Category: Hacking

Even simpler mistake leads to 250M+ USD in ether frozen/lost

Even simpler mistake leads to 250M+ USD in ether frozen/lost A simple bug in the fixed version of the multisig-wallet contract deployed by the ethereum-wallet parity to fix the attack i wrote about in a previous blog-post just caused 250M+ USD in ethers to be frozen/lost. How was this possible? To conserve space on the blockchain the parity-team deployed a contract that other multisig-wallets could call to use functions, much like a library. The problem was that this contract had […]

Read More

Simple mistake leads to 30M+ USD theft

Simple mistake leads to 30M+ USD theft A simple bug in the multisig-wallet contract deployed by the ethereum-wallet parity just netted some attacker over 30M USD (153k ETH). How was this possible? The contract that was used for the multisig-wallet was missing a very simple check: Do not allow anyone to call the function initWallet if it already has been called. This is the relevant parts of the solidity-code:

It is important to remember that functions in Solidity are […]

Read More

Bytecoin was exploited

Bug in CryptoNote A rather serious bug in all CryptoNote-based cryptocoins was recently released by the monero-community. The bug allowed for forging of keyimages, essentially allowing skilled individuals to mint new coins at will. First i would like to congratulate Fluffypony and the other monero-developers to have handled this situation VERY professionally and responsible. Bytecoin Although i consider Bytecoin to be shady at best and an outright scam at worst, there are lots of new people in the community that […]

Read More

Introducing KnCMinion – A pimped UI for the KnC Titan miner

KnCMinion User-interfaces for cryptocurrency-miners are notoriously old-fashioned. A machine such as the Titan, priced in the $10000-range, deserves a better user-interface. KnCMinion is my way of giving back a more modern and beautiful UI to KnC and the mining-community. Titan UI – Before The original interface only provides the most basic information. (The HTML is, by the way, generated by a server-side bash-script, yuck!) Titan UI – After The KnCMinion interface is located in a subdirectory (/kncminion) and is designed […]

Read More

Unicode visual spoofing for fun and profit

Swift Apple recently announced Swift, an innovative new programming language for iOS/OSX. According to their product-page the language is designed for safety: Swift eliminates entire classes of unsafe code. Variables are always initialized before use, arrays and integers are checked for overflow, and memory is managed automatically. Syntax is tuned to make it easy to define your intent — for example, simple three-character keywords define a variable (var) or constant (let). I really like the idea of shifting the security […]

Read More

Whatever works, works!

SEC-T 2012 I recently had the privilege of attending SEC-T 2012, one of the few really technical Swedish security conferences. [http://www.sec-t.org] All in all a really great conference, i got to talk to some cool people and i really think that everyone left with a vast amount of new knowledge and ideas. But that is not really what this post is about.. This post is a lesson in practicality. The problem SEC-T had a on-site competition during the entire conference. […]

Read More