Thursday, September 29, 2022

Responsible Disclosure Policies

Recently, Uber was completely pwned, apparently by an 18-year-old. Simon Sharwood's Uber reels from 'security incident' in which cloud systems seemingly hijacked provides some initial details:
Judging from screenshots leaked onto Twitter, though, an intruder has compromised Uber's AWS cloud account and its resources at the administrative level; gained admin control over the corporate Slack workspace as well as its Google G Suite account that has over 1PB of storage in use; has control over Uber's VMware vSphere deployment and virtual machines; access to internal finance data, such as corporate expenses; and more.
And in particular:
Even the US giant's HackerOne bug bounty account was seemingly compromised, and we note is now closed.

According to the malware librarians at VX Underground, the intruder was using the hijacked H1 account to post updates on bounty submissions to brag about the degree of their pwnage, claiming they have all kinds of superuser access within the ride-hailing app biz.

It also means the intruder has access to, and is said to have downloaded, Uber's security vulnerability reports.
Thus one of the results of the incident is the "irresponsible disclosure" of the set of vulnerabilities Uber knows about and, presumably, would eventually have fixed. "Responsible disclousure" policies have made significant improvements to overall cybersecurity in recent years but developing and deploying fixes takes time. For responsible disclosure to be effective the vulnerabilities must be kept secret while this happens.

Stewart Baker points out in Rethinking Responsible Disclosure for Cryptocurrency Security that these policies are hard to apply to cryptocurrency systems. Below the fold I discuss the details.

Thursday, September 22, 2022

Cryptocurrency-enabled Crime

Robin Wigglesworth's An anatomy of crypto-enabled cyber crime points to An Anatomy of Crypto-Enabled Cybercrimes by Lin William Cong, Campbell R. Harvey, Daniel Rabetti and Zong-Yu Wu. They write in their abstract that:
Assembling a diverse set of public, proprietary, and hand-collected data including dark web conversations in Russian, we conduct the first detailed anatomy of crypto-enabled cybercrimes and highlight relevant economic issues. Our analyses reveal that a few organized ransomware gangs dominate the space and have evolved into sophisticated firm-like operations with physical offices, franchising, and affiliation programs. Their techniques also have become more aggressive over time, entailing multiple layers of extortion and reputation management. Blanket restrictions on cryptocurrency usage may prove ineffective in tackling crypto-enabled cybercrime and hinder innovations. But blockchain transparency and digital footprints enable effective forensics for tracking, monitoring, and shutting down dominant cybercriminal organizations.
Wigglesworth comments:
Perhaps. But while it is true that blockchain transparency might enable arduous but effective analysis of crypto-enabled cyber crime, reading this report it’s hard not to think that the transparency remedy is theoretical, but the costs are real.
I have argued that the more "arduous but effective analysis" results in "tracking, monitoring, and shutting down" cybercriminals, the more they will use techniques such as privacy coins (Monero, Zcash) and mixers (Tornado Cash). Indeed, back in January Alexander Culafi reported that Ransomware actors increasingly demand payment in Monero:
In one example of this, DarkSide, the gang behind last year's Colonial Pipeline attack, accepted both Monero and Bitcoin but charged more for the latter because of traceability reasons. REvil, which gained prominence for last year's supply-chain attack against Kaseya, switched to accepting only Monero in 2021.
Below the fold I discuss both Cong et al's paper, and Erin Plante's $30 Million Seized: How the Cryptocurrency Community Is Making It Difficult for North Korean Hackers To Profit, an account of Chainalysis' "arduous but effective" efforts to recover some of the loot from the Axie Infinity theft.

Tuesday, September 20, 2022

White House Statement On Cryptocurrency Regulation

The White House issued a statement entitled Following the President’s Executive Order, New Reports Outline Recommendations to Protect Consumers, Investors, Businesses, Financial Stability, National Security, and the Environment describing the state of the policy development process to which I contributed twice:
The nine reports submitted to the President to date, consistent with the EO’s deadlines, reflect the input and expertise of diverse stakeholders across government, industry, academia, and civil society. Together, they articulate a clear framework for responsible digital asset development and pave the way for further action at home and abroad. The reports call on agencies to promote innovation by kickstarting private-sector research and development and helping cutting-edge U.S. firms find footholds in global markets. At the same time, they call for measures to mitigate the downside risks, like increased enforcement of existing laws and the creation of commonsense efficiency standards for cryptocurrency mining. Recognizing the potential benefits and risks of a U.S. Central Bank Digital Currency (CBDC), the reports encourage the Federal Reserve to continue its ongoing CBDC research, experimentation, and evaluation and call for the creation of a Treasury-led interagency working group to support the Federal Reserve’s efforts.
Below the fold I describe some of the details of this "framework", which unfortunately continues to use the misleading "digital asset" framing.

Tuesday, September 13, 2022

Miners' Extractable Value

According to the official Ethereum website "Maximal Extractable Value" (MEV) is a feature not a bug. MEV is a consequence of the fact that it is the miners, or rather in almost all cases the mining pools, that decide which transactions, from the public mempool of pending transactions, or from a dark pool, or from the mining pool itself, will be included in the block that they mine, and in what order. The order is especially important in Turing-complete blockchains such as Ethereum; allowing miners to front-run, back-run or sandwich transactions from elsewhere. The profit from doing so is MEV. MEV is being renamed from Miners Extractable Value to Maximal Extractable Value since it turns out that miners are not the only actors who can extract it.

Ethereum mining 11/07/21
In Ethereum, the MEV profit is enhanced because mining is dominated by a very small number of large pools; last November two pools shared a majority of the mining power. Thus there is a high probability that these pools will mine the next block and thus reap the MEV. Note that activities such as front-running are illegal in conventional finance, although high-frequency traders arguably use these techniques.

I wrote about these issues in Ethereum Has Issues, discussing Philip Daian et al's Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability and Julien Piet et al's Extracting Godl [sic] from the Salt Mines: Ethereum Miners Extracting Value, but this just scratched the surface. Below the fold I review ten more contributions.

Tuesday, September 6, 2022


I'm starting to see a series of papers each showing that some assertion about the cryptocurrency ecosystem that crypto-bros make can't be true. I wrote about the first one I noticed in Ethereum Has Issues, but I have since seen several more. Below the fold I briefly review them, I'll update this post if I see more to maintain a chronological list of these research results.

Tuesday, August 23, 2022

Investment Frauds

It appears that Preston Byrne, inspired by @DontPanicBurns, coined the term "Nakamoto Scheme" in 2017's The Problem with Calling Bitcoin a “Ponzi Scheme”:
The Nakamoto Scheme is an automated hybrid of a Ponzi scheme and a pyramid scheme which has, from the perspective of operating a criminal enterprise, the strengths of both and (currently) the weaknesses of neither.

The Nakamoto Scheme draws strength from the same things which make pyramids and Ponzis so compelling, in that it promises insane investment returns, can be accessed by the man on the street with almost no effort at all, and recruits individual participants as new, self-interested evangelists of the scheme.
Byrne made no suggestion that the fraudulent aspects were intentional, and in riffing on Byrne's post David Gerard amplified the point:
The problem with calling Bitcoin a “Ponzi scheme” or “pyramid scheme” is that a Ponzi conventionally has a mastermind at the top, making the money.

Bitcoin doesn’t have that. (And Bitcoiners are very big on this as a reason not to call it a “Ponzi”!) Satoshi Nakamoto appears to have been completely sincere in setting up Bitcoin.

Even given Nakamoto’s extensively documented political aims for Bitcoin — an anarcho-capitalist reimplementation of the gold standard, with banker conspiracies along for the ride — he was disconcerted at just how rabid the fans got about the possibility of profit. He even asked them to hold off on video card mining because it would spoil things for getting everyone involved.
Now, in THE STRANGE CASE OF NAKAMOTO'S BITCOIN - PART 1, Sal Bayat repeats Byrne's analysis in much greater detail but does suggest that Nakamoto intended the fraud. Below the fold I critique Bayat's post

Thursday, August 18, 2022

Forking Ethereum

The problems caused by making vulnerable software immutable were revealed by the first major "smart contract". The Decentralized Autonomous Organization (The DAO) was released on 30th April 2016, but on 27th May 2016 Dino Mark, Vlad Zamfir, and Emin Gün Sirer posted A Call for a Temporary Moratorium on The DAO, pointing out some of its vulnerabilities; it was ignored. Three weeks later, when The DAO contained about 10% of all the Ether in circulation, these vulnerabilities were exploited:
allowing the removal of more than 3m ethers.

Subsequent exploitations allowed for more funds to be removed, which ultimately triggered a ‘white hat’ effort by token-holders to secure the remaining funds. That, in turn, triggered reprisals from others seeking to exploit the same flaw.

An effort to blacklist certain addresses tied to The DAO attackers was also stymied mid-rollout after researchers identified a security vulnerability, thus forcing the hard fork option.
The "hard fork" split the Ethereum blockchain into two. On the fork that became today's Ethereum the coins in The DAO ended up in a new "smart contract" from whence they could be recovered by the investors. On the fork that became today's Ethereum Classic, the coins stayed in the various attackers' wallets and were renamed ETC. When ETC started trading on 27th July 2016 it opened at $0.60; ETH was trading at $12.97. Since then, ETH peaked at $4.8K and ETC peaked at $137, so it is clear which fork the market preferred.

Back in February Laura Shin published Austrian Programmer And Ex Crypto CEO Likely Stole $11 Billion Of Ether claiming to identify the perpetrator. The headline overhypes the story. The 3.6M ETH stolen from The DAO wasn't worth $11B at the time of the theft, more like $43M. After the hard fork, the 3.6M ETC was worth under $3M; back in February it was worth about $100M.

Now, as the Ethereum team attempts to finalize their long-delayed goal of switching from Proof-of-Work to Proof-of-Stake, another hard fork looms. Below the fold, I look into why this time things are much more complex.