids “centralization of control” by having a centralized kill switch which can
turn off your money at any time—and they use that kill switch when theft occurs because their way to avoid “‘obsolete’ cryptography” is to sell you a bug-ridden heap of
snake oil that has
had its homebrew crypto broken in the past, and apparently is overall insecure and buggy (whether or not this latest theft was caused by a break of their crypto).
SCAM
Because I am a techie, let me put this in terms of something that looks like maths and stuff:
IOTA = your money → 🗑️
The current IOTA disaster shows that honest technical experts on this forum, including myself, were justified long ago in giving a
roundhouse kick to IOTA’s snake oil security.
What do I mean by “snake oil”? Everybody who knows anything about practical cryptography knows well these warning signs:
https://www.schneier.com/crypto-gram/archives/1999/0215.html#snakeoilThe recent (and a really good) example of bad code here:
http://www.tangleblog.com/wp-content/uploads/2018/02/letters.pdfDom, David and the rest of the IOTA team,
We have found serious cryptographic weaknesses in the cryptographic hash function
curl used by IOTA, curl. These weaknesses threaten the security of signatures
and PoW in IOTA as PoW and Signatures rely on curl to be pseudo random and collision
resistant.
...
This is not “bad code”. It is
DIY crypto. Worse, DIY crypto for a primitive—a DIY hash! Worse still, DIY crypto by a corporate outfit which never showed any evidence of being inhabited by world-class cryptographers—despite their claim in a spin-job piece that “
the IOTA Foundation has already subcontracted a team of 5 world-class cryptographers, as well as 3 independent ones to come up with a final design of Curl and then start the long peer-reviewed process, as was always the plan.”
N.b. that even world-class cryptographers need their primitive designs to undergo extensive peer review
before fielding them with Other People’s Money—whether it’s the “final design”, or otherwise!
One of the people who broke IOTA had some damning words for it, in “
Cryptographic vulnerabilities in IOTA”:
You might think that IOTA, a cryptocurrency worth over a billion dollars, and
working with organizations like
Microsoft,
University College London,
Innogy, and Bosch, BNY Mellon, Cisco, and Foxconn (through the
Trusted IOT Alliance) would not have fairly obvious vulnerabilities, but unfortunately, that’s not the case. When we took a look at their system, we found a serious vulnerability and
textbook insecure code.“In 2017, leaving your crypto algorithm vulnerable to differential cryptanalysis is a rookie mistake. It says that no one of any calibre analyzed their system, and that the odds that their fix makes the system secure is low,” states Bruce Schneier, renowned security technologist, about IOTA when we shared our attack.
Anybody who buys into such ill-conceived crypto-junk as IOTA deserves to lose their money, on grounds of foolishness. Merited by TMAN (10), achow101 (2), LoyceV (1)Bitcoin requires a new mindset. [...] If you get
that, then you will pay careful attention to the quality of your code. Also, you will much respect Core—because they get it, too. And if you dare to make your own currency, you will
not start by designing your own hash function as IOTA did! That really wrecks any credibility they ever had.
I don't know precisely what happened with IOTA but I have read a little bit about it and I'm not sure why the currency continues to circulate given what I do know. I guess too many people had invested into it by that point, which is more a political reason for continuing to exist rather than anything based on technical merit or the capability of the system. I'm not sure why the IOTA people thought it was a good idea to throw in some untested cryptography, but that seems like a very amateur thing to do.
As for the latter bolded part: I don’t see “amateur”. I see
PHB + NIH.Come on. We’re the big boys. Microsoft is involved—you know, the company which does \ instead of / as a directory delimiter. For our billion-dollar cryptocurrency, we will do innovation! We don’t just use a commercial off-the-shelf hash which everybody else has. We have our own hash! The boss says so. I hereby
partly retract one statement that I made in the above quotes:
Anybody who buys into such ill-conceived crypto-junk as IOTA deserves to lose their money, on grounds of foolishness.
The word “deserves” was rhetorical hyperbole.
Newbies and people who are not technical experts do not deserve to lose money on a billion-dollar scam, which they lack adequate knowledge properly to evaluate. Wherefore my new action against IOTA: People deserve to be warned, so that they do not unknowingly take the
high risk of losing money that comes with investing in a “cryptocurrency” that uses snake oil crypto, has suffered thefts (due to apparently as-yet undisclosed insecurities), and has
actually had its whole network shut down with a centralized kill switch. IOTA is a broken-by-design financial time bomb!
Disclosures: I have no financial position which could be in any way directly affected by IOTA’s market price. Indeed, I flatly ignore >99% of the altcoin market. IOTA just keeps coming to my attention as a disaster by design. In 2018, it was their broken homebrew hash; now, it is their kill switch... I want to warn others so that people don’t take a high risk of losing money by buying into a billion-dollar scam with snazzy marketing, big corporate backers, and abysmally insecure technology.