Altcoin Monero has suffered a blow in its push to become the dominant currency of darknet markets, with reddit users reporting that the owners of Oasis market have apparently pulled an exit scam, absconding with around 150 Bitcoin and a yet undetermined amount of Monero. Reports from reddit also indicate that users attempting to withdraw Monero from the Alpha Bay marketplace are meeting similar frustrations, though the site is still online. This news caps a very bad week for XMR, with the MyMonero web wallet service run by developer fluffypony (WoT:fluffypony) also being was offline for several days now, with users reporting silence from support channels and inability to withdraw funds, though private keys can still be recovered and imported into an actual wallet. These particular wallets have been target by hackers several times in the past few months, resulting in several millions of USD vanishing. At the time of the writing of this article, the sorry for your loss was at -17% and continued to plunge.
Author Archives: shinohai
After Recent Leak North Sea Lubricated To Spec Per BP's Assessment
A BP oil platform located in the North Sea experienced Sorry For Your Loss on Sunday by leaking 95 tons of oil following a technical issue. The spill is being monitored by air and the company "believes that allowing the oil to disperse naturally at sea is the best way to deal with the spill, although other options have not been ruled out." The release was contained within approximately an hour of it occurring though officials said the platform, located about 46 miles off the coast of Shetland, is still offline. Scottish officials with the Royal Society for the Protection of Birds are said to be investigating what impact the accident would have on wildlife in and around the Atlantic. The spill is said to be around two times smaller than another similar spill that occurred on Shell’s Gannet platform in 2011.
Ethereum "Come At Me Bro" Patch Attacked As Invitation Is Taken
Less than 24 hours after Ethereum developers boldly announced their come at me bro fix for the geth client, an attacker decided to come at them with yet another previously undiscovered attack vector. Pope Vitalik himself announced on reddit:
Basically, it's a quadratic attack where the culprit this time is a series of SUICIDE calls followed by a DELEGATECALL tower. SUICIDE creates dirty objects much more cheaply than any other opcode, and this creates a memory blowup. We have identified two possible fix strategies and are starting work on implementing them.
Ether huffers were quick to praise the efforts of their dear leader, while other users were quick to offer tips on setting up nodes on the parity platform. Parity is written in rust which has yet to be tested extensively, attackers having too many lulz watching the rats scramble scramble to plug holes on that sinking ship.
Ethereum Developers Reach Violent Part Of Huffing Binge With "Come at me bro"
Ethereum developers announced an update to their flaming-tire-in-a-shitpit geth implementation today, which supposedly fixes the recent spate of DoS attacks that have affected the network. The hotfixes, dubbed "Come at me bro" by its authors, are just one of many pieces of ductape continually applied to the popular golang client which is the go-to choice for attackers wishing to demonstrate the overall brokenness of the platform. The release nodes on Github assured users that "Further optimizations will most probably follow as we comb the code for bottlenecks" which has historically been translated as developers scrambling to fix issues that no one could have predicted being exploited. (archived)
Thermos Becomes Pressurized Container
Bitcointalk admin Thermos (WOT:theymos) continues to feel pressure from disgruntled forum users with a recent post highlighting the frustrations of users who have poured countless Bitcoin into the scam waiting for results. Thermos stated later in the thread that "The forum money I held has largely been spent now", having paid around $100,000 monthly to an unknown friend of a friend of Greg Maxwell to develop the new EpochTalk software. Over $1.2 million USD has been poured into the project which he describes as being "entirely functional" at it's core, though users are still burdened with the original SMF software that is often subjects to bugs, hacks, and denial-of-service attacks. Theymos stated further in the post "There will be a public beta before the end of the month, I think" which likely means a delay of several more months before signature campaign spammers have a new home to post in.
BitXatm Experiences Internal Orifice Exploitation
The sorry for your loss hit Bitcoin ATM provider BitXatm Network this week, with at least 18 of 197 machines being compromised by a disgruntled former employee. Rob Gonzales, CEO of UTXO, on of BitXatm's users, said one of their traders noticed all the Bitcoins on his machines disappeared to an address containing over $100,000 USD worth of Bitcoin. Calls to support offered no assistance. BitXatm CEO Gabriel Prodanescu offered the following statement:
“New generation ATMs, as well as the private clouds (ATMs belonging to clients that choose this service, usually “fleet owners”), were not affected due to additional security layers. Affected ATMs will be operational and secured in the next 24-48 hours. We have already filed an official complaint and a criminal investigation was started by Special Unit of Cyber Crime and Terrorism of Federal Police (DIICOT).
Internal investigations are in progress, we will be transparent and update you every 24 hours. Press release will be posted very soon.”
BitXatm bills their machines as "Plug & Play Hardware and Software that requires no technical knowledge to setup or operate", a business model that is likely to provide lulz for Qntra readers for as long as the company continues to operate.
Relaxing White House Gmail Lulz
Yet another hack has hit U.S. Government official, this time a Gmail account belonging to a White House contractor. Ian Mellul, employed by the White House as an advance associate, had many of his personal and private emails released by DC Leaks, which has been responsible for many other high-profile leaks in recent weeks. According to NBC news, this trove contains:
The emails include:
- Detailed lists of names of Secret Service and White House Military Office staffers who were to travel and manage specific site security for the President and First Lady's trip to Havana, Cuba in March.
- The White House Travel Manual which includes IT security guidelines for staffers travelling abroad.
- The detailed routes for movements of the Vice President on trips in the United States (i.e. his route through hotel corridors at an event in Cleveland).
- The detailed schedules and movements of the First Lady on a trip in the U.S.
The detailed schedules and movements of trips for Democratic presidential nominee Hillary Clinton and former president Bill Clinton. - Names, social security numbers, and dates of birth of some White House staff.
- Names, social security numbers, and dates of birth for guests to vice presidential events that were to be cleared by Secret Service (these are regular citizens or staff such as caterers etcetera who were to meet with the vice president).
This latest hack highlights the embarrassing security protocols used by many government employees and officials, where most incidents are swept under the rug and forgotten. Him in our time.
Canadian Keisters Other Buttcoins In Heist
A Canadian man has been charged with theft of $180,000 of gold from the Royal Canadian Mint, using methods that will certainly prepare him for his new home in a penal institution. Leston Lawrence appeared before magistrates in Ottawa on Tuesday and was charged with theft, laundering the proceeds of crime, possession of stolen property and breach of trust. Mr. Lawrence used his position as an employee of the refinery to smuggle out 7 ounce rounds of gold in his rectum and later sell them to gold merchants for around $6500 a pop. 18 pieces of gold were allegedly stolen between Nov. 27, 2014 and March 12, 2015, according to records kept by the Gold dealer and the bank where Lawrence cashed the checks. A bank employee became suspicious of the amounts being transacted and alerted authorities. No security video cameras were installed in the area where Mr. Lawrence formerly worked, but officials have stated they have since upgraded their security by installing high-definition digital cameras and will use “trend analysis technology” to prevent future thieves from liberating gold from their vaults. Sorry For Your Loss. (archived)
Buttfinex Just Hemorrhoiding Out Lols Now
In our last installment of Buttfinex sorry for your loss Qntra reported that the beleaguered exchange was announcing a new token designed to help compensate customers for their loss. Now Bitfinex has announced they will phase out the original token and convert it into a new token called "Recovery Rights Token (RRT)". Combined with their revamped security model with advice from Ledger Labs "hosted completely on AWS" and a IDS, Bitfinex hopes that they can continue to perpetuate their scam for years to come.
Cash Seized By NYPD Uncounted And Untracked
The NYPD is seizing so much money through it civil assets forfeiture laws that counting it all would cause their Property and Evidence Tracking System (PETS) to crash due to the volume. NYPD's Assistant Deputy Commissioner Robert Messner stated he "no idea how much money it took in as evidence, nor did it have a way of reporting it" as "a manual count of over half a million invoices each year” would be required. Officials claim that an overhaul of the 4 year old PET system would be required to perform the necessary accounting. (archived)