Crypto security roundup: June 2018
We talk about security a lot at QUOINE because we know how important it is. Understanding how to safely be a part of cryptocurrency is vital. One of the best ways to develop your knowledge of security is to look at issues that have arisen in the past. Here are the main security issues that occurred in this space in June.
On the Monday June 2, ZenCash was the victim of a 51% attack. A 51% attack is when a user controls more than 51% of the hash rate of a coin, allowing them to place incorrect blocks into the blockchain.
The attacker in this instance was able to double-spend three times according to the official statement from the ZenCash team. During the three double-spends the attacker was able to gain a total of 23,152.3 ZEN worth about $500,000 at today’s price. The official statement said that the total supply of ZEN remains the same and that the attacker essentially stole the acquired funds from an exchange.
A 51% attack is technically possible for any PoW coin, but the higher the market cap, the more money it costs to take control of 51% of the network. In the case of ZenCash, the cost of a one-hour attack would cost a malicious user about US$6,000.
On June 20, crypto exchange Bithumb was the victim of theft. Hackers stole about US$31 million from the exchange. Bithumb is the sixth-largest crypto exchange in the world. In the announcement of the stolen funds the Bithumb team also stated that they would cover the loss, so no users would be affected. The Bitthumb team have also announced that they have recovered almost half of the lost funds by working together with other exchanges.
Exchanges should be doing all they can to protect their customers’ funds. This is why at QUOINE we employ the highest security measures we can. Be vigilant in your evaluation of exchanges to ensure your funds are truly safe.
API issues can arise when someone uses phishing methods to obtain access to API keys, which can then be used to manipulate the prices of some coins. Phishing has become increasingly prominent and it is vital to be sure you only ever login to legitimate, trusted websites.
ICX Smart Contract Bug
ICON (ICX) experienced a bug in a smart contract in June. The bug, which was discovered initially in Yggdrash (YEED), meant anyone, except the creator of the smart contract, could enable or disable all token transfers. Shortly after this bug discovery, it was found to exist in an ICX smart contract. One individual spammed the contract with “disable transfer” transactions. The result of this is that ICX could not be moved from any wallet.
The ICX team released an official statement, stating that they have implemented a solution to mitigate further problems and that this issue would not threaten the security of any ICX tokens.
Syscoin GitHub Hacked
The Syscoin team announced that their official Windows client had been replaced by a hacker, with a different version including malware. This was made available on June 9 via the Syscoin Windows installer on the Syscoin GitHub account, which was compromised. The installer contained a trojan which is well known for stealing passwords and wallet keys. The Syscoin team have issued some recommendations to users who may be affected. All team members have been told to have 2FA in place for GitHub access.
There are two lessons to be learnt from this: always ensure you are completely sure that what you download is safe and always have 2FA enabled wherever you can.
These were some of the largest issues that occured in June. Keep your eyes open and be vigilant. QUOINE will help you store and trade your funds safely.