btcinfo  

Hic inserere motto

US Marine aircraft lost in midair collision.

December 06, 2018 — shinohai

The U.S. Department of the Navy continues in it's mission to destroy all of it's equipment itself before the enemy can do so in combat. A Marine f-18 Hornet and a KC-130 tanker during a training refuel near Japan.. No word was available on the condition of the pilots at the time of this article (archived)

Tags: News, Lulz

Zcash on Coinbase, a twitter comedy in two acts ...

December 05, 2018 — shinohai

Zany Zooko gets his turd listed on Conbase. Within hours, ZEC is dumped. Lulz were had.

Tags: News, Cryptocurrency, Scams, Lulz

Anti-Trump messages blamed on twitter hackers

December 05, 2018 — shinohai

Rudy Giuliani's cybersecurity team fails at the internet. twitter is blamed.

Tags: News, Insecurity, Lulz

Chinese Ethereum vulnerable to ancient bug

December 04, 2018 — shinohai

The NEO platform (Chinese Ethereum) was discovered to be vulnerable to the same default settings bug that caused mETH tards to have funds liberated from their nodes back in June. Chinese tech company Tencent first reported the bug, and encouraged all users to update their nodes as soon as possible, instead of correctly advising users to simply abandon the platform, and anything else remotely resembling Ethereum. Coinmarket cap lists an imaginary valuation of $532 million USD for this corn riddled steamy pile of Asian shit.

Tags: News, Bitcoin, Cryptocurrency, Lulz, Insecurity

Malicious GasToken Minting in mETHereum disclosed

November 21, 2018 — shinohai

Quoted from the public disclosure by Level K:

This is a public disclosure of a newly discovered vulnerability. Some affected parties have already been notified in a private disclosure that was sent out on November 13th. When ETH is sent to an address, that address is able to perform arbitrary computations paid for by the originator of the transaction. This is a known vector for griefing. However, in some cases, at-risk systems such as exchanges did not put proper protections in place. GasToken, which takes advantage of the refund mechanism on storage in Ethereum, allows users to store gas when the gas price is low and receive a gas refund when the gas price is high. By minting large amounts of GasToken when receiving ETH, the griefing vector mentioned above can now be a profitable attack. Because it was unknown which exchanges did and did not have the protections in place, the private disclosure was made to as many exchanges as possible, many of which were not at risk. To our knowledge, all affected exchanges that received the disclosure have patched the vulnerability. For more information the full disclosure can be found here.

As has been documented on this blog, and formerly on Qntra (Now pretty much the BingoBoingo blog), Ethereum is a flaming tire in a shitpit that should not be used for any purpose.

Tags: News, Cryptocurrency, Insecurity, Lulz

United States v. 7.26611032 Bitcoin

November 05, 2018 — shinohai

The U.S. Marshals service is auctioning 660 BTC today that it stole from various entrepreneurs under the guise of the "Civil Asset Foreiture Program". One must deposit 220k filthy fiat dollars minimum in order to participate in said auction, which opened at 8 AM EDT today.

Tags: News, Bitcoin, Lulz

Buffer overflow bug discovered in segshit address scheme.

October 31, 2018 — shinohai

A buffer overflow vulnerability has been discovered by satoshi labs in the bech32 address scheme, used by Segshit and introduced into Bitcoin by "Core" developer Pieter Wuille. Satoshi labs assures users of their already pwnd Trezor devices that the risk is minimal and can only result in denial of service attacks, but released a firmware update immediately after the bug was confirmed. (archived)

Tags: News, Bitcoin, Insecurity, Lulz

Japanese exchange hack results in $37 Million SFYL

September 20, 2018 — shinohai

Japanese shitcoin exchange Zaif announces they were hacked to twitter this morning, SFYL from actual bitcoin is reported to be upwards of $37 Million USD. Other worthless shit tokens such as Btrash (BCH) were taken, though no one knows precisely why.

Tags: News, Bitcoin, SFYL, Lulz

She was only 17

September 20, 2018 — shinohai

An international manhunt has begun for 3-D printed weapon producer Cody Wilson for sexual assault on an underage girl. Mr. Wilson is believed to be somewhere in Taiwan, singing this:

Tags: News, Bitcoin, Lulz, SFYL

Mixxchain privacy falls flat

September 14, 2018 — shinohai

Mixxchain, where "Privacy Meets Scalability" has announced that as soon as they return from their roadshow and come up with some new buzzwords to inject into their website, will be taking applications for node operators on their vapourware network.

What are these innovative privacy features? Why KYC checks of course!

The founder of this flaming-tire-in-a-shitpit is David Chaum, whom the "team" section of the Mixxchain website claims is "widely recognized as the inventor of digital cash".

Tags: News, Cryptocurrency, Lulz, Scams

Static address bug discovered in Ledger app

August 03, 2018 — shinohai

The Ledger hardware wallet team announced a serious "bug" in the Ledger Wallet Ethereum Chrome application, telling lusers to avoid using it as it generates a static address for everyone. But "Engineering is working on it" so they recommend using more Webshit, like MyEtherWallet, in the meantime while the company tries to figure out why webpages generate static addresses and bikeshed a solution.

Tags: News, Cryptocurrency, Insecurity, Lulz, Webshit

bitcoinstats.com unpublishes chat logs for #bitcoin-otc, others.

July 30, 2018 — shinohai

bitcoinstats.com has disabled access to irc logs from its website, signaling that it intends to comply with the EU General Data Protection Regulation (GDPR) which was enacted in 2016. bitcoinstats offered irc logging of the #bitcoin-dev, #bitcoin-core-dev, and #bitcoin-otc channels on the freenode network.

The GDPR website defines personal data as the following in their FAQ section:

The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organizations collect information about people.

It is unknown at this time if freenode intends to attempt to pressure other channel owners to unpublish logs, as the GDPR website also states that the law applies "to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects". A maximum fine of 20 million Euros, or zero BTC, can be levied against individuals or organizations for non-compliance.

Tags: News, Bitcoin, Lulz

AUR latest victim of repository rape

July 10, 2018 — shinohai

More poisoned repositories are found, this time on the Arch User Repository. This, combined with the recent lulz on the gentoo shithub further confirm that only the trinque model can prevent repository rape.

Tags: News, UNIX, Webshit, Lulz

Raleigh woman reports Roblox rape

July 04, 2018 — shinohai
A woman from Raleigh, N.C said she was left "traumatised and violated" after watching as her "sweet and innocent daughter's avatar was ... violently gang-raped on a playground by two males" in the alt-minecraft game Roblox. Screenshots of the event shared on social media showed a ms-paintesque girl lying face down in a dark playground, presumably with the electronic seed of her attackers spilling out of her virtual virgin vagina. The players responsible for these lulz were "permanently banned" from the platform, which boasts 64 million monthly players. (archived)

Tags: News, Lulz, Webshit

Coordinated attack on Bcash VERified

June 26, 2018 — shinohai

Not content to sit back and make idle threats, a group of "Bitcoin developers, miners and whales" known as BitPico has begun stress testing the Bcash network. The group announced their intentions in a series of tweets which started June 22, stating they would be attempting a 51% attack that they hoped to amplify over time.

“We expect to have 5000 Bcash attack nodes in roughly 6 weeks and then we will multi-fork the chain. [Roger Ver] will now cry.”

Despite claiming to receive death threats from the Bcash redditards, the group seems committed to fighting fake Bitcoin and has the author's full support.

Tags: News, Bitcoin, Cryptocurrency, Lulz

2017 Ethereum ICO's offered insecurity-as-a-service

June 25, 2018 — shinohai

Security researchers with positive.com, which specializes in auditing ICO's, found an average of 5 vulnerabilities in each of 2017's offerings according to a recent report. 71% contained at least one or more security flaw, and every ICO that offered an app was vulnerable. One third of all web apps contained common weaknesses such as code injection, disclosure of sensitive webserver info, or insecure data transfer. Most of the lulz were due to the copy/paste development culture which is common these days, as well as just building infrastructure on the already laughably insecure Ethereum platform, the pretend blockchain of choice for scammers worldwide.

Tags: News, Cryptocurrency, Webshit, Lulz

Zcash developer creates novel Windows ransomware.

June 22, 2018 — shinohai

This week's angry attention whore is brought to you by Zcash, which was forced to pay off the sole developer of its Windows wallet to avoid a fork. Coin Desk reported that D. Jane Mercer threatened to release a Zcash competitor if he wasn't paid for his work. A ransom of 80 ZEC, or about $15`000 USD was raised by "the community" which should pay for Mr. Mercer's crystal meth habit for about a month. Zcash has not been immune to the plummeting prices in altcoin markets this year, dropping from $876 USD at the start of the year to less than $200 USD per coin currently.

Tags: News, Bitcoin, Cryptocurrency, Lulz

Bithumb makes sure the security resulting in SFYL

June 20, 2018 — shinohai

Executives from Yet Another Exchange Hack LTD. visit top shitcoin exchange Bithumb while they were "making sure the security". $30 Million+ USD in SFYL occurs, though the company promises to use the power of fractional reserve banking to reimburse all affected parties Buttstamp style. (archived)

Tags: Bitcoin, Cryptocurrency, SFYL, Lulz

Blockchain Beanie baby bubble bursting

June 17, 2018 — shinohai

A report from Business Insider indicates that sales of collectible "CryptoKitties" on the mEthereum database are rapidly plummeting. The startup was given $12 Million USD from "Venture Capitalists" that apparently wanted to see just how much money idiots would flush down the toilet while under the influence of feline jenkem. One of the founders of CryptoKitties says the slowdown is caused by users making more "thoughtful transactions" due to the increasing costs of transacting on the mEthereum network, a side effect that occurs when one writes contracts with the ability to launch a Denial of Service attack on itself just for lulz.

Tags: News, Bitcoin, Cryptocurrency, Lulz, Scams

Shinohai's Saturday Shitcoin Selections 3

June 16, 2018 — shinohai

Vitalik Butterin whines about the NSA inventing Bitcoin again, regurgitating the same claims he made in 2011.

"Malicious miners" are rumored to have liberated 5% of the total supply of Monero.

ICON - a "smart contract" on ETH - is brought to a standstill when the following feature was discovered that allowed anyone but the developer to transfer funds out of the contract:

modifier onlyFromWallet {
    require(msg.sender != walletAddress);
    _;
}

The fatal bug will likely result in a $800 Million USD SFYL to "investors" in the ICO.

Tags: News, Bitcoin, Cryptocurrency, Lulz

Enumerating geth nodes for fun and profit

June 13, 2018 — shinohai

Step 1: Download GETH and build it inside a chroot.

Step 2: Fire up geth and wait for the ethereum database to load.

Step 3: Enumerate peers running misconfigured clients and rpc consoles by running an insecure instance yourself:

dibbuk# ./geth --rpc --rpcaddr 0.0.0.0 --rpcapi, db,eth,net,web3 --dev console

Step 4: Profit. I quickly found 22 nodes listening for the entire world on port 8545, ~60% of these were located on Chinese and other South Asian mining farms. For bonus lulz you can leverage the power of virtual shrimp mining to disrupt the network whilst you pilfer the funds from vulnerable wallets.

At the time of this post, the addresses below are confirmed to have received around $22 million USD in ETH liberated by enterprising crypto pirates, and the figures still climb despite warnings not to do this shit since March:

0x09d6fd506b7eb4102182d8e4d9a3d8f3dbfa499b 
0x1234567461d3f8db7496581774bd869c83d51c93 
Ox15e4cf195Offa338ce5bc59456b3e579ed1bead3 
0x397aa69c17a7cc405a3aeeeb223158109b037d5b
0x3d985fd71a21256c7d2b618ab8a1896f10f64fcd 
0x4e0603e2a27a30480e5e3a4fe548e29ef12f64be 
0x519475b31653e46d20cd09f9fdcf3b12bdacb4f5 
0x6ef57be1168628a2bd6c5788322a41265084408a 
0x7097f41f1c1847d52407c629d0e0ae0fdd24fd58 
0x72adadb447784dd7ab1f472467750fc485e4cb2d 
0x7b09ff6548f03512dfe63a09a2673b9c25476482 
0x85545528f1d72912558f9ef72296c404afd4b18d 
0x8e4fbe2673e154fe9399166e03e18f87a5754420 
0x8f760bc9bd9748fc61c7b60ea8033037f37d44d5 
0x957cd4ff9b3894fc78b5134a8dc72b032ffbc464 
0x9b11efcaaa1890f6ee52c6bb7cf8153ac5d74139 
0x9fe173573b3f3cf4aebce5fd5bef957b9a6686e8 
0xafecd96855ec6324d7cde57babb775676e560441 
0xc1e42aa688977d386a6ce15de741e3c34ff0c500 
Oxd26114cd6ee289accf82350c8d8487fedb8a0c07 
0xe386e3372e3d316ae063af50c38704ec6fba5149

Lesson: Trust your finances to garbage written in golang with a javascript console at your peril.

Tags: Bitcoin, Cryptocurrency, Insecurity, Lulz

Yet-Another-Exchange-Hack LTD acquires Coinrail

June 11, 2018 — shinohai

Shitcoin enthusiasts are in the doldrums this morning with the announcement of Yet-Another-Exchange-Hack LTD acquiring Coinrail. Hackers have liberated a total of 1.1 Billion dollars in imagined value from "cryptocurrency" markets in the first half of this year alone. This address is said to belong to the hacker, and contains $14 Million USD in ETH tokens as of the time of this writing. There was no word as to whether Pope Butterin would invoke his mystical database powers and magic the hack away, as he has demonstrably done before.

Prices across all markets have been on decline since the announcement that US "regulators" are investigating scam exchange stalwarts that include Conbase and Buttstamp.

Tags: News, Bitcoin, Cryptocurrency, Lulz

Gavin Andresen VERified as true hoaxtoshi

June 08, 2018 — shinohai

Roger Ver pays some schmucks to say NSA asset Gavin Andresen is the true Satoshi on bitcoin.com. No one cares since it's been known since at least 2014 exactly what he is.

Tags: News, Bitcoin, Lulz

McAfee makes personal army request

June 08, 2018 — shinohai

The John McAfee lulz just write themselves:

"Make crypto great again!"

Tags: News, Bitcoin, Cryptocurrency, Lulz

Crypto Company Commander Commandeers Carrier

June 07, 2018 — shinohai

The story of the National Guard Soldier that stole an armored personnel carrier gets more interesting as it turns out he was involved in the development of "cryptocurrency" as a side hobby.

He was also involved in the development of a cryptocurrency called ZenCash, before leaving the project and claiming he had discovered a way to hack its underlying blockchain.....On June 4, 2018, ZenCash did suffer a cyberattack, but there is no evidence so far linking Yahut to that event.

Alas Lieutenant Yahut could not complete his ETH-fueled rampage, and is now in Virginia State Police custody and is charged with the felonies of eluding police and unauthorized use of a vehicle. (archived)

Tags: News, Bitcoin, Crypocurrency, Lulz