Bitcoin Weekly 2016 September 7: BitcoinTalk.org hacked database for sale, Apple’s cryptocurrency ‘approved list,’ Airbitz ‘foolproof’ password recovery
It looks like the database from BitcoinTalk.org, hacked and stolen in May 2015 has gone up for sale on the dark web from a vendor calling themselves “DoubleFlag.” It can be yours today for 1 BTC (about $620).
After being banned from the Apple iTunes App Store for supporting the Dash payment method, the founder of the Jaxx wallet discovered that Apple has a list of six approved cryptocurrencies including Bitcoin and Ethereum (keep reading for the full list). Mobile Bitcoin wallet Airbitz has released an easy and “foolproof” method for regaining access to its wallet software with “Password Recovery 2.0.”
In Ethereum news, the hacker who hit the Ethereum DAO a few months ago just moved $5.4 million USD worth of ETC (Ethereum Classic coins).
As for the Bitcoin market, the BTC market value has jumped up since last week to $617 from $580. The market value increase happened around September 4, to $600, and then to $610 around September 5. The price has been on a slow recovery from early August when the market value was at $660 before a hack hit major Bitcoin exchange Bitfinex around the beginning of that month.
Leaked database from BitcoinTalk.org goes on sale on the dark web
In May 2015, the BitcoinTalk.org forums—a major forum for Bitcoin discussion and commentary run by the same founder, Theymos, who moderates /r/Bitcoin on Reddit—suffered a hack that led to the theft of its database of users and passwords. That database is now being offered for sale on the dark web by a hacked data vendor known as “DoubleFlag.”
Server compromised due to social engineering against ISP NFOrce. There will be extended downtime for forensic analysis and reinstall.
— BitcoinTalk (@bitcointalk) May 22, 2015
The data in the leaked database includes usernames, e-mail addresses and hashed passwords. While the passwords are encrypted, the software used to encrypt them is part of standard forum software and they may be cracked sooner rather than later. As a result, users who have not already changed their passwords (since last year when the hack was announced) should do so now.
According to an article on HackRead, the price tag for the BitcoinTalk database is 1 BTC (approximately $617.58 USD). The vendor also shared a sample from the database with HackRead, which reveals the full data leaked contains “514,408 accounts, each account has a username, email address, personal text number, gender, date of birth, website title and URL, location and password.”
This is not the first time that BitcoinTalk.org has suffered a hack. On September 3, 2011 the forum was hacked by a prankster who not only stole the database of usernames and passwords (as suspected) but also posted images of TV celebrity Bill Cosby.
Apple’s ‘approved list’ of cryptocurrencies revealed
CryptoCoinsNews reports that when Apple rejected the Jaxx cryptocurrency wallet app from its iTunes App Store that the company also revealed that Apple has a list of approved currencies.
According to Jaxx wallet founder Anthony Di Iorio an Apple representative told him the set of approved cryptocurrencies: Bitcoin, Dogecoin, Litecoin, Ethereum, the DAO and Ripple.
The representative spoke with Di Iorio after Apple removed the Jaxx wallet from the iTunes App Store because it supported Dash, which describes itself as “an open sourced, privacy-centric digital currency with instant transactions.”
Di Iorio told CryptoCoinsNews that he expected the Jaxx wallet to return to the iTunes store with the Dash functionality removed.
This is not the first time that a cryptocurrency-related app had been rejected or removed from the App Store by Apple. For example, the extremely popular Blockchain.info wallet app had been removed in February 2014 and before that the Coinbase wallet and others had been removed.
Also a recent problem for Apple, the iTunes App Store had a problem with malicious clones of official apps appearing in the store—even while the official apps had already been approved.
Mobile wallet Arbitz releases painless password recovery feature
Airbitz, mobile Bitcoin wallet solution, has announced Password Recovery 2.0 for its iOS and Android Bitcoin wallet app alongside the Airbitz-SDK. The newly added feature allows a user to quickly and easily restore a lost wallet (potentially due to a lost or stolen device) using two-key authentication.
“We’re excited to solve one of the biggest challenges facing the mass adoption of cryptocurrency,” said Airbitz CEO Paul Puey. “Solving the problem of securely storing bitcoins without having to worry about lost passwords will help bring the bitcoin economy to the 99 percent of humanity who can benefit from this amazing technology and currently is out of the loop.”
The user keeps the first key in their own private e-mail and Airbitz’s servers store the second key (blindly encrypted with the unlock only known to the user). To unlock the wallet the user must use both keys, one without the other is utterly useless. Regaining the key blindly stored on Airbitz’s servers can only be done by answering two recovery questions (set by the user).
Bitcoin wallets use a variety of storage methods that users can choose between with varying levels of security. Wallets that store secure keys on a mobile device, such as a smartphone, can have the keys (although encrypted) taken from the phone if the device is stolen or lost forever if the device is misplaced. Although it is possible to back up such wallets with special encryption seeds (a series of words printed or written on paper for recovery) this process is cumbersome and difficult. However, this method is considered extremely secure because keys never leave the control of the user.
In order to make the recovery process easy, Airbitz uses the two-key formula designed to make it harder for an attacker to steal the bitcoins (not having knowledge of the second key or the questions/answers needed to recover it). Airbitz itself cannot unlock the wallet on its own either (not having knowledge of the on-device key).
However, this opens up other problems for the user: notably if the Airbitz servers are down or taken offline for any reason a recovery can never be made. The convenience comes with a price in this manner.
The Ethereum DAO hacker withdraws ill-gotten gains from the ETC blockchain
The saga of the Ethereum Decentralized Autonomous Organization (DAO) hack continues with the attacker withdrawing the stolen currency belonging to the classic (pre-fork) Ethereum blockchain. Reddit user BokkyPooBah reports that the attacker has moved ETC (Ethereum Classic coins) from the original account into a newly made account—an amount of 3642408.528 ETC.
The attack on the DAO occurred in mid-June 2016 when an attacker drained around 3,641,694.242 ETH (standard Ethereum coins, worth approximately $55.4 million USD at the time). At the time the attack on the Ethereum DAO caused a massive controversy in the community as in how to stop the attacker and what to do with the coins that were stolen.
To deal with the attack, the Ethereum blockchain hard-forked in order to cut the attacker off from the stolen funds and enable a way to refund the attack. This hard fork produced two separate Ethereum blockchains producing two separate currencies: ETH, which is the going-forward standard Ethereum blockchain and ETC, which is known as Ethereum classic the left-behind unchanged blockchain.
Since the fork was designed to affect ETH, the attacker no longer has access to ETH coins on the primary Ethereum blockchain; however, the attacker did retain the same amount of stolen coins on the ETC blockchain. It is these ETC coins that the attacker then moved this week.
As the hard fork produce a separate Ethereum-based currency, ETC, that currency itself gained its own cryptocurrency market and that market has flourished. In July, SiliconANGLE writer Duncan Riley wrote that ETC’s market cap had reached $76 million. Exchanges such as Poloniex and Coinbase, Inc. even added support for trading ETC after the fork. Since that date the market cap for ETC has increased to $124.74 million USD (according to charts at Cryptocompare.com).
As a result, the ETC moved by the attacker is worth approximately $5.4 million USD as ETC is worth approximately 10 percent of ETH currently ($1.49 per ETC compared to $11.58 per ETH).
Interview with Roger Ver on The Bitcoin Game
The Bitcoin Game, hosted by Rob Mitchell, interviewed Ver about his experience with Bitcoin–starting in 2011 when BTC went for about 10 cents until today. He describes how the currency caught his attention and his role in the community so far.
“Odds are, if you are into Bitcoin, then you know Roger Ver, a.k.a. Bitcoin Jesus. And you possibly are aware that Roger is a huge proponent of increasing Bitcoin’s maximum block size as soon as possible. But he’s not just talking about it, he’s taking action, as you’ll hear,” reads the description of the interview on SoundCloud.
Ver is a common source for SiliconANGLE when it comes to the Bitcoin community and he has been a notable (if sometimes controversial) figure due to his activities, which include starting one of the first Bitcoin-only stores (BitcoinStore.com, closed in 2014), his ownership of the domain name Bitcoin.com, adding a gambling and gaming site to Bitcoin.com, and he has even now made Bitcoin.com into a news source. He even founded and moderates the /r/btc subreddit as a competitor forum to the larger /r/bitcoin subreddit.
Featured image credit: Dawson/Bloomberg News
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU