lol
Stop us if you've heard this one before: Tokyo crypto-cash exchange 'hacked' for half a billion bucks
Japan-based cryptocurrency exchange CoinCheck says it has been taken for around $530m by hackers. The Tokyo-based exchange says it is working with cops and Japan's Financial Services Agency to investigate a heist CoinCheck admits went undetected for more than eight hours. CoinCheck believes the theft occurred Friday around …
COMMENTS
-
-
Saturday 27th January 2018 22:08 GMT Anonymous Coward
Re: The Japanese have a word for it . . .
I have used Google Translate to get "Great Joy".
Why do I hear it in a Stanley Unwin voice :) :) *
There is a prize if you can remember when Gerry Anderson & Stanley Unwin 'Collided' :)
[The Secret Service]
*Yes I know his phrase was 'Deep Joy', before I am corrected. :) :)
-
-
Friday 26th January 2018 23:29 GMT Anonymous Coward
I wonder how many of these are inside jobs?
These are small companies with only a few employees, who know the weak spots and could even design in some weak spots. Wait and let it get popular, then "attack" from the outside and put it somewhere you can't touch it until the statute of limitations runs out - if possible in a non crypto cash form, since the tulips may be worthless by the time you can no longer be prosecuted!
-
Saturday 27th January 2018 13:48 GMT SVV
Re: I wonder how many of these are inside jobs?
Yeah, the fact they left this one computer, apparently holding half a billion dollars worth of vapourloot, directly connected to the internet sort of said "Two idiots and a PC in a small rabbit hutch size office" to me when I read it. Certainly not "secure financial institution with extensive IT security infrastructure". Mind you, escaping the clutches of the latter was what this whole caper was all meant to be about wasn't it?
-
-
-
Saturday 27th January 2018 04:51 GMT DavCrav
Re: Just VOID the Crypto numbers and redo them
From Wikipedia:
CryptocurrenciesBearer bonds have historically been the financial instrument of choice for money laundering, tax evasion, and concealed business transactions in general. In response, new issuances of bearer bonds have been severely curtailed in the United States since 1982.-
-
-
-
-
Monday 29th January 2018 15:59 GMT Tromos
Re: Convenient notes for criminals.
The 500 Euro note has not been withdrawn. There are still plenty around and they are still accepted and will continue to be accepted for the foreseeable future according to the European Central Bank.
What has happened is that no new ones are being printed and banks are no longer handing them out like they used to.
-
-
-
-
-
-
-
-
Monday 29th January 2018 08:17 GMT Anonymous Coward
Re: Just VOID the Crypto numbers and redo them
>crypto numbers stolen that is registering a crypto coin as owned by the void address and encrypted off
Not sure why you got so many downvotes, concentration of ignorami is high whenever crypto comes up.
Various methods are possible depending on the model used. These particular coins support tagging - so they are now blacklisted at most exchanges and lit up for tracking. Effectively they are now valueless.
With most coins it's also possible in extremis - much more massive fraud than this - for the devs (ie the coins governing authority) to roll back (hardfork) the blockchain and wipe out the fraudulent transaction. This would require certain community support so unlikely to happen where fraud is so small in terms of market cap.
...also notable that this happened in Japan which is well ahead of most countries in leglisation. Crypto is legal tender and exchanges are registered by law - compensation has to be paid - in this case at 88 yen (against just over 100 when the fraud took place).
-
-
This post has been deleted by its author
-
Friday 26th January 2018 23:39 GMT GBE
What unpleasant memories?
The security blunder will for many cryptocurrency speculators bring back unpleasant memories of the 2014 MtGox collapse.
What unpleasant memories?
I found the whole thing very interesting and somewhat amusing. Though it is somewhat disappointing that we never got to read the final couple chapters in the mystery...
-
Saturday 27th January 2018 01:13 GMT Anonymous Coward
Re: What unpleasant memories?
>What unpleasant memories?
Not that unpleasant for the hedge funds that bought up a ton of the MTGox claims @ 15% of yen - they've made a considerable stack of millions the past few months. Double the misery for those who lost coin in the initial theft, then sold on their claims of course.
Nonetheless, I can't help thinking much of the crypto schadenfreude here is from those who (repeatedly) missed the chance to pay of their mortgages by risking only a few tens/hundreds/thousands of quids.
-
Saturday 27th January 2018 04:52 GMT DavCrav
Re: What unpleasant memories?
"Nonetheless, I can't help thinking much of the crypto schadenfreude here is from those who (repeatedly) missed the chance to pay of their mortgages by risking only a few tens/hundreds/thousands of quids."
I indeed missed my chance to buy some Bitcoin before it went up in value, then down, then up, then up, then down, then was stolen.
-
Saturday 27th January 2018 13:59 GMT Anonymous Coward
Re: What unpleasant memories?
>I indeed missed my chance to buy some Bitcoin before it went up in value, then down, then up, then up, then down, then was stolen.
That's the spirit - only a tech wizard uber geek could keep a wallet secure - and a paltry 1000% profit (at today's price) since the 1BTC latte era is hardly worth the bother.
-
Saturday 27th January 2018 18:46 GMT Rob D.
Re: What unpleasant memories?
"I indeed missed my chance to buy some Bitcoin before it went up in value, then down, then up, then up, then down, then was stolen."
Yet there are some folks out there, who have bought their crypto-thing, are looking at the buy/sell values on the exchanges, and they STILL insist the right thing to do is hold on to them forever. These are people who bought in (big time) to the idea of crypto-currencies at least 18 months ago, maybe more, and got in for peanuts, so the whole up/down between 1,000x and 10,000x their purchase price is almost irrelevant.
When someone can look at the string of numbers on their disk drives and opt for that rather than life-changing quantities of money in the bank, it is an indication of the hypnotic quality of belief and bubbles. Some will (and have) made pleasant fortunes, others will have theoretical fortunes come and go on paper, others (those joining in the last year) are buying in to a risky speculation where the opportunity to make money still exists but the returns are much diminished while the risks remain high.
-
-
Saturday 27th January 2018 22:28 GMT Anonymous Coward
Re: What unpleasant memories?
Hence the 'Ponzi Scheme' comment.
You get your money from the next tranche of 'Mug Punters' who have been sold the possibility of huge profits and who are convinced that you selling up is their big chance.
Round and round and round we go, who makes the profits we don't know !!! :)
-
Sunday 28th January 2018 00:07 GMT Anonymous Coward
Re: What unpleasant memories?
>So who exactly has the cash to buy your 100 bitcoins?
Vast numbers of people at any exchange. Hundreds of established hedge funds will take them if you must have a single buyer and want to shake hands or something. Smaller exchanges limit daily fiat withdrawals - but the likes of Bitfinex do not. 100 bitcoins is a modest trade there - the first discounted taker rate doesn't kick until 10 million USD.
-
-
-
-
Saturday 27th January 2018 07:50 GMT Sorry that handle is already taken.
Re: What unpleasant memories?
Nonetheless, I can't help thinking much of the crypto schadenfreude here is from those who (repeatedly) missed the chance to pay of their mortgages by risking only a few tens/hundreds/thousands of quids.
Hindsight's a wonderful thing, but you don't gamble with hindsight.
What are the odds that if you had some bitcoins that you'd mined (or bought to buy drugs) in 2010 that you still have them today, as opposed to either losing them or cashing out when it hit $100?
-
Saturday 27th January 2018 09:14 GMT Anonymous Coward
Re: What unpleasant memories?
"as opposed to either losing them or cashing out when it hit $100?"
This! I keep hearing people saying "if only, I had kept/bought into BTC when they were pennies" but the whole point is even if you did, you'd have needed balls of steel to ride your investment all the way up to the point it was worth millions all the while knowing that at any moment it could crash or be stolen.
My own story is I had 3 BTC (got in at about $250) - if did everything perfectly I could have made a tasty $60,000 but in reality I was selling pieces on every doubling (to take some profit) and although I made some pocket money it was a long way from paying off my mortgage!
-
Saturday 27th January 2018 13:00 GMT Sorry that handle is already taken.
Re: What unpleasant memories?
I heard a story tonight of a friend of a friend who remembered they had a handful of bitcoins from the early days when they were worth dollars each, and sold them at December's high.
Lucky boy. I think the "I forgot about them" aspect is the key to the good fortune here.
-
Saturday 27th January 2018 18:46 GMT Anonymous Coward
Re: What unpleasant memories?
> My own story is I had 3 BTC (got in at about $250) - if did everything perfectly I could have made a tasty $60,000 but in reality I was selling pieces on every doubling (to take some profit) and although I made some pocket money it was a long way from paying off my mortgage!
Thank you for posting a proper first-hand story.
I have no first-hand experience myself. From this point of view, it does look a lot like the various exotic financial instruments that very respectable-looking people buy, sell and discuss every day. When I had it explained to me by an economist, my understanding was that some of those things boil down to a promise to sell a promise to buy a promise not to sell before $X a bond to buy a share at a price $Y except if the price was $Z in which case you could pay $W or feed your cat, or something like that. Funny thing is that the way she explained it, it all made sense for a minute. :-(
-
Monday 29th January 2018 08:16 GMT pop_corn
Re: What unpleasant memories?
Presactly! I seriously considered taking a punt of £10k in Bitcoin when it was £250 a few years ago, i.e. 40 BTC. In today's money that would have been £240,000! Cool, awesome, great, I'd have been rich!!
But the reality is, when it doubled to £500 per BTC (£20,000 in total) not having a crystal ball, I probably would have sold half (20 BTC) to get my original £10k out.
Then when it doubled again to £1,000 per BTC (again worth £20,000) I probably would have sold half (10 BTC) to get another £10k out, realising a 100% return on my original investment.
I suspect I would have repeated this formula of selling half every time it doubled, so by now I'd have extracted £40k profit and still hold £10k in BTC. Don't get me wrong, £40k would have been very nice to have, but it's a far cry from the theoretical and mortgage clearing £240k it could have been.
-
-
-
Saturday 27th January 2018 09:11 GMT Anonymous Coward
Re: What unpleasant memories?
"by risking only a few tens/hundreds/thousands of quids". .......
They can only pay off their mortgages when they sell their crypt currency to a bigger mug who thinks it will pay off their mortgage. However they have tasted the kool aid and are convinced they are going to make even more money so probably wont sell till their coins are stolen from them or the inevitable bubble bursts.
It's quite a fragile bubble too. As of today the bitcoin miners (well the big ones that aren't stealing electricity) are likely to be loosing money on every bitcoin they mine. This has happened because the big price increase in December made it worthwhile to invest in more mining hardware. This has now fed through into the "difficulty" needed to mine Bitcoins and they are now twice as difficult to mine as they were back at the start of December. As mining efficiency wont have changed dramatically in this time period it really means double the hardware and so double the electricity bills. If the Bitcoin price had stayed high they would be laughing, but it's back where it was. So the miners can either make a loss hoping to prop up Bitcoin till it recovers or move onto the next big crypto currency and let the bitcoin difficulty fall to a price where its economic again.
-
Saturday 27th January 2018 11:03 GMT Anonymous Coward
Re: What unpleasant memories?
Unless you are a miner* then all the money in Bitcoins is neutral. There will be as many winners as there are losers. The only way to keep the prices rising is to get more people to put money into it and for that to happen then you need to ensure trust in the system but even then there is only a finite amount of Bitcoins and only a finite amount of people. It works similar to a ponzi scheme but doesn't have such a quick end as, unlike a ponzi scheme, it isn't exponential.
The big losers will be the ones holding the Bitcoins when there is a big crash (or they get stolen etc) however making sure you are at the top end of the peak is very difficult, especially now there are traders heavily involved.
*Miners, of course, have their own set of economic considerations to make.
-
Monday 29th January 2018 10:02 GMT lorisarvendu
Re: What unpleasant memories?
"...missed the chance to pay of their mortgages by risking only a few tens/hundreds/thousands of quids..."
"What are the odds that if you had some bitcoins that you'd mined (or bought to buy drugs) in 2010 that you still have them today, as opposed to either losing them or cashing out when it hit $100?"
I've just heard of a FOAF who has recently done this. He mined 65 BTC back in the day and has just paid off his mortgage with half of it. Of course all that money has come from all those thousands of punters who have bought into tulips- sorry, Bitcoin- over the past few years.
-
-
-
Saturday 27th January 2018 00:10 GMT Brian Miller
HSM, anyone?
The private key to remotely accessible wallet was accessed. OK, why is it that these are set up such that the keys are stored outside of a HSM? For the value of digitally-stored objects, one would think that a relatively small investment should be made in better security. PKCS-11 isn't all that difficult.
-
Saturday 27th January 2018 03:03 GMT Speltier
Re: HSM, anyone?
Somewhat more sophistication would be needed. The perps would simply access the HSM to make the transfer. They don't really need the private keys directly, just access to the private keys to authorize a transfer.
Another step is needed-- something like a smartcard (or cards) to access the HSM which is used to encrypt the elements of the key store containing the private keys. And that is only effective if the smartcard isn't left enabling the HSM for transactions.... and while one is at it, also compartmentalize the cash so that separate private keys are needed for Piles-O-Cash(r), using different smart cards.
The problem they probably had, and the reason for the 0130AM local attack, is that the wallet private key needs to be accessible for transactions by late night Dark Web transactions, speculation, or even the purchase of a Coke(r). So, maybe you need a operator with an hourly smart card, watching transactions, with a ceiling transaction value before the boss is called in (at 0130) to authorize a Really Big Transaction (or a million little ones). At least then, there is a human in the loop to keep 500 big from being snatched. But wait, when you start small you can't afford an operator dozing all night long, so you just let the system run unattended and pray MtGox was an anomaly.
Of course, the failure could be much simpler. Some dim bulb left the connection open to the vault wallet which should only be accessible during shifts when transactions are being watched. Or the only protection is a passphrase. Or any of a million other failings.
There is a reason that banks make non-repudiation difficult... and most transactions can be reversed for at least a few days.
-
Monday 29th January 2018 08:39 GMT Anonymous Coward
Re: HSM, anyone?
Glad this has been explained to a crypto currency luddite.
I always wondered how so much could go missing at one time, and it is apparent it is as obvious (and stupid) as carrying £500m in you own wallet while walking through a Brazilian Favela while wearing Hawaiian holiday shirt and pointing around the most expensive looking camera possible.
Maybe hard forking is an answer, that may need a bit of thinking through as to the logistics I feel, as if there is no central bank type entity then a majority of other transacting stakeholders will need to agree which does not sound straightforward at all.
Inside jobs? possibly. Incompetence? more likely. Naive techie pretending to be a banker? even more likely?
-
-
-
-
Monday 29th January 2018 05:53 GMT Anonymous Coward
Re: Aaaand It's Gone...
+1 for the South Park reference.
If it wasn't then watch this anyway ... And it's gone
-
-
-
Monday 29th January 2018 08:59 GMT Destroy All Monsters
Re: So who...
I haven't watched this one yet, have a comment on Ponzi schemes from you-know-who:
(Won't link as El Reg will again deep-six me, the inner party dislikes crimethink)
An almost-forgotten incident in American economic history was the pyramid scheme that swept Southern California during the stagflation of May 1980. Yet, now that we know that about 2/3rds of the Housing Bubble of 2000-2007 took place just in California, it’s worth reviewing incidents from California’s long history of financial manias.
...
Back in Gov. Jerry Brown’s California, “pyramid power” was a popular New Age concept. (Although there’s never anything new about New Age in California — the lovely coastal mountain village of Ojai has been a New Age center since the 1800s.) In 1977 I went to a fashionable Westwood hair styling salon where for a few bucks extra you could get your hair cut in a special chair under a pyramid dangling from the ceiling. The pyramidal aura was supposed to help you avoid Bad Hair Days or something. (I declined. But, now that I think about it, I did have a lot of BHDs …)
In May 1980, a vast multi-level cash exchange craze developed in California that explicitly invoked the mystique of pyramids. Every night there were hundreds of house parties hosted by people who had gotten in earlier on this multi-level scam (perhaps the night before). My vague recollection from newspaper reports is that you’d go over to a higher-up’s house and sit with him under his pyramid while you gave him cash in return for your very own kit for building a pyramid out of wire and fabric. The Ancient Egyptian emanations from his pyramid would ensure that you’d get even more cash back from the suckers you’d recruit to buy your pyramid kits from you while sitting under your pyramid.
Perhaps I don’t have the details right, but pyramid imagery was central to the experience, which made this Pyramid Power pyramid scheme hard to debunk. It was already pre-debunked. Anti-fraud authorities would go on the local TV news to denounce the pyramid schemes as “pyramid schemes,” which just served as good advertising. “Well, duh, of course it’s a pyramid scheme,” participants would laugh. “How do you think those Egyptian pharaohs got so rich that they could afford those giant pyramids? Through tapping the secret energy of Pyramid Power!”
-
-
Saturday 27th January 2018 14:57 GMT Anonymous Coward
Good news and good riddance
Firstly because mining either incentivises electricity theft or burning dirty coal in the parts of Asia where it's cheapest and regulations are most slack. We all suffer from that to some extent. Secondly because instability and the increasing difficulty of cashing out are the one disincentive reducing growth of software engineering and phishing effort involved in getting ransomware installed. For every mark who pays the ransom, there are probably 10 who will refuse to do so and lose data instead. If you can honestly say your systems have no vulnerabilities and never have, you can say it doesn't affect you. If you can you're either ignorant of your system vulnerabilities or in a minority of zero. Everyone else risks loss.
Destruction of the means by which money launderers cash out of their popular conspiracy is good news for everyone else and to be welcomed.
-
Saturday 27th January 2018 18:26 GMT Rob D.
Portable gold
Imagine 12 metric tons of gold (today at $43,374 per kilo is worth about $500 million) and consider how much effort would be invested in stopping people walking off with bits of it or even all of it. And that's all while acknowledging that gold is a bit chunky and quite heavy.
The technology area remains very interesting. The human angle is just as fascinating.
-
Sunday 28th January 2018 01:59 GMT Fruit and Nutcase
Re: Portable gold
@Rob D.
Gordon Brown cost us about £5 Billion when disposing of about 395 tonnes in Gold
-
Sunday 28th January 2018 13:33 GMT Rich 11
Re: Portable gold
Gordon Brown cost us about £5 Billion
And George Osborne cost us hundreds of billions when he decided that protecting the UK's triple-A rating was more important than investing in industry and in training to boost the economy and get us out of recession. The ongoing cost of that decision is still present, with the double-whammy of low wages and precarious employment hitting people in an everyday environment of artificially high asset prices, a structural deficit not expected to be cleared until 2025 instead of 2015 as first promised, and Brexit looming on the horizon.
It's almost like the country has suffered for generations under chancellors who didn't have a fucking clue, serving their time before blithely walking away to take up highly-paid directorships in the City, the bastards.
-
Sunday 28th January 2018 22:01 GMT Fruit and Nutcase
Re: Portable gold
@Boris & Rich
If you're going to get political about it
Not being political - they all the same, going from one short term fix to another, we end up paying one way or the other.
So, in the interest of balance..
Gordon Brown - Gold Finger
George and Dave's "Chinese Takeaway"
-
-
-
Sunday 28th January 2018 01:13 GMT sanmigueelbeer
They have no match
Every now and then, we see BitCoin shops getting raided.
These individual BitCoin shops/franchise have no match for the weight and might of North Korean hackers.
What are the chances western intelligence agencies quietly concluding that the perpetrators are NK? I mean after all, fat boy Kim needs to get his millions of dollars from somewhere to help fund his lavish lifestyle and his nuclear ambition.
-
Monday 29th January 2018 08:41 GMT pop_corn
Stolen crytocurrencies could be managed like this
I don't get it. There seems to me 3 possible solutions to stolen cryptocurrencies:
1) The Blockchain records what a legitimate transaction is and is visible to anyone. When the NiceHash wallat got raided for $60M in bitcoin, the destination wallet was there for all to see. You could go to the public blockchain and see the stolen bitcoins were still sitting in the destination wallet.
As transactions are committed when a miner solves the mathematical puzzle to prove the next block in the chain, and as miners are often part of large networks of miners working together and sharing the reward when one of them hits on the solution. Could not the exchange that was robbed submit a reversal transaction to the blockchain (effectively stealing it back) and as long as enough miners agreed to try to validate the transaction in that block, is it not possible to validate that transaction?
2) Again as the stolen currency in visible in the wallet address, could all the exchanges work with law enforcement to make sure that transactions out of that wallet are tracked, and where possible the recipients identified as handling / laundering stolen goods.
Basically you should be able to keep a track of where the money goes, because all transactions are public (at least bitcoin transactions are), and in the same way as if you buy a stolen car, that car isn't really yours, the stolen bitcoin etc could potentially be recovered, maybe bit by bit (pun INtended, haha).
3) Again because it's all public, exchanges around the world could agree to block any transaction from the wallet that's the recipient of the stolen currency, effectively freezing out those funds. Sure this would require considerable global co-operation, but it's doable. There could be a public black-list of wallets, and subsequent wallets, all of which are frozen out of the system for handling stolen goods.
Anyone then could check, or their software could check, any transaction against this public list, to flag up that they may be transacting for stolen goods. Ok this may not get the currency back, but if the people who steal currency suddenly discover that it's worthless because they can't use it for anything, that's a massive deterrent.
-
Tuesday 30th January 2018 11:50 GMT Anonymous Coward
@pop_corn Stolen crytocurrencies could be managed like this
"Could not the exchange that was robbed submit a reversal transaction to the blockchain (effectively stealing it back) and as long as enough miners agreed to try to validate the transaction in that block, is it not possible to validate that transaction?"
So you're seriously asking the miners to act as judge, jury and executioner ? I think you've missed the point concerning why Bitcoin was developed as a system without the involvement of judicial authority. Besides which, if the main use case for Bitcoin is now money laundering, why on earth would the heavily-invested miners want to increase transaction costs to blackmailers, drug and arms dealers, cyber criminals and their customers and unfortunate victims in order to prevent the main (non speculative) use of their currency ?