Bitcoin Free Vector Art - (762 Free Downloads) - Vecteezy

Download Free Vector Bitcoin icon design

Download Free Vector Bitcoin icon design submitted by icon0com to u/icon0com [link] [comments]

Download Free Vector Blockchain Bitcoin Crypto currency sign icon

Download Free Vector Blockchain Bitcoin Crypto currency sign icon submitted by icon0com to u/icon0com [link] [comments]

Free Bitcoin Illustrations (Vectors) to download by lukaszadam.com

submitted by 5tu to BitcoinTechnology [link] [comments]

Free Bitcoin Illustrations (Vectors) to download by lukaszadam.com

submitted by HiIAMCaptainObvious to BitcoinAll [link] [comments]

Everyday info sec, hardcore info sec, and DNMs

Edit: Currently writing a new version of this, dont know when it will be done.
Edit: Since first post I have updated a few sections with additional information.
I recommend reading it all even if it is very long, I might have placed some relevant info in different sections while thinking about what else needed to be added, plenty of steps remains mostly the same except when I comment directly on it. It is not necessary to do 100% security all the time, unless you absolutely need it, combining some high and some lower security ideas for a balance of security and convenience is useful.
I will base this mostly on Windows, Linux users probably know this, and I have no idea how apple machines work (tho many things in here are still relevant for other operating systems, as they are just general tips)
Disclaimer: There are certainly other steps that can make you more anonymous or safer, however I think for most people this will surfice. Any software I recommend should be independently verified for security, and examples of software are not to be taken as endorsements. I simply use examples and give recommendations when I believe it necessary, or helpful.
I will not really differentiate between anonymity and security, they are often the same thing. As such the word security can mean either more anonymous, less vulnerable, or both.
--------
Everyday Simple Info Sec:
-There could be a hidden administrator user on your PC, make sure to change its password
(Snapchat msgs, reddit dms, discord msgs, are just a few examples of msgs that are never encrypted)
-Any info even send in encrypted msgs (and obviously non encrypted) should still be kept with possible deniability, don't say "I'm gonna do MDMA", say "I'm going out with molly."
-DO NOT STORE ANY PASSWORDS ON GOOGLE, IF GOOGLE LOGIN IS AUTHENTICATED IT WILL AUTFILL ALL PASSWORDS IT HAS SAVED (same with other similar services) (This means if you are logged in to chrome and someone has access to your machine, they can auto fill passwords without entering a single password)
-use a rememberable passphrase, especially for your master key ring aka password manager A long sentence that is memorable makes an okay password (decent example,: "I met my wife at Little Ceasers for the first time on 07/09/20" better even if it's just something you know, if its impersonal, and if you can add special characters or numbers that you won't forget) (A better example for a passphrase is: "There is 0nly 0ne letter that d0esn’t appear in any U.S. state nameQ")
-Purge your internet activity frequently, there's a reason why I only have one post, and a few comments appearing in my account, but thousands of kama. Exposing information needlessly is not good.
-Never post private information publicly, and if you do, do it vaguely as possible. (Example: Not "I'm 15", say "I'm a teenager") Do not post any vital information ever, no birthdays, mother's maiden name, age, or anything you have ever seen in a security question. Never post your current activities while they are ongoing. You going on a vacation? Don't announce it to the world, taking picture there? Post them when you are home.
-Rethink how you do security questions. Many answers to security questions can be found in your internet history. One could use the first word of the security question as an answer, or a different sceme that will mean you always remember it. (Security question need to go, the amount of personal info an average person puts on the internet makes it easy to attack anything using security question)
-------_
High level crimimal information security:
The motto here is, "All the Security, All the Time" As one fuck up can end with you leaving a lick of traceability, and you could be fucked.
Pre Note: All of your software should always be up to date. Also even perfect info sec does not guarantee you are completely safe, a new zero day (exploit) can still fuck you, but good info security makes you significantly safer, by eliminating as many attacks as possible.
-Get a new device (or make a already owned device seem like you never owned it, do this only if you know how to, there's a lot of stuff that goes into that, like changing your mac adress etc) buy with cash, and your face covered, preferably far away from where you live. (Do I need to specify to not bring your phone or anything else that tracks your location to anywhere you want to go anonymously?) (Be aware that even hardware can have vulnerabilities, many cpus have known vulnerabilities, I can't list them all, do some research before buying)
-If you know how to use Tails (A linux distro designed for Info sec) use that, preferably on a USB. (Or learn how to use tails, its better, but complicated) Otherwise a clean copy of windows (make sure its not in any way associated with you) can do the job too, tho not as well. (Using a VM might give extra security, since VMs usually erase all data and RAM they were using on shutdown)
-Get a non tracking VPN, Enable the kill switch (a setting that disables all traffic that doesn't go through the VPN) (change your firewall settings to only allow the traffic from the VPN, windows guide (Change settings so only traffic from the tor application is send) Edit: (Due to complaints: do not use vpn over tor, use tor over vpn. tor over vpn has no notable downside, if the VPN logs it makes no difference, your ISP will always log anyways, and vpns remove other attack vectors and also provide backup security should tor fail. Again even if the VPN tracks you only change the people doing the tracking, but now you are further removed making it more anonymous and also with less vulnerabilities)
-rember privacy settings, cookie cleaner, and antivirus, password (There could be a hidden administrator user on your PC, make sure to change its password)
-Always use the device on a non admin account
-Ideally use this device only on networks that are not connected with you. Such as public networks (try to never use the same public networks twice, move around) (a home network should be fine now, as it should never be exposed, but more security is always better) (Its just a conveniences vs security trade)
-Never use accounts that have been exposed to lower security on higher security machines
-your browser is now TOR (or your preferred security focused browser, if you dont plan on using onion ) Make sure you get the standalone version of tor not the addon build (the standalone is safer, because there are less settings and options to tweak)
-Change your tor settings, to safest mode, enable a bridge (to my knowledge there's no difference in security between the build in bridges in tor), enable automatic updates, set duckduckgo onion as your primary browser. Set dark.fail onion page as your home page. (Or your preferred privacy search engine and onion directory)
-------_
How to use dark net markets (DNMs)
If you finished your High Security setup, we can dive right in. Otherwise go do that. This is where all that is essential.
Quick info on Tor, and onion sites. There is no search engine. It's all based of directories and addresses you are given by others. Tor will likely not be very quick, it has to pass through multiple networks to get to the destination. DNMs sometimes exit scam, an exit scam is when a market shuts down completely and takes all the money, this is a risk when using DNMs, it's not too common but happens maybe 0-4 times a year. The admins of thoese servers need to get out at some point, before they get jailed, so they exit the game, and scam everyone out of their money.
-A very useful onion directory is dark.fail it has a lot of links, for all kinds of stuff. News, email, DNMs, Psychonautwiki (harm reduction website), forums etc. (Other directories also exist)
-Pick a market, preferably one that handles secure connection server side instead of requiring you to establish the secure connection. Then create an account. Your account once created should include an entry box in your profile for a pgp key, post your PUBLIC key in there. (Verify the link is not a scam, most markets should provide a pgp signature)
-Next is currency setup. All major cryptocurrency exchangers can be used, I can recommend coin base but there could be better ones out there. Unless you find a small non U.S., exchange, they will always ask for your identity. So unless you can find a trustworthy exchange that doesn't ID, you will need to give it to them. (Side note, all major crypto exchangers report to the IRS, if the IRS asks you if you bought cryptocurrency and you bought while having IDed yourself SAY YES, DO NOT COMMIT TAX FRAUD WHEN THEY KNOW YOU DID)
-Transfer (monero you can send directly, btc you should scramble) to your wallet. There are two options a cold wallet (physical) or a software wallet. Software wallets usually dont cost anything so I recommend them, even if often less safe. Electrum is easy to use, and pretty safe. You can also do your own research and find a wallet that fits your needs.
-now you are ready to buy, only buy using escrow (it means the money is held by the market as a middle man until the product is delivered, they will also handle any issues like wrong quantity, cuts, etc), judge the reviews for a product, and if available look at the history of the vendor, until you find a product from a vendor you trust. (I recommend to buy within your country as much as possible, so it doesn't go through customs, it's very rare that something is found, but it can happen)
-now you get to buy, depending on market, you either have cryptocurrency stored in their wallets (not recommend, you will lose it in an exit scam) or you can send it every order. When you send your delivery adress (or the one you want it to go to) encrypt the adress using the sellers public key. Make sure the adress is correct.
-wait for the product, make sure to extend the escrow until the product arrives, if you can't extend it anymore dispute the order, and a moderator will step in
-test the product, use it, and leave a review. PLEASE LEAVE A REVIEW, DNMs only work because of reviews.
Edit: Didn't imagine I would write over 15000 words. Oh well, it was fun. Hope it helps, if you have any questions feel free to ask.
No idea how long this will stay up, I might purge it in 7 days, or never.
submitted by seven_N_A7 to u/seven_N_A7 [link] [comments]

Bitcoin Verde v1.2.1 - 20191115 HF Support

Bitcoin Verde v1.2.1

https://github.com/SoftwareVerde/bitcoin-verde
What's new in v1.2.1:
If you're running a Bitcoin Verde node be sure to upgrade to the latest version before the 15th. And feel free to let me know you're running a node--it would be great to hear. Currently the resources required to run a node are quite large, so we don't expect there to be many until a subsequent release. Additionally, there have been some database changes since the last major release, but migration will be handled during the node's first restart. If you encounter any problems just send me a message, or find me in Telegram: https://t.me/bitcoinverde .
Notable upgrades for this patch is support for the 20191115 HF, which includes Schnorr signature support for multisig transactions.
Bitcoin Verde put a strong emphasis on SLP support this release which includes RPC commands for checking the validity of SLP transactions. SLP Transactions may be checked via the explorer's API or checked directly via RPC. You can refer to the scripts directory, or check the documentation at https://bitcoinverde.org/documentation/#rpc for more details.
What's coming in future releases:
We have added two custom network calls for SPV wallets to query the validity of SLP transactions. These calls are obviously trusted calls, and the network level is not encrypted, so they may be subject to man-in-the-middle attacks without special considerations. We're refining this feature and plan to release it in the next version of Bitcoin Verde.
We are also investing a lot of effort in improving the initial-block-download times of Bitcoin Verde. This feature involves a rather large database restructure, but has shown to improve performance of the IBD and synced validation significantly. Currently Bitcoin Verde stores, validates, and indexes transactions at a rate of ~2k-12k tx/s, depending on hardware, configuration, and mempool synchronization with the network. We expect to double this in a near-future release.
We've also been collaborating with Xavier Kral from bitcoin.com to reduce to disk footprint of Bitcoin Verde via both hardening "trim" mode and changing the way some data is stored within the database without losing existing functionality.
As always, we're proud to be a part of the Bitcoin Cash community, and love collaborating with brilliant people like Mark Lundeburg, Josh Ellithorpe, Amaury Séchet, and many many others.
submitted by FerriestaPatronum to btc [link] [comments]

The biggest cryptocurrency thefts in the last 10 years

In this article, we will try to remember all the major theft of cryptocurrencies over the past 10 years.
1. Bitstamp $5.3 mln (BTC), January 4th, 2015
On January 4, 2015, the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker and 19,000 Bitcoins (worth of $5 million) were lost.
The initiation of the attack fell on November 4, 2014. Then Damian Merlak, the CTO of the exchange, was offered free tickets to punk rock festival Punk Rock Holiday 2015 via Skype, knowing that Merlak is interested in such music and he plays in the band. To receive the tickets, he was asked to fill out a participant questionnaire by sending a file named “Punk Rock Holiday 2015 TICKET Form1.doc”. This file contained the VBA script. By opening the file, he downloaded the malware on his computer. Although Merlak did not suspect wrong and has opened the "application form", to any critical consequences, this did not open access to the funds of exchange.
The attackers, however, did not give up. The attack continued for five weeks, during which hackers presented themselves as journalists, then headhunters.
Finally, the attackers were lucky. On December 11, 2014, the infected word document was opened on his machine by Bitstamp system administrator Luka Kodric, who had access to the exchange wallet. The file came to the victim by email, allegedly on behalf of an employee of the Association for computer science, although in fact, as the investigation showed, the traces of the file lead deep into Tor. Hackers were not limited to just one letter. Skype attacker pretending to be an employee of the Association for computing machinery, convinced that his Frame though to make international honor society, which required some paperwork. Kodric believed.
By installing a Trojan on Kodriс's computer hackers were able to obtain direct access to the hot wallet of the exchange. The logs show that the attacker, under the account of Kodric, gained access to the server LNXSRVBTC, where he kept the wallet file.dat, and the DORNATA server where the password was stored. Then the servers were redirected to a certain IP address that belongs to one of the providers of Germany.
There are still no official reports of arrests in this case. Obviously, the case is complicated by the fact that the hackers are outside the UK, and the investigation has to cooperate with law enforcement agencies in other countries.
2. GateHub $9.5 mln (XRP), June 1th, 2019
Hackers have compromised nearly 100 XRP Ledger wallets on cryptocurrency wallet service GateHub. The incident was reported by GateHub in a preliminary statement on June 6.
XRP enthusiast Thomas Silkjær, who first noticed the suspicious activity, estimates that the hackers have stolen nearly $10 million worth of cryptocurrency (23,200,000 XRP), $5.5 million (13,100,000 XRP) of which has already been laundered through exchanges and mixer services.
GateHub notes that it is still conducting an investigation and therefore cannot publish any official findings. Also, GateHub advises victims to make complaints to the relevant authorities of their jurisdiction.
3. Tether, $30.9 mln (USDT), November 19th, 2017
Tether created a digital currency called "US tokens" (USDT) — they could be used to trade real goods using Bitcoin, Litecoin and Ether. By depositing $1 in Tether, the user received 1 USD, which can be converted back into fiat. On November 19, 2017, the attacker gained access to the main Tether wallet and withdrew $ 30.9 million in tokens. For the transaction, he used a Bitcoin address, which means that it was irreversible.
To fix the situation, Tether took action by which the hacker was unable to withdraw the stolen money to fiat or Bitcoin, but the panic led to a decrease in the value of Bitcoin.
4. Ethereum, $31 mln (ETH), July 20th, 2017
On July 20, 2017, the hacker transferred 153,037 Ethers to $31 million from three very large wallets owned by SwarmCity, Edgeless Casino and Eternity. Unknown fraudster managed to change the ownership of wallets, taking advantage of the vulnerability with multiple signatures.
First, the theft was noticed by the developers of SwarmCity.
Further events deserve a place in history: "white hackers" returned the stolen funds, and then protected other compromised accounts. They acted in the same way as criminals, who stole funds from vulnerable wallets — just not for themselves. And it all happened in less than a day.
5. Dao (Decentralized Autonomous Organization) $70 mln (ETH), June 18th, 2016
On June 18, 2016, members of the Ethereum community noticed that funds were being drained from the DAO and the overall ETH balance of the smart contract was going down. A total of 3.6 million Ether (worth around $70 million at the time) was drained by the hacker in the first few hours. The attack was possible because of an exploit found in the splitting function. The attackes withdrew Ether from the DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to "ask" the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main faults that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call, and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It's important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for the DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the Internet and any application based on Ethereum to a website: if a website is not working, it doesn't mean that the Internet is not working, it simply means that one website has a problem.
The hacker stopped draining the DAO for unknown reasons, even though they could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit. In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and came very close to being introduced. A few hours before it was set to be released, a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from the DAO.
6. NiceHash, 4736.42 (BTC), December 6th, 2017
NiceHash is a Slovenian cryptocurrency hash power broker with integrated marketplace that connects sellers of hashing power (miners) with buyers of hashing power using the sharing economy approach.
On December 6, 2017, the company's servers became the target of attack. At first, Reddit users reported that they could not access their funds and make transactions — when they tried to log in, they were shown a message about a service interruption. In the end, it became known that the service had undergone a major cyberattack and 4736,42 Bitcoins disappeared without a trace.
Despite heavy losses, NiceHash was able to continue working, but CEO and founder Marco Koval resigned, giving way to a new team. The company managed to maintain the trust of investors and began to strengthen the protection of its systems.
7. Mt.Gox, 850000 (BTC), June 19th, 2011
The Hacking Of Mt.Gox was one of the biggest Bitcoin thefts in history. It was the work of highly professional hackers using complex vulnerabilities.
A hacker (or a group of hackers) allegedly gained access to a computer owned by one of the auditors and used a security vulnerability to access Mt.Gox servers, then changed the nominal value of Bitcoin to 1 cent per coin.
Then they brought out about 2000 BTC. Some customers, without knowing it, conducted transactions at this low price, a total of 650 BTC, and despite the fact that the hacking hit the headlines around the world, no Bitcoin could be returned.
To increase investor confidence, the company has compensated all of the stolen coins, placed most of the remaining funds in offline storage, and the next couple of years was considered the most reliable Bitcoin exchanger in the world.
However, it was only an illusion of reliability.
The problems of the organization were much more serious, and the management probably did not even know about them.
CEO of Mt.Gox, Mark Karpeles, was originally a developer, but over time he stopped delving into technical details, basking in the rays of glory — because he created the world's largest platform for cryptocurrency exchange. At that time Mt.Gox handled over 70% of all Bitcoin transactions.
And, of course, there were those who wanted to take advantage of the technological weakness of the service. At some point, hackers made it so that Bitcoins could be bought at any price, and within minutes millions of dollars worth of coins were sold — mostly for pennies. World prices for Bitcoin stabilized in a few minutes, but it was too late.
As a result, Mt.Gox lost about 850,000 Bitcoins. The exchange had to declare bankruptcy, hundreds of thousands of people lost money, and the Japanese authorities arrested CEO Mark Karpeles for fraud. He pleaded not guilty and was subsequently released. In 2014, the authorities restored some of the Bitcoins remaining at the old addresses, but did not transfer them to the exchange, and created a trust to compensate for the losses of creditors.
8. Coincheck, $530 mln, January 26th, 2018
The sum was astonishing, and even surpassed the infamous Mt.Gox hack.
While Mt.Gox shortly filed for bankruptcy following the hack, Coincheck has surprisingly remained in business and was even recently approved as a licensed exchange by Japan’s Financial Services (FSA).
Coincheck was founded in 2014 in Japan and was one of the most popular cryptocurrency exchanges in the country. Offering a wide variety of digital assets including Bitcoin, Ether, LISK, and NEM, Coincheck was an emerging exchange that joined the Japan Blockchain Association.
Since Coincheck was founded it 2014, it was incidentally not subject to new exchange registration requirements with Japan’s FSA — who rolled out a framework after Mt. Gox –, and eventually was a contributing factor to its poor security standards that led to the hack.
On January 26th, 2018, Coincheck posted on their blog detailing that they were restricting NEM deposits and withdrawals, along with most other methods for buying or selling cryptocurrencies on the platform. Speculation arose that the exchange had been hacked, and the NEM developers issued a statement saying they were unaware of any technical glitches in the NEM protocol and any issues were a result of the exchange’s security.
Coincheck subsequently held a high-profile conference where they confirmed that hackers had absconded with 500 million NEM tokens that were then distributed to 19 different addresses on the network. Totaling roughly $530 million at the time — NEM was hovering around $1 then — the Coincheck hack was considered the largest theft in the industry’s history.
Coincheck was compelled to reveal some embarrassing details about their exchange’s security, mentioning how they stored all of the NEM in a single hot wallet and did not use the NEM multisignature contract security recommended by the developers.
Simultaneously, the NEM developers team had tagged all of the NEM stolen in the hack with a message identifying the funds as stolen so that other exchanges would not accept them. However, NEM announced they were ending their hunt for the stolen NEM for unspecified reasons several months later, and speculation persisted that hackers were close to cashing out the stolen funds on the dark web.
Mainstream media covered the hack extensively and compared it to similar failures by cryptocurrency exchanges in the past to meet adequate security standards. At the time, most media coverage of cryptocurrencies was centered on their obscure nature, dramatic volatility, and lack of security. Coincheck’s hack fueled that narrative considerably as the stolen sum was eye-popping and the cryptocurrency used — NEM — was unknown to most in the mainstream.
NEM depreciated rapidly following the hack, and the price fell even more throughout 2018, in line with the extended bear market in the broader industry. Currently, NEM is trading at approximately $0.07, a precipitous fall from ATH over $1.60 in early January.
The extent of the Coincheck hack was rivaled by only a few other hacks, notably the Mt.Gox hack. While nominally Coincheck is the largest hack in the industry’s history, the effects of Mt.Gox were significantly more impactful since the stolen funds consisted only of Bitcoin and caused a sustained market correction as well as an ongoing controversy with the stolen funds and founder. Moreover, Mt.Gox squandered 6% of the overall Bitcoin circulation at the time in a market that was much less mature than it is today.
Despite the fallout, Coincheck is now fully operational and registered with Japan’s FSA.
As practice shows, people make mistakes and these mistakes can cost a lot. Especially, when we talk about mad cryptoworld. Be careful and keep your private keys in a safe place.
submitted by SwapSpace_co to BitcoinMarkets [link] [comments]

Mitigating the Risk of Ransomware Attacks in the Public Sector

Ransomware attacks were on the rise around the world in 2019. In the U.S. alone, more than 620 government entities, public institutions, healthcare service providers, school districts, colleges and universities had their data held hostage. These relentless attacks have interrupted everyday life in U.S. cities by massively disrupting municipal operations, emergency and medical services, and educational institutions.

Why governmental agencies and public institutions are a primary target

Attackers target public institutions for several key reasons. First, they are more likely to pay up. After all, the goal of a ransomware attack is to disrupt operations badly enough and long enough that the organization will pay the ransom. According to Coveware, a typical ransomware incident lasts for 9.6 days — an eternity for any governmental organization and public institution under the constant pressure of public scrutiny because so many people depend on its services. For example, DCH Health Systems, a network of Alabama hospitals, paid an undisclosed sum to attackers after encryption of critical files forced staff to use paper copies instead of digital records and turn away new patients. Similarly, more than 50 educational organizations experienced ransomware attacks last year, forcing some of them to delay the beginning of the academic year for thousands of students and their families; one district paid $88,000 for the decryption key after negotiating the payout down from $176,000.
Second, many governmental agencies and public institutions lack the resources to protect against cyber attacks in general and ransomware in particular. Many of them, especially smaller organizations, use managed service providers (MSPs) to help with IT operations, which often requires granting the MSPs elevated privileges. This provides an additional entry point for attackers, who target the MSP and distribute their ransomware to many of its clients at once. For instance, a single threat actor attacked 23 Texas government organizations using this attack path.
Of course, some municipalities refuse to pay ransom, which is the strategy recommended by many law enforcement agencies. Baltimore, for instance, declined to pay over $75.000 in bitcoin to an attacker and instead decided to recover the data from backups. Even so, the financial damage can be significant. Baltimore estimates the cost of the malware attack at $18 million, which includes not just remediation but hardening of the environment against future attacks.

How government and public institutions are responding to ransomware attacks

Legislation. The U.S. Senate passed the DHS Cyber Hunt and Incident Response Teams Act, which authorizes the Department of Homeland Security to send teams to help private and public entities battle ransomware attacks.
Cybersecurity insurance. In November 2019, the city of Baltimore approved the purchase of $20 million in cyber liability insurance to cover any additional disruptions to the city’s networks in 2020. Cyber liability insurance will typically pay the ransom and other extortion-related expenses, as well as recovery costs for restoring or replacing programs and data.
Mandatory training. After a coordinated attack on 23 Texas government organizations, the state announced it would require annual cybersecurity training for government employees. Dozens of other states are requiring security awareness programs as well. By teaching cybersecurity best practices, these programs aim to install proper habits and procedures for protecting information resources.

Strategies for mitigating the risk of ransomware

There is no reason to believe that any organization can block all ransomware attacks. But there are ways to minimize the damage of ransomware infections. For example, when ransomware hit Louisiana state government systems in November 2019, the state was able to quickly detect the attack and neutralize it before it caused serious damage — because back in December 2017, the state had established procedures for dealing with cyber attacks and the agencies were prepared.
The following measures can help you limit the impact of a ransomware attack:

Conclusion

A final tip: Don’t pay ransom. Paying ransom helps make these attacks a viable “business model” for the perpetrators. Moreover, according to Symantec, only 47% of organizations that pay the ransom actually get their files back. By establishing healthy habits, you can mitigate the risk of ransomware causing serious damage and recover without engaging with the attackers.
Original Article - Mitigating the Risk of Ransomware Attacks in the Public Sector
Handpicked related content:
submitted by Jeff-Netwrix to Netwrix [link] [comments]

Tutorial: How to receive Bitcoin donations on your Street Art works. This tutorial explains in 3 steps how to receive Bitcoin donations on your street art works:

Tutorial: How to receive Bitcoin donations on your Street Art works. This tutorial explains in 3 steps how to receive Bitcoin donations on your street art works:


Step 1 — Creating a Bitcoin Portfolio
First, it is necessary to create your wallet , which will generate your reception address (the equivalent of a bank account that belongs to you).
Thanks to this receiving address, you will be able to receive transactions in your wallet.
The Coinomiwallet is one of the easiest to use , available on Android, iOS, Windows, MacOS and Linux.
You are free to use any other wallet: Samurai Wallet , Spot , Electrum … Make sure that the wallet you choose is recognized and trusted because hacks , phishing and scams are commonplace in the world cryptocurrencies.
Download the application .

Once installed, click on “Create new wallet”.

The wallet will generate you your recovery phrase (or “Seed”, which is the private key of your wallet) which is most often a suite of 24 words.

Write down your recovery phrase by hand on a sheet of paper and keep it in a safe place (be careful to keep it private, anyone who owns this sentence becomes the owner of your funds).


Confirm to the wallet that you have correctly noted the recovery phrase and choose a password .
2nd step — Create your QR code visual
From your wallet, you need to generate your QR code of the receiving address .
Go to “Bitcoin BTC” in the wallet.

Click “Receive” (if indicated, choose a reception address “Compatibility” rather than “Default” or “Legacy”).


Bitcoin receive address example1F4bwjr74bmcXwRu53Jh27JRRCWHHd4yrz
You can now retrieve the QR code with a screenshot and save the receiving address .
To put this QR code on your works, there are 2 methods; a very simple and accessible to all (printing on paper and collage) and the second is a little more complicated (cutting stencil) but more durable:
  • The easiest way is to print the QR code on paper with the mention “Bitcoin donations” at the top and your Bitcoin receipt address at the bottom and paste it into your work.

Download this template and add your QR code and receiving address (as above). Check that the address shown corresponds to the QR code by scanning it with a smartphone.
Optional: It is recommended to add your website (or social networks) to allow people to validate that this is your Bitcoin address (and not that of a person posing as you). Of course, this same Bitcoin receiving address must appear on the front page of your site (and in your social networks profile) to allow donors to verify that the funds will be received by you.
Once the sheet is printed, you can paste it on your next street artwork. Prefer flat and smooth surfaces for better adhesion of the poster. We must make sure that it fits in with the signature of the work so that we understand that the gifts are for you.


- The second method is to create a QR code stencil and use a spray bomb to put it in your work.
There are 2 possible cutting techniques: A manual technique that requires some basic DIY. The second technique is to prepare the visual Photoshop and Illustator then to call a provider who will cut the stencil for you.
1st technique — Manual: To make yourself the stencil, you will need a rigid sheet, a cutting support, a cutting scalpel, Masking Tape, a black felt pen, a clamp and a thin square grid.
To make the QR code stencil by hand, see this tutorial .


Once the stencil of QR code is made, make a stencil with the mention “Donate Bitcoin” and add it to the first stencil to understand that this is your Bitcoin reception address. You can write it yourself or use this template (below) that you can print and overlay your rigid sheet.


Once your stencil is ready (“Donate Bitcoin” + QR code), you can put it on your next work with a black paint spray. Prefer flat, smooth and clear surfaces for a better readability of the QR code. We must make sure that the stencil is integrated into the signature of the work to understand that the gifts are for you.
2nd technique — Stencil cutting by a provider: To create a QR code stencil, it is imperative that all the background of the visual is connected to allow cutting of the stencil, for this, it is necessary to go to a site that generates QR compatible stencil code like qrcode-zebra.com


Once on the site, choose the “Text” tab and paste your Bitcoin receipt address and click on “Generate QR code”. Your QR code will appear, but the design will not be the right one. There are a few changes to make. In the “Choose patterns” tab on the left, click on the first pattern (which looks like a square grid), then in “Choose eyes”, click on the first box (the basic square “eyes”). Then, in “Set colors”, choose the color black.
Optional: if you wish to add your logo or signature, you can add it in “Add logo”. The file should be as simple as possible, in black with transparent background that connects (compatible with a stencil cut).
Now that the QR code is ready, you can retrieve it with a screenshot or click on “Dowload PNG” and give your email address to receive the QR code as a PNG file.
Then, on Photoshop, it is necessary to couple the grid of your QR code with this model so that the mention “Donations in Bitcoin” and the 3 “Eyes” square of the QR are compatible for a stencil cut. Use overlapping layers and erase old “eyes”.


Finally, download this special stencil typography and use it to enter your Bitcoin receipt address used on your QR code. Check that the address shown corresponds to the QR code by scanning it with a smartphone.
It is strongly recommended to also add your website (or social networks) to allow people to validate that this is your Bitcoin address (and not that of a person posing as you). Of course, this same Bitcoin receiving address must appear on the front page of your site (and in your social networks profile) to allow donors to verify that the funds will be received by you.
Once the visual is ready and fully compatible for stencil cutting, you can vectorize it in Illustrator and save it in EPS or AI format.
Last step, send this file to a provider who makes stencil cutting.
It’s up to you to choose the provider that best suits your location, price and time. Choose a format that suits your job. For large frescoes, larger formats (A2) are preferable, and for smaller works, smaller sizes (A4).

Once you receive the stencil, you can affix it to your next work with a black paint spray. Prefer flat, smooth and clear surfaces for a better readability of the QR code. We must make sure that it fits in with the signature of the work so that we understand that the gifts are for you.


3 — Last step, communicate.
Let all those who follow your work know that they can now support you financially by sending you Bitcoin donations on your Street Art works. You can use the means you have available, your contacts, your website, your social networks …
To help beginners, here is a tutorial that explains how to buy Bitcoin.
To track the transactions you receive, you can open your wallet regularly to see your balance.
To receive a notification when you receive a donation, you can use your Wallet to track transactions at an address of your choice.
The public can also see your balance received on your address thanks to blockchain explorers.
Here is the balance of a donation address: 3Pboy9ucGEdQUHNu2rrC6RGq4jouRc4Grb
If you receive a lot of donations, it is a good opportunity to communicate on the amount received.
Good luck and good creation!
FAQ
Why use Bitcoin?
The money you receive is 100% in your possession because you are the sole owner of your private key (recovery phrase, or “Seed”), unlike other centralized means of payment (Banks, Paypal, Ulule, Patreon. ..), Bitcoin happens totally of intermediary of confidence.
How do I use Bitcoin?
Thanks to your wallet you create a private key and a public address. The private key (recovery phrase, or “Seed”) is a bit like the key to your digital vault that you need to keep only for yourself. The public address is your RIB to receive transactions, you can share it publicly without problem.
How do I exchange my bitcoins for USD?
You can at any time send your bitcoins on an exchange online ( Coinbase …) to convert them into currency (Euro, Dollar …). You need to create an account on one of these exchange exchanges, convert your funds into the desired currency and then make a transfer to your bank account.
A faster solution may be to use a centralized service provider that offers a Bitcoin wallet connected to a credit card to spend your bitcoins directly ( Wirex , Coinbase …).
This article is not sponsored by the portfolios and companies mentioned.
You can tip me here !


Btc adress :1F4bwjr74bmcXwRu53Jh27JRRCWHHd4yrz
Have a nice day and many donations ;)
From ; https://medium.com/@freetokencryptobounty/tutorial-how-to-receive-bitcoin-donations-on-your-street-art-works-22e05dd06889
Thanks to https://www.pboy-art.com
submitted by Freetokenairdrop to btc [link] [comments]

The biggest cryptocurrency thefts in the last 10 years

In this article, we will try to remember all the major theft of cryptocurrencies over the past 10 years.
1. Bitstamp $5.3 mln (BTC), January 4th, 2015
On January 4, 2015, the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker and 19,000 Bitcoins (worth of $5 million) were lost.
The initiation of the attack fell on November 4, 2014. Then Damian Merlak, the CTO of the exchange, was offered free tickets to punk rock festival Punk Rock Holiday 2015 via Skype, knowing that Merlak is interested in such music and he plays in the band. To receive the tickets, he was asked to fill out a participant questionnaire by sending a file named “Punk Rock Holiday 2015 TICKET Form1.doc”. This file contained the VBA script. By opening the file, he downloaded the malware on his computer. Although Merlak did not suspect wrong and has opened the "application form", to any critical consequences, this did not open access to the funds of exchange.
The attackers, however, did not give up. The attack continued for five weeks, during which hackers presented themselves as journalists, then headhunters.
Finally, the attackers were lucky. On December 11, 2014, the infected word document was opened on his machine by Bitstamp system administrator Luka Kodric, who had access to the exchange wallet. The file came to the victim by email, allegedly on behalf of an employee of the Association for computer science, although in fact, as the investigation showed, the traces of the file lead deep into Tor. Hackers were not limited to just one letter. Skype attacker pretending to be an employee of the Association for computing machinery, convinced that his Frame though to make international honor society, which required some paperwork. Kodric believed.
By installing a Trojan on Kodriс's computer hackers were able to obtain direct access to the hot wallet of the exchange. The logs show that the attacker, under the account of Kodric, gained access to the server LNXSRVBTC, where he kept the wallet file.dat, and the DORNATA server where the password was stored. Then the servers were redirected to a certain IP address that belongs to one of the providers of Germany.
There are still no official reports of arrests in this case. Obviously, the case is complicated by the fact that the hackers are outside the UK, and the investigation has to cooperate with law enforcement agencies in other countries.
2. GateHub $9.5 mln (XRP), June 1th, 2019
Hackers have compromised nearly 100 XRP Ledger wallets on cryptocurrency wallet service GateHub. The incident was reported by GateHub in a preliminary statement on June 6.
XRP enthusiast Thomas Silkjær, who first noticed the suspicious activity, estimates that the hackers have stolen nearly $10 million worth of cryptocurrency (23,200,000 XRP), $5.5 million (13,100,000 XRP) of which has already been laundered through exchanges and mixer services.
GateHub notes that it is still conducting an investigation and therefore cannot publish any official findings. Also, GateHub advises victims to make complaints to the relevant authorities of their jurisdiction.
3. Tether, $30.9 mln (USDT), November 19th, 2017
Tether created a digital currency called "US tokens" (USDT) — they could be used to trade real goods using Bitcoin, Litecoin and Ether. By depositing $1 in Tether, the user received 1 USD, which can be converted back into fiat. On November 19, 2017, the attacker gained access to the main Tether wallet and withdrew $ 30.9 million in tokens. For the transaction, he used a Bitcoin address, which means that it was irreversible.
To fix the situation, Tether took action by which the hacker was unable to withdraw the stolen money to fiat or Bitcoin, but the panic led to a decrease in the value of Bitcoin.
4. Ethereum, $31 mln (ETH), July 20th, 2017
On July 20, 2017, the hacker transferred 153,037 Ethers to $31 million from three very large wallets owned by SwarmCity, Edgeless Casino and Eternity. Unknown fraudster managed to change the ownership of wallets, taking advantage of the vulnerability with multiple signatures.
First, the theft was noticed by the developers of SwarmCity.
Further events deserve a place in history: "white hackers" returned the stolen funds, and then protected other compromised accounts. They acted in the same way as criminals, who stole funds from vulnerable wallets — just not for themselves. And it all happened in less than a day.
5. Dao (Decentralized Autonomous Organization) $70 mln (ETH), June 18th, 2016
On June 18, 2016, members of the Ethereum community noticed that funds were being drained from the DAO and the overall ETH balance of the smart contract was going down. A total of 3.6 million Ether (worth around $70 million at the time) was drained by the hacker in the first few hours. The attack was possible because of an exploit found in the splitting function. The attackes withdrew Ether from the DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to "ask" the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main faults that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call, and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It's important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for the DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the Internet and any application based on Ethereum to a website: if a website is not working, it doesn't mean that the Internet is not working, it simply means that one website has a problem.
The hacker stopped draining the DAO for unknown reasons, even though they could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit. In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and came very close to being introduced. A few hours before it was set to be released, a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from the DAO.
6. NiceHash, 4736.42 (BTC), December 6th, 2017
NiceHash is a Slovenian cryptocurrency hash power broker with integrated marketplace that connects sellers of hashing power (miners) with buyers of hashing power using the sharing economy approach.
On December 6, 2017, the company's servers became the target of attack. At first, Reddit users reported that they could not access their funds and make transactions — when they tried to log in, they were shown a message about a service interruption. In the end, it became known that the service had undergone a major cyberattack and 4736,42 Bitcoins disappeared without a trace.
Despite heavy losses, NiceHash was able to continue working, but CEO and founder Marco Koval resigned, giving way to a new team. The company managed to maintain the trust of investors and began to strengthen the protection of its systems.
7. Mt.Gox, 850000 (BTC), June 19th, 2011
The Hacking Of Mt.Gox was one of the biggest Bitcoin thefts in history. It was the work of highly professional hackers using complex vulnerabilities.
A hacker (or a group of hackers) allegedly gained access to a computer owned by one of the auditors and used a security vulnerability to access Mt.Gox servers, then changed the nominal value of Bitcoin to 1 cent per coin.
Then they brought out about 2000 BTC. Some customers, without knowing it, conducted transactions at this low price, a total of 650 BTC, and despite the fact that the hacking hit the headlines around the world, no Bitcoin could be returned.
To increase investor confidence, the company has compensated all of the stolen coins, placed most of the remaining funds in offline storage, and the next couple of years was considered the most reliable Bitcoin exchanger in the world.
However, it was only an illusion of reliability.
The problems of the organization were much more serious, and the management probably did not even know about them.
CEO of Mt.Gox, Mark Karpeles, was originally a developer, but over time he stopped delving into technical details, basking in the rays of glory — because he created the world's largest platform for cryptocurrency exchange. At that time Mt.Gox handled over 70% of all Bitcoin transactions.
And, of course, there were those who wanted to take advantage of the technological weakness of the service. At some point, hackers made it so that Bitcoins could be bought at any price, and within minutes millions of dollars worth of coins were sold — mostly for pennies. World prices for Bitcoin stabilized in a few minutes, but it was too late.
As a result, Mt.Gox lost about 850,000 Bitcoins. The exchange had to declare bankruptcy, hundreds of thousands of people lost money, and the Japanese authorities arrested CEO Mark Karpeles for fraud. He pleaded not guilty and was subsequently released. In 2014, the authorities restored some of the Bitcoins remaining at the old addresses, but did not transfer them to the exchange, and created a trust to compensate for the losses of creditors.
8. Coincheck, $530 mln, January 26th, 2018
The sum was astonishing, and even surpassed the infamous Mt.Gox hack.
While Mt.Gox shortly filed for bankruptcy following the hack, Coincheck has surprisingly remained in business and was even recently approved as a licensed exchange by Japan’s Financial Services (FSA).
Coincheck was founded in 2014 in Japan and was one of the most popular cryptocurrency exchanges in the country. Offering a wide variety of digital assets including Bitcoin, Ether, LISK, and NEM, Coincheck was an emerging exchange that joined the Japan Blockchain Association.
Since Coincheck was founded it 2014, it was incidentally not subject to new exchange registration requirements with Japan’s FSA — who rolled out a framework after Mt. Gox –, and eventually was a contributing factor to its poor security standards that led to the hack.
On January 26th, 2018, Coincheck posted on their blog detailing that they were restricting NEM deposits and withdrawals, along with most other methods for buying or selling cryptocurrencies on the platform. Speculation arose that the exchange had been hacked, and the NEM developers issued a statement saying they were unaware of any technical glitches in the NEM protocol and any issues were a result of the exchange’s security.
Coincheck subsequently held a high-profile conference where they confirmed that hackers had absconded with 500 million NEM tokens that were then distributed to 19 different addresses on the network. Totaling roughly $530 million at the time — NEM was hovering around $1 then — the Coincheck hack was considered the largest theft in the industry’s history.
Coincheck was compelled to reveal some embarrassing details about their exchange’s security, mentioning how they stored all of the NEM in a single hot wallet and did not use the NEM multisignature contract security recommended by the developers.
Simultaneously, the NEM developers team had tagged all of the NEM stolen in the hack with a message identifying the funds as stolen so that other exchanges would not accept them. However, NEM announced they were ending their hunt for the stolen NEM for unspecified reasons several months later, and speculation persisted that hackers were close to cashing out the stolen funds on the dark web.
Mainstream media covered the hack extensively and compared it to similar failures by cryptocurrency exchanges in the past to meet adequate security standards. At the time, most media coverage of cryptocurrencies was centered on their obscure nature, dramatic volatility, and lack of security. Coincheck’s hack fueled that narrative considerably as the stolen sum was eye-popping and the cryptocurrency used — NEM — was unknown to most in the mainstream.
NEM depreciated rapidly following the hack, and the price fell even more throughout 2018, in line with the extended bear market in the broader industry. Currently, NEM is trading at approximately $0.07, a precipitous fall from ATH over $1.60 in early January.
The extent of the Coincheck hack was rivaled by only a few other hacks, notably the Mt.Gox hack. While nominally Coincheck is the largest hack in the industry’s history, the effects of Mt.Gox were significantly more impactful since the stolen funds consisted only of Bitcoin and caused a sustained market correction as well as an ongoing controversy with the stolen funds and founder. Moreover, Mt.Gox squandered 6% of the overall Bitcoin circulation at the time in a market that was much less mature than it is today.
Despite the fallout, Coincheck is now fully operational and registered with Japan’s FSA.
As practice shows, people make mistakes and these mistakes can cost a lot. Especially, when we talk about mad cryptoworld. Be careful and keep your private keys in a safe place.
submitted by SwapSpace_co to ethtrader [link] [comments]

All of the AMA questions/comments from the darkoverlord re: 9/11 insurance leak extortion here

Q: This doesn't seem like something a group that uses the darkweb would do in public.
A: This is something we do. We can't speak for the others. This is our modus operandi. We like to do everything we can to squeeze every last coin out of our victims. We're financially motivated.
For everyone else asking why we're not dumping it all, we have. It's available to torrent.
Our official Press Release with more info is available here: pastebin.com/4F5R8QyQ
Q: 9.8 gigs seems a lot for just documents. Does it include videos or audio recordings? A: We're withholding anything that isn't text-readable for now.
Q: who did 9/11 in your opinion based on the docs? A: We don't really give a fuck. We want internet money.
We've already released a select few documents to serve as proof of our claims. We're about to change the fucking world. Edward Snowden's NSA leak will be pale in comparison.
Q: (ID: QYsiPYKc) A: When we deal with clients who have PoF, we provide such presentations.
We're quite wealthy, earning hundreds of BTC per year in profit from our systematic cyber-extortion. GCHQ coined that term for us. You can read their advisory about this organisation.
Q: Hi, thedarkoverlord, Have you considered that information may well be used crash the monetary system you hope to be compensated in? A: Fantastic question, mate. We're not concerned about that as we receive our payments only in internet money like Bitcoin. The monetary crash will be your problem. We always advise our clients to diversify and acquire different convertible currencies.
Q: Explain attack vector that lead to initial shell. Web based? Misconfigired service? Well known exploit? A: Nice try, Mandiant.
Q: How? You stated that your intent was to sell it to the highest bidder. That just means that it will get buried. A: We're financially motivated. We're not motivated by saving the planet.
Q: Waiting for overlords dead man switch A: We have several layers of 'dead man's switches' deployed. This is why the entire archive we'd plan to release is freely downloadable now. We're sitting on our high entropy master encryption keys that can be released through even a failure of the organisation.
Q: The thing is, I (and few others) are willing to pay. Provided that OP understands at least basics how such trades are executed. A: We're highly reputable, having sold hundreds of BTC worth of intellectual property, R&D, databases, and more. Our official contact details are in our office Press Release. Please contact us using PGP. We'll happily conform to your requirements to substantiate our loot.
Q: if you DO get paid then we can assume the world's not save because you'd not release them right? A: That's correct. We're not here to save the world. We're here to get paid internet money. We're not motivated by ego or charity, only money.
Q: Hey thedarkoverlord, give us something for free you poofters. A: We already have. Pay attention, fag.
For everyone speaking about the hack of a global insurer, you should understand how sophisticated litigation works. We're sitting on SSI and SCI from TSA, FBI, FAA, USDOJ, and others. Refer to our official PR for more information.
Q: Thoughts on Cicada 3301 and WikiLeaks? particularly who is behind Cicada? A: We don't speculate on other organisations. We focus on ourselves.
Q: Do you have a timeline you can disclose for releasing each layer? A: There is a timeline, but we can't share details about that.
Q: Your group could have chosen to privately auction this info to the same exact bidders you will likely get through these public antics. That makes me question your timing. Why disrupt our system of things and way of life now ( assuming your I do is as world changing as you state)? Why now? A: Tis the season.
Q: I don't give a shit what he wants I'll kick in 20 bucks for anything that peaks my interest one single doc to prove it's not a nothing burger with no strings attached I've been sitting on btc since 50 btc blocks. A: Ff you'd like to be the first person to purchase a single file or two from us, you're welcome to. We'd happily sell you something right now. Our Twitter has our e-mail on it. Get in contact, mate.
Q: what would anyone who is selling world shattering documents for millions of dollars try selling them on 4chan? A: We're not selling anything on 4chan. We're working SEO right now. Google 'thedarkoverlord' and see for yourself. It's driving a tremendous amount of traffic to our content. This is all calculated and pre-arranged.
Q: Fuck yeah based hackerman. I read the release, make those fuckers pay for breaking the deal. They should pay extra just for being so stupid to let you find anything in their network in the first place. Too easy probably, IT people are lazy as fuck. Get paid. A: We've probably hacked your company too.
Q: I'd be willing to chip in with others to see it if I was sure it would be world shaking info. Not something the average person would change the TV when it came up on the news. On a scale of 1-10 how system breaking is the info? A: You're the smart one here, asking the right questions. We'd say it's a 7.5, all things considered. Snowden may have been a 5.5, maybe a 6. More people care about 911 than USA spying. Now, our next release about UFOs, yeah, that's a 10 mate, but it's going to wait until we're done here. If you'd like to buy 911 documents from us, read the answers above.
Anyone can see ample proof on our official PR and our official Twitter @tdo_h4ck3rs. This is quiet real. We'd like to top Edward Snowden. Everyone saying they're coming for us: we know. GCHQ has published advisories about us and the Billings Gazette news publisher leaked the fact that the CIA and NSA event attempted to locate us last year in October after we closed down 50.000 students and 36 schools in an entire region of Montana for 7 days. This is readily available news.
Q: Actually appears legit. On a scale of 1 to 10, how likely do you think it is that your leak could cause a former-sitting president to get lynched? Also, hope your DMS shoots to a Blockchian. A: We'd rather not say, for fear of his safety.
We'll be sharing a few new screencaps momentarily, to stir the pot a bit.
Q: why are you doing ransom instead of exploiting this information for insider trading A: We're experts in systematic cyber-extortion, according to GCHQ. We do what we're best at.
Q: Do you have anything really damaging on Hillary or Obama? A: We're unwilling to answer this question.
Q: Holy kek, FreeBSD is one of the most insecure OS, no joke. A: We utilise Windows Embedded.
Q: That's a bit of a lame answer. Why pick a risky strategy like cyber extortion, when you can stay under the radar, and do insider trading from a beach in Asia? A: We don't discuss out TTPs in public.
Q: So given your financial motivation, is it safe to assume you’re “group” is more anarchy than order? That is to say, are you looking to shift power,take power, or destroy power? A: We're not interested in power, only internet money.
Q: Their answer here will actually clue in their degree of technical competency. I'd add - justify why it will reach this price. A: We haven't shared a price, at all. Depending on what a buyer would like, we adjust our offer.
Q: Iron Mountain is a military base. Why is a WTC Insurer shredding documents on it? A: Great question. We'll direct you to ur official PR which details it. We'll quote the issue for you below:
"When major incidents like the WTC 911 incident happen, part of the litigation must involve SSI (Sensitive Security Information) and SCI (Special Compartment Information) from the likes of the FBI, CIA, TSA, FAA, DOD, and others being introduced into evidence, but of course this can't become public, for fear of compromising a nation's security, so they temporarily release these materials to the solicitor firms involved in the litigation with the strict demand they're destroyed after their use and that remain highly protected and confidential to only be used behind closed doors. However, humans aren't perfect and many of these documents don't become destroyed, and when thedarkoverlord comes along hacking all these solicitor firms, investment banks, and global insurers, we stumble upon the juiciest secrets a government has to offer."
Q: Hey do you take hack requests? I have a couple of bitcoins... A: Visit our official Twitter @tdo_h4ck3rs where our contact details are readily available. We operate on a strict protocol and often times require bonding.
Q: why leak on new years eve A: Because it forces about a dozen Fortune 500 companies in the UK and USA to build damage control and COA plans on their New Years holiday, robbing them of any pleasure and bringing in their new year at a new low.
Q: if i purchase the doc's, whats stopping me uploading it everywhere? will you guys get annoyed? A: Once we're paid, they're yours. You do as we you wish. We couldn't care any less.
Q: yeah has there been any strange shit happening that makes you think they're on to you or that you've being targetted already? A: Other than them telling victims to pay us because it's the best move to save their arses, we sleep like babies.
Q: Likes,kind of a career ending big heist, don't you think? A: We already live like the ending of a great heist movie, on warm beaches with loads of internet money. We're quite happy.
Q: Why do you care about their pleasure or them starting new year at all time low, thought this was all just business? A: It's all business. Psychologically, they're most vulnerable when this process is used and it resutls in higher success rates for us.
Q: Apparently the guy they caught was in Serbia. A: A complete random stranger.
Q: The question about crypto was good, do you have any predictions about BTC next year and do you think it's still the best currency to invest in? A: We predict we'll earn even more BTC. As our clients are paying us while we have them bent over a barrel, we always advise them to buy up for their personal portfolios.
Q: Do you have a deadman set up A: We do.
submitted by jdennis187 to conspiracy [link] [comments]

A Good Pentesting Tools List

Collection of pentesting tools by BrainfuckSec

Anti Forensics Tools
Exploitation Tools
Forensics Tools
Information Gathering
Keyloggers
Maintaining Access
Password Attacks
Reverse Engineering
Sniffing Spoofing
Social Engineering
Vulnerability Analysis
Web Applications
Web Shells
Wireless Attacks
submitted by _brainfuck to Pentesting [link] [comments]

The biggest cryptocurrency thefts in the last 10 years

In this article, we will try to remember all the major theft of cryptocurrencies over the past 10 years.
1. Bitstamp $5.3 mln (BTC), January 4th, 2015
On January 4, 2015, the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker and 19,000 Bitcoins (worth of $5 million) were lost.
The initiation of the attack fell on November 4, 2014. Then Damian Merlak, the CTO of the exchange, was offered free tickets to punk rock festival Punk Rock Holiday 2015 via Skype, knowing that Merlak is interested in such music and he plays in the band. To receive the tickets, he was asked to fill out a participant questionnaire by sending a file named “Punk Rock Holiday 2015 TICKET Form1.doc”. This file contained the VBA script. By opening the file, he downloaded the malware on his computer. Although Merlak did not suspect wrong and has opened the "application form", to any critical consequences, this did not open access to the funds of exchange.
The attackers, however, did not give up. The attack continued for five weeks, during which hackers presented themselves as journalists, then headhunters.
Finally, the attackers were lucky. On December 11, 2014, the infected word document was opened on his machine by Bitstamp system administrator Luka Kodric, who had access to the exchange wallet. The file came to the victim by email, allegedly on behalf of an employee of the Association for computer science, although in fact, as the investigation showed, the traces of the file lead deep into Tor. Hackers were not limited to just one letter. Skype attacker pretending to be an employee of the Association for computing machinery, convinced that his Frame though to make international honor society, which required some paperwork. Kodric believed.
By installing a Trojan on Kodriс's computer hackers were able to obtain direct access to the hot wallet of the exchange. The logs show that the attacker, under the account of Kodric, gained access to the server LNXSRVBTC, where he kept the wallet file.dat, and the DORNATA server where the password was stored. Then the servers were redirected to a certain IP address that belongs to one of the providers of Germany.
There are still no official reports of arrests in this case. Obviously, the case is complicated by the fact that the hackers are outside the UK, and the investigation has to cooperate with law enforcement agencies in other countries.
2. GateHub $9.5 mln (XRP), June 1th, 2019
Hackers have compromised nearly 100 XRP Ledger wallets on cryptocurrency wallet service GateHub. The incident was reported by GateHub in a preliminary statement on June 6.
XRP enthusiast Thomas Silkjær, who first noticed the suspicious activity, estimates that the hackers have stolen nearly $10 million worth of cryptocurrency (23,200,000 XRP), $5.5 million (13,100,000 XRP) of which has already been laundered through exchanges and mixer services.
GateHub notes that it is still conducting an investigation and therefore cannot publish any official findings. Also, GateHub advises victims to make complaints to the relevant authorities of their jurisdiction.
3. Tether, $30.9 mln (USDT), November 19th, 2017
Tether created a digital currency called "US tokens" (USDT) — they could be used to trade real goods using Bitcoin, Litecoin and Ether. By depositing $1 in Tether, the user received 1 USD, which can be converted back into fiat. On November 19, 2017, the attacker gained access to the main Tether wallet and withdrew $ 30.9 million in tokens. For the transaction, he used a Bitcoin address, which means that it was irreversible.
To fix the situation, Tether took action by which the hacker was unable to withdraw the stolen money to fiat or Bitcoin, but the panic led to a decrease in the value of Bitcoin.
4. Ethereum, $31 mln (ETH), July 20th, 2017
On July 20, 2017, the hacker transferred 153,037 Ethers to $31 million from three very large wallets owned by SwarmCity, Edgeless Casino and Eternity. Unknown fraudster managed to change the ownership of wallets, taking advantage of the vulnerability with multiple signatures.
First, the theft was noticed by the developers of SwarmCity.
Further events deserve a place in history: "white hackers" returned the stolen funds, and then protected other compromised accounts. They acted in the same way as criminals, who stole funds from vulnerable wallets — just not for themselves. And it all happened in less than a day.
5. Dao (Decentralized Autonomous Organization) $70 mln (ETH), June 18th, 2016
On June 18, 2016, members of the Ethereum community noticed that funds were being drained from the DAO and the overall ETH balance of the smart contract was going down. A total of 3.6 million Ether (worth around $70 million at the time) was drained by the hacker in the first few hours. The attack was possible because of an exploit found in the splitting function. The attackes withdrew Ether from the DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to "ask" the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main faults that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call, and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It's important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for the DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the Internet and any application based on Ethereum to a website: if a website is not working, it doesn't mean that the Internet is not working, it simply means that one website has a problem.
The hacker stopped draining the DAO for unknown reasons, even though they could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit. In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and came very close to being introduced. A few hours before it was set to be released, a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from the DAO.
6. NiceHash, 4736.42 (BTC), December 6th, 2017
NiceHash is a Slovenian cryptocurrency hash power broker with integrated marketplace that connects sellers of hashing power (miners) with buyers of hashing power using the sharing economy approach.
On December 6, 2017, the company's servers became the target of attack. At first, Reddit users reported that they could not access their funds and make transactions — when they tried to log in, they were shown a message about a service interruption. In the end, it became known that the service had undergone a major cyberattack and 4736,42 Bitcoins disappeared without a trace.
Despite heavy losses, NiceHash was able to continue working, but CEO and founder Marco Koval resigned, giving way to a new team. The company managed to maintain the trust of investors and began to strengthen the protection of its systems.
7. Mt.Gox, 850000 (BTC), June 19th, 2011
The Hacking Of Mt.Gox was one of the biggest Bitcoin thefts in history. It was the work of highly professional hackers using complex vulnerabilities.
A hacker (or a group of hackers) allegedly gained access to a computer owned by one of the auditors and used a security vulnerability to access Mt.Gox servers, then changed the nominal value of Bitcoin to 1 cent per coin.
Then they brought out about 2000 BTC. Some customers, without knowing it, conducted transactions at this low price, a total of 650 BTC, and despite the fact that the hacking hit the headlines around the world, no Bitcoin could be returned.
To increase investor confidence, the company has compensated all of the stolen coins, placed most of the remaining funds in offline storage, and the next couple of years was considered the most reliable Bitcoin exchanger in the world.
However, it was only an illusion of reliability.
The problems of the organization were much more serious, and the management probably did not even know about them.
CEO of Mt.Gox, Mark Karpeles, was originally a developer, but over time he stopped delving into technical details, basking in the rays of glory — because he created the world's largest platform for cryptocurrency exchange. At that time Mt.Gox handled over 70% of all Bitcoin transactions.
And, of course, there were those who wanted to take advantage of the technological weakness of the service. At some point, hackers made it so that Bitcoins could be bought at any price, and within minutes millions of dollars worth of coins were sold — mostly for pennies. World prices for Bitcoin stabilized in a few minutes, but it was too late.
As a result, Mt.Gox lost about 850,000 Bitcoins. The exchange had to declare bankruptcy, hundreds of thousands of people lost money, and the Japanese authorities arrested CEO Mark Karpeles for fraud. He pleaded not guilty and was subsequently released. In 2014, the authorities restored some of the Bitcoins remaining at the old addresses, but did not transfer them to the exchange, and created a trust to compensate for the losses of creditors.
8. Coincheck, $530 mln, January 26th, 2018
The sum was astonishing, and even surpassed the infamous Mt.Gox hack.
While Mt.Gox shortly filed for bankruptcy following the hack, Coincheck has surprisingly remained in business and was even recently approved as a licensed exchange by Japan’s Financial Services (FSA).
Coincheck was founded in 2014 in Japan and was one of the most popular cryptocurrency exchanges in the country. Offering a wide variety of digital assets including Bitcoin, Ether, LISK, and NEM, Coincheck was an emerging exchange that joined the Japan Blockchain Association.
Since Coincheck was founded it 2014, it was incidentally not subject to new exchange registration requirements with Japan’s FSA — who rolled out a framework after Mt. Gox –, and eventually was a contributing factor to its poor security standards that led to the hack.
On January 26th, 2018, Coincheck posted on their blog detailing that they were restricting NEM deposits and withdrawals, along with most other methods for buying or selling cryptocurrencies on the platform. Speculation arose that the exchange had been hacked, and the NEM developers issued a statement saying they were unaware of any technical glitches in the NEM protocol and any issues were a result of the exchange’s security.
Coincheck subsequently held a high-profile conference where they confirmed that hackers had absconded with 500 million NEM tokens that were then distributed to 19 different addresses on the network. Totaling roughly $530 million at the time — NEM was hovering around $1 then — the Coincheck hack was considered the largest theft in the industry’s history.
Coincheck was compelled to reveal some embarrassing details about their exchange’s security, mentioning how they stored all of the NEM in a single hot wallet and did not use the NEM multisignature contract security recommended by the developers.
Simultaneously, the NEM developers team had tagged all of the NEM stolen in the hack with a message identifying the funds as stolen so that other exchanges would not accept them. However, NEM announced they were ending their hunt for the stolen NEM for unspecified reasons several months later, and speculation persisted that hackers were close to cashing out the stolen funds on the dark web.
Mainstream media covered the hack extensively and compared it to similar failures by cryptocurrency exchanges in the past to meet adequate security standards. At the time, most media coverage of cryptocurrencies was centered on their obscure nature, dramatic volatility, and lack of security. Coincheck’s hack fueled that narrative considerably as the stolen sum was eye-popping and the cryptocurrency used — NEM — was unknown to most in the mainstream.
NEM depreciated rapidly following the hack, and the price fell even more throughout 2018, in line with the extended bear market in the broader industry. Currently, NEM is trading at approximately $0.07, a precipitous fall from ATH over $1.60 in early January.
The extent of the Coincheck hack was rivaled by only a few other hacks, notably the Mt.Gox hack. While nominally Coincheck is the largest hack in the industry’s history, the effects of Mt.Gox were significantly more impactful since the stolen funds consisted only of Bitcoin and caused a sustained market correction as well as an ongoing controversy with the stolen funds and founder. Moreover, Mt.Gox squandered 6% of the overall Bitcoin circulation at the time in a market that was much less mature than it is today.
Despite the fallout, Coincheck is now fully operational and registered with Japan’s FSA.
As practice shows, people make mistakes and these mistakes can cost a lot. Especially, when we talk about mad cryptoworld. Be careful and keep your private keys in a safe place.
submitted by SwapSpace_co to Bitcoin [link] [comments]

The biggest cryptocurrency thefts in the last 10 years

In this article, we will try to remember all the major theft of cryptocurrencies over the past 10 years.
1. Bitstamp $5.3 mln (BTC), January 4th, 2015
On January 4, 2015, the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker and 19,000 Bitcoins (worth of $5 million) were lost.
The initiation of the attack fell on November 4, 2014. Then Damian Merlak, the CTO of the exchange, was offered free tickets to punk rock festival Punk Rock Holiday 2015 via Skype, knowing that Merlak is interested in such music and he plays in the band. To receive the tickets, he was asked to fill out a participant questionnaire by sending a file named “Punk Rock Holiday 2015 TICKET Form1.doc”. This file contained the VBA script. By opening the file, he downloaded the malware on his computer. Although Merlak did not suspect wrong and has opened the "application form", to any critical consequences, this did not open access to the funds of exchange.
The attackers, however, did not give up. The attack continued for five weeks, during which hackers presented themselves as journalists, then headhunters.
Finally, the attackers were lucky. On December 11, 2014, the infected word document was opened on his machine by Bitstamp system administrator Luka Kodric, who had access to the exchange wallet. The file came to the victim by email, allegedly on behalf of an employee of the Association for computer science, although in fact, as the investigation showed, the traces of the file lead deep into Tor. Hackers were not limited to just one letter. Skype attacker pretending to be an employee of the Association for computing machinery, convinced that his Frame though to make international honor society, which required some paperwork. Kodric believed.
By installing a Trojan on Kodriс's computer hackers were able to obtain direct access to the hot wallet of the exchange. The logs show that the attacker, under the account of Kodric, gained access to the server LNXSRVBTC, where he kept the wallet file.dat, and the DORNATA server where the password was stored. Then the servers were redirected to a certain IP address that belongs to one of the providers of Germany.
There are still no official reports of arrests in this case. Obviously, the case is complicated by the fact that the hackers are outside the UK, and the investigation has to cooperate with law enforcement agencies in other countries.
2. GateHub $9.5 mln (XRP), June 1th, 2019
Hackers have compromised nearly 100 XRP Ledger wallets on cryptocurrency wallet service GateHub. The incident was reported by GateHub in a preliminary statement on June 6.
XRP enthusiast Thomas Silkjær, who first noticed the suspicious activity, estimates that the hackers have stolen nearly $10 million worth of cryptocurrency (23,200,000 XRP), $5.5 million (13,100,000 XRP) of which has already been laundered through exchanges and mixer services.
GateHub notes that it is still conducting an investigation and therefore cannot publish any official findings. Also, GateHub advises victims to make complaints to the relevant authorities of their jurisdiction.
3. Tether, $30.9 mln (USDT), November 19th, 2017
Tether created a digital currency called "US tokens" (USDT) — they could be used to trade real goods using Bitcoin, Litecoin and Ether. By depositing $1 in Tether, the user received 1 USD, which can be converted back into fiat. On November 19, 2017, the attacker gained access to the main Tether wallet and withdrew $ 30.9 million in tokens. For the transaction, he used a Bitcoin address, which means that it was irreversible.
To fix the situation, Tether took action by which the hacker was unable to withdraw the stolen money to fiat or Bitcoin, but the panic led to a decrease in the value of Bitcoin.
4. Ethereum, $31 mln (ETH), July 20th, 2017
On July 20, 2017, the hacker transferred 153,037 Ethers to $31 million from three very large wallets owned by SwarmCity, Edgeless Casino and Eternity. Unknown fraudster managed to change the ownership of wallets, taking advantage of the vulnerability with multiple signatures.
First, the theft was noticed by the developers of SwarmCity.
Further events deserve a place in history: "white hackers" returned the stolen funds, and then protected other compromised accounts. They acted in the same way as criminals, who stole funds from vulnerable wallets — just not for themselves. And it all happened in less than a day.
5. Dao (Decentralized Autonomous Organization) $70 mln (ETH), June 18th, 2016
On June 18, 2016, members of the Ethereum community noticed that funds were being drained from the DAO and the overall ETH balance of the smart contract was going down. A total of 3.6 million Ether (worth around $70 million at the time) was drained by the hacker in the first few hours. The attack was possible because of an exploit found in the splitting function. The attackes withdrew Ether from the DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to "ask" the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main faults that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call, and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It's important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for the DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the Internet and any application based on Ethereum to a website: if a website is not working, it doesn't mean that the Internet is not working, it simply means that one website has a problem.
The hacker stopped draining the DAO for unknown reasons, even though they could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit. In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and came very close to being introduced. A few hours before it was set to be released, a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from the DAO.
6. NiceHash, 4736.42 (BTC), December 6th, 2017
NiceHash is a Slovenian cryptocurrency hash power broker with integrated marketplace that connects sellers of hashing power (miners) with buyers of hashing power using the sharing economy approach.
On December 6, 2017, the company's servers became the target of attack. At first, Reddit users reported that they could not access their funds and make transactions — when they tried to log in, they were shown a message about a service interruption. In the end, it became known that the service had undergone a major cyberattack and 4736,42 Bitcoins disappeared without a trace.
Despite heavy losses, NiceHash was able to continue working, but CEO and founder Marco Koval resigned, giving way to a new team. The company managed to maintain the trust of investors and began to strengthen the protection of its systems.
7. Mt.Gox, 850000 (BTC), June 19th, 2011
The Hacking Of Mt.Gox was one of the biggest Bitcoin thefts in history. It was the work of highly professional hackers using complex vulnerabilities.
A hacker (or a group of hackers) allegedly gained access to a computer owned by one of the auditors and used a security vulnerability to access Mt.Gox servers, then changed the nominal value of Bitcoin to 1 cent per coin.
Then they brought out about 2000 BTC. Some customers, without knowing it, conducted transactions at this low price, a total of 650 BTC, and despite the fact that the hacking hit the headlines around the world, no Bitcoin could be returned.
To increase investor confidence, the company has compensated all of the stolen coins, placed most of the remaining funds in offline storage, and the next couple of years was considered the most reliable Bitcoin exchanger in the world.
However, it was only an illusion of reliability.
The problems of the organization were much more serious, and the management probably did not even know about them.
CEO of Mt.Gox, Mark Karpeles, was originally a developer, but over time he stopped delving into technical details, basking in the rays of glory — because he created the world's largest platform for cryptocurrency exchange. At that time Mt.Gox handled over 70% of all Bitcoin transactions.
And, of course, there were those who wanted to take advantage of the technological weakness of the service. At some point, hackers made it so that Bitcoins could be bought at any price, and within minutes millions of dollars worth of coins were sold — mostly for pennies. World prices for Bitcoin stabilized in a few minutes, but it was too late.
As a result, Mt.Gox lost about 850,000 Bitcoins. The exchange had to declare bankruptcy, hundreds of thousands of people lost money, and the Japanese authorities arrested CEO Mark Karpeles for fraud. He pleaded not guilty and was subsequently released. In 2014, the authorities restored some of the Bitcoins remaining at the old addresses, but did not transfer them to the exchange, and created a trust to compensate for the losses of creditors.
8. Coincheck, $530 mln, January 26th, 2018
The sum was astonishing, and even surpassed the infamous Mt.Gox hack.
While Mt.Gox shortly filed for bankruptcy following the hack, Coincheck has surprisingly remained in business and was even recently approved as a licensed exchange by Japan’s Financial Services (FSA).
Coincheck was founded in 2014 in Japan and was one of the most popular cryptocurrency exchanges in the country. Offering a wide variety of digital assets including Bitcoin, Ether, LISK, and NEM, Coincheck was an emerging exchange that joined the Japan Blockchain Association.
Since Coincheck was founded it 2014, it was incidentally not subject to new exchange registration requirements with Japan’s FSA — who rolled out a framework after Mt. Gox –, and eventually was a contributing factor to its poor security standards that led to the hack.
On January 26th, 2018, Coincheck posted on their blog detailing that they were restricting NEM deposits and withdrawals, along with most other methods for buying or selling cryptocurrencies on the platform. Speculation arose that the exchange had been hacked, and the NEM developers issued a statement saying they were unaware of any technical glitches in the NEM protocol and any issues were a result of the exchange’s security.
Coincheck subsequently held a high-profile conference where they confirmed that hackers had absconded with 500 million NEM tokens that were then distributed to 19 different addresses on the network. Totaling roughly $530 million at the time — NEM was hovering around $1 then — the Coincheck hack was considered the largest theft in the industry’s history.
Coincheck was compelled to reveal some embarrassing details about their exchange’s security, mentioning how they stored all of the NEM in a single hot wallet and did not use the NEM multisignature contract security recommended by the developers.
Simultaneously, the NEM developers team had tagged all of the NEM stolen in the hack with a message identifying the funds as stolen so that other exchanges would not accept them. However, NEM announced they were ending their hunt for the stolen NEM for unspecified reasons several months later, and speculation persisted that hackers were close to cashing out the stolen funds on the dark web.
Mainstream media covered the hack extensively and compared it to similar failures by cryptocurrency exchanges in the past to meet adequate security standards. At the time, most media coverage of cryptocurrencies was centered on their obscure nature, dramatic volatility, and lack of security. Coincheck’s hack fueled that narrative considerably as the stolen sum was eye-popping and the cryptocurrency used — NEM — was unknown to most in the mainstream.
NEM depreciated rapidly following the hack, and the price fell even more throughout 2018, in line with the extended bear market in the broader industry. Currently, NEM is trading at approximately $0.07, a precipitous fall from ATH over $1.60 in early January.
The extent of the Coincheck hack was rivaled by only a few other hacks, notably the Mt.Gox hack. While nominally Coincheck is the largest hack in the industry’s history, the effects of Mt.Gox were significantly more impactful since the stolen funds consisted only of Bitcoin and caused a sustained market correction as well as an ongoing controversy with the stolen funds and founder. Moreover, Mt.Gox squandered 6% of the overall Bitcoin circulation at the time in a market that was much less mature than it is today.
Despite the fallout, Coincheck is now fully operational and registered with Japan’s FSA.
As practice shows, people make mistakes and these mistakes can cost a lot. Especially, when we talk about mad cryptoworld. Be careful and keep your private keys in a safe place.
submitted by SwapSpace_co to bitcoin_uncensored [link] [comments]

Anti-FUD: The BIP148 enforcing client - a walkthrough.

There seems to be a lot of FUD going around surrounding https://github.com/uasf/bitcoin/tree/0.14 <--that little guy. I'm a programmer, so let me walk you through what, exactly, is changed, and how you can verify what changes for yourself.
So, to get started, click on the 'Compare' button just below the green button that says 'clone or download'. link
This shows you every single change that has been merged between bitcoin core, in the 0.14 branch (the branch that was used to create the 0.14 Core client many of us use) and this repository's version of the 0.14 client, which requires any blocks after August 1, 2017 to support Segwit.
So, let's go through the page, top to bottom, and explain what it is telling you.
19 commits 4 files changed 3 commit comments 3 contributors 
That tells you that 19 times someone has changed something in the code base, in total, 4 files were changed by those 19 commits, 3 commit comments were made (think of these as replies to a thread on reddit), and 3 people total have made contributions to the code differences represented below.
Below that is a list of what commits were made on what day. You can click on the second column (BIP148 / Update client name to Satoshi BIP148 / etc) to see what changes were made in that version (compared to the version before it) specifically.
Scroll down until you hit
Showing with 19 additions and 5 deletions. 
This is where the 'fun' (programming) begins.

src/clientversion.cpp

-std::string FormatSubVersion(const std::string& name, int nClientVersion, const std::vector& comments) +std::string FormatSubVersion(const std::string& name, int nClientVersion, const std::vector& comments, const bool fBaseNameOnly) 
Red lines, which always start with a minus sign, means that line was removed from the file. Green lines, which always start with a + sign, mean that line was added. "But the line wasn't removed, just some stuff was added to the end!" Correct! This is a 'diff-ism'. Diff being the name of the program used to show differences between a file. Diff doesn't highlight just the part of the line that changed, it highlights the entire line, and leaves it to you to spot the changes in the line.
From the above, we can see a parameter was added to the end of the line. "But what does the line do!" Well, what you're looking at is a function declaration. What is a function? Well, imagine you wanted to build a robot to make sandwiches for you. You could make the sandwich yourself, but it's easier if an automated system does it for you. The function is like the robot; you put a specific set of tasks into the robot's programming, give it a specific set of inputs (bread, knife, meat/cheese/spreads/etc) and it returns the resultant sandwich. The way to read the declaration is this:
std::string FormatSubVersion(const std::string& name, int nClientVersion, const std::vector& comments, const bool fBaseNameOnly) 
  1. std::string The first argument is the return type of the function. In this case, a C++ string.
  2. FormatSubVersion This is the name of the function
  3. (const std::string& name, the first parameter of the function, since it is unchanged from Core, and unmodified by other changes in the file, I will not bother explaining what it does.
  4. int nClientVersion, Second parameter to the function. Same thing, original, unmodified, skipping.
  5. const std::vector& comments, Parameter 3, unchanged, skipping.
  6. , const bool fBaseNameOnly) Parameter 4, 'const bool' means two things: 1) we cannot change the value of this variable in the code. 2) it's a 'bool' type, which is short for boolean. It an either be true or false, those are the only values it can ever have. What does it do? Let's keep reading.

std::ostringstream ss; 
That's important for later, make note of it.
if (!fBaseNameOnly) ss << "UASF-Segwit:0.2(BIP148)/"; 
The above is the change uses the newly minted parameter 4 to add a bit of text into the output stream. Specifically, the string "UASF-Segwit:0.2(BIP148)/" is tacked on to whatever is ahead of it in the output stream. The net result of this change is that clients using this code will report their client version as '/Santoshi:0.14.0/UASF-Segwit:0.2(BIP148)/' instead of the standard value of '/Santoshi:0.14.0/'.
File complete! Next file.

src/clientversion.h

Within C or C++ programming, you have the concept of 'code files' (ending in .c or .cpp) and 'header files' (ending in .h). Strictly speaking, any code can be in either file and the compiler will figure it out (assuming you give it enough information to do so). However, programming conventions exist. Since I assume the readers of this post are (largely) not programmers, I won't bore you. It's a convention used for sanity only, and it is a convention followed by the bitcoin source code. In general, program code that 'does stuff' goes in .c and .cpp files, and the code needed to tell the compiler (compiler = the thing that converts these text files into a program) where to 'find stuff' goes into .h files.
-std::string FormatSubVersion(const std::string& name, int nClientVersion, const std::vector& comments); +std::string FormatSubVersion(const std::string& name, int nClientVersion, const std::vector& comments, bool fBaseNameOnly = false); 
Well, because this is the exact same function call we just talked about in the previous section, I'll skip going through the parameters one by one, and instead focus only on the change: , bool fBaseNameOnly = false).
"WAIT! It has 'const' before bool in the .cpp file! That's bad right!?" No. The compiler will see const in the .cpp file and mandate the variable be const.
"WAIT! Here it says '= false' and in the .cpp file it doesn't!" Again, not a problem. Remember how I said some code goes in .c/.cpp files, and some in .h files? Well, this is a case where which file contains what code actually does matter. Basically, you can't set a default value for a parameter inside a .c/.cpp file. You can only do that in a .h file. So...that's 100% correct. Here is the souce code for a quick little program to see this behavior:
--test.cpp--
#include "test.h" #include  #include  int main() { function(); } int function(const bool tmp) { tmp = !tmp; } 
---test.h---
int function(bool test = false); 
--If you tried to compile this, you'd get--
g++ test.cpp test.cpp: In function ‘int function(bool)’: test.cpp:12:6: error: assignment of read-only parameter ‘tmp’ tmp = !tmp; 
In this case, 'read only' means 'was declared const'.
Remember how a 4th parameter was added in the code above? Well, you have to tell the compiler to expect that parameter, which you do here, in the header file. That line of code tells the compiler to expect the 4th parameter. It also sets the default value of the parameter, should the caller not specify it, to be false.
Thus, you can call this function two ways:
  1. FormatSubVersion("Test", 99900, std::vector())
  2. FormatSubVersion("Test", 99900, std::vector(), true)
Using method 1 would result in a User Agent string of '/Test:99900/UASF-Segwit:0.2(BIP148)/', because the program uses the default value of 'false' and so it sticks in the bit about BIP148 support. Using method 2 would result in '/Test:99900/' "Wait, wait, how did you figure that out?" Look here, scroll to the bottom (line 88) and that is the FormatSubVersion function we went over above. All you do is built the string in steps as you read the code:
  1. Line 90: ""
  2. Line 91: "/"
  3. Line 92: "/Test:99900" {the 'Test' comes from the 'name' parameter, parameter 1. The : is statically coded (<< ":" <<) and the 99900 comes from nClientVersion, parameter 2}
  4. Line 93: From the function call, we see that parameter 3 is initialized 'std::vector()', this is an empty vector. If the vector had anything in it, it would look like this: std::vector('a')
  5. (because the if statement in line 93 fails, we go to: ) Line 101: "/Test:99900/"
  6. Line 102: (are we doing a version with or without the 4th parameter set to true?)
  7. Line 103: (if parameter 4 is false, line becomes "/Test:99900/UASF-Segwit:0.2(BIP148)/"
  8. Line 104: Convert the 'ss' variable to a standard C++ string and return the that string to whatever asked this function to be run.
SO, in total, this function literally just creates a string. Much like the robot-sandwich example, you give the function a client name, version, and list of comments and it builds you a string containing those things.

src/test/util_tests.cpp

This file is part of the automated testing for bitcoind/bitcoin-qt. When you compile the software, you'd typically run 'make check' before installing the software, to ensure that your changes didn't break anything and that your compile didn't go wrong. With the effort I've put into explaining the change to FormatSubVersion in the past two section, I believe you can now see that the only change made to this test is to ensure that the newly added code performs as expected.
That said, there is a 'defect' in this code. He should not have removed the 3 existing tests. He should have added 3 new tests. That way he'd have both 'positive' and 'negative' test case coverage. That said, it isn't something to fret about.

src/validation.cpp

All right, finally, the big file where all the cool shit happens!
+ // BIP148 mandatory segwit signalling. + if (pindex->GetMedianTimePast() >= 1501545600 && // Tue 1 Aug 2017 00:00:00 UTC + pindex->GetMedianTimePast() <= 1510704000 && // Wed 15 Nov 2017 00:00:00 UTC + !IsWitnessEnabled(pindex->pprev, chainparams.GetConsensus())) + { + // versionbits topbit and segwit flag must be set. + if ((pindex->nVersion & VERSIONBITS_TOP_MASK) != VERSIONBITS_TOP_BITS || + (pindex->nVersion & VersionBitsMask(chainparams.GetConsensus(), Consensus::DEPLOYMENT_SEGWIT)) == 0) { + return state.DoS(0, error("ConnectBlock(): relayed block must signal for segwit, please upgrade"), REJECT_INVALID, "bad-no-segwit"); + } + } + 
The entire section is newly added. Anything it does will be 'in addition to' whatever is already done. Let's go through the change line by line:
"Ok, but what about 1501545600? How do we know that?" It's an epoch timestamp. Google 'epoch converter', copy-paste that number in, convert to UTC, and you'll see it is correct for what the comment says it is.
The '&&' at the end of the line means 'and'. So in this case, 'if the mean age of the past few blocks is greater than or equal to and ...'
You can see proof of this claim in the tests written in src/test/versionbits_tests.cpp lines 277-281. line 277 creates an 'old format' block, then (line 279) checks that the ComputeBlockVersion function works, then verifies that the bitwise-and function returns TOP_BITS, as expected.
If you are concerned that more might be needed to reject a block, simply view src/validation.cpp on line 1892 and see that standard bitcoin Core code rejects blocks in the same way as the SEGWIT patch does.
"So wait, what is the total requirement to reject a block again?"
  1. If the mean age of the past few blocks is greater than or equal to AND the mean age of the past few blocks is less than or equal to AND the previous block did not show that Segwit was in 'active' state:
  2. If all of the conditions in step 1 are met AND the block either does not support BIP9 messaging, or does not signal support for SEGWIT
  3. Then it will be rejected.
"So wait, what happens after the first segregated witness block pops across the network? Hasn't that already happened?" No. Blocks that support segwit have come across the network, but in order for IsWitnessEnabled to return 'true', the SEGWIT state would need to switch to 'active' (see BIP9 spec), which is the final state of any proposal, and the point at which the setting is considered an accepted part of the blockchain.

Conclusions

So, you see, no muss, no fuss. The day-1 bug where the logic was backwards has been fixed. There is nothing to fear. Feel free to ask questions and I'll explain them over the next few hours/days as I am able. I'll try to talk to your level if I can. I like teaching in general and abhor ignorance in all its forms. Understand: ignorance strictly means 'not knowing', rather than the typical 'negative' connotation it gets in English speaking society. I would like everyone to realize just how simple this UASF patch is and that the FUD surrounding it not being 'verified' is absolutely a bad joke.
edit: Logic fix thanks to Phil. Like shaolinfry, I had my negated logic backwards. Oops.
submitted by Kingdud to Bitcoin [link] [comments]

Clearing up some misconceptions (including my own) [WARNING: LONG, MATH]

I've been reviewing NAV's code for the past couple months in my spare time and have seen a few things pass for granted which I had assumed were edicts from the NAV team, but as it turns out, they were not. I'll just cover them in sections below. This is going to get long, and hopefully you like math. I'm sorry, in advance.

Coins do not gain weight with age

tldr; section title
This is the big one, and the reason I wanted to review NAV's code in the first place. I had been treating this unofficial medium article like it was the bible, and it mentions that coins are weighted with age and size. No other documentation I could find indicated any differently (honestly, there's not really other documentation, in the first place) and so, having not finished looking into the code, I presumed that was simply true.
It is not, however. I'm not even sure where this idea came from, besides that article, because no NAV team announcements I've seen have said this, but maybe I'm just not looking back far enough.

So how DOES it work?

tldr; values are hashed together and compared against a target. That target is adjusted based only on how many NAV are staking
For those who haven't looked into how NAV picks the next group of staking coins (like I hadn't), the way it works is that a bunch of publicly available values (such as the time of the block you want to make, the time and hash of the transaction that represents your coinstake, and a few others) are hashed twice through SHA256 to create a random number. The actual values input are less important, what is important for NAV's purposes is that they are available to everyone, reasonably unique, and can be verified by other nodes on the blockchain. The output is, mathematically speaking, reproducible, but also completely random.
This value is then checked against a target value that changes based on how fast the network is making blocks. If the network is making blocks around once every three seconds? The target value gets harder (smaller). If the network is making blocks around once every minute? The target value gets easier (larger). The target value just gets adjusted until the network is sitting comfortably at 30 second blocks. So far this is the same way Bitcoin keeps their block time consistent.
However, PoS currencies then usually make an adjustment to that target value to increase your chances to win. In NAV's case, they multiply the target value by the number of coins you are staking. This means that a group of 1000 coins is 1000 times more likely to stake than a group of 1 coin.
To use more accessible numbers, since the values NAV is using are huge, this would be like saying the base odds are that you have to roll a 2 or below on a 100-sided die to win the coinstake. For one roll, you have a 2% chance. For two rolls, you have a 3.95% chance, for three rolls you have a 5.88% chance, for ten you have a 18.29% chance. For n rolls, a 1 - (98^n)/(100^n) chance. To simplify this somewhat, and encourage larger groups, NAV simply says that if you have 10 coins, your chances are 10 * 2%, or 20%. It's a bit more, but it's close.
It's worth noting that, using this system, if you have 50 coins, you have a 100% chance to win every roll, whereas pure single-roll odds only give you a 63.58% chance. The reason this isn't really a problem is that, in this example, there would only be 50 coins in existence, and you probably don't even have access to half of them. Additionally, if you are winning too quickly, NAV will start handing you a 200 sided die, then a 400 sided die, until you are only winning one in 30 -- and this is assuming you're the only one playing. With a table of people, you will get a larger die until only one of you is winning one roll in 30.

Majority Attacks

tldr; if coins gained weight with age it might be an actual security concern. This way is not
The problem with Proof of Stake Age (PoSA) is that, if implemented poorly, it can create opportunities for very cheap attacks. You may have heard of a 51% attack (or majority attack) before. This is where any single entity in the Bitcoin network gains more than 50% of the hashing power. At 51% the chances of them mounting a successful network control attack are now greater than half, which presents a potential danger to the network.

In PoW

tldr; you need lots of fancy computers that you get to keep after
You need a lot of hashing power, which means a lot of computers, which means a lot of financial capital. Or, you need to combine with another organization or pool to combine your hashing power. This was actually a concern once in Bitcoin, but fortunately was resolved to no ill-effect, and ghash.io agreed to cut down their processing. In a PoW system, however, after you have executed your attack, you still have all of your computers, and can use them for something else. The financial capital you have invested is kept, and you never had to invest a single penny into the coin.

In PoS

tldr; you need lots of coins that you probably spent a lot of money on, which are probably worth very little after
In PoS currencies, a 51% attack is still possible, but in this case you would need to have more than half of the staking coins. As of a few days ago, the network weight was hovering around ~18-22 million NAV, so for NAV, you would need ~10-12 million coins to have the requisite 51% of coins. The base assumption for a PoS currency, however, is that, once you have that many coins, you're pretty invested in the network, and it is directly detrimental to you to attempt to attack it. When you execute your attack, you will likely greatly damage trust in the coin, and lose a large portion of your investment. At least, this is the theory.

In PoSA

tldr; you need a little bit of money and a lot of time
You just need to wait. The most simplistic form of PoSA is in the form: adjusted_target = coins * time * base_target. If left uncapped, the time adjustment can allow a single coin stake to outweigh the entire network. Even with a cap of three months (for a total of 7776000 age-weight), you could use a mere 797 individual 0.01 NAV stakes (7.97 NAV total) to outweigh the combined base weight of all 62 million NAV in existence. You want good actors to have the most weight on the network, but in a PoSA currency, good actors are constantly losing their weight when their time resets, whereas bad actors can get more weight for doing nothing.

In PoST

tldr; you need a little bit of money and to somehow create a bunch of coins with the same hashing window
There are some currencies, such as VeriCoin, which have attempted to address this in novel ways, using what they call Proof of Stake Time. They create an ideal window during which your coins gain weight, but after which they return to base levels. This should theoretically encourage people to keep a server running, so they can always catch that window when it happens, which is partially randomized (to prevent someone from simply making a bunch of 0.01 coinstakes at the same time and just waiting for the window). I'm not sure how battle-tested this is, and I can think of a few potential vectors for attack that might exist, depending on implementation, but it does present an interesting and promising approach to the problem of how to encourage everyone on the network to participate, instead of just large stake holders with good odds.

So how likely is it for me to actually get a stake with ___ NAV

tldr; at current network weights it's likely that 1000 NAV will stake around once a week, and 1 NAV will stake once every 17 years.
Since NAV is neither PoSA nor PoST (which I would stress isn't a bad thing, because pure PoS is comparatively simple and has known -- and addressed -- vectors of attack. It's also not necessarily a good thing; it's mostly just a thing), you're basically just as likely to stake today as you are tomorrow. Theoretically, every second should present a new opportunity to win a stake, but in practice this ends up not quite working out because there are other people on the network. Every time you accept a new block, you cut off all of the seconds before it forever. In practice, it's probably easiest to just look at the total weight of the network, and your weight, and extrapolate from there. We'll take for granted that NAV will have 30 second block times for this calculation. If you've got Python you can follow along:
>>> # 2 blocks/min * 60 min/hr * 24 hday * 365 days/year ... TOTAL_STAKES_IN_YEAR = 1051200 >>> # 60 sec/min * 60 min/hr * 24 hday * 365 day/yr ... SECONDS_IN_YEAR = 31536000 >>> # the number of coins you are staking ... stake = 1.0 >>> # The total number of coins on the network ... network_weight = 18701284.96584108 >>> my_stakes_per_year = (stake / network_weight) * TOTAL_STAKES_IN_YEAR 0.05621004128433283 >>> seconds_between_stakes = SECONDS_IN_YEAR / my_stakes_per_year 561038548.9752324 
For those keeping track, this means that a 1 NAV stake is expected to take approximately 17.79 years to see a return in the current network (and, even then, only if you happen to be online at exactly the right time and nobody else stakes it first). Coincidentally, this is where that "expected time to stake" number comes from, which I've seen people asking about. I didn't actually look that one up in the code, so I'm not sure how their exact equation differs from mine, but I arrived at the exact same numbers they did, so it's likely similar (and probably more concise, because I am both a verbose writer and programmer, if you hadn't noticed). A 1000 NAV stake, using what I am calling network math for ease of reference, is expected to take around 6.49 days. My suspicion is that the reason this is sometimes more sporadic is that going by the target alone, and testing every second, a 1000 NAV stake should be getting a hit around once every 8 hours. I generated a file of 31536000 hashes (one for each second in the year), using the rules NAV uses to create hashes, and came up with the following table.:
*Assumes a target of 0x1a183258. I forget which block I pulled this from, but it's still around there. This unpacks to a value of: 0x0000000000001832580000000000000000000000000000000000000000000000 Calc wins : Mathematical calculation for how many hashes you should win, given the target Hash wins : This was pulled from the file with a year's worth of random hashes. N-M Wins : The number of wins network math says you should get Hash time : The average time between wins in the randomized file for the given NAV amount N-M time : The amount of time network math says you should wait between wins NAV : Calc wins : Hash wins : N-M wins : Hash time : N-M time 1 : 1.05 : 1 : 0.05 : ~1 year : 17.79 years 5 : 5.29 : 7 : 0.28 : 41.66 days : 3.56 years 10 : 10.59 : 10 : 0.56 : 34.27 days : 1.78 years 50 : 52.95 : 44 : 2.81 : 7.49 days : 129.87 days 100 : 105.89 : 107 : 5.62 : 3.42 days : 64.94 days 200 : 211.79 : 212 : 11.24 : 41.24 hours : 32.47 days 500 : 529.48 : 532 : 28.11 : 16.39 hours : 12.99 days 1000 : 1058.97 : 1050 : 56.21 : 8.33 hours : 6.49 days 2000 : 2117.93 : 2109 : 112.42 : 4.15 hours : 3.25 days 5000 : 5294.83 : 5326 : 281.05 : 98.62 minutes : 1.30 days 1000000 : 1058966.42 : 1058455 : 56210.04 : 29.79 seconds : 9.35 minutes 
So obviously, a bit of disparity between the target-based times and the network calculated times. I would guess this has to do with other people on the network cutting you off from time values, and orphaned transactions where you did get the right value, but somebody else made a weightier one, but this is where my ability to really verify exactly what is happening starts dwindling. The disparity in N-M wins and Calc wins indicates that the target is currently too easy, and should adjust upwards, because right now coins on the network are 18.84 times weightier (calc wins column / n-m wins column) in hashing power than they should be based on the total network weight. But this is also where the whole "50 groups of 1 coin has a 63.58% chance to hit 2/100 whereas 1 group of 50 coins has a 100% chance to hit 100/100" thing comes into play.
Since the network is largely broken up into groups of, on average, 1500 coins, we're actually looking at ~12467.52 groups of 1500 coins vying to win any given block. Given the target, a group of 1500 coins should have a 0.0050369...% chance to win any given coinstake ((target * 150000000000) / maximum_hash_value). This means that the chance that at least one of the 12467.52 staking groups will match for a given second is 1 - (1 - 0.000050369...)^12467.52 = 0.4663, or 46.63%. This places the actual amount that coins are overweight a bit closer to 13.989 times. (network should have ~1/30 chance (3.33...%) to win any given second, 46.63 / 3.33...% = 13.989).
However, as mentioned, the software itself can get in the way of that, so this might just be due to a quirk of how the NAV software searches for matches, since it will abandon any seconds prior to the most recently accepted block. If you were cut off from 13 seconds in every 100, that would account for the weight disparity. In any case, I would probably trust the network math times over the pure math ones, if you're just trying to get a feel for how long you'll likely wait between stakes. What this really translates to is that, although a 1 NAV stake will probably have one second out of the year that will hash in it's favour, even running 24/7 you're likely to miss 17 of those before you actually have all the right conditions to win.
Interestingly, I did manage to find one 9.99 NAV stake that won after only 5 days; so it can happen. But it's all still random.

How does this affect my staking rewards?

tldr; it doesn't
Fortunately, NAV pays out the amount you should receive down to the second. Let's take this block at random. 1119.84133642 NAV coinstake, generated 3.82575342 NAV. The time of the previous transaction that created that coinstake was 1514741456 (see the "Raw Transaction" tab). The time of the current transaction is 1514741456. that's all we need to go on.
>>> SECONDS_IN_DAY = 86400 >>> DAYS_IN_YEAR = 365 >>> CENT = 1000000 # .01 NAV >>> COIN = 100000000 # 1.0 NAV >>> REWARD_PERCENT = 5 * CENT # will be 4 * CENT with community fund >>> # All NAV amounts in satoshi (navtoshi? natoshi?) ... stake = 111984133642 >>> # time of this stake ... stake_time = 1516896224 >>> # time of the transaction that made this stake >>> stake_prev_time = 1514741456 >>> # I'm not 100% positive why it converts to cent/seconds first, ... # but this is what the code does, so we need to as well if we ... # want to be accurate ... cent_seconds = (stake * (stake_time - stake_prev_time)) // CENT 241299827679 >>> # Now they undo the cent_seconds for some reason? I'm not sure. ... # This does, however, create a minimum coin stake for any given time. ... # 1 NAV, for instance, will not generate anything if it stakes until ... # it is exactly one day old (with a whopping 0.00013698 NAV). ... # The minimum NAV stake you can get a reward from if you get lucky ... # and stake at the end of two hours is 11 NAV. ... coin_day = ((cent_seconds * CENT) // COIN) // SECONDS_IN_DAY 27928 >>> stake_reward = (coin_day * REWARD_PERCENT) // DAYS_IN_YEAR 382575342 
note: // is a floor division. For example, 3 / 2 = 1.5, 3 // 2 = 1
And we come out the other end with exactly 3.82575342 NAV. Those are the only variables that affect your payout for staking. You then also get whatever the fees happen to be. There's not any magic to it, and so far as I can tell there's also not a limit. If you legitimately wait those 17 years for your 1 NAV to stake, your eventual payout will be on the order of 0.84 NAV. Anyways, that's pretty much all there is to your payout; it's very direct.

So is it worth it for me to stake?

tldr; personal preference
Honestly, this is entirely up to you. If you're in the "month or more" camp of coinstakers, it's probably not worth your while to be running 24/7 unless you're just really into securing the network (which, to be fair, I am all about that, so feel free). But with the blockchain at the small size it is right now, and if you're going to be using your computer anyways, it probably doesn't hurt to just run it in the background and see if you get lucky. Like pointed out, the actual amount you get is not affected by any of this. All that this means is that it is harder to predict exactly when you will get a stake. If you're concerned about financially supporting the staking, then NavTechServers has created this handy calculator to help out. From a mathematical standpoint, it's ironically much more likely for small coinstakers to get stakes if they are running 24/7, but from a financial standpoint, you're probably not getting enough to care to, so it's up to your preferences.

Cold Staking is not staking while offline

tldr; there is no magic that will allow blocks to be created without nodes on the network
I've also seen a bit of confusion over what cold staking is likely to bring, and want to ensure people aren't upset when it does get rolled out. Specifically the misconception that staking with offline coins is the same thing as staking while offline. It is physically impossible to generate a block without something connected to the network, and you only get staking rewards once you have generated a block, because the blockchain doesn't really have the tools to tell who is online and participating beyond "who made this block."
All that cold staking means is that the private keys to use your NAV to buy things or move their address are not on the server doing the staking. In general, this is accomplished via a smart contract and a secondary set of keys that is given permission to use your coins, but only for staking. If those keys are used for moving the a coin from one account to another, then the smart contract will flag it as an incorrect usage. This means that if someone hacks into your server, the only thing they could steal are the keys that permit them to stake your blocks. This is much easier to correct than someone stealing your private keys and moving your NAV to a separate address. Particl's overview of their cold staking system is a good read to get some baseline expectations.
Most implementations of cold staking do open up the possibility to sign your coins over to someone else to stake, which opens up the entirely new 51% attack vector of asking people to just GIVE you their network weight. But given that I have just recently explained to you all why one person owning a majority of the coin staking weight on the network is dangerous, I shouldn't have to tell you why this would be a bad idea, right?
RIGHT??

Summary

In any case, that's about it. Chances are the answer to the question "am I staking" is "yes", so long as the wallet tells you that it's staking. Unfortunately (but also fortunately), waiting longer only increases your chances insofar as you are trying more, but when you do eventually stake, you will be paid out based on how long you have waited, so there's not much lost.
I could go into much more depth about all this but this was about as concise as I could get it while still showing most of my work. I'd also be happy to address any other questions that arise from this, and obviously if somebody who knows better finds anything wrong with any of the details here let me know. If you wanted to get into this more in-depth, I've created a Python script which explains some of the technical aspects more thoroughly (including how to unpack the compact target number into the full value being checked in the code), and allows you to get hands-on with real block values. You can download it here. Happy hodling, everybody.
submitted by i_adore_you to NavCoin [link] [comments]

Free BTC Earn - Non Stop Earn Free Bitcoin -Just Simple Clicking one button free btc earn - earn free bitcoins claim up to 0.9 bitcoin without investing any money Royalty Free Flower 03 Particle How to download a free vector data OpenStreetMap in shapefile (ESRI ArcGIS) bitcoin earning site - how to earn bitcoin 2020! ($btc for mining )

Download Bitcoin Vector Icons Vector Art. Choose from over a million free vectors, clipart graphics, vector art images, design templates, and illustrations created by artists worldwide! bitcoin vector download free vector images - download original royalty-free clip art and illustrations designed in Illustrator. Awesome bitcoin vector graphics to download in AI, SVG, JPG and PNG. New bitcoin designs everyday with commercial licenses. All Vectors 29 PSD 0 PNG/SVG 8 Logos 5 icons 1 Editable 0. Premium vectors by iStock Promocode VEXELS15 and get 15% off. Graphics to Download. Bitcoin Coin T-shirt Design. AI Format PREMIUM EDIT ONLINE OPTIONS INSIDE. 420 Bitcoin T-shirt Design. AI Format PREMIUM EDIT ... Note : 'Bitcoin logo' is the free vector file you will download, the vector file is stealthed in the .zip .rar .7z file to help you download files faster .Please use the Winrar or 7Zip software to open and Extract files vector. Download 762 bitcoin free vectors. Choose from over a million free vectors, clipart graphics, vector art images, design templates, and illustrations created by artists worldwide!

[index] [41740] [477] [10003] [9353] [44329] [38388] [48353] [24221] [39138] [7367]

Free BTC Earn - Non Stop Earn Free Bitcoin -Just Simple Clicking one button

free fast · earn btc instant · free bitcoin · free bitcoin button · free btc claim · free btc earn 2019 · get free bitcoin · hack btc · legit bitcoin claim Download Free BTC Earn APK ... ===== Royalty Free Source. Download to Download Program or Download Web Site. Source distribution not allowed. Please Subscribe Channel. ===== free btc - you can earn free btc by using the cash app lolli & the pei app. Download Free Bitcoin Earning app Now ( CryptoPop app) http://bit.ly/38QmhYu Free... free fast · earn btc instant · free bitcoin · free bitcoin button · free btc claim · free btc earn 2019 · get free bitcoin · hack btc · legit bitcoin claim free btc earn - earn free bitcoins claim up to 0.9 bitcoin free btc earn - earn free bitcoin totally free - no investment - earn bitcoin fast without investment.

#