NEM (XEM) Official Thread - 100% New Code - Easy To Use APIs - page 227.

ruletheworld

legendary

Activity: 1386

Merit: 1045

Quote from: NorrisK on January 26, 2018, 01:52:46 PM

Quote from: ruletheworld on January 26, 2018, 01:36:56 PM

Quote from: nemwanderer on January 26, 2018, 01:19:32 PM

Quote from: gentlemand on January 26, 2018, 11:25:27 AM

Quote from: nemwanderer on January 26, 2018, 11:22:44 AM

700k coins will do that to you. I really believe/believed in this one and all this is rather depressing. I’m of the belief that reputation/marketing are of huge importance and this just doesn’t help.

Pah. It's a rite of passage.

And note that Lon Wong's statements took the time to emphasize the on chain security features that Coincheck pointedly failed to use.

Question is whether those features would deter any hack.

Also I didn’t realize a fork was happening for catapult...speaking of which is catapult ever happening?

Thanks

Of course those features would have reduced the probability of a hack. There is nothing called perfect security. However, what Coincheck was using was quite bad indeed.

Two of the very basic security practices that every single exchange should use for every single crypto that they handle are -

Multi-sig wallets: If one key is compromised, the attacker cannot steal all the funds
Cold Storage: Majority of the funds need to be stored on a device that has never been connected to the internet

Then, the exchange needs to create processes around these basic security requirements. For example, how many key holders exist in the multi-sig wallet? Where do they store their keys? How do they communicate if they believe they are compromised, and what steps do every one else take if this happens? Where are the cold storage keys located? Who authorizes transfer of funds from cold storage to hot wallet? How often can this happen?
You get the point.

If you're running an exchange without Multi-sig and Cold Storage, then you're at fault.

This hack isn't a problem with NEM. It is a problem with the exchange practices. The NEM foundation has offered to help, but there is only so much they can do in this situation.

One would think this exchange has been around long enough to have learned from other exchange hacks to know how important these security steps are..

The more reason to use some of the exchanges that are actively communicating how much effort they put into security.

I am shocked they've been operating since 2012 apparently. That's 5+ years of bad security. Unbelievable.

I am afraid all the newbies would think somehow this means 'NEM got hacked'. Seriously, people need to do some homework here.

tongokongo

full member

Activity: 172

Merit: 134

Explore Crypto

I made a full explanation video on this situation:
https://youtu.be/SCzQ-GiDd7Q

NorrisK

legendary

Activity: 1946

Merit: 1007

Quote from: ruletheworld on January 26, 2018, 01:36:56 PM

Quote from: nemwanderer on January 26, 2018, 01:19:32 PM

Quote from: gentlemand on January 26, 2018, 11:25:27 AM

Quote from: nemwanderer on January 26, 2018, 11:22:44 AM

700k coins will do that to you. I really believe/believed in this one and all this is rather depressing. I’m of the belief that reputation/marketing are of huge importance and this just doesn’t help.

Pah. It's a rite of passage.

And note that Lon Wong's statements took the time to emphasize the on chain security features that Coincheck pointedly failed to use.

Question is whether those features would deter any hack.

Also I didn’t realize a fork was happening for catapult...speaking of which is catapult ever happening?

Thanks

Of course those features would have reduced the probability of a hack. There is nothing called perfect security. However, what Coincheck was using was quite bad indeed.

Two of the very basic security practices that every single exchange should use for every single crypto that they handle are -

Multi-sig wallets: If one key is compromised, the attacker cannot steal all the funds
Cold Storage: Majority of the funds need to be stored on a device that has never been connected to the internet

Then, the exchange needs to create processes around these basic security requirements. For example, how many key holders exist in the multi-sig wallet? Where do they store their keys? How do they communicate if they believe they are compromised, and what steps do every one else take if this happens? Where are the cold storage keys located? Who authorizes transfer of funds from cold storage to hot wallet? How often can this happen?
You get the point.

If you're running an exchange without Multi-sig and Cold Storage, then you're at fault.

This hack isn't a problem with NEM. It is a problem with the exchange practices. The NEM foundation has offered to help, but there is only so much they can do in this situation.

One would think this exchange has been around long enough to have learned from other exchange hacks to know how important these security steps are..

The more reason to use some of the exchanges that are actively communicating how much effort they put into security.

ruletheworld

legendary

Activity: 1386

Merit: 1045

Quote from: nemwanderer on January 26, 2018, 01:19:32 PM

Quote from: gentlemand on January 26, 2018, 11:25:27 AM

Quote from: nemwanderer on January 26, 2018, 11:22:44 AM

700k coins will do that to you. I really believe/believed in this one and all this is rather depressing. I’m of the belief that reputation/marketing are of huge importance and this just doesn’t help.

Pah. It's a rite of passage.

And note that Lon Wong's statements took the time to emphasize the on chain security features that Coincheck pointedly failed to use.

Question is whether those features would deter any hack.

Also I didn’t realize a fork was happening for catapult...speaking of which is catapult ever happening?

Thanks

Of course those features would have reduced the probability of a hack. There is nothing called perfect security. However, what Coincheck was using was quite bad indeed.

Two of the very basic security practices that every single exchange should use for every single crypto that they handle are -

Multi-sig wallets: If one key is compromised, the attacker cannot steal all the funds
Cold Storage: Majority of the funds need to be stored on a device that has never been connected to the internet

Then, the exchange needs to create processes around these basic security requirements. For example, how many key holders exist in the multi-sig wallet? Where do they store their keys? How do they communicate if they believe they are compromised, and what steps do every one else take if this happens? Where are the cold storage keys located? Who authorizes transfer of funds from cold storage to hot wallet? How often can this happen?
You get the point.

If you're running an exchange without Multi-sig and Cold Storage, then you're at fault.

This hack isn't a problem with NEM. It is a problem with the exchange practices. The NEM foundation has offered to help, but there is only so much they can do in this situation.

gentlemand

legendary

Activity: 2590

Merit: 3015

Welt Am Draht

Quote from: nemwanderer on January 26, 2018, 01:19:32 PM

Question is whether those features would deter any hack.

Also I didn’t realize a fork was happening for catapult...speaking of which is catapult ever happening?

Thanks

Of course. A hack would've been 100% impossible if they'd implemented it.

Catapult will be on the public chain sometime this year. And there will need to be a hard fork for it to happen. It doesn't appear completely certain how they're going to do it yet.

nemwanderer

full member

Activity: 230

Merit: 100

Quote from: gentlemand on January 26, 2018, 11:25:27 AM

Quote from: nemwanderer on January 26, 2018, 11:22:44 AM

700k coins will do that to you. I really believe/believed in this one and all this is rather depressing. I’m of the belief that reputation/marketing are of huge importance and this just doesn’t help.

Pah. It's a rite of passage.

And note that Lon Wong's statements took the time to emphasize the on chain security features that Coincheck pointedly failed to use.

Question is whether those features would deter any hack.

Also I didn’t realize a fork was happening for catapult...speaking of which is catapult ever happening?

Thanks

ebliever

legendary

Activity: 1708

Merit: 1036

Quote from: LiteMag on January 26, 2018, 01:00:21 PM

I am a little bit confused and I don't have the time to read back right now. So our XEM in the Nano Wallet are safe?

Yes, except from market volatility at this point.

LiteMag

member

Activity: 79

Merit: 10

I am a little bit confused and I don't have the time to read back right now. So our XEM in the Nano Wallet are safe?

abaumgar

jr. member

Activity: 58

Merit: 2

Quote from: vindermarch on January 26, 2018, 12:33:30 PM

According to my observations, Nem is one of the flagship projects. I see one of the early features that NEM is built 100% from scratch (not a fork of any existing project) and that's great. Because something is built from the beginning, it will be hard to waver. Because experience has taught many things. Therefore, feel free to choose Nem. Good luck

That's the spirit! It's a good time to buy some more XEM now Grin

vindermarch

member

Activity: 392

Merit: 10

simply getting the job done

According to my observations, Nem is one of the flagship projects. I see one of the early features that NEM is built 100% from scratch (not a fork of any existing project) and that's great. Because something is built from the beginning, it will be hard to waver. Because experience has taught many things. Therefore, feel free to choose Nem. Good luck

tomkat

hero member

Activity: 1022

Merit: 507

Quote from: DogeMajestic on January 26, 2018, 10:34:36 AM

Quote from: rigel on January 26, 2018, 08:32:57 AM

Hacker accounts will be blacklisted by exchanges, his XEM will be useless.

I do not believe any human will or would be able to contact all places trading XEM before said coins are moving? (if true what I'm reading here - that there are stolen funds)

edit
Wow

Quote from: https://cointelegraph.com/news/japan-coincheck-exchange-freezes-all-withdrawals-as-up-to-723-mln-leaves-its-wallet

Lon Wong has appeared to confirm Coincheck was hacked, calling the stolen funds "the biggest theft in the history of the world."

CMC https://coinmarketcap.com/currencies/nem/#markets shows 32 markets, and the number of exchanges is less than 32, so it's not that many.
The hack is in the news everywhere, and the exchanges could easily track and blacklist the addresses. Question is if they're really going to do this

BrBoy

full member

Activity: 453

Merit: 100

sorry dudes this is fucked up, hope none of you are affected by this.

Reports suggest that 526 million NEM (XEM) ($400 million) was stolen in the alleged Coincheck hack. Wong told media outlets that it was a single account that siphoned the funds, adding that NEM is not forking and that its technology is “intact.” He called it: “The biggest theft in the history of the world.”

suky321

sr. member

Activity: 382

Merit: 256

This Hack has nothing to do with Nem being hacked. Only the exchange was hacked. Coincheck had their private keys stolen. CoinCheck did not use the multi-signature features that the Nem Blockchain offers them. CoinCheck Claims they were short-staffed engineers. They had all of their nem stored in a hot wallet. They claim they were in a process of moving it to a cold wallet. They were unable to confirm the hacking of any other currencies at this time. They are considering compensating all the customers that had nem on the exchange.

http://cryptonewsflash.com/coincheck-hacked-for-523-million-nem/

suky321

sr. member

Activity: 382

Merit: 256

Translation of press conference by Coincheck.

The hack was due to poor security controls in place at the exchange.

The NEM technology is not at fault. Coincheck has asked for a hard fork, and this was refused.

Full text:

https://twitter.com/bitpinas

gentlemand

legendary

Activity: 2590

Merit: 3015

Welt Am Draht

Quote from: nemwanderer on January 26, 2018, 11:22:44 AM

700k coins will do that to you. I really believe/believed in this one and all this is rather depressing. I’m of the belief that reputation/marketing are of huge importance and this just doesn’t help.

Pah. It's a rite of passage.

And note that Lon Wong's statements took the time to emphasize the on chain security features that Coincheck pointedly failed to use.

nemwanderer

full member

Activity: 230

Merit: 100

Quote from: gentlemand on January 26, 2018, 10:19:20 AM

Quote from: nemwanderer on January 26, 2018, 10:00:34 AM

What on earth is happening here? If this continues NEM will enter a free fall it won’t come back from.

For someone with a 3c buy in you're awfully twitchy.

Those coins are toast. No exchange will touch them. There's no such thing as XEM mixing. They'll be forever marked. The only way they could be sold would be OTC and whoever bought them would still have permanently tainted coins that no one else would touch.

700k coins will do that to you. I really believe/believed in this one and all this is rather depressing. I’m of the belief that reputation/marketing are of huge importance and this just doesn’t help.

DogeMajestic

full member

Activity: 139

Merit: 107

Quote from: DogeMajestic on January 26, 2018, 10:51:01 AM

Quote from: gentlemand on January 26, 2018, 10:38:05 AM

Quote from: DogeMajestic on January 26, 2018, 10:34:36 AM

I do not believe any human will or would be able to contact all places trading XEM before said coins are moving? (if true what I'm reading here - that there are stolen funds)

There aren't many XEM exchanges. All of them will have contacts with the NEM foundation. They would've needed to be to create their back end stuff. A few messages will lock the hacker out of all exchanges.

Oh I see. Then again, if true, that is a dangerous level of centralization.

Thinking about this some more... this really is a huge issue. XEM MUST be traded on many more exchanges

LiteMag

member

Activity: 79

Merit: 10

So how was this exchange hacked? And why were all coins on one SINGLE Wallet? Does that mean every Wallet could also be hacked only because they have no multi-signature on? That would not be good.

DogeMajestic

full member

Activity: 139

Merit: 107

Quote from: gentlemand on January 26, 2018, 10:38:05 AM

Quote from: DogeMajestic on January 26, 2018, 10:34:36 AM

I do not believe any human will or would be able to contact all places trading XEM before said coins are moving? (if true what I'm reading here - that there are stolen funds)

There aren't many XEM exchanges. All of them will have contacts with the NEM foundation. They would've needed to be to create their back end stuff. A few messages will lock the hacker out of all exchanges.

Oh I see. Then again, if true, that is a dangerous level of centralization.

gentlemand

legendary

Activity: 2590

Merit: 3015

Welt Am Draht

Quote from: DogeMajestic on January 26, 2018, 10:34:36 AM

I do not believe any human will or would be able to contact all places trading XEM before said coins are moving? (if true what I'm reading here - that there are stolen funds)

There aren't many XEM exchanges. All of them will have contacts with the NEM foundation. They would've needed to be to create their back end stuff. A few messages will lock the hacker out of all exchanges.

Topic: NEM (XEM) Official Thread - 100% New Code - Easy To Use APIs - page 227. (Read 2984910 times)