Bitcoin Anonymity at what cost?

Wasabi Wallet

We’ve already heard of “tumblers” which make it very difficult to trace the true sender or receiver of a Bitcoin transaction.  Now we have the “Wasabi” wallet project, which does something a bit differently.  It actually uses the Tor network to anonymize you on the Bitcoin network.  However, I think this is a risky move because malicious actors on the Tor network (especially exit nodes) have been setup by malicious groups including government agencies for surveillance and other use.

The problem with depending on the Tor network and a third party client is what if someone injects malicious code such as the Bitcoin Gold client scam?  Even if that’s not the case what if some malicious Tor node runners get together and target Bitcoin users and use it to successfully trick the Wasabi client into thinking you’ve received money you don’t have?  It would certainly be an effort and tricky but with enough time, money and resources it is a likely possibility based on the reward value alone.

So, well the idea is well-intentioned I think trying to solve it any other way  is risky and it should be the Bitcoin code base that is modified to support these features.

Another personal alternative is that you can use your own personal proxy or server to hide your real IP as this is already a supported feature of the Bitcoin client itself.

What do you think?


NEM Gives Up Chase for $500M USD in Stolen Coins

For no apparent reason NEM has given up the chase for these coins.  In all fairness I don’t think it was ever their issue, the stolen coins were the fault of the Coincheck Exchange’s security and not due to any flaw in the NEM client or network side.  Of course naturally they were interested but one bold prediction is that “hackers would not be able to launder the coins due to lack of liquidity”.  I am not sure if the NEM developers really believed that or if they thought heat on the exchanges would dissuade or slow the thieves down.  I suspect they exchanged the NEM for other coins and then sold them back again clean through multiple exchanges.

I would say this isn’t bad for cryptocurrency because bank heists occur each day and nothing stops one from spending or exchanging the money in real life.  It’s really no different than the initial fears of “e-commerce sites were hacked” just as real life stores have theft and holdups everyday.  It is just a matter of mitigation whether physical or virtual.

But with that aside NEM clearly said they were ending the chase and wouldn’t say much more due to the “sensitivity of the investigation”.  This is something I find a little strange, is it that they did find something but the authorities have forbidden them from disclosing it?

Was this an inside job on the part of Coincheck in Japan or was it something else explosive that they found?  Could it have been a rival currency, bankers or government behind the hack?  Anything is possible and speculation will rightfully run abound until more details emerge.

Ledger Nano S Bitcoin Altcoin Hardware Wallet Hacked By Teenager

I have warned for awhile about these hardware wallets.  I’ve never trusted them as you truly don’t know what is in the hardware or firmware and if it could be extremely vulnerable.  As bad as it sounds a traditional, secure PC is still the safer way to handle your cryptocurrency.

A teenager stumbled upon a vulnerability by noting the CPU that controls the private keys cannot differentiate between authentic or user made firmware.  This CPU is used to transmit data including keys.  Without much effort he was able to compromise this supposedly secure hardware wallet.

On top of that it looks like Ledger tried to downplay the issue and brush off the teenager who warned them of the vulnerability.  In all fairness physical is required but that’s not good, you shouldn’t worry that if your hardware wallet is found that someone could easily extract your private keys and coins from it!

They’ve also recently admitted another vulnerability exists where attackers could trick users to send out their funds to hackers.

For this reason I still don’t recommend hardware wallets, you are much safer on a secure computer.