Category Archives: blockchain

Unlocking the future of blockchain innovation with privacy-preserving technologies

The origins of blockchain as many are familiar with it today can be traced back to the Bitcoin whitepaper, first published in 2008 by Satoshi Nakamoto, which offered a vision of a new financial system underscored by cryptography and trust in code. Throughout the past decade, iterations of this technological infrastructure have gradually built out a diverse industry ecosystem, allowing for use cases that extend beyond cryptocurrencies and peer-to-peer transactions. From smart contracts to asset … More

The post Unlocking the future of blockchain innovation with privacy-preserving technologies appeared first on Help Net Security.

CLB Bitsdaq Exchange Listing Information

Hello Cloudbric community!

We’re pleased to provide you with more information regarding CLB’s listing with Bitsdaq Exchange.

Check it out below.

Bitsdaq exchange listing CLB

1) Token: CLB (ERC20)

2) Listing schedule

Open for Deposit: Thursday, July 4, 2019 1PM KST

Open for Trade: Friday, July 5, 2019 5PM KST

Open for Withdraw: Monday, July 8, 2019 5PM KST

3) Currency transaction

– CLB/BTC trading pair

– Other pairs such as CLB/ETH will available in the future

4) Transaction fee: 0.25%

5) Other fees:

Deposit fee: None

Withdrawal fee: Fee will be updated on Bitsdaq (here) on July 8

===

Bitsdaq is a Hong Kong based cryptocurrency exchange based on the unique technology of its official partner, Bittrex exchange. Learn more about Bitsdaq here.

Stay tuned for future listings announcements!


Make sure to follow us on our social media platforms (LinkedInTwitter, and Facebook) and our recently opened Telegram Announcement Channel for the latest updates!

The post CLB Bitsdaq Exchange Listing Information appeared first on Cloudbric.

Klaytn Will Onboard Cloudbric Following Mainnet Launch

cloudbric klaytn blockchain mainnet launchThe internet giant KakaoTalk has just launched its blockchain platform on June 27, 2019. The mainnet launch was orchestrated by KakaoTalk’s blockchain arm, Ground X. 

This marks a big occasion for both Klaytn and Cloudbric, who is a technology ISP (Initial Service Partner).  

Klaytn has emphasized the importance of ISPs who provide substantial and tangible service use-cases for the blockchain ecosystem. Because the main focus of the company is on the Dapps (decentralized apps) that run on the blockchain, Cloudbric will launch a crypto security app for within Q3.

The app will focus on protecting users when they use crypto apps or exchanges to transfer cryptocurrency. 

After its initial release, Cloudbric has plans to add upgraded features and functions

Please look forward to more details soon as we disrupt the crypto security market!

—-

Cloudbric is already working to provide web security services to numerous cryptocurrency exchanges and blockchain projects. Known for our distinguished WAF, Cloudbric also recently released Threat DB, our free database of threat intelligence, this past May. The platform currently includes blacklisted, or malicious IPs, known hacker wallet addresses, and phishing URLs.

The data collected on the platform will be available via an API which allows businesses and developers to create their own security technologies. 

Crypto exchanges can also can leverage the hacker wallet addresses to prevent unauthorized transactions on their platform. 


Make sure to follow us on our social media platforms (LinkedInTwitter, and Facebook) and our recently opened Telegram Announcement Channel for the latest updates!

The post Klaytn Will Onboard Cloudbric Following Mainnet Launch appeared first on Cloudbric.

A wave of regulation is coming to the cryptocurrency economy

There is a concerning trend of cross-border crypto payments leaving U.S. exchanges and entering offshore and untraceable wallets, a CipherTrace report reveals. In the twelve months ending March 2019, crypto transfers from U.S. exchanges to offshore exchanges grew 21 points or 46 percent compared to the same period two years ago. Once these payments reach exchanges and wallets in other parts of the globe, they fall off the radar of U.S. authorities. This highlights a … More

The post A wave of regulation is coming to the cryptocurrency economy appeared first on Help Net Security.

Research on private key generation reveals theft of ETH funds from accounts with discoverable keys

Researchers at Independent Security Evaluators (ISE) have discovered 732 actively used private keys on the Ethereum blockchain. In their new study titled Ethercombing, ISE found that poorly implemented private key generation is also facilitating the theft of cryptocurrency. Example flow of deriving an Ethereum address from a private key The researchers identified 13,319 Ether (ETH) which was transferred to both invalid destination addresses and forever lost, as well as to wallets derived from weak private … More

The post Research on private key generation reveals theft of ETH funds from accounts with discoverable keys appeared first on Help Net Security.

Tackling The Weaknesses Outside The Blockchain System To Protect Your Cryptocurrency

protect cryptocurrency blockchain

There’s a general consensus in the crypto industry that blockchain cannot be hacked. This is because blockchain transactions listed on the distributed ledgers are immutable meaning they cannot be erased, changed or configured.

The distributed general system also has accountability in place so that all transactions distributed across each node must be the same in order to achieve consensus.

The blockchain so far have proven to be impossible to hack, but organizations are using blockchain in ways that involve elements outside the blockchain itself, such as crypto wallets.   

Because these elements exist outside the scope of the blockchain, they are susceptible to common web vulnerabilities, hackings, and other human errors. Therefore, if a transaction is handled improperly, it can be unintentionally listed as an official transaction.

For example, tokens stored in a wallet or an exchange whose website isn’t secure can lead to hacking episode and ultimately the withdrawal of tokens, which will be recorded on the distributed ledgers as valid transactions when they are not.

So what are companies and users left to do in protecting crypto assets?

While blockchain technology offers interesting security alternatives to cybersecurity in general, that does not mean traditional cybersecurity solutions and other cyber practices are obsolete in protecting against attacks that ultimately target cryptocurrency.

Check out our tips in protecting against some of the most common cyber hacks in the crypto world.

Web Attacks

Wallets don’t actually contain any crypto; instead they hold a private key, which is needed to access, withdraw, or trade it. Wallets are not protected by the same technology that makes blockchain essentially “unhackable.”

The same goes for crypto exchanges which is why we advise users to avoid holding significant amounts of coins on any exchange. Wallets and exchanges are also vulnerable to web attacks such as SQL injection and Cross-Site Scripting (XSS) attacks.

Hackers, for example, can launch SQL attacks to exploit a vulnerability in data input forms by inputting a malicious code into the login pages of a website or web app, thus revealing sensitive data like the private keys of wallets.

XSS attacks can be used by hackers to intercept information including login details between a client and server by executing a malicious code.

While these attacks can easily be thwarted off with a WAF, which monitors web traffic at the web application layer in the background and blocks malicious agents automatically, there are other ways end users can protect themselves.

As an end user, we highly recommend you to utilize “cold” wallets such as a ledger so that your private keys are stored offline unlike “hot” wallets which are always connected to the internet and are prone to hacking.

We also recommend users to write down their private keys in a safe location since anyone that gets hold of your mnemonic phrases can access your wallets.

Malware

Wallet addresses contain a long string of both numbers and letters (up to 21 characters) and are difficult to memorize. When users want to transfer funds to another wallet, most opt to copy and paste wallet addresses, but this shortcut creates an opportunity for certain malware to exploit it.

Though not entirely new in its execution, a trojan has been discovered that monitors over 2.3 million different crypto addresses and works by exploiting the clipboard function. It replaces the intended recipient wallet address with that of the attacker’s.

A similar malicious software called CryptoShuffler follows this trend and is known to also manipulate wallet addresses.

Unfortunately, these actions often go unnoticed by users, which puts them at risk when transferring funds. To protect against such malware, it’s important for users to keep their antivirus software and operating systems up to date, perform regular malware scans, and avoid installing untrusted software.

We also recommend users to always double check the intended recipient address prior to transferring any funds. A good tip is checking the first and last characters to see if they match the rightful wallet address.

Smart contracts

Smart contracts are commonly used to facilitate and conduct credible transactions on the blockchain without intermediaries.

Because they are directly tied to these transactions, they can hold massive amounts of digital currencies, making them a lucrative target for hackers.

Error codes or bugs in the smart contract can result in crypto being frozen or stolen by hackers.

In some rare occasions, hackers can also gain direct access to a smart contract by obtaining the private key to steal funds and then replacing addresses with fraudulent ones.

Utilizing external auditors can help to inspect the code for any vulnerabilities. For organizations, we recommend finding reputable auditors who have a track record in protecting against such attacks or errors.

Fake Apps and Classic Phishing

Phishing takes all kinds of forms in the crypto world. Most phishing scams aim to either steal credentials to access wallets or trick users into sending crypto directly to addresses of scammers or hackers.

The ways in which hackers “phish” for new victims are many.

This includes hackers cloning websites that mimic legitimate exchange sites or malicious crypto apps to steal personal information including wallet credentials.

There are also bots that notify users about issues with their crypto but are actually malicious and used to steal crypto, and not to mention the usage of Telegram to pose as ICO team members and then asking users to invest and send crypo to fraudulent addresses.

Another rising trend among scammers is figuring out how to bypass 2FA by duping telecom companies into sending verification codes to the phone numbers of scammers. This grants them access to authentication on crypto accounts and exchanges.

These types of social engineering tactics are highly prevalent. Taking extra precaution while whether it’s discussing, investing, or transferring crypto is absolutely necessary as anyone can fall victim to classic phishing scams.

Conclusion

Unlike banks which offer standard protections and insurances for customers, the blockchain cannot offer the same luxury to crypto holders.

Elements outside the blockchain make it difficult for companies and users using blockchain to remain entirely protected. Protecting these elements, namely crypto wallets and exchanges, is one of the biggest challenges in blockchain security .

A proper cyber defense strategy will seek to incorporate traditional solutions like using antivirus software and running malware scans, but it’s also equally important to use common sense when dealing with anything crypto.

 


Make sure to follow us on our social media platforms (LinkedInTwitter, and Facebook) and our recently opened Telegram Announcement Channel for the latest updates!

The post Tackling The Weaknesses Outside The Blockchain System To Protect Your Cryptocurrency appeared first on Cloudbric.

Blockchain – CTF Challenge Winners Announced

Winners Announced for Security Innovation
Blockchain CTF Challenge 
 
Last week we announced two new challenges were to be added to the Security Innovation Blockchain CTF, our free platform for learning to identify and exploit vulnerabilities in smart contracts.  
 
Coinciding with the launch we announced a reward to the first players to complete all 13 of the challenges.During the week we had dozens of players attempt to steal fake ether from these challenges. Out of all of our contestants, only 5 players were able to complete all 13 successfully and reach 15,000 points on the leaderboard.
 
In the spirit of decentralization, competitors were able to remain anonymous, supplying only their username of choice and an address associated with their testnet wallets.

Drum Roll Please... 

And the WINNERS are:

First place:  <script>alert(1)</script> - $300 reward
 
jbrouwer96 - $50 reward
smarx - $50 reward
tec - $50 reward
Ping - $50 reward

Additionally, two other players who had created accounts during the competition were selected at random to receive an additional $50 reward.
These two users were: aghora and Leeky
 
Congratulations to everyone who participated!
 
How Were Rewards Distributed?

As you can imagine, delivering prize money without any way to contact our contestants could present a bit of a challenge. Luckily, by competing in the CTF and creating Metamask wallets, our winners had already provided us with  everything we need to send them their prizes: a wallet address.
These addresses come in the form of a long hex string (i.e.
0xdcb37036c66bc6a5a19ccf0dbc0253e584499954) and are all that is necessary to identify a wallet when sending assets on the blockchain.

Using these addresses, we can ensure that the competitors will be able to claim their reward. Even though the accounts were created on the Ropsten testnet, the private keys in Metamask can easily be used to generate identical wallet addresses on the Ethereum mainnet.
 
xDai vs DAI

Originally, our plan was to distribute the reward as the DAI token, a decentralized stable coin mapping 1:1 US dollar. The problem with this is that in order for the winners to then claim their DAI and send it to another account, they would need a small amount of ETH in their account to pay the transaction fee. Since these accounts were assumed to be only used on the Ropsten
testnet, this creates a bit of a hassle for our players.

Having seen the recent successes of the Burner Wallet (https://xdai.io) at ETHDenver, we decided to distribute our rewards as xDai tokens via the POA Network instead. These xDai tokens exist on a side chain and are 1:1 mapped to DAI that is deposited and redeemed in a Ethereum mainnet smart contract.
 
The biggest benefit to using xDai over DAI in this situation is
that the side chain uses xDai as its native currency and can thus pay all transaction fees (fractions of a penny per transaction) in xDai. This way our winners don't need to move any ether in order to send their reward to the wallet of their choosing.
 
We think this technology is really cool and are excited to keep watching the progress of xDai. We are especially excited to see continued research into ZK-SNARK integration with zDai to enable maximum transaction privacy, while preserving usability.

Lessons Learned

We received a ton of great feedback on our competition over the week. In the interest of continuous-improvement, we want to address two ways in which we look forward to improving future contests.

1) Start Everyone from Square One
Some of our challengers had pointed out that there was an unfair advantage to anyone who had solved the previous 11 challenges before the challenge began. We agree that this was not ideal. To remedy this, we plan on launching all new challenges as stand-alone applications so that everyone can start from a level playing field.

2) Ropsten Faucets were Dry
In unfortunate timing, our competition launch happened to intersect with the Metamask Ropsten ether faucet running out of funds for a couple days. Other faucets, while available during the launch, set strict limits on how much ether could be requested. This left some of our challengers struggling to obtain the minimum 5+ Ropsten ether required to complete some of the challenges. Going forward, when challenges are time-boxed, as was the case in this competition, we will make sure to limit the testnet ether requirements to less than 1 ether.

Where Can I Learn to Hack Smart Contracts?
 
If you are just getting started with blockchain and are interested in learning to build (and hack) real smart contracts, there are many great resources available.
 
Our two-day intensive course at BlackHat Las Vegas.
August 3-4, 2019.

This course will cover:
How Blockchain works, what makes it novel, and where might it be useful
How to utilize DApps built on Ethereum smart contracts and Web 3.0
How to write, test, deploy, and exploit a Solidity smart contract.
You can Sign-up today at   https://ubm.io/2SSHrx0.  
Early registration ends May 24. 
 
 
If you are wondering how Blockchain technology might affect your business, come attend our 30 minute webinar:
 
Attend our next Webinar - Is Blockchain Right For You? 
March 13 at 2pm EST.
 
Save Your Seat
 
 

Mick Ayzenberg is a senior security engineer at Security Innovation.  He is the head of the Blockchain Center of Excellence (COE) and is the creator of the "Intro to Hacking Blockchain Applications and Smart Contracts" course at Blackhat Las Vegas.  Tickets for the training are available at: https://www.blackhat.com/us-19/training/schedule/#an-introduction-to-hacking-blockchain-applications-and-smart-contracts-13991

You can read more about Blockchain in our Blockchain COE https://www.securityinnovation.com/about/centers-of-excellence/blockchain-center-of-excellence/

 

 

 

Cloudbric Lays Out Updated Roadmap For Blockchain-Based Cybersecurity Project

We previously outlined our progress and goals for 2019 with Cloudbric community. Suffice to say, the Cloudbric team is busy focusing on a variety of efforts specifically with regards to product development, sales and marketing, and overall business expansion for our current cloud-based security services.

We’ve updated our roadmap to reflect progress so far and for what lies ahead in terms of product development and marketing activities. Take a look below!

2019 Cloudbric roadmap

As shown, Cloudbric’s upcoming console application (70% complete) and Threat Database for threat information sharing (40% complete) will be released within the first quarter and our cryptocurrency wallet (60% complete) will be released within the second quarter.

With the initial service of the universal security platform expected to launch within the fourth quarter of this year, we’re aiming to build momentum for the CLB token by launching variety of marketing strategies including an Official Cloudbric Ambassador Program and other events throughout the year.


Make sure to follow us on our social media platforms (LinkedInTwitter, and Facebookand our recently opened Telegram Announcement Channel for the latest updates!

The post Cloudbric Lays Out Updated Roadmap For Blockchain-Based Cybersecurity Project appeared first on Cloudbric.

Cryptojacking Up 4,000% How You Can Block the Bad Guys

Cryptojacking RisingThink about it: In the course of your everyday activities — like grocery shopping or riding public transportation — the human body comes in contact with an infinite number of germs. In much the same way, as we go about our digital routines — like shopping, browsing, or watching videos — our devices can also pick up countless, undetectable malware or javascript that can infect our devices.

Which is why it’s possible that hackers may be using malware or script to siphon power from your computer — power they desperately need to fuel their cryptocurrency mining business.

What’s Cryptocurrency?

Whoa, let’s back up. What’s cryptocurrency and why would people rip off other people’s computer power to get it? Cryptocurrencies are virtual coins that have a real monetary value attached to them. Each crypto transaction is verified and added to the public ledger (also called a blockchain). The single public ledger can’t be changed without fulfilling certain conditions. These transactions are compiled by cryptocurrency miners who compete with one another by solving the complex mathematical equations attached to the exchange. Their reward for solving the equation is bitcoin, which in the crypto world can equal thousands of dollars.

Power Surge

Cryptojacking RisingHere’s the catch: To solve these complex equations and get to crypto gold, crypto miners need a lot more hardware power than the average user possesses. So, inserting malicious code into websites, apps, and ads — and hoping you click — allows malicious crypto miners to siphon power from other people’s computers without their consent.

While mining cryptocurrency can often be a harmless hobby when malware or site code is attached to drain unsuspecting users CPU power, it’s considered cryptojacking, and it’s becoming more common.

Are you feeling a bit vulnerable? You aren’t alone. According to the most recent McAfee Labs Threats Report, cryptojacking has grown more than 4,000% in the past year.

Have you been hit?

One sign that you’ve been affected is that your computer or smartphone may slow down or have more glitches than normal. Crypto mining code runs quietly in the background while you go about your everyday work or browsing and it can go undetected for a long time.

How to prevent cryptojacking

Be proactive. Your first line of defense against a malware attack is to use a comprehensive security solution on your family computers and to keep that software updated.

Cryptojacking Blocker. This new McAfee product zeroes in on the cryptojacking threat and helps prevent websites from mining for cryptocurrency (see graphic below). Cryptojacking Blocker is included in all McAfee suites that include McAfee WebAdvisor. Users can update their existing WebAdvisor software to get Cryptojacking Blocker or download WebAdvisor for free.

Cryptojacking Rising

Discuss it with your family. Cryptojacking is a wild concept to explain or discuss at the dinner table, but kids need to fully understand the digital landscape and their responsibility in it. Discuss their role in helping to keep the family safe online and the motives of the bad guys who are always lurking in the background.

Smart clicks. One way illicit crypto miners get to your PC is through malicious links sent in legitimate-looking emails. Be aware of this scam (and many others) and think before you click on any links sent via email.

Stick with the legit. If a website, an app, or pop-up looks suspicious, it could contain malware or javascript that instantly starts working (mining power) when you load a compromised web page. Stick with reputable sites and apps and be extra cautious with how you interact with pop-ups.

Install updates immediately. Be sure to keep all your system software up-to-date when alerted to do so. This will help close any security gaps that hackers can exploit.

Strong passwords. These little combinations are critical to your family’s digital safety and can’t be ignored. Create unique passwords for different accounts and be sure to change out those passwords periodically.

To stay on top of the latest consumer and security threats that could impact your family, be sure to listen to our podcast Hackable? And, like us on Facebook.

The post Cryptojacking Up 4,000% How You Can Block the Bad Guys appeared first on McAfee Blogs.