# Crypto Currencies?



## Foxbat (Jan 29, 2018)

The recent hack of Coincheck made me realise that I didn't have a clue about crypto-currencies and so decided to do a bit of learning.
Cryptocurrency hack victims to get refund

Cryptocurrency - Wikipedia

And here's the bit (no pun intended) that interested me.
Byzantine fault tolerance - Wikipedia

Now, according to the principles of Byzantine Fault Tolerance and given that the crypto currencies deal with this through a parallel _proof of work_ system, I'd have thought it impossible to hack. Obviously, given the situation, I'm wrong.

But can anybody explain to me how the hackers managed to do this because, the way I see it, they'd have to break into two systems(the crypto-currency transactions and their 'proof-of-work' parallels and exactly match the data flows to actually get their hands on the crypto-loot?

As far as I can tell, either the hackers were really clever (to the nth power of ten), had inside information or there is a fatal flaw in the fault tolerance principles. And on this last point, I wonder if it's because it's based on a peer-to-peer network system? If this is so then the whole Byzantine Fault Tolerance idea just doesn't make sense to me because  peer-to-peer networking appears to provide the indepenedent proof-of-work confirmation that the whole kit and kaboodle relies on and yet may be the door that the hackers were looking for.

The only real thing that I've learned is, whether centralised (like ordinary banks) or decentralised (like crypto-currencies), none of it is truly safe despite what the money men may say.


----------



## Venusian Broon (Jan 29, 2018)

It's been a while since I had a look at crypto-currencies, but doesn't the discussion about the Byzantine Fault Tolerance and proof of work system refer to the block chain, it's ledger and how the currency is mined?

I would have thought that the hackers got access to the hot wallets on the company's servers, getting hold of personal information and passwords, and then, masquerading as the real users, transferred away currency to their own accounts. From their it would be a matter of time before the heist was detected, as they would have to convert the crypto-currency they stole into real cash by moving and selling it and then continuing the laundering process with the real cash they had acquired.

It's the same thing as if I got hold of your online banking passwords - I'd be able to get into your account and then transfer money away to wherever I wanted it to go.

In principle I think you should be able to track where the stolen crypto currency went, as it will be on the block chain ledger, and you'll have the transaction data etc. But you'll not be able to figure out who has them. And as soon as they've sold it on an open market and turned it into yen / dollars whatever, the trail to the real perpetrators goes cold.


----------



## Foxbat (Jan 29, 2018)

You could be right with your explanation. Makes sense to me I think the last part is the biggest problem in tracking down the perps (and maybe this is the downside of crypto currency)because the user always is anonymous (although the transaction is public).


----------



## Cli-Fi (Jan 29, 2018)

Foxbat said:


> The recent hack of Coincheck made me realise that I didn't have a clue about crypto-currencies and so decided to do a bit of learning.
> Cryptocurrency hack victims to get refund
> 
> Cryptocurrency - Wikipedia
> ...



I'm in. I made some good money. Nothing crazy and the community has a bit of a cult-like attitude and it doesn't matter what coins. These are all kids hoping to get rich quick and they can't take criticism. Just passive income. Maybe an extra $500 a month. Not bad. It's basically a ponzi scheme I'm taking advantage of atm.


----------



## Foxbat (Jan 30, 2018)

So. A some more questions. As I understand it, the hot wallet is under the control of the user but the other wallet (cold?)  is  hardware secure and the user chooses which. I assume the hot wallet gives easier access?

First question: If the hot wallet is under user control (and therefore vulnerable to hacking), why would Coincheck offer refunds to those hit? Surely the fault lies with the end user for not making his/her access secure enough?

Next: I assume that a hack like this would erode confidence in the system. I'm also assuming that this erosion of confidence would hit exchange rates. Is it not possible that, even with a refund, users will still be out of pocket with the subsequent fall in exchange?

Last question: Who does the mining? Is it part of the peer-to-peer system or is it commercial entities (I think it must be the latter given that there's money to be made in them thar crypto-mining hills but just wanted to be sure).

Lastly, I have no real reason for asking other that I'm curious to how this whole system works


----------



## Venusian Broon (Jan 30, 2018)

Foxbat said:


> So. A some more questions. As I understand it, the hot wallet is under the control of the user but the other wallet (cold?)  is  hardware secure and the user chooses which. I assume the hot wallet gives easier access?
> 
> First question: If the hot wallet is under user control (and therefore vulnerable to hacking), why would Coincheck offer refunds to those hit? Surely the fault lies with the end user for not making his/her access secure enough?
> 
> ...



Hot wallet means, I believe, that you've got your 'wallet' on another company's servers - that holds the crypto-currencies - they will generally also (for ease of use of the customers) have your private personal key. Such a thing encodes any transactions and proves that it's you. My understanding is that the hackers would have got access to these encryption keys because they were stored on the company's computers. Hence the reason why Coincheck would need to refund those hit - as it was their fault that these encryption keys were hacked.

A cold wallet is one that is actually stored on a hard drive that you own. Generally more secure, but....if people turn up on your door with shotguns and demand a 'transfer' or a keylogger Trojan finds your encryption key and your PC is hacked then you'll get a similar loss.

Yes it generates an erosion in confidence (if the bank that held your money kept getting raided and losing money, wouldn't you consider changing to someone more secure???) But, then this was just for some currencies and one particular place, there will be lots of other drivers of value for crypto-currencies.  As for what redress the bank gives people affected...I'm sure there will be bank rules on what compensation they give. (And I don't understand your question really, if the price plummets after their stuff has been stolen, wouldn't they want a higher price as compensation???)

Finally mining. Essentially it is solving the next hash function value from the previous one (there may be a variations but that's it generally, right?). If you solve it before anyone else and get the answer in, you get the coin. So in theory you can download a 'miner' and take part. It was (and may be today for some young currencies???) done on people's PC and graphics cards. But that was many years ago. For example, taking Bitcoin, calculating the next coin is getting so computationally intensive that by ~2012 they were actually started producing dedicated microchips for _just _solving Bitcoin calculations. If you are thinking of getting into it, here is your competition: Inside the Chinese Bitcoin Mine That's Grossing $1.5M a Month

There are also crypto-currency mining pools. If you can't afford a 3000 strong server farm there are distributed systems that utilise many people's systems, when they are not in use, and they share the reward. I'm on one...but it's for finding prime numbers, not bitcoin


----------



## Foxbat (Jan 30, 2018)

Ah! Thanks for that.

As to my question on redress, I was thinking - if the hack happens when -say- crypto-currency to dollar is 1 to 100 but erosion of confidence drops the market to 1 to 50, then if somebody loses their cryptos (say 100) and they get 100 cryptos back in refund, they have effectively only regained half of what they had if converted into cash...if that makes any sense Maybe I'm just overthinking this.

On mining: now I understand. It seemed that it was individuals on PCs but then the piece I read  talked about additional computation and cooling (which made me wonder who exactly was doing the mining and what kind of PCs they were using). The fact that it used to be individuals but is now moving away from that makes sense now


----------



## Venusian Broon (Jan 30, 2018)

Foxbat said:


> Ah! Thanks for that.
> 
> As to my question on redress, I was thinking - if the hack happens when -say- crypto-currency to dollar is 1 to 100 but erosion of confidence drops the market to 1 to 50, then if somebody loses their cryptos (say 100) and they get 100 cryptos back in refund, they have effectively only regained half of what they had if converted into cash...if that makes any sense



I get where you're coming from . Honestly I don't know. Obviously a company would like to refund something that keeps their cost down...but then the afflicted persons would probably argue that they _could_ have derived a higher value by selling their crypto currencies at the price at the time, rather than getting the same crypto-currencies back devalued (and therefore in the case you gave above, they might demand that the company give them twice as many cryptos back as that would be 'fair' value). But as crypto-currency valuation fluctuates dramatically, to reduce risk, both parties might be happier to agree to one fixed price, a.k.a. some sort of average around the point the robbery was made.

Note: It's likely that the company in question will have some insurance or some sort of scheme (possibly even to have been forced by law) to cover such an eventuality.


----------

