this post was submitted on 09 Nov 2023
196 points (96.7% liked)

Technology

57453 readers
4581 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
196
Monero Project admits thieves stole 6-figure sum from a wallet in mystery breach (www.theregister.com)
submitted 9 months ago by [email protected] to c/[email protected]
45 comments fedilink hide all child comments
all 46 comments
sorted by: hot top controversial new old
[–] [email protected] 23 points 9 months ago (3 children)

The linked article (and so AutoTL;DR) is not very accurate. If you’re interested in this incident, read the original post, which is short and compact. General media articles are only quoting or re-quoting this thread, typically with some misunderstanding.

Specifically (about this post): Among other things, multisig is only suggested; nothing has been decided yet.

Generally (in many similar articles): Probably a specific local machine was hacked, though no one really knows yet what happened. It’s unlikely that the Monero network itself was hacked.

Since I’m a Monero supporter, obviously I tend to say good things about it, but frankly, the ironical fact here is, Monero is so privacy-focused that when something like this happens, it’s difficult to identify the attacker—i.e. by design Monero also protects the identity of the attacker. Some Monero users are having this weird, paradoxical feeling: it would be nice if we could catch this evil attacker, but being able to catch the attacker would be in a way very bad news for Monero (if you know what I mean) 😕

[–] [email protected] 18 points 9 months ago (3 children)

I used to be an old school supporter of cryptocurrency too, until that is when the scammers got their mitts into it and it went from a funny little technical hobby worth nothing to an overinflated shitfight that's robbed many people of their life savings.

Honestly, the entire cryptocurrency ecosystem is a parody of its former self and nothing the original inventors of it wanted it to become.

[–] [email protected] 10 points 9 months ago (2 children)

Exactly, except not “the entire”, but “almost entire”?

Monero has been largely detached from CEXes, no companies, no middle men… Many users still have that idealism, a cypherpunk philosophy, that which Bitcoin tried to achieve originally. It’s community-based and crowd-funded… Some of that fund was stolen, so we’ve got to admit that the Monero community was not so smart after all… Yeah, a bit embarrassing tbh. To err is human, I guess.

For example, we do have a zero-fee donation site kuno.anne.media and recently help some girl buy a laptop or doing things like that. Some of Monero users are idealists by nature, maybe silly dreamers or naive philosophers, but definitely not greedy HODLERs. Weird people, either way, haha 😅

[–] [email protected] 0 points 9 months ago (2 children)

I actually used to think crypto is a "weird fad and some thing people use to try getting rich". But then sanctions happened, and now I ADORE Monero. It allows me to easily pay for things I would've otherwise had to jump through hoops for. I am so happy that we at least somewhat have a payment system that can't be controlled)

[–] [email protected] 2 points 9 months ago* (last edited 9 months ago) (1 children)

Originally Bitcoin had nothing to do with “get rich quick”. It felt vaguely like Freenet. It was experimental, philosophical, mathematical, cypherpunk… Almost no one had imagined that investors were going to be interested in it and something like that fad would happen.

Unfortunately it’s not easy to get Monero. In several countries, CEXes don’t support it (delisted). Besides, getting Monero from CEX is not ideal privacy-wise. So, a typical Monero user gets it no-KYC, without using CEX. Which is legal, but rather complicated. That’s why I wouldn’t recommend Monero to regular people.

As you said, Monero is such a great way for payment in a practical sense. Very low fees (~1 cent, no matter how much you send), private (only you can authorize transaction, no need to get a permission from someone else). The community is relatively small (monero.town on Lemmy), but generally nice and cozy. We seldom, if ever, talk about investment… It’s so different from what people think when they hear “crypto”. It’s understandable that some people assume it’s just one of those alt sh*tcoins.

[–] [email protected] 2 points 9 months ago (1 children)

I would not use CEX under any circumstances - they require submitting ID, and I would not trust a random company to keep such data safe. But yea, discovery of sellers is a problem. Was going to go with a Localmonero one before finding someone IRL who sells for cash.

[–] [email protected] 1 points 9 months ago (1 children)

https://monero.town/post/894750 So you did f2f… Glad it works, though. But how to buy it is irrelevant to the OP and is off-topic, so we shouldn’t be talking about that here.

Basically I’d never recommend anyone to buy a significant amount of crypto hoping that you can get rich quick with that. Yes, it might go up, but it may go down. Encouraging such sketchy gambling would be crazy and irresponsible, and more importantly that’s not the original purpose of this technology. Yet you already even know localmonero, so yeah, you’re simply one of us. If you’d like to you can join monero.town or subscribe it from your instance :)

[–] [email protected] 2 points 9 months ago

Nah, I don't have much in the wallet - just for the actual expenses)

[–] [email protected] 2 points 9 months ago (1 children)

What would be some examples of things you pay for with monero that you'd usually have to jump through hoops for?

[–] [email protected] 1 points 9 months ago (1 children)

VPS and domain, primarily.

[–] [email protected] 1 points 9 months ago (1 children)

Thanks for the reply. Isn't obtaining Monero more difficult then paying for those things on your card? Or are you doing it for the anonymity?

[–] [email protected] 1 points 9 months ago (1 children)

I personally did it because sanctions made my card not work. So it was either paying with Monero directly, or finding a middleman and hoping he wouldn't scam you, not to mention that the latter would probably have higher fees than a Monero seller. But once sanctions are gone, I would probably continue doing so, just because I prefer not to use my bank card at all)

[–] [email protected] 1 points 9 months ago

Very fair point.

[–] [email protected] -4 points 9 months ago (1 children)

I know exactly what Monaro is and you're not looking at it objectively but as a holder and fan. But that's okay I guess, as long as you're not involved in the scams and just like it for what it is. However, you sound a lot like someone preaching about some religion to others and you should be aware of that.

[–] [email protected] 10 points 9 months ago* (last edited 9 months ago)

Sorry if I sounded unpleasant. I’m not holding Monero, I actually use it (just like one may use Paypal), is all. Still, as you can see I’m from Monero.town, so obviously I’m a fan. Guilty as charged!

I’ve actually been “preaching” about privacy to my friends, but they’re typically like “Google is fine. I have nothing to hide.” Or about PGP (in vain). But I wouldn’t preach about (recommend) the privacy coin to regular people. Like you pointed out, it’s controversial and risky. As a long time user, I know too well about both sides of this.

[–] [email protected] 5 points 9 months ago (1 children)

The nice thing about the unregulated cryptocurrencies is that everyone loose exactly how much they deserve to loose. No more.

[–] [email protected] 2 points 9 months ago (1 children)

loooooose

[–] [email protected] 2 points 9 months ago* (last edited 9 months ago)

There are words that I always spell out wrong unless I do a double check before posting.

However, I've heard somewhere, that this is not necessarily a mistake. Just a language evolving. So I'm not fixing it. /s

edit: Jesus, I did it twice. I wouldn't be so mad if it wasn't a post in which I try to act so smug.

[–] [email protected] -3 points 9 months ago* (last edited 9 months ago) (4 children)

You have to be quite stupid to support crypto in 2023, after Luna, Ftx, NFTs, all the rugpulls and explicit pump and dumps, you morons just keep coming back for more. That last paragraph is pure comedy gold - you're so close to self-awareness it's hilarious.

  • All stablecoins are not stable and a scam, algorithmic ones can't work, since they mimic death spiral financing, and the other ones just gamble their clients money
  • Every non-stable coin is just a bigger fool scam, since there is no use case for crypto, so no way to derive a non-speculative value (beyond selling illegal drugs, 419 scams, and couple of enthusiasts trading it personally as donations and the like)
  • Crypto destroys customer protections, to do a rollback a few bad transactions you have to convince the entire chain to back you and force a fork, creating an alternative, competing version of the economy
  • All consensus mechanisms are geared to allow the wealthy to control the crypto economy, whether it's proof of stake, work or storage, since you can buy all those things with money. They also waste inordinate amounts of energy which translates to an exorbitant transaction cost compared to payment processors like Visa or MasterCard
  • Crypto gives great privacy protections to anonymous criminals and scammers and destroys privacy for anyone using the system as a honest user. If you used your crypto wallet as a bank account, anyone with whom you interacted on the blockchain in a non-anonymous capacity (like, idk, your boss at work, sending you your salary) knows your wallet address, and can figure out where your money is going. You can't hide your dildo purchases or campaign contributions from your employer, no matter how many intermediate accounts you create, there will always be a trace. How fun
  • Crypto aims to prevent man-in-the-middle attacks, when most attacks nowadays are done through social engineering, which crypto makes trivial, due to it's write-only nature. 419 "Nigerian prince" scammers love crypto - because just like their other favorites money transfer through Western Union or MoneyGram and gift cards it's an irreversible payment method. If you pay with your bank account or PayPal, you can dispute transactions or get a chargeback, aside from forking the whole chain there ain't no way you're doing that with crypto. This also makes it perfect for retail scams.
[–] [email protected] 13 points 9 months ago

If you're going to use Luna, FTX, and NFTs as arguments about something like Monero, and I don't want this to sound to mean (hard to convey tone through text), but you probably don't really understand any of them.

I have been both a long time supporter of crypto and the ideas behind it, and I was quick to make fun of the NFTs and have always warned against both keeping large sums money in exchanges and warning against trusting stable coins. I certainly can't garuntee crypto's future, but your argument sounds a lot like somebody saying "a trading card site and two unlicensed online banks went broke so you're stupid for buying Cisco stock" right after the dot com crash.

I reccomend looking into it just a bit more. Even if it's just to be a better anti-crypto advocate.

[–] [email protected] 3 points 9 months ago

I do agree most cryptocurrencies are scammy, or traded speculatively. It’s a free country, so one can do whatever they want to with their own money, but I personally think they’re like greedy gamblers.

I’m a Monero user, not a trader, not an investor. I have Monero because I use it. I support it because I’m a privacy advocate. I’ve never even once used a CEX, totally unrelated to investment. Your points may be valid for those investor people, though.

[–] [email protected] 2 points 9 months ago (1 children)

In the first sentence reiterated insults, in the second just saying it's a scam, and in the third repeating that it's a scam and (absurdly) denying there's a use case.

I'm not even going to read anymore, I'm interested in the arguments against crypto, but not to see some asshole ranting bullshit.

[–] [email protected] -1 points 9 months ago (1 children)

You're partially correct with some of these points.

Theatge amount of energy you mention is really only relevant to proof of work. You've mentioned proof of stake etc - so you should know that. The energy requirements for "proof" techniques such as PoS is negligible

Reversing transactions are 'hard'/infesable - and so in a way they do help scammers - but I think it's a false equivalence. It helps everyone. In my mind it's like says "encryption helps terrorists", that may be true, but it helps us all.

Regarding on chain transaction transparency, there are some chains that are like this (bitcoin), and there are some chains that are not (monero). There's also ways to anonymise transactions through mixers etc if you do care about that. Although, I don't know of anyone that gets their salary into their crypto wallet.

Overall, regulation is slow! But it's getting there. I don't think crpyto will solve all of.humans problems, but I might just help with some. It's going to be interesting seeing how it all plays out - people thought it was going to be here and gone in a year, but it's been over a decade now.

[–] [email protected] 0 points 9 months ago (1 children)

Theatge amount of energy you mention is really only relevant to proof of work. You've mentioned proof of stake etc - so you should know that. The energy requirements for "proof" techniques such as PoS is negligible

It can't compete with payment processors. Proof of stake is also basically just oligarchy, while proof of storage is a waste of hardware. All of them center their validation process on big money investors, who either have a lot of hardware or a lot of money to stake.

Although, I don't know of anyone that gets their salary into their crypto wallet.

So it would be useless for things normal money is useful for? Where's the revolution in banking that I heard about? Banking the unbanked?

Regarding on chain transaction transparency, there are some chains that are like this (bitcoin), and there are some chains that are not (monero).

Here you provided users privacy at the cost of making criminals completely untraceable. Bravo.

How about a bank account, where people who know you won't know your transaction history but police can catch people participating in organized crime?

I don't think crpyto will solve all of.humans problems, but I might just help with some

Which ones? I have not heard of one use case, only excuses from you guys.

[–] [email protected] -1 points 9 months ago

TradFi has a few wealthy individuals that control banking

You say PoS is an oligarchy, but it still offers anyone to participate in markets they previously were unable to. For example, providing liquidity and getting a cut of transaction fees - this is something TradFi has a monopoly on, but now everyday people can get a cut. You're right that people with more money will have a bigger cut - but it's still more equal than TradFi

[–] [email protected] -5 points 9 months ago (2 children)

As you yourself out it, the issue with monero is that it is designed to protect attackers.

[–] [email protected] 9 points 9 months ago

I think I know what you’re trying to say, and that’s actually a difficult point. Privacy is double-edged.

By that logic, you’d have to support chat control, e2e backdoor, eIDAS 45, etc. and ban Tor, Tails, VPN, BitTorrent, or encrypted communication in general because sometimes criminals can (and do) abuse such technology too. While such logic is understandable, I’m a privacy advocate and can’t agree with that. Most libre people, EFF, FSF, etc. have been fighting against that very logic for more than 20 years. I’m one of them.

[–] [email protected] 1 points 9 months ago

It's designed to protect "users".

[–] [email protected] 14 points 9 months ago* (last edited 9 months ago) (2 children)

I'm just making a wild guess, but it was probably the North Korean Cyberattack Force. They have been behind some of the largest crypto heists before in order to get clams in the goverments coffers.

The blockchain analytics provider attributed the attack to the North Korean state-sponsored Lazarus Group, which it says has stolen more than $2 billion across several heists.

( ͡° ͜ʖ ͡°) Nailed it

[–] [email protected] 7 points 9 months ago (1 children)

The linked article is inaccurate and misleading. Your wild guess is based on that.

Currently the best blockchain analytics publicly available about the incident is this by Moonstone, and even though it seems that the victim shared the secret key with them, nothing much is known due to the nature of the privacy coin. No way other analytics providers could tell more.

Check the original source and some of the comments there before making an irresponsible accusation like the attackers must be North Korean (or Russian, Muslim, Romany, …). A knee-jerk suggestion like that does not only promote unfair racism/stereotypes, but it helps cover up the real mastermind. Although, it’s not your fault that the article is misleading, and we can’t rule out any possibility including what you suggested. The real problem here is this confusing, poorly-written article…

[–] [email protected] 4 points 9 months ago* (last edited 9 months ago)

Actually I based my wild guess at reporting that NPR did a couple of years back regarding different thefts of crypto and that the intelligence community determined it was a hacker group in North Korea that was supported and funded by their own government as a way to get around the sanctions.

My subsequent confirmation came from reading the article, but I already had the same suspicions, however I will admit my error if it indeed turns out it wasn't North Korea (haven't been able to read the links you provided yet)

[–] [email protected] 14 points 9 months ago

NSA playing around with their new quantum toys maybe. Joking.

[–] [email protected] 1 points 9 months ago

This is the best summary I could come up with:

The project's maintainers have "taken additional precautions" to secure the other wallets associated with Monero, such as enabling multisig so more than one individual is required to sign off on any given transaction.

In response to the attack, Atomic Wallet contacted victims to gather information about their setups in an attempt to determine the source of the breach, but has not yet publicized its findings.

In October, Atomic Wallet revealed it was able to work with leading cryptocurrency exchanges to freeze $2 million in stolen funds related to the earlier incident.

Tracking the wallet-draining attacks, Taylor Monahan, lead product manager/owner at cryptocurrency wallet software company MetaMask, said the profile of victims "is the most striking thing" and they're all "reasonably secure" and reputable organizations.

There is a wide diversity of cryptocurrencies and blockchains that have been successfully targeted, including Bitcoin, Monero, and Ethereum, and wallets with seed lengths of 12 and 24 words have both been breached.

LastPass CEO Karim Toubba told The Register that there is no current evidence linking the company's breach to the ongoing wallet-draining attacks.

The original article contains 863 words, the summary contains 179 words. Saved 79%. I'm a bot and I'm open source!

[–] [email protected] 1 points 9 months ago

€418k

2675 XMR x €156,26 = €418109.

[–] [email protected] -1 points 9 months ago

Someone had imaginary money on a computer and someone else stole the imaginary money and that's bad because the imaginary money has value in real money and I hate this timeline.