Tuesday, August 29, 2017

Don't own cryptocurrencies

A year ago I ended a post entitled The 120K BTC Heist:
So in practice blockchains are decentralized (not), anonymous (not and not), immutable (not), secure (not), fast (not) and cheap (not). What's (not) to like? 
Below the fold, I update the answer to the question with news you can use if you're a cryptocurrency owner.

Many Americans evidently believe that cryptocurrencies are anonymous enough to use bitcoin to evade taxes:
The IRS has claimed that only 802 people declared bitcoin losses or profits in 2015; clearly fewer than the actual number of people trading the cryptocurrency—especially as more investors dip into the world of cryptocurrencies, and the value of bitcoin punches past the $4,000 mark. Maybe lots of bitcoin traders didn't realize the government expects to collect tax on their digital earnings, or perhaps some thought they'd be able to get away with stockpiling bitcoin thanks to the perception that the cryptocurrency is largely anonymous.
Perhaps they should reconsider:
[the IRS] has purchased specialist software to track those using bitcoin, according to a contract obtained by The Daily Beast.
Especially, as Zeljka Zorz reports at Helpnetsecurity, if they used their bitcoin to buy something:
More and more shopping Web sites accept cryptocurrencies as a method of payment, but users should be aware that these transactions can be used to deanonymize them – even if they are using blockchain anonymity techniques such as CoinJoin.

Independent researcher Dillon Reisman and Steven Goldfeder, Harry Kalodner and Arvind Narayanan from Princeton University have demonstrated that third-party online tracking provides enough information to identify a transaction on the blockchain, link it to the user’s cookie and, ultimately, to the user’s real identity.
The paper is here. But owning bitcoins is a problem even if you don't use them to buy anything [my emphasis]:
First the hacker grabbed access to my friend’s Facebook Messenger and contacted everyone on his list that was interested in cryptocurrency, including me. ... Once it was clear that I had some bitcoin somewhere the hackers decided I was their next target.
Once you're a target the bad guys have two techniques for grabbing bitcoin from savvy owners who have enabled two-factor authentication (2FA) on their accounts using SMS, which is by far the most common 2FA technique. The first is SIM hijacking:
a hacker swapped his or her own SIM card with mine, presumably by calling T-Mobile. This, in turn, shut off network services to my phone and, moments later, allowed the hacker to change most of my Gmail passwords, my Facebook password, and text on my behalf. All of the two-factor notifications went, by default, to my phone number so I received none of them and in about two minutes I was locked out of my digital life.
This has become a routine ocurrence, as Nathaniel Popper reports in Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency:
“My iPad restarted, my phone restarted and my computer restarted, and that’s when I got the cold sweat and was like, ‘O.K., this is really serious,’” said Chris Burniske, a virtual currency investor who lost control of his phone number late last year.

A wide array of people have complained about being successfully targeted by this sort of attack, including a Black Lives Matter activist and the chief technologist of the Federal Trade Commission. The commission’s own data shows that the number of so-called phone hijackings has been rising. In January 2013, there were 1,038 such incidents reported; by January 2016, that number had increased to 2,658.

But a particularly concentrated wave of attacks has hit those with the most obviously valuable online accounts: virtual currency fanatics like Mr. Burniske.

Within minutes of getting control of Mr. Burniske’s phone, his attackers had changed the password on his virtual currency wallet and drained the contents — some $150,000 at today’s values.


“Everybody I know in the cryptocurrency space has gotten their phone number stolen,” said Joby Weeks, a Bitcoin entrepreneur.

Mr. Weeks lost his phone number and about a million dollars’ worth of virtual currency late last year, despite having asked his mobile phone provider for additional security after his wife and parents lost control of their phone numbers.

The attackers appear to be focusing on anyone who talks on social media about owning virtual currencies or anyone who is known to invest in virtual currency companies, such as venture capitalists. And virtual currency transactions are designed to be irreversible.
The problem is that the security of your account depends on the ability of your cellphone carrier's front-line support to resist social engineering, a notoriously weak defense:
Adam Pokornicky, a managing partner at Cryptochain Capital, asked Verizon to put extra security measures on his account after he learned that an attacker had called in 13 times trying to move his number to a new phone.

But just a day later, he said, the attacker persuaded a different Verizon agent to change Mr. Pokornicky’s number without requiring the new PIN.
The second technique is abusing the SS7 signalling protocol:
A known security hole in the networking protocol used by cellphone providers around the world played a key role in a recent string of attacks that drained bank customer accounts, according to a report published Wednesday.

The unidentified attackers exploited weaknesses in Signalling System No. 7, a telephony signaling language that more than 800 telecommunications companies around the world use to ensure their networks interoperate. SS7, as the protocol is known, makes it possible for a person in one country to send text messages to someone in another country. It also allows phone calls to go uninterrupted when the caller is traveling on a train.

The same functionality can be used to eavesdrop on conversations, track geographic whereabouts, or intercept text messages. Security researchers demonstrated this dark side of SS7 last year when they stalked US Representative Ted Lieu using nothing more than his 10-digit cell phone number and access to an SS7 network.

In January, thieves exploited SS7 weaknesses to bypass two-factor authentication banks used to prevent unauthorized withdrawals from online accounts, the German-based newspaper Süddeutsche Zeitung reported. Specifically, the attackers used SS7 to redirect the text messages the banks used to send one-time passwords. Instead of being delivered to the phones of designated account holders, the text messages were diverted to numbers controlled by the attackers. The attackers then used the mTANs—short for "mobile transaction authentication numbers"—to transfer money out of the accounts.
Because the vulnerability is a basic feature of SS7 implementations, there is nothing you can do to defend against the SS7 attack except not using phones for 2FA.

So, if you own bitcoin:
  • Don't use them to buy anything.
  • Don't, especially, use them to do anything illegal.
  • Don't let anyone know that you own them.
  • Don't write anything on-line sounding even mildly enthusiastic about cryptocurrencies.
  • Don't use phone-based 2FA on any of your accounts.
  • Do report any gains and losses to the tax authorities in your country.
Have fun!


Chris Rusbridge said...

Hi David, I always enjoy your posts even when I don't know much about the area (which, TBF, is most of the time these days ;-). I thought:

"Don't write anything on-line sounding even mildly enthusiastic about cryptocurrencies."

... well, you're not in much danger there, no-one could accuse you of enthusiasm for them!

But this was a bit of a wake-up:

"Don't use phone-based 2FA on any of your accounts."

... only because as an ordinary citizen I've been persuaded a couple of times to add phone-based 2fa to accounts (of no great financial consequence, but still). I think they generally only require the second factor logging in from a new origin (eg a web browser somewhere rather than my main computer), so I think loss of the phone number (usually immediately noticeable in the more usual context) would not prevent access. But perhaps there are wrinkles that have escaped me.

We hope you and yours are well. Been visiting my young fella, known to you, and his young fella, this week.

David. said...

Even if you wanted to buy stuff with Bitcoin, you'll face two difficulties:

"Coinmap, a service that maps bitcoin-accepting locations all over the world, shows a few places that accept bitcoin in Toronto, but it's clearly out of date—I called several businesses listed on the site and they had no idea what bitcoin even is."


"A bigger problem is perfectly illustrated in a Reddit post from Wednesday morning complaining that a bitcoin transaction worth just $9 still hasn't gone through the network after two days of waiting. Two. Days. The likely reason is that the fee attached to the transaction in order to incentivize faster confirmation—50 cents, which is about as much of a premium as I'd pay for a $9 transaction—simply wasn't enough."

David. said...

Rob Beschizza at Boing Boing points to deadcoins.com, an amazingly long list of dead and worthless cryptocurrencies.

David. said...

The Bank of England's Bank Underground writes something sensible (my emphasis):

"What type of technology would you use if you wanted to create a central bank digital currency (CBDC) i.e. a national currency denominated, electronic, liability of the central bank? It is often assumed that blockchain, or distributed ledger technology (DLT), would be required; but although this could have some benefits (as well as challenges), it may not be necessary. It could be sensible to approach this issue the same way you would any IT systems development problem – starting with an analysis of requirements, before thinking about the solution that best meets these."

Simon Scorer's earlier post Central Bank Digital Currency: DLT, or not DLT? That is the question is also well worth reading.

David. said...

The Chinese government's crackdown on cryptocurrency exchanges is starting to have an effect on prices.

David. said...

Andrew Silver at The Register reports that:

"An Ethereum-backed contest has revealed a few new tricks for disguising malware as the harmless code the network uses to transfer and manipulate funds: digital smart contracts."

It is a good thing that Ethereum is concerned about security and running contests to finding and disclosing vulnerabilities. But:

"Since Ethereum was introduced in 2015, its security risks have been no secret in the blockchain community. After a $50m hack in 2016, the community controversially decided to roll back the digital records ledger with a new "hard fork" – essentially creating two versions of Ethereum, one before the hack and one after. Another $30m was stolen in July by hackers."

There is an inherent conflict between the ideas that (a) blockchain transactions are immutable and (b) blockchain software has vulnerabilities. The DAO hack was rolled back, but the idea that this is the way to deal with what will be the routine discovery of exploited vulnerabilities is not credible.

David. said...

Izabella Kaminska points to a massive report from a team at Reuters entitled Chaos and hackers stalk investors on cryptocurrency exchanges:

"Equally perilous, though, are the exchanges where virtual currencies are bought, sold and stored. These exchanges, which match buyers and sellers and sometimes hold traders’ funds, have become magnets for fraud and mires of technological dysfunction, a Reuters examination shows, posing an underappreciated risk to anyone who trades digital coins."

David. said...

Another reason not to have anything to do with cryptocurrencies. The Vampire Squid is proposing to start trading Bitcoin and other cryptocurrencies. You know the Vampire Squid has your best interests at heart.

David. said...

The headline says it all - This Cryptocurrency Gained 695% on a Deal With Visa That Didn’t Happen.

David. said...

Just go read Tim Swanson's Eight Things Cryptocurrency Enthusiasts Probably Won’t Tell You (hat tip Barry Ritholtz).

David. said...

If you don't take my advice, at least don't carry your cryptocurrency with you across the US border:

"Upon arriving at Atlanta international airport on August 31, Vallerius was arrested and his laptop searched. US Drug Enforcement Administration agents allegedly discovered $500,000 of Bitcoin and Bitcoin cash on the computer, as well a Tor installation and a PGP encryption key for someone called OxyMonster. ... Investigators discovered OxyMonster’s real identity by tracing outgoing Bitcoin transactions from his tip jar to wallets registered to Vallerius."

David. said...

One of the great features of blockchains is immutability, which can make recovering from software bugs impossible without forking the chain. After The DAO heist, and last July's $30M heist (and last July's unrelated $7M heist), Ethereum now faces another hard-to-fix bug:

"a programming blunder in Parity's wallet software let one person bin $280m of the digital currency belonging to scores of strangers, probably permanently.

Parity, which was set up by Ethereum core developer Gavin Woods, admitted today that a user calling themselves devops199 had "accidentally" triggered a bug in its multi-signature wallets that hold Ethereum coins. As a result, wallets created after July 20 are now locked down and inaccessible, quite possibly permanently, thus nuking $90m of Woods' own savings."

The $30M heist was traced to:

"2000+ line changeset containing critical code merged w/out security review or formal signoff, 1 person commenting. Maybe not best practices "

The current problem was caused by a newbie who:

"created a multi-signature wallet in a way the software did not expect. When devops199 tried to delete the buggy money pouch, it bafflingly locked down all multi-signature Parity wallets created after the last software update."

This environment is suitable for billion-dollar assets?

David. said...

The SegWit2x proposal to allow Bitcoin to scale better is dead, leaving the community with the problem that:

"Bitcoin's popularity has led to network congestion and higher transaction fees. The average transaction fee is now more than $10, about twice what it was in 2011."

Not to mention that the blind auction for fees means:

"43% of the transactions are still not included in the Blockchain after 1h from the first time they were seen in the network and 20% of the transactions are still not included in the Blockchain after 30 day"

David. said...

Timothy B. Lee's Bitcoin compromise collapses, leaving future growth in doubt is a good overview of the history behind the collapse of SegWit2x:

"There's a certain amount of poetic justice in the fact that leading Bitcoin companies trying to upgrade the Bitcoin network were foiled by a populist backlash. Bitcoin is as much a political movement as it is a technology project, and the core idea of the movement is a skepticism about decisions being made behind closed doors."

David. said...

Parity has issued a report on the bug that cost $169M in Ethereum:

"In this latest report, however, Parity said it was warned of the programming flaw by a user in August, months before the wallet freeze was triggered. After examining the issue, the developers determined it really was a potential problem, and resolved to issue a fix "at some point in the future."

That future didn't come soon enough for the owners of the at least 70-odd Ethereum wallets knackered by the bug."

David. said...

"Arvind Narayanan, an assistant professor of computer science at Princeton, showed how some of the advanced features of HTML5 – such as audio playback – can be used to identify individual browser types and follow them around online to get an idea of what they're into." reports Iain Thomson at The Register. Prof. Narayanan is building quite a track record exposing tracking techniques.

David. said...

Reinforcing my quote at the head of this post, Your early darknet drug buys are preserved forever in the blockchain, waiting to be connected to your real identity by Cory Doctorow points to research that proves it:

"In a new paper, a group of Qatari computer scientists show that they could easily trace 100 dark market accounts to real people. About 20 of those accounts had made purchases on the Silk Road, and some had gone on to divulge their legal names and addresses in other, linkable contexts."

Yves Smith 'has referred to Bitcoin as “litigation futures”', meaning civil litigation. But it helps criminal litigation too.

David. said...

"On Reddit earlier this week, one contributor, under the heading “I just discovered that I owe the IRS $50k that I don’t have, because I traded in cryptos. Am I fucked?”, wrote they had ended up with a $50,000 tax liability on trades after they sold $120,000 worth of bitcoin to buy different coins. The current value of those coins is about $30,000." writes Edward Helmore at The Guardian in a piece entitled Investors in Bitcoin and other cryptocurrencies face hefty tax bills that points out the way the IRS treats cryptocurrencies as property means every transaction potentially incurs tax liability.

David. said...

"Crypto investor Michael Terpin filed a $224 million lawsuit against AT&T in California federal court Wednesday alleging that the phone company’s negligence let hackers steal nearly $24 million in cryptocurrency from him, Reuters reports. He’s also seeking punitive damages.

Terpin says hackers were twice able to convince AT&T to connect his phone number to a SIM card they controlled, routing his calls and messages to them and enabling them to defeat two-factor authentication protections on his accounts. In one case, he says hackers also took control of his Skype account and convinced one of this clients to send money to them rather than Terpin." from AT&T gets sued over two-factor security flaws and $23M cryptocurrency theft by Steven Melendez at Fast Company. It is called "painting a target on your back".