Tuesday, February 26, 2019

Max’s Corner 4: Spotlight on Security

CoinSpeaker
Max’s Corner 4: Spotlight on Security

Two major universities published the results of their studies into crypto security, over 450,00 people fell victim to a security breach, and an op ed curbed the enthusiasm on security tokens. But first let’s get started with the wiki page that’s become the toast of the crypto world.

Users Praise New Bitcoin Wiki Page on Privacy

A novella-sized new article has been published on the Bitcoin Wiki and met with praise by the Bitcoin community. The article was written by Chris Belcher, a coder and crypto-enthusiast. In the article Belcher takes an in-depth look at Bitcoin’s current privacy situation, dispelling many misconceptions in the process.

Belcher starts the article by stating, “as of 2019 most casual enthusiasts of bitcoin believe it is perfectly traceable; this is completely false. Around 2011 most casual enthusiasts believed it is [sic] totally private; which is also false.” He then goes on to explain in detail the real privacy issues that face Bitcoin users. The paper is loaded with real-life examples to illustrate how Belcher came to his conclusion.

Belcher argues that ultimately the onus of protecting one’s privacy falls on individual users. Bitcoin is not an inherently secure platform and never was. And while that limits the capabilities Bitcoin has, especially in terms of making untraceable payments, Bitcoin has provided users with a framework in which they can minimize their traceability. As part of the article, Belcher provides a simplified guideline for people seeking to increase their privacy.

It is not exactly news that Bitcoin isn’t traceable; all you have to do is look at some of the more scandalous headlines in the papers to get acquainted with Bitcoin’s limitations. However, Belcher is right in that Bitcoin has laid a solid framework for users who want to take steps to bolster their security and privacy. Furthermore, Bitcoin has opened the door for others who are more intent on protecting anonymity, like Bytecoin, to fill the roles which it is incapable of filling.

“Security Tokens Are the New Crypto – But You Probably Can’t Afford Them”

Olga Kharif wrote an op-ed for Bloomberg not long ago which has since been widely discussed. In her article Kharif looks at the relatively new phenomenon of security tokens and how they have changed the crypto investment landscape.

Nowadays when people hear about a new project with an ICO they are more likely to react with skepticism than enthusiasm. ICO’s raised over an enormous sum of $21 billion in 2018, but much of that investment money has not spelled out returns for investors, and, in many cases, projects that billed themselves as legitimate turned out to be fraudulent. As a result, the reputation of the crypto industry as a whole has suffered.

Security tokens have emerged from the fallout of burned investors, promising that their projects are compliant with regulations and tying their currencies to assets that exist outside of crypto, such as equity in companies, real estate, and debt. While this seems well and good, there is a catch.

Security tokens work within the provisions of the Securities Act of 1933 to restrict issuance to accredited investors only, eliminating average investors from the picture, thereby circumventing many SEC provisions established to protect smaller investors.

While it seems like the industry is making a concentrated push into more traditional waters, average, independent investors comprise the backbone of the crypto industry. Any exclusion of the common investor would act to the detriment of the community.

At Bytecoin we have thought and deliberated on this issue and the future of the industry extensively, and we hope that our gateway project, and other similar projects throughout the crypto space may help to keep crypto true to its roots.

Scholars from Stanford to Develop Privacy Mechanism for Ethereum Smart Contracts

On the 20th of February, researchers from Stanford published a paper describing a privacy mechanism for Ethereum smart contracts that they have developed. The researchers claim they have created “a fully-decentralized, confidential payment mechanism” called “zether,” which would be compatible with Ethereum and other smart contract platforms.

The researchers claim that all transactions done via Zether would be completely confidential. Users of Zether would be able to hide both the sender and the receiver of transactions among a group of users chosen by the sender. The security of the Zether mechanism would work independently from the smart contract platform it would operate in conjunction with, and the paper claims that it is invulnerable to both malicious code being written into it and to any smart contract insecurities.

Readers experienced with Cryptonote technology will notice that the scheme laid out by the Stanford team is quite similar to Cryptonote’s ring signature mechanism used to make transactions untraceable.

450,000 Users of Coinmama Affected by Security Breach

To the dismay of the entire crypto community, the data of about 450,000 users of Coinmama has ended up on the black market. This was part of a larger attack on over 24 different sites, resulting in over 841 million records from over 30 major companies going up for sale on the dark web.

Although no crypto assets were taken in this security breach, and the hacker seems to have had other targets unrelated to the crypto industry, this is more bad news on the security front at a time when the industry can ill afford it. Billions of dollars are lost every year to bad actors and vulnerable systems.

At the risk of sounding like a broken record, we stress that both users and platforms need to take extra security measures going forward, and people need to start being held accountable for the carnage being wrecked on this sector.

MIT Technology Review: Although Touted for Security, Blockchain Is Still Hackable

Researchers at MIT have conducted a study into the security of blockchain systems and concluded that, although blockchain is often considered to be highly secure, its system are quite vulnerable.

Like the paper we started this review with, MIT’s paper pinpointed a number of factors that make an overall system vulnerable. More than anything else, blockchain systems suffer from the unpredictability of human behavior. As with Bitcoin specifically, human error opens the door for large-scale mistakes to occur and for human greed to enter.

The paper looked at white-hat hacker contests, used by companies to test the security of their network, to show how often blockchains get exposed. While the overall outlook of the piece is pessimistic, the author points to a few newer startups looking to clean up vulnerable code across the industry as a potential reason for optimism moving forward.

However, these type of cleanup projects are only capable of doing so much when systems are constantly evolving and human behavior is always altering them.

Max’s Corner 4: Spotlight on Security



Max’s Corner 4: Spotlight on Security

Cryptocurrency is a digital currency that uses encryption (cryptography) to regulate the generation of currency and verify the transfer of funds, independently of a central bank. Cryptography is the practice and study of techniques for secure communication in the presence of third party adversaries.


Blockchain 101 · Crytpo Currency Market
---------------------------------------------------
Trezor: Hardware Wallet
Binance: Exchange for Traders
Ledger Nano S: Hardware Wallet
Coinbase: Exchange for Investors
CoinSwitch: Wallet-to-Wallet Exchange