this post was submitted on 09 Nov 2023
286 points (96.7% liked)

Technology

57455 readers
4586 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
286
Monero Project admits thieves stole 6-figure sum from a wallet in mystery breach (www.theregister.com)
submitted 9 months ago by [email protected] to c/[email protected]
74 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 50 points 9 months ago (35 children)

The linked article (and so AutoTL;DR) is not very accurate. If you’re interested in this incident, read the original post, which is short and compact. General media articles are only quoting or re-quoting this thread, typically with some misunderstanding.

Specifically (about this post): Among other things, multisig is only suggested; nothing has been decided yet.

Generally (in many similar articles): Probably a specific local machine was hacked, though no one really knows yet what happened. It’s unlikely that the Monero network itself was hacked.

Since I’m a Monero supporter, obviously I tend to say good things about it, but frankly, the ironical fact here is, Monero is so privacy-focused that when something like this happens, it’s difficult to identify the attacker—i.e. by design Monero also protects the identity of the attacker. Some Monero users are having this weird, paradoxical feeling: it would be nice if we could catch this evil attacker, but being able to catch the attacker would be in a way very bad news for Monero (if you know what I mean) 😕

[–] [email protected] 26 points 9 months ago (4 children)

I used to be an old school supporter of cryptocurrency too, until that is when the scammers got their mitts into it and it went from a funny little technical hobby worth nothing to an overinflated shitfight that's robbed many people of their life savings.

Honestly, the entire cryptocurrency ecosystem is a parody of its former self and nothing the original inventors of it wanted it to become.

[–] [email protected] 17 points 9 months ago (12 children)

Exactly, except not “the entire”, but “almost entire”?

Monero has been largely detached from CEXes, no companies, no middle men… Many users still have that idealism, a cypherpunk philosophy, that which Bitcoin tried to achieve originally. It’s community-based and crowd-funded… Some of that fund was stolen, so we’ve got to admit that the Monero community was not so smart after all… Yeah, a bit embarrassing tbh. To err is human, I guess.

For example, we do have a zero-fee donation site kuno.anne.media and recently help some girl buy a laptop or doing things like that. Some of Monero users are idealists by nature, maybe silly dreamers or naive philosophers, but definitely not greedy HODLERs. Weird people, either way, haha 😅

load more comments (12 replies)
[–] [email protected] 5 points 9 months ago (1 children)

The nice thing about the unregulated cryptocurrencies is that everyone loose exactly how much they deserve to loose. No more.

[–] [email protected] 2 points 9 months ago (1 children)

loooooose

[–] [email protected] 2 points 9 months ago* (last edited 9 months ago)

There are words that I always spell out wrong unless I do a double check before posting.

However, I've heard somewhere, that this is not necessarily a mistake. Just a language evolving. So I'm not fixing it. /s

edit: Jesus, I did it twice. I wouldn't be so mad if it wasn't a post in which I try to act so smug.

load more comments (2 replies)
load more comments (34 replies)
[–] [email protected] 16 points 9 months ago* (last edited 9 months ago) (9 children)

I'm just making a wild guess, but it was probably the North Korean Cyberattack Force. They have been behind some of the largest crypto heists before in order to get clams in the goverments coffers.

The blockchain analytics provider attributed the attack to the North Korean state-sponsored Lazarus Group, which it says has stolen more than $2 billion across several heists.

( ͡° ͜ʖ ͡°) Nailed it

[–] [email protected] 7 points 9 months ago (1 children)

The linked article is inaccurate and misleading. Your wild guess is based on that.

Currently the best blockchain analytics publicly available about the incident is this by Moonstone, and even though it seems that the victim shared the secret key with them, nothing much is known due to the nature of the privacy coin. No way other analytics providers could tell more.

Check the original source and some of the comments there before making an irresponsible accusation like the attackers must be North Korean (or Russian, Muslim, Romany, …). A knee-jerk suggestion like that does not only promote unfair racism/stereotypes, but it helps cover up the real mastermind. Although, it’s not your fault that the article is misleading, and we can’t rule out any possibility including what you suggested. The real problem here is this confusing, poorly-written article…

[–] [email protected] 4 points 9 months ago* (last edited 9 months ago)

Actually I based my wild guess at reporting that NPR did a couple of years back regarding different thefts of crypto and that the intelligence community determined it was a hacker group in North Korea that was supported and funded by their own government as a way to get around the sanctions.

My subsequent confirmation came from reading the article, but I already had the same suspicions, however I will admit my error if it indeed turns out it wasn't North Korea (haven't been able to read the links you provided yet)

load more comments (8 replies)
[–] [email protected] 14 points 9 months ago

NSA playing around with their new quantum toys maybe. Joking.

[–] [email protected] 10 points 9 months ago

€418k

2675 XMR x €156,26 = €418109.

[–] [email protected] 1 points 9 months ago

This is the best summary I could come up with:

The project's maintainers have "taken additional precautions" to secure the other wallets associated with Monero, such as enabling multisig so more than one individual is required to sign off on any given transaction.

In response to the attack, Atomic Wallet contacted victims to gather information about their setups in an attempt to determine the source of the breach, but has not yet publicized its findings.

In October, Atomic Wallet revealed it was able to work with leading cryptocurrency exchanges to freeze $2 million in stolen funds related to the earlier incident.

Tracking the wallet-draining attacks, Taylor Monahan, lead product manager/owner at cryptocurrency wallet software company MetaMask, said the profile of victims "is the most striking thing" and they're all "reasonably secure" and reputable organizations.

There is a wide diversity of cryptocurrencies and blockchains that have been successfully targeted, including Bitcoin, Monero, and Ethereum, and wallets with seed lengths of 12 and 24 words have both been breached.

LastPass CEO Karim Toubba told The Register that there is no current evidence linking the company's breach to the ongoing wallet-draining attacks.

The original article contains 863 words, the summary contains 179 words. Saved 79%. I'm a bot and I'm open source!

load more comments
view more: next ›