this post was submitted on 09 Nov 2023
262 points (96.5% liked)

Technology

59135 readers
2842 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
262
Monero Project admits thieves stole 6-figure sum from a wallet in mystery breach (www.theregister.com)
submitted 1 year ago by throws_lemy@lemmy.nz to c/technology@lemmy.world
67 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[–] Saki@monero.town 45 points 1 year ago (32 children)

The linked article (and so AutoTL;DR) is not very accurate. If you’re interested in this incident, read the original post, which is short and compact. General media articles are only quoting or re-quoting this thread, typically with some misunderstanding.

Specifically (about this post): Among other things, multisig is only suggested; nothing has been decided yet.

Generally (in many similar articles): Probably a specific local machine was hacked, though no one really knows yet what happened. It’s unlikely that the Monero network itself was hacked.

Since I’m a Monero supporter, obviously I tend to say good things about it, but frankly, the ironical fact here is, Monero is so privacy-focused that when something like this happens, it’s difficult to identify the attacker—i.e. by design Monero also protects the identity of the attacker. Some Monero users are having this weird, paradoxical feeling: it would be nice if we could catch this evil attacker, but being able to catch the attacker would be in a way very bad news for Monero (if you know what I mean) 😕

[–] Kushia@lemmy.ml 23 points 1 year ago (4 children)

I used to be an old school supporter of cryptocurrency too, until that is when the scammers got their mitts into it and it went from a funny little technical hobby worth nothing to an overinflated shitfight that's robbed many people of their life savings.

Honestly, the entire cryptocurrency ecosystem is a parody of its former self and nothing the original inventors of it wanted it to become.

[–] Saki@monero.town 16 points 1 year ago (3 children)

Exactly, except not “the entire”, but “almost entire”?

Monero has been largely detached from CEXes, no companies, no middle men… Many users still have that idealism, a cypherpunk philosophy, that which Bitcoin tried to achieve originally. It’s community-based and crowd-funded… Some of that fund was stolen, so we’ve got to admit that the Monero community was not so smart after all… Yeah, a bit embarrassing tbh. To err is human, I guess.

For example, we do have a zero-fee donation site kuno.anne.media and recently help some girl buy a laptop or doing things like that. Some of Monero users are idealists by nature, maybe silly dreamers or naive philosophers, but definitely not greedy HODLERs. Weird people, either way, haha 😅

[–] EngineerGaming@feddit.nl 0 points 1 year ago (2 children)

I actually used to think crypto is a "weird fad and some thing people use to try getting rich". But then sanctions happened, and now I ADORE Monero. It allows me to easily pay for things I would've otherwise had to jump through hoops for. I am so happy that we at least somewhat have a payment system that can't be controlled)

[–] volleyballcrocodile@lemmy.world 2 points 1 year ago (1 children)

What would be some examples of things you pay for with monero that you'd usually have to jump through hoops for?

[–] EngineerGaming@feddit.nl 1 points 1 year ago (1 children)

VPS and domain, primarily.

[–] volleyballcrocodile@lemmy.world 1 points 1 year ago (1 children)

Thanks for the reply. Isn't obtaining Monero more difficult then paying for those things on your card? Or are you doing it for the anonymity?

[–] EngineerGaming@feddit.nl 1 points 1 year ago (1 children)

I personally did it because sanctions made my card not work. So it was either paying with Monero directly, or finding a middleman and hoping he wouldn't scam you, not to mention that the latter would probably have higher fees than a Monero seller. But once sanctions are gone, I would probably continue doing so, just because I prefer not to use my bank card at all)

[–] volleyballcrocodile@lemmy.world 1 points 1 year ago

Very fair point.

[–] Saki@monero.town 2 points 1 year ago* (last edited 1 year ago) (1 children)

Originally Bitcoin had nothing to do with “get rich quick”. It felt vaguely like Freenet. It was experimental, philosophical, mathematical, cypherpunk… Almost no one had imagined that investors were going to be interested in it and something like that fad would happen.

Unfortunately it’s not easy to get Monero. In several countries, CEXes don’t support it (delisted). Besides, getting Monero from CEX is not ideal privacy-wise. So, a typical Monero user gets it no-KYC, without using CEX. Which is legal, but rather complicated. That’s why I wouldn’t recommend Monero to regular people.

As you said, Monero is such a great way for payment in a practical sense. Very low fees (~1 cent, no matter how much you send), private (only you can authorize transaction, no need to get a permission from someone else). The community is relatively small (monero.town on Lemmy), but generally nice and cozy. We seldom, if ever, talk about investment… It’s so different from what people think when they hear “crypto”. It’s understandable that some people assume it’s just one of those alt sh*tcoins.

[–] EngineerGaming@feddit.nl 2 points 1 year ago (1 children)

I would not use CEX under any circumstances - they require submitting ID, and I would not trust a random company to keep such data safe. But yea, discovery of sellers is a problem. Was going to go with a Localmonero one before finding someone IRL who sells for cash.

[–] Saki@monero.town 1 points 1 year ago (1 children)

https://monero.town/post/894750 So you did f2f… Glad it works, though. But how to buy it is irrelevant to the OP and is off-topic, so we shouldn’t be talking about that here.

Basically I’d never recommend anyone to buy a significant amount of crypto hoping that you can get rich quick with that. Yes, it might go up, but it may go down. Encouraging such sketchy gambling would be crazy and irresponsible, and more importantly that’s not the original purpose of this technology. Yet you already even know localmonero, so yeah, you’re simply one of us. If you’d like to you can join monero.town or subscribe it from your instance :)

[–] EngineerGaming@feddit.nl 2 points 1 year ago

Nah, I don't have much in the wallet - just for the actual expenses)

load more comments (2 replies)
[–] deafboy@lemmy.world 5 points 1 year ago (1 children)

The nice thing about the unregulated cryptocurrencies is that everyone loose exactly how much they deserve to loose. No more.

[–] nonfuinoncuro@lemm.ee 2 points 1 year ago (1 children)

loooooose

[–] deafboy@lemmy.world 2 points 1 year ago* (last edited 1 year ago)

There are words that I always spell out wrong unless I do a double check before posting.

However, I've heard somewhere, that this is not necessarily a mistake. Just a language evolving. So I'm not fixing it. /s

edit: Jesus, I did it twice. I wouldn't be so mad if it wasn't a post in which I try to act so smug.

load more comments (2 replies)
load more comments (31 replies)
[–] Kodemystic@lemmy.kodemystic.dev 13 points 1 year ago

NSA playing around with their new quantum toys maybe. Joking.

[–] HurlingDurling@lemm.ee 13 points 1 year ago* (last edited 1 year ago) (8 children)

I'm just making a wild guess, but it was probably the North Korean Cyberattack Force. They have been behind some of the largest crypto heists before in order to get clams in the goverments coffers.

The blockchain analytics provider attributed the attack to the North Korean state-sponsored Lazarus Group, which it says has stolen more than $2 billion across several heists.

( ͡° ͜ʖ ͡°) Nailed it

[–] Saki@monero.town 7 points 1 year ago (1 children)

The linked article is inaccurate and misleading. Your wild guess is based on that.

Currently the best blockchain analytics publicly available about the incident is this by Moonstone, and even though it seems that the victim shared the secret key with them, nothing much is known due to the nature of the privacy coin. No way other analytics providers could tell more.

Check the original source and some of the comments there before making an irresponsible accusation like the attackers must be North Korean (or Russian, Muslim, Romany, …). A knee-jerk suggestion like that does not only promote unfair racism/stereotypes, but it helps cover up the real mastermind. Although, it’s not your fault that the article is misleading, and we can’t rule out any possibility including what you suggested. The real problem here is this confusing, poorly-written article…

[–] HurlingDurling@lemm.ee 4 points 1 year ago* (last edited 1 year ago)

Actually I based my wild guess at reporting that NPR did a couple of years back regarding different thefts of crypto and that the intelligence community determined it was a hacker group in North Korea that was supported and funded by their own government as a way to get around the sanctions.

My subsequent confirmation came from reading the article, but I already had the same suspicions, however I will admit my error if it indeed turns out it wasn't North Korea (haven't been able to read the links you provided yet)

load more comments (7 replies)
[–] autotldr@lemmings.world 1 points 1 year ago

This is the best summary I could come up with:

The project's maintainers have "taken additional precautions" to secure the other wallets associated with Monero, such as enabling multisig so more than one individual is required to sign off on any given transaction.

In response to the attack, Atomic Wallet contacted victims to gather information about their setups in an attempt to determine the source of the breach, but has not yet publicized its findings.

In October, Atomic Wallet revealed it was able to work with leading cryptocurrency exchanges to freeze $2 million in stolen funds related to the earlier incident.

Tracking the wallet-draining attacks, Taylor Monahan, lead product manager/owner at cryptocurrency wallet software company MetaMask, said the profile of victims "is the most striking thing" and they're all "reasonably secure" and reputable organizations.

There is a wide diversity of cryptocurrencies and blockchains that have been successfully targeted, including Bitcoin, Monero, and Ethereum, and wallets with seed lengths of 12 and 24 words have both been breached.

LastPass CEO Karim Toubba told The Register that there is no current evidence linking the company's breach to the ongoing wallet-draining attacks.

The original article contains 863 words, the summary contains 179 words. Saved 79%. I'm a bot and I'm open source!

[–] qaz@lemmy.world 1 points 1 year ago

€418k

2675 XMR x €156,26 = €418109.

load more comments
view more: next ›