Posts tagged security

Flash loans are a recent blockchain smart contract construct that enable the issuance of loans that are only valid within one transaction and must be repaid by the end of that transaction. This post examines recent flash loan attacks on DeFi, and outlines how they could have been far more effective, boosting attack profitability to 829K USD (instead of 350K USD) and 1.1M USD (instead of 600K USD), respectively.


In this Choose Your Own Adventure Game, you navigate the process of warning the world about an exploit you have uncovered in a large software project.
We do a deep-dive into Parity's multisig bug.

Parity's Wallet Bug is not Alone

The bug in the Parity multisig wallet that caused the loss of $30M has the same root cause as a bug in the BitGo multisig wallet that I found a year ago.
I make the case that the current trend towards outsourcing functions out of universities to third-party providers constitutes a security vulnerability, and that progressive institutions need to resist this trend to fight large-scale surveillance operations.

How the Bitfinex Heist Could Have Been Avoided

The Bitfinex attack, and similar heists from Bitcoin exchanges, are preventable with a small extension to Bitcoin.

The ShapeShift Hack: Simply Incredible

There was a series of heists at ShapeShift, followed by an offered explanation. That offered explanation has more holes in it than Swiss cheese.

What Secures the Central Bank of Bangladesh

New details are emerging about the state of security at the Central Bank of Bangladesh, and it puts Bitcoin exchanges to shame.
Bitcoin vaults have the potential to stop Bitcoin thefts from Bitcoin clients. This post answers some frequently asked questions about them.

How to Implement Secure Bitcoin Vaults

We have come up with a simple and elegant technique for implementing hack-proof Bitcoin vaults, to deter Bitcoin thefts.

All Your Voter Data Are Belong To H4x0rz

The biggest data breach of the year. Of course, it involves Mongo.
HyperDex 1.6.0 release, with MongoDB compatibility
In a new analysis of Bitcoin mining, Ittay Eyal shows that the equilibrium between miners is unstable, and identifies a stable equilibrium that might, as a side effect, reduce the size of open, public mining pools.

State of Computer Security, 2014 Edition

State of computer security remains dismal, as evidenced by the lengths Bitcoin users must go through to secure their digital assets.

Time for Better Security for NoSQL

It's time to secure data in NoSQL databases with strong guarantees, at fine granularity, and with low overhead. Macaroons, from Google, are designed for this purpose. This post shows have Macaroons can be used in HyperDex to secure NoSQL data.
HyperDex 1.5.0 release, with authorization

Bitcoin and Voting Power

This is a quick blog post to dispel a common Bitcoin misconception/myth involving voting power.
We outline a small change to the Bitcoin mining protocol that rules out big, public mining pools. It preserves the current investment in Bitcoin by both existing users and by existing miners. It presents a fix to GHash's recent 51% excursion.
There seems to be a lot of confusion over the kinds of attacks that a Bitcoin mining monopoly can engage in. We clarify the space of attacks available to a Bitcoin mining monopoly.

It's Time For a Hard Bitcoin Fork

A Bitcoin mining pool, called GHash and operated by an anonymous entity called, just reached 51% of total network mining power today. Bitcoin is no longer decentralized. This note describes what we should do about it.
Macaroons provide a safer way to authenticate users than using raw cookies. In this article, we walk through how to get started with the macaroons library, and how to create and verify your first macaroon.
Macaroons are a new way to perform authorization in distributed systems.

BTC Guild Gets Lucky

BTC Guild released a number of blocks in quick succession, making some people worry that they are selfish mining. We discuss the evidence.

Bitcoin Block Propagation Speeds

New measurements show that successful selfish mining attacks are quite feasible.

Why Da Man Loves Bitcoin

The Feds testified exuberantly in favor of Bitcoins yesterday, driving the BTC price through the roof to $900 USD. This is my quick reaction to what happened and what we should do about it.

Selfish Mining Simulator

There is now a visual simulator for our selfish mining attack.

Response to Feedback on Selfish Mining

There have been some early, and often misplaced, responses to the vulnerabilities we discovered in the Bitcoin system. This post addresses them.

No, You Di'n't!

The claim that our results were previously known to the Bitcoin community is specious.

Response to Fairweather Mining

Fairweather mining has been suggested to argue that selfish mining would be a short-lived strategy, but fairweather mining analysis is flawed because it does not take proofs of work into account.

Altruism Among Capitalists?

If the health of your cryptocurrency requires Gordon Gekko to make sacrifices, it is doomed.
Some clarifications and answers to frequently asked questions about the selfish mining attack on Bitcoin.

Bitcoin Is Broken

We discovered an attack against the Bitcoin mining protocol that can have a significant impact on the Bitcoin community.

DNS Fails the NYTimes

DNS continues to be a weak, fragile system.