Posts tagged security

Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit

defi blockchain security attacks flash loans March 11, 2020 at 02:00 PM Kaihua Qin, Liyi Zhou, Benjamin Livshits, and Arthur Gervais
Flash loans are a recent blockchain smart contract construct that enable the issuance of loans that are only valid within one transaction and must be repaid by the end of that transaction. This post examines recent flash loan attacks on DeFi, and outlines how they could have been far more effective, boosting attack profitability to 829K USD (instead of 350K USD) and 1.1M USD (instead of 600K USD), respectively.

Choose-Your-Own-Security-Disclosure-Adventure

security disclosure May 30, 2018 at 10:15 AM Emin Gün Sirer
In this Choose Your Own Adventure Game, you navigate the process of warning the world about an exploit you have uncovered in a large software project.

An In-Depth Look at the Parity Multisig Bug

ethereum parity wallet security July 22, 2017 at 09:47 AM Lorenz Breidenbach, Phil Daian, Ari Juels, and Emin Gün Sirer
We do a deep-dive into Parity's multisig bug.

Parity's Wallet Bug is not Alone

ethereum bitgo parity wallet security July 20, 2017 at 05:18 AM Emin Gün Sirer
The bug in the Parity multisig wallet that caused the loss of $30M has the same root cause as a bug in the BitGo multisig wallet that I found a year ago.

Outsourcing in Higher Ed Considered Harmful

security surveillance highered orgsync August 29, 2016 at 08:16 AM Emin Gün Sirer
I make the case that the current trend towards outsourcing functions out of universities to third-party providers constitutes a security vulnerability, and that progressive institutions need to resist this trend to fight large-scale surveillance operations.

How the Bitfinex Heist Could Have Been Avoided

bitcoin vaults security August 03, 2016 at 07:20 AM Emin Gün Sirer
The Bitfinex attack, and similar heists from Bitcoin exchanges, are preventable with a small extension to Bitcoin.

The ShapeShift Hack: Simply Incredible

shapeshift security bitcoin ethereum April 25, 2016 at 08:48 AM Emin Gün Sirer
There was a series of heists at ShapeShift, followed by an offered explanation. That offered explanation has more holes in it than Swiss cheese.

What Secures the Central Bank of Bangladesh

security finance April 23, 2016 at 10:58 AM Emin Gün Sirer
New details are emerging about the state of security at the Central Bank of Bangladesh, and it puts Bitcoin exchanges to shame.

Bitcoin Vaults: How to Put an End to Bitcoin Theft

bitcoin security vaults February 29, 2016 at 01:15 PM Malte Möser, Ittay Eyal, and Emin Gün Sirer
Bitcoin vaults have the potential to stop Bitcoin thefts from Bitcoin clients. This post answers some frequently asked questions about them.

How to Implement Secure Bitcoin Vaults

bitcoin security vaults February 26, 2016 at 09:00 AM Malte Möser, Ittay Eyal, and Emin Gün Sirer
We have come up with a simple and elegant technique for implementing hack-proof Bitcoin vaults, to deter Bitcoin thefts.

All Your Voter Data Are Belong To H4x0rz

nosql mongo hyperdex security data breach December 28, 2015 at 07:00 PM Emin Gün Sirer
The biggest data breach of the year. Of course, it involves Mongo.

HyperDex 1.6.0: MongoDB Compatibility

hyperdex release security mongodb January 12, 2015 at 01:44 PM Robert Escriva
HyperDex 1.6.0 release, with MongoDB compatibility

The Miner's Dilemma

bitcoin mining pools security 51% December 03, 2014 at 12:15 PM Ittay Eyal
In a new analysis of Bitcoin mining, Ittay Eyal shows that the equilibrium between miners is unstable, and identifies a stable equilibrium that might, as a side effect, reduce the size of open, public mining pools.

State of Computer Security, 2014 Edition

bitcoin security November 30, 2014 at 09:17 AM Emin Gün Sirer
State of computer security remains dismal, as evidenced by the lengths Bitcoin users must go through to secure their digital assets.

Time for Better Security for NoSQL

nosql hyperdex security opsec release November 23, 2014 at 11:25 AM Robert Escriva and Emin Gün Sirer
It's time to secure data in NoSQL databases with strong guarantees, at fine granularity, and with low overhead. Macaroons, from Google, are designed for this purpose. This post shows have Macaroons can be used in HyperDex to secure NoSQL data.

HyperDex 1.5.0: Authorization

hyperdex release security November 20, 2014 at 01:40 PM Robert Escriva
HyperDex 1.5.0 release, with authorization

Bitcoin and Voting Power

bitcoin security ghash 51% voting June 19, 2014 at 05:56 PM Emin Gün Sirer
This is a quick blog post to dispel a common Bitcoin misconception/myth involving voting power.

How to Disincentivize Large Bitcoin Mining Pools

bitcoin security mining pools 51% June 18, 2014 at 02:03 PM Ittay Eyal and Emin Gün Sirer
We outline a small change to the Bitcoin mining protocol that rules out big, public mining pools. It preserves the current investment in Bitcoin by both existing users and by existing miners. It presents a fix to GHash's recent 51% excursion.

How A Mining Monopoly Can Attack Bitcoin

bitcoin security mining pools 51% June 16, 2014 at 02:35 PM Ittay Eyal and Emin Gün Sirer
There seems to be a lot of confusion over the kinds of attacks that a Bitcoin mining monopoly can engage in. We clarify the space of attacks available to a Bitcoin mining monopoly.

It's Time For a Hard Bitcoin Fork

bitcoin security ghash 51% June 13, 2014 at 02:05 PM Ittay Eyal and Emin Gün Sirer
A Bitcoin mining pool, called GHash and operated by an anonymous entity called CEX.io, just reached 51% of total network mining power today. Bitcoin is no longer decentralized. This note describes what we should do about it.

My First Macaroon: A New Way to do Authorization

macaroons security authorization May 21, 2014 at 03:20 PM Robert Escriva
Macaroons provide a safer way to authenticate users than using raw cookies. In this article, we walk through how to get started with the macaroons library, and how to create and verify your first macaroon.

Macaroons are Better Than Cookies!

macaroons security authorization release May 16, 2014 at 08:00 AM Robert Escriva and Emin Gün Sirer
Macaroons are a new way to perform authorization in distributed systems.

BTC Guild Gets Lucky

bitcoin security selfish-mining January 01, 2014 at 11:13 PM Ittay Eyal and Emin Gün Sirer
BTC Guild released a number of blocks in quick succession, making some people worry that they are selfish mining. We discuss the evidence.

Bitcoin Block Propagation Speeds

bitcoin security selfish-mining November 25, 2013 at 03:15 PM Ittay Eyal and Emin Gün Sirer
New measurements show that successful selfish mining attacks are quite feasible.

Why Da Man Loves Bitcoin

bitcoin security anonymity November 19, 2013 at 08:41 AM Emin Gün Sirer
The Feds testified exuberantly in favor of Bitcoins yesterday, driving the BTC price through the roof to $900 USD. This is my quick reaction to what happened and what we should do about it.

Selfish Mining Simulator

bitcoin security selfish-mining November 17, 2013 at 02:40 PM Ittay Eyal and Emin Gün Sirer
There is now a visual simulator for our selfish mining attack.

Response to Feedback on Selfish Mining

bitcoin security selfish-mining November 14, 2013 at 09:45 AM Ittay Eyal and Emin Gün Sirer
There have been some early, and often misplaced, responses to the vulnerabilities we discovered in the Bitcoin system. This post addresses them.

No, You Di'n't!

bitcoin security selfish-mining November 09, 2013 at 11:55 AM Ittay Eyal and Emin Gün Sirer
The claim that our results were previously known to the Bitcoin community is specious.

Response to Fairweather Mining

bitcoin security broken selfish-mining November 08, 2013 at 11:21 AM Ittay Eyal and Emin Gün Sirer
Fairweather mining has been suggested to argue that selfish mining would be a short-lived strategy, but fairweather mining analysis is flawed because it does not take proofs of work into account.

Altruism Among Capitalists?

bitcoin security selfish-mining November 05, 2013 at 10:30 AM Ittay Eyal and Emin Gün Sirer
If the health of your cryptocurrency requires Gordon Gekko to make sacrifices, it is doomed.

Some Frequently Asked Questions on Selfish Mining

bitcoin security selfish-mining November 05, 2013 at 10:30 AM Ittay Eyal and Emin Gün Sirer
Some clarifications and answers to frequently asked questions about the selfish mining attack on Bitcoin.

Bitcoin Is Broken

bitcoin security broken selfish-mining November 04, 2013 at 10:30 AM Ittay Eyal and Emin Gün Sirer
We discovered an attack against the Bitcoin mining protocol that can have a significant impact on the Bitcoin community.

DNS Fails the NYTimes

dns security August 27, 2013 at 08:50 PM Emin Gün Sirer
DNS continues to be a weak, fragile system.