|
|
|
This is why I am nervous about crypto. Are there any old school banks with years of protecting electronic accounts that will hold crypto for you? For a fee, of course!
|
|
|
|
|
The banks put the controls in place, the consumer keeps looking for "bridges" so they won't have to think, etc.
"Before entering on an understanding, I have meditated for a long time, and have foreseen what might happen. It is not genius which reveals to me suddenly, secretly, what I have to say or to do in a circumstance unexpected by other people; it is reflection, it is meditation." - Napoleon I
|
|
|
|
|
Are we surprised?
Safes are hackable - but in most case it involves a lot of noise and that draws attention...
Software is hackable - and it can be done in your comfort zone and without any attention at all...
Cryptocurrency came to life to go under the radar, but on the way it also lost the protection the bank system gives... Some was thinking it worth, other learned it may not be such a good idea...
"The only place where Success comes before Work is in the dictionary." Vidal Sassoon, 1928 - 2012
|
|
|
|
|
Around five years ago, my then-employer wanted to go big on Blockchain.
Don't get me wrong, they were a fine tech company with skilled people in .NET and Azure, and they didn't bet on a single horse, but they had a weak spot for the latest greatest (they always wanted to be in on it before clients started asking about it).
I attended some presentations about blockchain and one thing I heard is that it was unhackable.
Blockchain was so simple and so transparent that it just couldn't theoretically be done, the math was clear on it.
I rolled my eyes and waited, not too long, before the first news articles about hacked blockchains came rolling in
NOTHING is unhackable (Chrome doesn't even recognize "unhackable" as an existing word, while "hackable" is ).
|
|
|
|
|
According to the article, they didn't hack the blockchain, but a "bridge"; sounds more like a victim of agile.
Bridges use wrapped tokens, which lock tokens in one blockchain into a smart contract. After a decentralized cross-chain oracle called a “guardian” certifies that the coins have been properly locked on one chain, the bridge mints or releases tokens of the same value on the other chain. Wormhole bridges the Solana blockchain with other blockchains, including those for Avalanche, Oasis, Binance Smart Chain, Ethereum, Polygon, and Terra.
But what if you can’t trust the guardian? AT lengthy analysis posted on Twitter a few hours after the heist said that Wormhole’s backend platform failed to properly validate its guardian accounts.
..and Compounding the difficulty, the new hack came shortly after a recent change was made in some of the software involved.
“The bridge didn’t expect that users could submit a signatureset, since the change to facilitate that was a recent one in the Solana runtime,” Guido explained. “By submitting their own signature data, an attacker short-circuited a signature check that allowed them to take ownership of a large amount of tokens.”
A change in the software, which "did not expect" a signature.
Bastard Programmer from Hell
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Eddy Vluggen wrote: Bridges use wrapped tokens, which lock tokens in one blockchain into a smart contract. After a decentralized cross-chain oracle called a “guardian” certifies that the coins have been properly locked on one chain, the bridge mints or releases tokens of the same value on the other chain. Wormhole bridges the Solana blockchain with other blockchains, including those for Avalanche, Oasis, Binance Smart Chain, Ethereum, Polygon, and Terra.
But what if you can’t trust the guardian? AT lengthy analysis posted on Twitter a few hours after the heist said that Wormhole’s backend platform failed to properly validate its guardian accounts. This is mostly mumbo jumbo to me (and I suspect in general), so I have no idea what they're talking about
When I say "hacked" I mean in the broadest term of the word, social, technical, directly, indirectly...
Basically, people are manipulating blockchains where I was told that isn't possible (because hashes would fail and you can't fake hashes blah blah...)
|
|
|
|
|
Sander Rossel wrote: This is mostly mumbo jumbo to me (and I suspect in general), so I have no idea what they're talking about Lack of knowledge doesn't stop you from venting an opinion
Sander Rossel wrote: Basically, people are manipulating blockchains where I was told that isn't possible The blockchain wasn't hacked, but a "bridge".
Bastard Programmer from Hell
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Ok, I'm going to water it down even further.
Blockchain was untouchable according to the fanbois.
It obviously isn't, as was to be expected.
That's really my whole point.
And I get it, it's not blockchain, but a bridge, blah blah... The fact is, someone had their money "safely" inside an "untouchable blockchain", and now it's gone.
Eddy Vluggen wrote: Lack of knowledge doesn't stop you from venting an opinion Welcome to the internet
|
|
|
|
|
Sander Rossel wrote: Ok, I'm going to water it down even further.
Blockchain was untouchable according to the fanbois.
It obviously isn't, as was to be expected.
That's really my whole point.
And I get it, it's not blockchain, but a bridge, blah blah.. Let me repeat that, the blockchain isn't hacked.
Your "point" is invalid. You might want to learn how it works, so you can actually say something about it that is viable.
Aw, I don't own anything on a blockchain; I'm a silver-bug.
Bastard Programmer from Hell
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
I didn't even use the word "hacked" in that post.
I said "untouchable" to be more on-topic for this particular post (how dare I post about blockchain being hacked in a topic on a bridge connecting to a blockchain being hacked).
Hacked or not, blockchains can be manipulated in ways that were earlier not accounted for.
For my earlier comments about it being (un)hackable:
Blockchains Were Supposed to Be “Unhackable.” Now They’re Getting Hacked.[^]
Once hailed as unhackable, blockchains are now getting hacked[^]
My point, that blockchain isn't as secure and airtight as once believed, stands.
I've said absolutely nothing that wasn't true.
Your "argument" that my entire point is invalid because I don't know enough about the subject is what we call an "ad hominem", attacking the person rather than their argument, and is completely uncalled for.
A more appropriate response would be "Not blockchain, but a bridge, was hacked, so you're slightly off-topic."
Got out of the wrong side of the bed this morning?
|
|
|
|
|
Sander Rossel wrote: Your "argument" that my entire point is invalid because I don't know enough about the subject is what we call an "ad hominem", attacking the person rather than their argument, and is completely uncalled for. Not attacking the person, but his "ideas". It's not personal. Sorry if you feel that way.
Sander Rossel wrote: Got out of the wrong side of the bed this morning? I got out of the wrong bed. Lucky guess.
Sander Rossel wrote: I've said absolutely nothing that wasn't true. Didn't you? You just proven to lack knowledge on the subject, yet act as an authority.
--edit
Nearly forgot your main argument; you call it a personal attack, because I point out your lack of knowledge on the subject. If being dumb is an ad hominem, I admit.
Bastard Programmer from Hell
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Eddy Vluggen wrote: Didn't you? You just proven to lack knowledge on the subject, yet act as an authority. This is how it feels to me.
Authorities on the subject: Blockchain can't be hacked.
News: Blockchain got hacked! (and ok, in this case a bridge to blockchain got hacked, resulting in stolen funds from blockchain)
Me: I knew it! People said blockchain couldn't be hacked, but it got totally hacked.
You: Your point is invalid because you have absolutely no knowledge of blockchain!
I never said I have knowledge of blockchain and I did not act as an authority, I really have no idea where you got that idea.
My story was really simple, everything can be hacked, including blockchain, despite authorities' earlier claims.
That point was proven and I don't need to know any technical details to make that claim.
Eddy Vluggen wrote: Not attacking the person, but his "ideas". It's not personal. Sorry if you feel that way. There's no "idea" that I, personally, have no knowledge about blockchain and there's also no "idea" that it's hacked even though people said it couldn't, so yeah, you're totally attacking me personally.
You're even going as far to say my anecdote and proven claim is invalid because I have no knowledge on the subject.
So anyway, I'm done talking to you for the time being.
|
|
|
|
|
Sorry, sorry, you misread me, or I used the wrong words. Probably the latter
Sander Rossel wrote: News: Blockchain got hacked! (and ok, in this case a bridge to blockchain got hacked, resulting in stolen funds from blockchain) It didn't. Consider the blockchain a bank; it wasn't hacked. A bridge was hacked, a third party.
Imagine you spend "real" money from your wallet, but transaction go through me. I steal from you. Does that mean your wallet is hacked?
Sander Rossel wrote: I never said I have knowledge of blockchain and I did not act as an authority, I really have no idea where you got that idea. Might be due to your posting on the topic where you say "PROOF IT BEEN HACKED".
Sander Rossel wrote: That point was proven and I don't need to know any technical details to make that claim. You don't need knowledge to make what claim? To be able to hack a readonly ledger that is copied often?
Sander Rossel wrote: There's no "idea" that I, personally, have no knowledge about blockchain and there's also no "idea" that it's hacked even though people said it couldn't, so yeah, you're totally attacking me personally. NOOO!
Ah, dammit, I'm just gonna shut up then. I hold you in high regards FWIW.
Sander Rossel wrote: You're even going as far to say my anecdote and proven claim is invalid because I have no knowledge on the subject. A non sequitur, because it works different from what you painted. "Te kort door de bocht", to use a saying you familiar with.
My apologies for making it feel like an attack. I guess I needn't send in my resume once your company grows?
Bastard Programmer from Hell
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Eddy Vluggen wrote: I hold you in high regards FWIW.
Eddy Vluggen wrote: My apologies I'm going to cherry pick this from your post and leave it at that
Eddy Vluggen wrote: I guess I needn't send in my resume once your company grows? You can still try
|
|
|
|
|
Sander Rossel wrote: I'm going to cherry pick this from your post and leave it at that That is the general gist.
Sander Rossel wrote: You can still try No, not just yet. I'll wait until demand outgrows you; a year or two. And yes, I would change provinces for that.
Bastard Programmer from Hell
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Posted this as an answer bit ago.
Computer Scientist Explains One Concept in 5 Levels of Difficulty | WIRED - YouTube[^]
I reviewed some books on cryptography before they were published. So yes, I know the subject. My name is in physical books.
My salary demands just raised by 5%.
Bastard Programmer from Hell
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Bridge over Troubled Water - YouTube[^]
This is a cover by the Neal Morse Band from their new release. If you get put off by the beginning, skip to 2:00. I liked it but understand that it's not for everyone.
"Go forth into the source" - Neal Morse
"Hope is contagious"
|
|
|
|
|
... Clippy Is Here To Help[^]
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Replaced by Clint with a shotgun. Nice try.
>64
Some days the dragon wins. Suck it up.
|
|
|
|
|
That was a good movie. I loved the "Will Reading" bit ...
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
He's just angry because he saw the terrible kerning on his birthday cake.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Now that would be a useful Clippy
The less you need, the more you have.
Even a blind squirrel gets a nut...occasionally.
JaxCoder.com
|
|
|
|
|
|