https://nxtforum.org/general-discussion/price-speculation/msg62453/#msg62453Just based on this info, there may have been some poor defensive measures in play. Too bad for KLee though. Hi KLee, wherever you are, whoever you are, my condolences.
Security is a project risk. For NXT, this does not seem to be a systemic problem with their code, though I will withhold judgement until more details emerge. A few months ago I read an article that something like 5% of all bitcoin has been stolen, since bitcoin's inception. Doesn't seem like much, but 5% of today's market cap is big money. Big money attracts scoundrels. Unlike in the real world, in the virtual world, the bad guys don't get caught. There is no downside to stealing cryptocoins. In the real world, if 5% of something was stolen, at least some would be recovered, and perhaps most of it.
So here is where we are at. The world hasn't changed. There are still no less thieves than there were hundreds of years ago. But the methods have changed.
In some respects, the very things we all like about cryptos are its very weaknesses. No regulation? Great, until an exchange like mt gox, or sharex disappears with your coins.
Anonymity? That's great, until you realize how trivial it is for someone to fence stolen coins. In the old days, you steal some jewels, and you have to follow a protocol to unload them. The greatest disincentive to the thief is 10M in jewels is only worth 1M, or much less. Still an enticement, but nobody is going to pay full price for their hot goods. But crypto currency? You get FULL PRICE on the market, because the same anonymity that protects you, also protects the bad guys.
In other words, cryptocurrencies are natively "bearer instruments", just like cash. But like credit card numbers, they allow someone to steal a huge amount all at once off of a database server. Cryptocoins are essentially cash. If you have a 100 quid, do you parade down the street and wave it around like a flag? No. You hide it in your sock, or put it in your pocket, or your wallet, or whatever. With money and other valuables, the first instinct is to hide or otherwise protect it.
Security begins in the planning phase, not in the development phase. I hear developers all the time who say "let's add in some security to the product." Sorry, but if you already have a product that is more than 50% finished, your chances of making it secure are slim to none. Better to start over.
What separates Kora from most other coins is that we are putting in place a formal and public project plan. Most coins only open-source their code. We are going a step further. To put it differently, we are "crowd-sourcing" our project assumptions, project risks, and candidate solutions, so that the community - you - can help strengthen Kora with your input and ideas. And like your instinct to protect your quid, or your yuan, or your dollar, Kora's first instinct is to guard stakeholder value. I have some ideas on how to "build security in" to Kora. Undoubtedly you do to, and that is what this thread is for.
When the plan is released, and the community sees it, it will be vetted. My hope is it will be torn to shreds, and have every assumption and candidate solution scrutinized for error. Ultimately, isn't it better that the plan is shredded and problems are ironed out, than to have the coin itself scrutinized, when it is too late to fix the errors? It's easier to change the blueprint than the building.
You don't have to wait for the project plan. Feel free to chime in now on what you think are security issues with crypto, and any ideas on how they can be solved. I will then add them to the plan. Since this is a crucial topic, let's keep the *formal* discussion open for a few days, and collect ideas. We will always do our best to respond to criticisms and ideas throughout Kora's lifetime.
Many of you probably own coins, and some of you own a great many coins, or perhaps a great volume of one coin. Maybe you have concerns about the weaknesses in those other coins. Let's hear them!kind regards,
nio