Yet another Zcash bug
Zcash is urging it's userbase to immediately upgrade their wallets and node software to apply an "important security fix". A bulletin issued by the developers released no details, but stated:
"Version 2.0.7-3 of Zcashd includes an important security fix in response to an issue that was reported to us on Friday September 13th 2019 by Florian Tramèr, Dan Boneh, and Kenneth G. Paterson. Users should upgrade their nodes to this version immediately and discontinue use of older versions. Please note that the issue does not put funds at risk of theft or counterfeiting. More details of the issue will be released in coordination with the reporters of the issue at a future date."
This latest undisclosed issue is the second reported flaw in Zcash this year alone, the first being a bug that was found that allowed one to print unlimited monies which the developers kept secret for 8 months.
Tags: News, Cryptocurrency, Insecurity, Lulz
soopy452000, an indictment
Sometime around the exit of Bryce Weiner, the Unobtanium project acquired a new "developer" who goes by the moniker of soopy452000. Let's examine a few alarm bells on why you shouldn't let this guy anywhere near you coin, or anything to do with mission-critical code for that matter, and put this conversation to bed.
Love 'em and leave 'em. Señor soopy has a reputation of inserting himself into cryptocoin communities, making questionable code changes, and absconding with funds. Good 'ol Bitcointalk registers a complaint from a user who testifies he sold 3 billion Beecoin for LTC, left the community hanging, and moved on to Navcoin. (archived)
anotherlateminer: "Read 2 pages from here: https://bitcointalk.org/index.php?topic=601247.msg8923728#msg8923728 BEEs have been sold in order to be used for development and there are still no signs of any development. LTC are just gone."
Telegram chats have provided a few gems as well:
A kind stranger comes to the main channel to warn what UNO might be getting into. (archived)
It didn't take long for teh lulz to manifest:
Readers of this blog already know about the war on cryptography from various "nation-states", and why you should be very careful of what tools you use when working with these items. Soopy exhibits very amateur behavior when dealing with such, from generating keys using keybase.io1 (archived), to posting unusable signed walls of text to Telegram chats that can't be verified.
Yes, this has predictable results, and clowns in this camp will likely come up with the same tired excuses to explain it. (archived)
Socialisms, like zooko.usg "dev subsidies" have no place in cryptocurrency. But that doesn't stop picadors trained in the Democratic Socialist Republic of Sri Lanka from trying to print unlimited money, and hoping no one notices, as was the case with 42coin:
"What is remarkable in the history of 42, is that until the spring of 2014 the coin supply was really capped at 42, but on March 17, 2014, the GitHub user sherlockcoin (aka soopy452000) made it unlimited. He was working under KGW implementation and no one noticed this "small change"." (archived)
So there you have it folks, and the above-stated reasons are just a few examples of why I won't be trusting any code pushed by this moron to the "official" Github2, and neither should you. But, Caveat Emptor, do your own research, and decide for yourself.
btcbase logs fail again
The btcbase irc log for the tmsr in #trilema has apparently left the building once more, leaving the crumbling republic with no real-time documentation of it's proceedings. Caesar Augustus hinges hopes on forum member lobbes finishing a logbot, hopefully one that doesn't put the `$` symbol in front of words every third line like it's author. Until then, it appear the channel will enter radio silence.
UPDATE: A Trilema post was made on subject, with the following at the tail of the logs:
Aug 02 08:28:52 * feedbot has quit (Write error: Connection reset by peer) Aug 02 08:34:50 * mircea_popescu removes channel operator status from deedbot Aug 02 08:34:54 * mircea_popescu removes voice from whaack Aug 02 08:34:58 * mircea_popescu removes voice from trinque Aug 02 08:35:01 * mircea_popescu removes voice from spyked Aug 02 08:35:08 * mircea_popescu removes channel operator status from scriba Aug 02 08:35:13 * mircea_popescu removes voice from scriba Aug 02 08:35:17 * mircea_popescu removes voice from phf Aug 02 08:35:20 * mircea_popescu removes voice from mod6 Aug 02 08:35:23 * mircea_popescu removes voice from Mocky Aug 02 08:35:26 * mircea_popescu removes voice from lobbes Aug 02 08:35:30 * mircea_popescu removes voice from jurov Aug 02 08:35:33 * mircea_popescu removes voice from dorion Aug 02 08:35:37 * mircea_popescu removes voice from diana_coman Aug 02 08:35:41 * mircea_popescu removes voice from danielpbarron Aug 02 08:35:44 * mircea_popescu removes voice from bvt Aug 02 08:35:48 * mircea_popescu removes voice from BingoBoingo Aug 02 08:35:51 * mircea_popescu removes voice from billymg Aug 02 08:35:55 * mircea_popescu removes voice from ave1 Aug 02 08:35:59 * mircea_popescu removes voice from auctionbot Aug 02 08:36:03 * mircea_popescu removes voice from asciilifeform Aug 02 08:36:09 * mircea_popescu removes voice from mircea_popescu Aug 02 08:36:14 * mircea_popescu removes channel operator status from mircea_popescu
Bitcoin SV scheduled fork will increase block size to 2GB
Tags: News, Bitcoin, Cryptocurrency, Lulz
Lead dick leaves Unobtanium project
After several days of huffing and puffing in the Unobtanium channel on Telegram, serial vaporware developer Bryce Weiner announced on twitter that he was leaving the UNO project. The wanting Weiner is known for his centralized shitcoin exchange alt.market (that will be ready any day now™®) and the "Bitcoin killer" shitcoin TAO (XTO), currently listed as "inactive" on coinmarketcap.
Tags: News, Bitcoin, Cryptocurrency, Lulz
Canonical Shithub repositories hacked
Canonical Ltd (Ubuntu) source code repositories on Shithub were reportedly compromised this morning, complete with buttery screenshots. (archived)
No official word from Shithub or Canonical was available at the time of posting.
Tags: News, Insecurity, Lulz
Shinohai's Saturday Shitcoin Selections 4
The lulz in this story begin in a thread for the XJO cryptocuurency on bitcointalk. This guy suggests you can "run an entire 'DNM' on the XJO blockchain" and links to a javascript page (archived) that will happily eat your private keyz and encrypt and decrypt thingz for you!
Why this is incredibly stupid:
- iGolder.com should be all you need to know, but you can also google search it if you wish.
- No mention is made of airgap setups, and the joulecoin.info site is connected to the internet when performing crypto functions.
- No mention made of layering (see above), and why you should be using 4096-bit or higher rsa keys for any comms, period.
- Cost of 51% attacks and other lulz would be near nothing for interested 3-letter agencies.
- Point #1 is honestly enough to end this discussion.
"But it's so luser friendly, everyone can do it!"
There is no scenario that exists, or shall ever exist, where "paste your key here" ever becomes proper handling of cryptographic keys, and certainly not in situations that require proper OPSEC and associated sanitation procedures. This is seriously the most retarded post I've read all year, and tardstalk produces some very brain-damaged threads.
TL;DR OP is an utter moron and you should seek advice elsewhere if you use crypto in any high-risk situations.
Tags: News, Cryptocurrency, Insecurity, Lulz
SKS Keyserver Network Under Attack
via Shithub.
"At present I (speaking only for myself) do not believe the global keyserver network is salvageable. High-risk users should stop using the keyserver network immediately."
etc.
Update: Bonus lulz from phuctor.
Tags: News, Insecurity, Lulz
Facebook announces Libra
Mark Zuckerberg finally finds some webshits capable of badge-engineering a "cryptocurrency" to life, and calls it Libra
In ancient Rome, the Libra was equivalent to roughly 12 ounces. An inquiry to facebook offices as to whether Libra would be backed by 12 Oz of Mark Zuckerberg's shit spray-painted gold with a certificate of authenticity went unanswered.
Tags: News, Cryptocurrency, Lulz, Webshit
Animus iocandi
Telegram never fails to produce lulz, and an endless stream of scammers that scout cryptocurrency channels for marks. Since I'm an admin in the Unobtanium channel, I get plenty of unsolicited messages from institutional investors and princes from Monaco that wish me to part with my precious UNO. To wit:
Scammers suddenly get all moral when you discuss sexual acts with them. This guy supposed that blackmailing me by threatening to inform the other admins what I was up to was the solution. Fortunately, the other team members are well aware I'm a degenerate that uses unconventional methods.
This is, of course, just a sampling of the countless messages I have received. I imagined that I might end up on some sort of scammer "do not contact" list, but since Nigeria alone has a population of roughly 191 Million, it might take some time.
Bring it on.
Tags: Bitcoin, Cryptocurrency, Lulz, Scams
Hoaxtoshi rekt by VERified address signature
Roger Ver gives us our morning dose of lulz with this reply over the wire to hoaxtoshi's claims:
gentoo ~/devel/bitcoin/bin/ # ./bitcoin-cli verifymessage \ 16cou7Ht6WjTzuFyDBnht9hmvXytg6XdVT \ G39S6i4XsfQnixN5ePMjVPboWvGXdnW8xFFAXiwEriZFCclflbD7umP58u3Sl+dvvXC5BxBrRNkTMNf92O1UIXw= \ "Address 16cou7Ht6WjTzuFyDBnht9hmvXytg6XdVT does not belong to Satoshi or to Craig Wright. Craig is a liar and a fraud." true
Hoaxtoshi and Calvin Ayre will likely publish a Coingeek article disputing the claims. Popcorn is on sale in the lobby all this weekend and next week.
Tags: News, Bitcoin, Cryptocurrency, Lulz
Binance Chief suggests bitcoin block reorg to undo hack
Binance CEO Changpeng Zhao actually suggested mimicking mEthereum and performing a block reorg to enable his exchange to recover from a 7`000 BTC SFYL earlier this month. Mr. Zhao apparently forgot that Bitcoin is immutable and many came out to mock his McAfee-level stupid suggestions. Blockstream CEO Adam Back was quoted as saying:
"You just have to accept that Bitcoin is final because a whole bunch of factors which we can get into, but it’s basically, you know, all of the infrastructure is set up to automatically just continue consuming and finalizing transactions. And there’s a lot of inertia and equipment that’s just running away, mining transactions, so it’s very hard. The software is not designed to undo things. The infrastructure isn’t designed to undo it. And there’s all kinds of side-effects if you did. And the side-effects are both technical and economic. "In game theory, if you can undo something, the attacker can do other things. And people who disagree with the reorg can do other things. People are very incentivized to see it not happen because they’ve seen other coins have this happen and suffer a great loss of credibility as a result. And there are also geopolitical issues that, you know, you would establish a precedent that would erode one of the major benefits of Bitcoin, being censorship-resistance, which ties back to this kind of finality of the network."
#btcinfo extends condolences to Binance and Mr. Zhao, and are so very sorry for your loss.
Tags: News, Bitcoin, Cryptocurrency, Lulz, Webshit
Cryptopia exchange makes exit scam official
New Zealand based cryptocurrency exchange Cryptopia is closing up shop and beginning "liquidation proceedings" a.k.a. SFYL. Trading is suspended (again!) and the website contains only a press release this morning, which reads:
15/05/2019 David Ruscoe and Russell Moore from Grant Thornton New Zealand were yesterday appointed liquidators of Cryptopia Despite the efforts of management to reduce cost and return the business to profitability, it was decided the appointment of liquidators was, in the best interests of customers, staff and other stakeholders. The liquidators are focused on securing the assets for the benefit of all stakeholders. While this process and investigations take place, trading on the exchange is suspended. "Given the complexities involved we expect the investigation to take months rather than weeks." The liquidators are also working with independent experts and the relevant authorities with regards to the company’s obligations. Grant Thornton will be contacting all customers and suppliers about its appointment in the next few days. Further enquiries, please email liquidation@cryptopia.co.nz
The final tally of the SFYL from this long-running shitcoin trade hub will be reported in a later post.
Tags: News, Bitcoin, Cryptocurrency, Lulz, Webshit
mEthereum mods resign reddit posts
A bunch of eth-huffing redditards decide to ragequit. The sound of table flipping makes it to coindesk.
Tags: News, Cryptocurrency, Lulz
Official Alpine Linux Docker image found to allow NULL password for root users
Docker woes continue as security researchers discover that all "Official images" of Alpine linux (since v3.3) allow NULL passwords for the root user. This event, along with Docker Hub being hacked serve as a wonderful reminder of only running code from trusted sources and personal libraries.
Tags: News, Insecurity, Lulz, UNIX
Amazon opens shitcoin service to public
Need your own shitcoin? AWS now has you covered with the announcement that they will open their "Managed-blockchain-as-a-service" for public consumption.
Amazon Managed Blockchain at AWS General Manager and former Microsoft Tech Support worker Rahul Pathak had this to say:
“Customers want to use blockchain frameworks like Hyperledger Fabric and Ethereum1 to create blockchain networks so they can conduct business quickly, with an immutable record of transactions, but without the need for a centralized authority.2"
Support for Hyperledger is available now, with flaming-tire-in-a-shitpit Ethereum to be launched in coming months, allowing AWS customers to choose the shitcoin service they want to facilitate flushing their money down the toilet.
Microsoft "discovers" remote device management backdoor in Huawei laptops
The backdoors discovered in the device drivers were in no way a part of a Chinese government plot to spy on Westerners, and Huawei say it will take "legal action" for "misleading reports" in the media. (archived)
Happy Trannyversary
Let's take a moment to celebrate that time a transsexual camho from Telegram visited #trilema irc, posted their "tits" for 2 bitcents, and got their picture published on trilema.com and no one batted an eye. Because animals are animals, whether superficially human or not, right?
Happy Trannyversary all, and may this year bring abundant lulz to all.
Mark Karpeles handed suspended sentence in Mt. Gox trial
A Japanese court found former Mt. Gox CEO Mark Karpeles guilty of tampering with financial records, but elected to suspend his 2.5 year sentence and allowing him to avoid squealing like a pig in prison.
Bloomberg reported that Karpeles viewed his treatment by Japanese authorities as unfair, instead of thanking them for helping him shed some much needed weight:
Karpeles has said he was interrogated for months without a lawyer and bullied into signing a confession, a "nightmare" process during which he lost 77 pounds over 11 months.
The government of the U.S. still blames Russian national and former btc-e exchange operator Alexander Vinnik for laundering the stolen funds from Mt. Gox and is attempting to extradite him to America to face charges. (archived)
BlockCypher reveals mETHereum hard fork lulz
tl;dr: BlockCypher decides to continue to offer support for Ethereum despite services being non-operational for almost a month following the recent "upgrades" to the network.
After examining every which way we could think of to add the Trie state to our Ethereum state, we asked Vitalik for assistance. His first comment to us was "oh you’re one of the few running one of those big, scary nodes." We asked him if he knew of anyone else running a "big, scary node" to see if we could possibly sync with them. He knew of no one, not even the Ethereum Foundation keeps a full archival copy of the Ethereum chain.(Emphasis added) We were back to square 1: starting the Full sync again, this time including the Trie state.
This led to stunning results:
"Lesson Learned #3: In the event of a chain re-organization, we may be the only ones to know the entire history of Ethereum transactions."
This seems to mark a developing trend of aversions to a "foundation" model though running big, scary nodes will always remain the only method to ensure a complete and accurate history of the blockchain.
You can read the entire shitty medium post discussing these lulz here if you're so inclined.
Tags: News, Bitcoin, Cryptocurrency, Lulz, Webshit
Thailand SEC bans Bcash, other altcoins
Thailand's equivalent of the SEC announced it would be prohibiting the exchange of BCH (Btrash) and a handful of other cryptocurrencies in order to "protect its citizens" from fraud. The r/btc lemming force is expected to coordinate hundreds of posts later in the week denouncing all things Thai, which likely will stay confined to the reddit corral now that twitter CEO Jack Dorsey said he would not add Btrash as on option on Square payments or twitter. (archived)
Coinomi wallet sends user passwords in plaintext over Google API
Today's Lulz come courtesy of "Bitcoin Wallet" Coinomi, which handily sent user passwords over Google spell check in plain text using their Webshit framework. btcinfo sends condolonces to affected "users" and is very SFYL. (archived)
Tags: News, Bitcoin, Lulz, Webshit
Fiat users can now get pegged with JPM Coin
US Based JP Morgan Bank launches its own USD pegged "cryptocurrency" to the public. SFYL induced peggings expected to be reported in future posts. (archived)
Tags: News, Cryptocurrency, Lulz
BSV found to host CP
Fork of a fork of BTC BitcoinSV's recent increase in the OP_RETURN data size has led to unknown individuals using it to store child pornography images on the BSV chain. The images were placed into tx's using Ryan X. Charles "Money Button" service, which makes it easy to embed data into transactions. Unlike the links to CP discovered in the actual Bitcoin blockchain, the "Bigger Blocks" allow for full images to be stored immutably on their blokechain and will likely be heralded as BSV and nChain's "Killer App". (archived)
Tags: News, Bitcoin, Cryptocurrency, Lulz
NEM cryptocurrency foundation "nearly broke"
Cryptocurrency NEM (XEM) announced it is "nearly broke" after blowing through 80 Million NEM tokens (valued at ~$4 Million USD at time of writing) in just a little over a year, which was used to advertise vaporware. Layoffs and restructuring are in the works in an attempt to save the organization, according to newly elected foundation president Alex Tinsman, and the group is begging the community for double the amount of tokens (160 XEM, ~7 Million USD) to avoid imminent doom. Ms. Tinsman promised that none of the funds would be used for marketing, though she believes scummy affiliate marketing tactics can help monetize the foundation and avoid future bailout requests. The foundation currently consists of around 200 members who pay an annual $50 fee and must dox themselves in order to vote. (archived)
Tags: News, Cryptocurrency, Lulz
CoinBr announces suspension of online services
The operator of the MPEx brokerage service CoinBr, jurov, announced in a blog post this morning that the service would be shuttering its online operations for the foreseeable future. Lack of interest and 0 usage in the past year were cited as reasons for the change, unsurprising considering the general poor performance of TMSR enterprises during that time period. Captain obvious makes an appearance later in the #trilema logs declaring that hand-cranked processes are superior to automated ones, also unsurprising when proffered services aren't being used.
McAfee flees U.S. after tax fraud allegations
John McAfee announced earlier this week that the U.S. Internal Revenue Service is allegedly charging him with felony tax evasion for 8 years non-payment of taxes, and that he will be "running his Presidential campaign from exile on a vessel dubbed "The Freedom Boat".
McAfee assured his followers on twitter that he would be releasing videos every day as long as the exile lasts, which leads the author to the conclusion that ample supplies of tinned penis, Xanax, and electronic equipment were provisioned in the freedom boat's hold before casting off. (archived)
Tags: News, Cryptocurrency, Insecurity, Lulz
mETH upgrade delayed due to vulnerability.
Tags: News, Cryptocurrency, Lulz, SFYL
mETH Classic 51% front for exchange theft
The 51% on the ETC network reported earlier this week appears to have been orchestrated by enterprising individuals who managed to rewrite tx history and make off with $220K USD worth of ETC from shitcoin exchange Gate.io. (archived)
The exchange reported that the SFYL occured between 0:40 Jan.7, 2019 and Jan 4:20 Jan.7, 2019 UTC and lasted a mere 4 hours.
"All the transactions were confirmed normally on the ETC blockchain and became invalid after the blockchain rollback."
US based exchange Conbase also reported a "$1 Million USD loss" of ETC using the same methods during the attack window. Gate.io announced it would be absorbing the cost of the SFYL for it's customers.
Tags: News, Bitcoin, Cryptocurrency, SFYL, Lulz
ShapeShaft: One third of shitcoin exchange workforce slashed
According to Voorhees:
ShapeShift diversified its product line too early and in too many verticals, resulting in financial, legal, and time costs.
Translation: "We added support for just about every shitcoin imaginable and are surprised at the result."
We had customer issues. Business was declining from both aggregate market recession and increased competition. Our imposition of KYC?d accounts, themselves the result of trying to be cautious in a challenging regulatory environment, caused many of our most valuable API partners to leave us for competitors who have not perceived regulatory risks in the same way. We expected it, but still, it stung both financially and psychologically.
Translation: "We decided to capitulate to fiat demands and are surprised at the result."
2018 marked a rough year. While this new one starts upon some painful reorganization, we?re encouraged and hopeful for 2019.
Translation: "We lost so much money in 2018 we had to fire people but are still hopeful that *someone* out there that will continue to buy our shitcoin bags in 2019."
...and so on.
Headlines such as these have been trending lately, likely Festivus miracles that began with similar announcements by Coinbase, Steemit, Bitmain, and others. Other manifestations of miracles were reported by Qntra this month, where it was noted that mETH addicts were experiencing a chain reorganization with predictable results.
Tags: News, Bitcoin, Cryptocurrency, Lulz
Alabama police department blames Satan for recent spike in homicides
No, they really did. (archived)
The Facebook message is quoted in full below:
THIS PAST SUNDAY, A YOUNG MAN WAS SHOT AND KILLED IN KINSTON. MONDAY NIGHT, A MOTHER WAS SHOT AND KILLED IN NORTHERN COVINGTON COUNTY. THERE HAVE BEEN FIVE MURDERS IN COVINGTON COUNTY IN 2018. THESE MURDERS HAVE BEEN DONE BY OUR YOUNG PEOPLE. THIS IS HAPPENING BECAUSE WE HAVE TURNED AWAY FROM GOD AND EMBRACED SATAN. WE MAY HAVE NOT MEANT TO DO SO BUT, WE HAVE. IT IS TIME TO ASK FOR GOD?S HELP TO STOP THIS. IT IS TIME TO BE PARENTS AND RAISE OUR CHILDREN, NOT HAVE THEM RAISE US. IT IS TIME TO FULLY SUPPORT LAW ENFORCEMENT AND STAND BY THE OFFICERS AND DEPUTIES THAT ARE FAR TOO OFTEN HAVING TO WALK INTO THESE DANGEROUS SITUATIONS AND CLEAN UP THE MESS. FRIENDS, IT IS TIME TO STAND UP AND BE RESPONSIBLE, GROWN UP LEADERS IN OUR COMMUNITY. BOTTOM LINE, THERE ARE SHEEP; THERE ARE WOLVES AND THERE ARE SHEEP DOGS. WHICH GROUP DO YOU BELONG TO ?
The National Freedom From Religion Foundation says the department is "wrongly promoting religion with the social media message" seeing as it is illegal for a government entity to endorse or criticize religious belief.
Tags: News, Lulz, Murica, Webshit
dpb removed from republican rss roll
THE CONTESTANTS
The learned Trishop, danielpbarron
ROUND RESULTS:
The theological lulz continue over in trilema, with MP asking for danielpbarron's blog to be stricken from the rolls in the #trilema and #eulora channels on freenode irc - leaving the logs free for more srsbzns like bot spam.
In order to help you quickly find the droning you should be looking for, btcinfo provides these handy NPC's. Just click on the image and it returns log searches relevant to the title.
Do *you* have a suggestion for a NPC that should be added here? Send a GPG signed message to btcinfo()atsdf.org and we will make every effort to include it on these very pages. Non-encrypted or non-signed content is simply ignored.
At the time of publication this morning, danielpbarron had not responded to the event on the pages of his blog.
US Marine aircraft lost in midair collision.
The U.S. Department of the Navy continues in it's mission to destroy all of it's equipment itself before the enemy can do so in combat. A Marine f-18 Hornet and a KC-130 tanker during a training refuel near Japan.. No word was available on the condition of the pilots at the time of this article (archived)
Zcash on Coinbase, a twitter comedy in two acts ...
Zany Zooko gets his turd listed on Conbase. Within hours, ZEC is dumped. Lulz were had.
Tags: News, Cryptocurrency, Scams, Lulz
Anti-Trump messages blamed on twitter hackers
Rudy Giuliani's cybersecurity team fails at the internet. twitter is blamed.
Tags: News, Insecurity, Lulz
Chinese Ethereum vulnerable to ancient bug
The NEO platform (Chinese Ethereum) was discovered to be vulnerable to the same default settings bug that caused mETH tards to have funds liberated from their nodes back in June. Chinese tech company Tencent first reported the bug, and encouraged all users to update their nodes as soon as possible, instead of correctly advising users to simply abandon the platform, and anything else remotely resembling Ethereum. Coinmarket cap lists an imaginary valuation of $532 million USD for this corn riddled steamy pile of Asian shit.
Tags: News, Bitcoin, Cryptocurrency, Lulz, Insecurity
Malicious GasToken Minting in mETHereum disclosed
Quoted from the public disclosure by Level K:
This is a public disclosure of a newly discovered vulnerability. Some affected parties have already been notified in a private disclosure that was sent out on November 13th. When ETH is sent to an address, that address is able to perform arbitrary computations paid for by the originator of the transaction. This is a known vector for griefing. However, in some cases, at-risk systems such as exchanges did not put proper protections in place. GasToken, which takes advantage of the refund mechanism on storage in Ethereum, allows users to store gas when the gas price is low and receive a gas refund when the gas price is high. By minting large amounts of GasToken when receiving ETH, the griefing vector mentioned above can now be a profitable attack. Because it was unknown which exchanges did and did not have the protections in place, the private disclosure was made to as many exchanges as possible, many of which were not at risk. To our knowledge, all affected exchanges that received the disclosure have patched the vulnerability. For more information the full disclosure can be found here.
As has been documented on this blog, and formerly on Qntra (Now pretty much the BingoBoingo blog), Ethereum is a flaming tire in a shitpit that should not be used for any purpose.
Tags: News, Cryptocurrency, Insecurity, Lulz
United States v. 7.26611032 Bitcoin
The U.S. Marshals service is auctioning 660 BTC today that it stole from various entrepreneurs under the guise of the "Civil Asset Foreiture Program". One must deposit 220k filthy fiat dollars minimum in order to participate in said auction, which opened at 8 AM EDT today.
Buffer overflow bug discovered in segshit address scheme.
A buffer overflow vulnerability has been discovered by satoshi labs in the bech32 address scheme, used by Segshit and introduced into Bitcoin by "Core" developer Pieter Wuille. Satoshi labs assures users of their already pwnd Trezor devices that the risk is minimal and can only result in denial of service attacks, but released a firmware update immediately after the bug was confirmed. (archived)
Tags: News, Bitcoin, Insecurity, Lulz
Japanese exchange hack results in $37 Million SFYL
Japanese shitcoin exchange Zaif announces they were hacked to twitter this morning, SFYL from actual bitcoin is reported to be upwards of $37 Million USD. Other worthless shit tokens such as Btrash (BCH) were taken, though no one knows precisely why.
Tags: News, Bitcoin, SFYL, Lulz
She was only 17
An international manhunt has begun for 3-D printed weapon producer Cody Wilson for sexual assault on an underage girl. Mr. Wilson is believed to be somewhere in Taiwan, singing this:
Tags: News, Bitcoin, Lulz, SFYL
Mixxchain privacy falls flat
Mixxchain, where "Privacy Meets Scalability" has announced that as soon as they return from their roadshow and come up with some new buzzwords to inject into their website, will be taking applications for node operators on their vapourware network.
What are these innovative privacy features? Why KYC checks of course!
The founder of this flaming-tire-in-a-shitpit is David Chaum, whom the "team" section of the Mixxchain website claims is "widely recognized as the inventor of digital cash".
Tags: News, Cryptocurrency, Lulz, Scams
Static address bug discovered in Ledger app
The Ledger hardware wallet team announced a serious "bug" in the Ledger Wallet Ethereum Chrome application, telling lusers to avoid using it as it generates a static address for everyone. But "Engineering is working on it" so they recommend using more Webshit, like MyEtherWallet, in the meantime while the company tries to figure out why webpages generate static addresses and bikeshed a solution.
Tags: News, Cryptocurrency, Insecurity, Lulz, Webshit
bitcoinstats.com unpublishes chat logs for #bitcoin-otc, others.
bitcoinstats.com has disabled access to irc logs from its website, signaling that it intends to comply with the EU General Data Protection Regulation (GDPR) which was enacted in 2016. bitcoinstats offered irc logging of the #bitcoin-dev, #bitcoin-core-dev, and #bitcoin-otc channels on the freenode network.
The GDPR website defines personal data as the following in their FAQ section:
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organizations collect information about people.
It is unknown at this time if freenode intends to attempt to pressure other channel owners to unpublish logs, as the GDPR website also states that the law applies "to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects". A maximum fine of 20 million Euros, or zero BTC, can be levied against individuals or organizations for non-compliance.
AUR latest victim of repository rape
More poisoned repositories are found, this time on the Arch User Repository. This, combined with the recent lulz on the gentoo shithub further confirm that only the trinque model can prevent repository rape.
Tags: News, UNIX, Webshit, Lulz
Raleigh woman reports Roblox rape
Coordinated attack on Bcash VERified
Not content to sit back and make idle threats, a group of "Bitcoin developers, miners and whales" known as BitPico has begun stress testing the Bcash network. The group announced their intentions in a series of tweets which started June 22, stating they would be attempting a 51% attack that they hoped to amplify over time.
“We expect to have 5000 Bcash attack nodes in roughly 6 weeks and then we will multi-fork the chain. [Roger Ver] will now cry.”
Despite claiming to receive death threats from the Bcash redditards, the group seems committed to fighting fake Bitcoin and has the author's full support.
Tags: News, Bitcoin, Cryptocurrency, Lulz
2017 Ethereum ICO's offered insecurity-as-a-service
Security researchers with positive.com, which specializes in auditing ICO's, found an average of 5 vulnerabilities in each of 2017's offerings according to a recent report. 71% contained at least one or more security flaw, and every ICO that offered an app was vulnerable. One third of all web apps contained common weaknesses such as code injection, disclosure of sensitive webserver info, or insecure data transfer. Most of the lulz were due to the copy/paste development culture which is common these days, as well as just building infrastructure on the already laughably insecure Ethereum platform, the pretend blockchain of choice for scammers worldwide.
Tags: News, Cryptocurrency, Webshit, Lulz
Zcash developer creates novel Windows ransomware.
This week's angry attention whore is brought to you by Zcash, which was forced to pay off the sole developer of its Windows wallet to avoid a fork. Coin Desk reported that D. Jane Mercer threatened to release a Zcash competitor if he wasn't paid for his work. A ransom of 80 ZEC, or about $15`000 USD was raised by "the community" which should pay for Mr. Mercer's crystal meth habit for about a month. Zcash has not been immune to the plummeting prices in altcoin markets this year, dropping from $876 USD at the start of the year to less than $200 USD per coin currently.
Tags: News, Bitcoin, Cryptocurrency, Lulz
Bithumb makes sure the security resulting in SFYL
Executives from Yet Another Exchange Hack LTD. visit top shitcoin exchange Bithumb while they were "making sure the security". $30 Million+ USD in SFYL occurs, though the company promises to use the power of fractional reserve banking to reimburse all affected parties Buttstamp style. (archived)
Tags: Bitcoin, Cryptocurrency, SFYL, Lulz
Blockchain Beanie baby bubble bursting
A report from Business Insider indicates that sales of collectible "CryptoKitties" on the mEthereum database are rapidly plummeting. The startup was given $12 Million USD from "Venture Capitalists" that apparently wanted to see just how much money idiots would flush down the toilet while under the influence of feline jenkem. One of the founders of CryptoKitties says the slowdown is caused by users making more "thoughtful transactions" due to the increasing costs of transacting on the mEthereum network, a side effect that occurs when one writes contracts with the ability to launch a Denial of Service attack on itself just for lulz.
Tags: News, Bitcoin, Cryptocurrency, Lulz, Scams
Shinohai's Saturday Shitcoin Selections 3
Vitalik Butterin whines about the NSA inventing Bitcoin again, regurgitating the same claims he made in 2011.
"Malicious miners" are rumored to have liberated 5% of the total supply of Monero.
ICON - a "smart contract" on ETH - is brought to a standstill when the following feature was discovered that allowed anyone but the developer to transfer funds out of the contract:
modifier onlyFromWallet { require(msg.sender != walletAddress); _; }
The fatal bug will likely result in a $800 Million USD SFYL to "investors" in the ICO.
Tags: News, Bitcoin, Cryptocurrency, Lulz
Enumerating geth nodes for fun and profit
Step 1: Download GETH and build it inside a chroot.
Step 2: Fire up geth and wait for the ethereum database to load.
Step 3: Enumerate peers running misconfigured clients and rpc consoles by running an insecure instance yourself:
dibbuk# ./geth --rpc --rpcaddr 0.0.0.0 --rpcapi, db,eth,net,web3 --dev console
Step 4: Profit. I quickly found 22 nodes listening for the entire world on port 8545, ~60% of these were located on Chinese and other South Asian mining farms. For bonus lulz you can leverage the power of virtual shrimp mining to disrupt the network whilst you pilfer the funds from vulnerable wallets.
At the time of this post, the addresses below are confirmed to have received around $22 million USD in ETH liberated by enterprising crypto pirates, and the figures still climb despite warnings not to do this shit since March:
0x09d6fd506b7eb4102182d8e4d9a3d8f3dbfa499b 0x1234567461d3f8db7496581774bd869c83d51c93 Ox15e4cf195Offa338ce5bc59456b3e579ed1bead3 0x397aa69c17a7cc405a3aeeeb223158109b037d5b 0x3d985fd71a21256c7d2b618ab8a1896f10f64fcd 0x4e0603e2a27a30480e5e3a4fe548e29ef12f64be 0x519475b31653e46d20cd09f9fdcf3b12bdacb4f5 0x6ef57be1168628a2bd6c5788322a41265084408a 0x7097f41f1c1847d52407c629d0e0ae0fdd24fd58 0x72adadb447784dd7ab1f472467750fc485e4cb2d 0x7b09ff6548f03512dfe63a09a2673b9c25476482 0x85545528f1d72912558f9ef72296c404afd4b18d 0x8e4fbe2673e154fe9399166e03e18f87a5754420 0x8f760bc9bd9748fc61c7b60ea8033037f37d44d5 0x957cd4ff9b3894fc78b5134a8dc72b032ffbc464 0x9b11efcaaa1890f6ee52c6bb7cf8153ac5d74139 0x9fe173573b3f3cf4aebce5fd5bef957b9a6686e8 0xafecd96855ec6324d7cde57babb775676e560441 0xc1e42aa688977d386a6ce15de741e3c34ff0c500 Oxd26114cd6ee289accf82350c8d8487fedb8a0c07 0xe386e3372e3d316ae063af50c38704ec6fba5149
Lesson: Trust your finances to garbage written in golang with a javascript console at your peril.
Tags: Bitcoin, Cryptocurrency, Insecurity, Lulz
Yet-Another-Exchange-Hack LTD acquires Coinrail
Shitcoin enthusiasts are in the doldrums this morning with the announcement of Yet-Another-Exchange-Hack LTD acquiring Coinrail. Hackers have liberated a total of 1.1 Billion dollars in imagined value from "cryptocurrency" markets in the first half of this year alone. This address is said to belong to the hacker, and contains $14 Million USD in ETH tokens as of the time of this writing. There was no word as to whether Pope Butterin would invoke his mystical database powers and magic the hack away, as he has demonstrably done before.
Prices across all markets have been on decline since the announcement that US "regulators" are investigating scam exchange stalwarts that include Conbase and Buttstamp.
Tags: News, Bitcoin, Cryptocurrency, Lulz
Gavin Andresen VERified as true hoaxtoshi
Roger Ver pays some schmucks to say NSA asset Gavin Andresen is the true Satoshi on bitcoin.com. No one cares since it's been known since at least 2014 exactly what he is.
McAfee makes personal army request
The John McAfee lulz just write themselves:
"Make crypto great again!"
Tags: News, Bitcoin, Cryptocurrency, Lulz
Crypto Company Commander Commandeers Carrier
The story of the National Guard Soldier that stole an armored personnel carrier gets more interesting as it turns out he was involved in the development of "cryptocurrency" as a side hobby.
He was also involved in the development of a cryptocurrency called ZenCash, before leaving the project and claiming he had discovered a way to hack its underlying blockchain.....On June 4, 2018, ZenCash did suffer a cyberattack, but there is no evidence so far linking Yahut to that event.
Alas Lieutenant Yahut could not complete his ETH-fueled rampage, and is now in Virginia State Police custody and is charged with the felonies of eluding police and unauthorized use of a vehicle. (archived)
Tags: News, Bitcoin, Crypocurrency, Lulz