btcinfo  

Hic inserere motto

Static address bug discovered in Ledger app

August 03, 2018 — shinohai

The Ledger hardware wallet team announced a serious "bug" in the Ledger Wallet Ethereum Chrome application, telling lusers to avoid using it as it generates a static address for everyone. But "Engineering is working on it" so they recommend using more Webshit, like MyEtherWallet, in the meantime while the company tries to figure out why webpages generate static addresses and bikeshed a solution.

Tags: News, Cryptocurrency, Insecurity, Lulz, Webshit

bitcoinstats.com unpublishes chat logs for #bitcoin-otc, others.

July 30, 2018 — shinohai

bitcoinstats.com has disabled access to irc logs from its website, signaling that it intends to comply with the EU General Data Protection Regulation (GDPR) which was enacted in 2016. bitcoinstats offered irc logging of the #bitcoin-dev, #bitcoin-core-dev, and #bitcoin-otc channels on the freenode network.

The GDPR website defines personal data as the following in their FAQ section:

The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organizations collect information about people.

It is unknown at this time if freenode intends to attempt to pressure other channel owners to unpublish logs, as the GDPR website also states that the law applies "to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects". A maximum fine of 20 million Euros, or zero BTC, can be levied against individuals or organizations for non-compliance.

Tags: News, Bitcoin, Lulz

AUR latest victim of repository rape

July 10, 2018 — shinohai

More poisoned repositories are found, this time on the Arch User Repository. This, combined with the recent lulz on the gentoo shithub further confirm that only the trinque model can prevent repository rape.

Tags: News, UNIX, Webshit, Lulz

Raleigh woman reports Roblox rape

July 04, 2018 — shinohai
A woman from Raleigh, N.C said she was left "traumatised and violated" after watching as her "sweet and innocent daughter's avatar was ... violently gang-raped on a playground by two males" in the alt-minecraft game Roblox. Screenshots of the event shared on social media showed a ms-paintesque girl lying face down in a dark playground, presumably with the electronic seed of her attackers spilling out of her virtual virgin vagina. The players responsible for these lulz were "permanently banned" from the platform, which boasts 64 million monthly players. (archived)

Tags: News, Lulz, Webshit

Coordinated attack on Bcash VERified

June 26, 2018 — shinohai

Not content to sit back and make idle threats, a group of "Bitcoin developers, miners and whales" known as BitPico has begun stress testing the Bcash network. The group announced their intentions in a series of tweets which started June 22, stating they would be attempting a 51% attack that they hoped to amplify over time.

“We expect to have 5000 Bcash attack nodes in roughly 6 weeks and then we will multi-fork the chain. [Roger Ver] will now cry.”

Despite claiming to receive death threats from the Bcash redditards, the group seems committed to fighting fake Bitcoin and has the author's full support.

Tags: News, Bitcoin, Cryptocurrency, Lulz

2017 Ethereum ICO's offered insecurity-as-a-service

June 25, 2018 — shinohai

Security researchers with positive.com, which specializes in auditing ICO's, found an average of 5 vulnerabilities in each of 2017's offerings according to a recent report. 71% contained at least one or more security flaw, and every ICO that offered an app was vulnerable. One third of all web apps contained common weaknesses such as code injection, disclosure of sensitive webserver info, or insecure data transfer. Most of the lulz were due to the copy/paste development culture which is common these days, as well as just building infrastructure on the already laughably insecure Ethereum platform, the pretend blockchain of choice for scammers worldwide.

Tags: News, Cryptocurrency, Webshit, Lulz

Zcash developer creates novel Windows ransomware.

June 22, 2018 — shinohai

This week's angry attention whore is brought to you by Zcash, which was forced to pay off the sole developer of its Windows wallet to avoid a fork. Coin Desk reported that D. Jane Mercer threatened to release a Zcash competitor if he wasn't paid for his work. A ransom of 80 ZEC, or about $15`000 USD was raised by "the community" which should pay for Mr. Mercer's crystal meth habit for about a month. Zcash has not been immune to the plummeting prices in altcoin markets this year, dropping from $876 USD at the start of the year to less than $200 USD per coin currently.

Tags: News, Bitcoin, Cryptocurrency, Lulz

Bithumb makes sure the security resulting in SFYL

June 20, 2018 — shinohai

Executives from Yet Another Exchange Hack LTD. visit top shitcoin exchange Bithumb while they were "making sure the security". $30 Million+ USD in SFYL occurs, though the company promises to use the power of fractional reserve banking to reimburse all affected parties Buttstamp style. (archived)

Tags: Bitcoin, Cryptocurrency, SFYL, Lulz

Blockchain Beanie baby bubble bursting

June 17, 2018 — shinohai

A report from Business Insider indicates that sales of collectible "CryptoKitties" on the mEthereum database are rapidly plummeting. The startup was given $12 Million USD from "Venture Capitalists" that apparently wanted to see just how much money idiots would flush down the toilet while under the influence of feline jenkem. One of the founders of CryptoKitties says the slowdown is caused by users making more "thoughtful transactions" due to the increasing costs of transacting on the mEthereum network, a side effect that occurs when one writes contracts with the ability to launch a Denial of Service attack on itself just for lulz.

Tags: News, Bitcoin, Cryptocurrency, Lulz, Scams

Shinohai's Saturday Shitcoin Selections 3

June 16, 2018 — shinohai

Vitalik Butterin whines about the NSA inventing Bitcoin again, regurgitating the same claims he made in 2011.

"Malicious miners" are rumored to have liberated 5% of the total supply of Monero.

ICON - a "smart contract" on ETH - is brought to a standstill when the following feature was discovered that allowed anyone but the developer to transfer funds out of the contract:

modifier onlyFromWallet {
    require(msg.sender != walletAddress);
    _;
}

The fatal bug will likely result in a $800 Million USD SFYL to "investors" in the ICO.

Tags: News, Bitcoin, Cryptocurrency, Lulz

Enumerating geth nodes for fun and profit

June 13, 2018 — shinohai

Step 1: Download GETH and build it inside a chroot.

Step 2: Fire up geth and wait for the ethereum database to load.

Step 3: Enumerate peers running misconfigured clients and rpc consoles by running an insecure instance yourself:

dibbuk# ./geth --rpc --rpcaddr 0.0.0.0 --rpcapi, db,eth,net,web3 --dev console

Step 4: Profit. I quickly found 22 nodes listening for the entire world on port 8545, ~60% of these were located on Chinese and other South Asian mining farms. For bonus lulz you can leverage the power of virtual shrimp mining to disrupt the network whilst you pilfer the funds from vulnerable wallets.

At the time of this post, the addresses below are confirmed to have received around $22 million USD in ETH liberated by enterprising crypto pirates, and the figures still climb despite warnings not to do this shit since March:

0x09d6fd506b7eb4102182d8e4d9a3d8f3dbfa499b 
0x1234567461d3f8db7496581774bd869c83d51c93 
Ox15e4cf195Offa338ce5bc59456b3e579ed1bead3 
0x397aa69c17a7cc405a3aeeeb223158109b037d5b
0x3d985fd71a21256c7d2b618ab8a1896f10f64fcd 
0x4e0603e2a27a30480e5e3a4fe548e29ef12f64be 
0x519475b31653e46d20cd09f9fdcf3b12bdacb4f5 
0x6ef57be1168628a2bd6c5788322a41265084408a 
0x7097f41f1c1847d52407c629d0e0ae0fdd24fd58 
0x72adadb447784dd7ab1f472467750fc485e4cb2d 
0x7b09ff6548f03512dfe63a09a2673b9c25476482 
0x85545528f1d72912558f9ef72296c404afd4b18d 
0x8e4fbe2673e154fe9399166e03e18f87a5754420 
0x8f760bc9bd9748fc61c7b60ea8033037f37d44d5 
0x957cd4ff9b3894fc78b5134a8dc72b032ffbc464 
0x9b11efcaaa1890f6ee52c6bb7cf8153ac5d74139 
0x9fe173573b3f3cf4aebce5fd5bef957b9a6686e8 
0xafecd96855ec6324d7cde57babb775676e560441 
0xc1e42aa688977d386a6ce15de741e3c34ff0c500 
Oxd26114cd6ee289accf82350c8d8487fedb8a0c07 
0xe386e3372e3d316ae063af50c38704ec6fba5149

Lesson: Trust your finances to garbage written in golang with a javascript console at your peril.

Tags: Bitcoin, Cryptocurrency, Insecurity, Lulz

Yet-Another-Exchange-Hack LTD acquires Coinrail

June 11, 2018 — shinohai

Shitcoin enthusiasts are in the doldrums this morning with the announcement of Yet-Another-Exchange-Hack LTD acquiring Coinrail. Hackers have liberated a total of 1.1 Billion dollars in imagined value from "cryptocurrency" markets in the first half of this year alone. This address is said to belong to the hacker, and contains $14 Million USD in ETH tokens as of the time of this writing. There was no word as to whether Pope Butterin would invoke his mystical database powers and magic the hack away, as he has demonstrably done before.

Prices across all markets have been on decline since the announcement that US "regulators" are investigating scam exchange stalwarts that include Conbase and Buttstamp.

Tags: News, Bitcoin, Cryptocurrency, Lulz

Gavin Andresen VERified as true hoaxtoshi

June 08, 2018 — shinohai

Roger Ver pays some schmucks to say NSA asset Gavin Andresen is the true Satoshi on bitcoin.com. No one cares since it's been known since at least 2014 exactly what he is.

Tags: News, Bitcoin, Lulz

McAfee makes personal army request

June 08, 2018 — shinohai

The John McAfee lulz just write themselves:

"Make crypto great again!"

Tags: News, Bitcoin, Cryptocurrency, Lulz

Crypto Company Commander Commandeers Carrier

June 07, 2018 — shinohai

The story of the National Guard Soldier that stole an armored personnel carrier gets more interesting as it turns out he was involved in the development of "cryptocurrency" as a side hobby.

He was also involved in the development of a cryptocurrency called ZenCash, before leaving the project and claiming he had discovered a way to hack its underlying blockchain.....On June 4, 2018, ZenCash did suffer a cyberattack, but there is no evidence so far linking Yahut to that event.

Alas Lieutenant Yahut could not complete his ETH-fueled rampage, and is now in Virginia State Police custody and is charged with the felonies of eluding police and unauthorized use of a vehicle. (archived)

Tags: News, Bitcoin, Crypocurrency, Lulz