DOCSLIB.ORG

Blockchain Industry Projects

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Blockchain Industry Projects #RSAC SESSION ID: TFA-F02 HACKING THE BLOCKCHAIN INDUSTRY PROJECTS Aleksandr Lazarenko Technical Director for Blockchain Security Projects Group-IB Is it worth knowing anything about blockchain for hacking purposes? Rise of the Blockchain Crime Blockchain crime growth #RSAC 12 10 8 6 4 2 0 2011 2012 2013 2014 2015 2016 2017 !4 The only thing hackers need to steal is … #RSAC The Private Key E9873D79C6D87DC0FB6A577… !5 How you can store private keys? #RSAC Hot storage Cold storage E9873D79C6D87DC0FB6A577… E9873D79C6D87DC0FB6A577… !6 Hot/cold storage distribution #RSAC Typical storage structure in blockchain project escrow 80 / 20 Cold storage Hot storage !7 New type of hackers Reasons to Hack Blockchain Companies #RSAC Big, anonymous, 16+ fast money Bugs Teams Low security As easy as a pie* Almost ready } for laundering... Same passwords !9 Attack types used against blockchain projects #RSAC Malware Source code vuln. Exploitation Phishing Blockchain attack Credentials reuse Domain hijacking Insider attacks !10 Blockchain projects categories #RSAC Exchange Wallet Cryptocurrency ICO Mining Equipment Mining Pools Platforms People !11 #RSAC BLOCKCHAIN SPECIFIC ATTACKS Blockchain specific attacks #RSAC Smart contract vulnerabilities Double spending attacks Eclipse attacks Race attacks Selfish mining attacks !13 51% attack #RSAC Alice -> Bob: 10BTC Bob -> Charly: 2BTC > 51% Bob -> Hak#)x: 2BTC Attacker should Attacker can Attacker can alter the control more than half generate blocks history and pay with of the network hash faster than the rest of the same bitcoins rate the network twice !14 51% attack in the wild #RSAC Krypton Shift Bitcoin Gold GHash (Mining Pool) Verge Cryptocurrency (XVG) !15 Smart contract vulnerabilities * #RSAC Level Cause of vulnerability Solidity Call to the unknown Gasless send Exception disorders Type casts Reentrancy Keeping secrets EVM Immutable bugs Ether lost in transfer Blockchain Unpredictable state Generating randomness Time constraints * N.Atzei, M.Bartoletti, T.Cimoli. A survey of attacks on Ethereum smart contracts The DAO #RSAC Developed by slock.it team No human VC firm Investors make decisions via smart contracts There is an opportunity to split the organisation 27 day crowdsale 11 500 000 ETH !17 The DAO #RSAC Recursive 12th of June call bug “no DAO funds at risk”, said developer Function Split proposal = reward + update Weakness For solving disagreements Problem The problematic code wasn’t audited !18 The DAO #RSAC The attack started by Saturday, 18th June The attacker creates a split proposal loop Reward + no update + reward + no update The attacker Drained more than 3.6M ether into a “child DAO” Stopped voluntarily !19 Transaction malleability #RSAC What can the adversary do? Mauled T Transaction T Miners !20 Mt.Gox #RSAC Transaction malleability (TM)? 850 000 BTC Lost Research: only 386 bitcoins with TM* * [Decker and Wattenhofer, ESORICS 2014] !21 Blockchain attacks stats #RSAC Attacks Profit Krypton & Shift: 21 465 KR 21 465 KR Mt.Gox: 740 000 (386) BTC 386 BTC The DAO: 3 600 000 ETH 3.6M ETH Verge cryptocurrency: 35M XVG 35M XVG !22 #RSAC CREDENTIALS REUSE Bitcoinica (Exchange) #RSAC 1st incident 2nd incident Website Password Comment LastPass >N}Y2'c4L9a$XqU} Mt.Gox API key :) b76f5f3b5297e42d4cb909ea4e2b5360: l@st_pass d8578edf8458ce06fbc5bb76a58c5ca4: qwerty 5f4dcc3b5aa765d61d8327deb882cf99: password eeafbf4d9b3957b139da7b7f2e7f2d4a: mama 0ac6cd34e2fac333bf0ee3cd06bdcf96: papa !24 Credentials reuse (stats) #RSAC Attacks Bitcoinica: 40 000 BTC Profit Bter: 7170 BTC CoinDash: 43 438 ETH 51 270 BTC Enigma: 1 492 ETH 44 930 ETH Cointerra: undefined Steemit: 80 000 Steem dollars 80 000 Steem inputs.io: 4 100 BTC !25 #RSAC INSIDER ATTACKS Bit LC (Exchange) #RSAC Founder Founder drained cold wallet Founder disappeared 2 000 BTC !27 Mintpal (Exchange) #RSAC Took funds from cold wallet Sold himself in LocalBitcoins 3 700 BTC !28 796 (Exchange) #RSAC Malicious update [new withdrawal address] 1 000 BTC !29 Insider attacks (stats) #RSAC Attacks Profit Bitfinex: 120 000 BTC Mintpal: 3 700 BTC 796: 1 000 BTC 133 650 BTC CryptoRush: 950 BTC PicoStocks: 6 000 BTC Bit LC: 2 000 BTC !30 #RSAC MALWARE MEETS BLOCKCHAIN Shapeshift #RSAC How was it? Amount" 3 incidents stolen 2 weeks 5800 2 migrations BTC hot wallet drained 469 ETH hot wallet drained !32 Shapeshift (1) #RSAC System administrator Achievements unlocked Sell backdoor BTC hot wallet Emptied BTC hot wallet Installed a backdoor Sold a backdoor to hacker Developer !33 Shapeshift (2) #RSAC New hosting Same backdoor works again Admin to trash !34 Shapeshift (3) #RSAC New hosting again Same backdoor works again and again !35 Malware (stats) #RSAC Attacks Profit ShapeShift: 496 BTC + 5800 ETH exco.in: 2 000 BTC Cryptsy: 13 000 BTC 39 285 BTC Yapizon: 3 816 BTC 5 800 ETH Allinvain: 20 000 BTC !36 #RSAC PHISHING ICO phishing cases #RSAC 56% of money lost in ICO was due to phishing scams Chainanalysis, H2 2016 - H1 2017 $115+ Million was lost to ICO phishing scams Chainanalysis, H2 2016 - H1 2017 $1 Million monthly profit of an average phishing group Group-IB, 2017 !40 ICO phishing statistics #RSAC Top 10 blockchain projects by phishing websites 20 18 16 14 > 2.5K 12 phishing websites 10 8 6 > 2.2K 4 MyEtherWallet 2 0 Tzer o Bittrex Storm Envion Raiden SirinLabs EtherDelta OmiseGO Shapeshift Quantstamp !41 #RSAC SOURCE CODE VULNERABILITIES BitFloor #RSAC During the manual I’ve found an upgrade I transferred data unencrypted into an unencrypted partition… backup of private keys :) wallet1.dat wallet2.dat wallet3.dat 24 000 BTC !43 Linode (Cloud hosting) #RSAC Mining pools Trading websites Wallets !44 Linode (Cloud hosting) #RSAC Attackers obtained customer support privileges And found user accounts with BTC wallets !45 Linode (Cloud hosting) #RSAC Reboot the machines and change root passwords Log in via Linode manager 46 653 BTC !46 Parity Wallet (numerous ICOs affected) #RSAC Technical details on Parity Wallet Store money like user accounts Wallet is a Solidity smart contract Provides additional functionality on top of user accounts !47 Parity Wallet #RSAC Multi-Signature Wallets \ Requires multiple approvals to withdraw Useful for multi-factor authentication !48 Parity Wallet #RSAC Anamnes Every multi-signature wallet deployed by users relied on the library contract Anonymous user gained control over the library contract The library contract was turned down to be the contract of a single user !49 Parity Wallet #RSAC Attacker After gaining ownership attacker destroyed the contract All the funds stored in the wallets were no longer withdrawable 50 000 000 USD frozen !50 Parity Wallet #RSAC Polkadot: 306,276 ETH ($93.1m) Fluence: 1,376 ETH ($418k) ICONOMI: 114,939 ETH ($34.9m) Live Stars: 672 ETH ($204k) Centrality: 21,704 ETH ($6.6m) IMMLA: 600 ETH ($182k) Musiconomi: 16,476 ETH ($5m) Silent Notary: 286 ETH ($87k) Hedge Token: 4,525 ETH ($1.4m) Mirocana: 285 ETH ($87k) Moeda: 4,361 ETH ($1.3m) DAO.Casino: 150 ETH ($46k) Wysker: 1,577 ETH ($479k) Fiinu: 145 ETH ($44k) Viewly: 1,400 ETH ($426k) Jincor: 58 ETH ($18k) !51 Source code vuln. Stats #RSAC 20 Attacks FlexCoin: 896 BTC BIPS: 1 295 BTC BTC-E: Unknown Profit Bitmain: unknown Cavirtex: 0 BTCGuild: 1 254 BTC GateCoin: 185 000 ETH + 250 BTC Ozcoin: 922 BTC BitFloor: 24 000 BTC 95 817 BTC Tether: $31M USDT Kipcoin: 3 000 BTC Linode: 46 653 BTC Poloniex: 97 BTC 338 037 ETH Parity: 153 037 ETH Bitcurex: 2 300 BTC $31M USDT Aeternity: $30 000 000 Bitcoin7: 11 000 BTC moonco.in: 4 000 BTC Coinapult: 150 BTC !52 #RSAC ANALYSIS # of attacks by project category #RSAC Exchange ICO Wallet Blockchain attack Mining Equipment Credentials reuse Platform Domain hijacking Mining Pool Insider Cryptocurrency Malware Phishing Private Source code vulnerability exploitation Hosting 0 5 10 15 20 25 30 35 !54 Survival - die statistics #RSAC Exchange ICO Wallet Mining Equipment Platform Mining Pool Survived && Refund Cryptocurrency Survived && No refund Private Dead && Refund Hosting Dead && No refund 0 5 10 15 20 25 30 35 !55 Discussion #RSAC How to investigate blockchain-related attacks? Standardisation of security processes for blockchain projects Cybersecurity of major blockchain platforms !56 Conclusion #RSAC Traditional hacking Pwd and keys Blockchain specific weapons still kill storage policies attacks are yet to blockchain projects should be better come !57 Problem: No precise technical information about the incident! “Apply” Slide #RSAC If you are protecting an ICO or a blockchain company Provide your users and investors with anti-phishing education Make sure that personal security of core team is high Design private keys storage policies Remember about the web application security If you are dealing with blockchain related service or cryptocurrency Make sure that your private keys are really yours Always check the latest news Remember that your blockchain project doesn’t inherit all the security properties of the blockchain technology by default !59 [email protected].
Load more

Recommended publications
  • Securing the Chain
    Securing the chain KPMG International kpmg.com/blockchain360 Foreword It’s no secret that blockchain1 is a potential game changer in financial services and other industries. This is evident by the US$1B investment2 in the technology last year alone. Or the fact that you don’t have to look very far for blockchain use cases, which are as diverse as a foreign exchange market in financial services to the pork supply chain in consumer retailing. Some even see blockchain as a “foundational” technology set to disrupt, enable and change business processing, as we know it across industries. To date, much of the blockchain frenzy has centered on its vast transformative potential across entire industries. So, organizations have focused squarely on “how” they can use blockchain for business. Yet, as more proof of concepts move toward practical implementations and cyber threats rapidly grow in number and sophistication, security and risk management can no longer take a backseat. In addition to “how”, the question then becomes, “Is blockchain secure for my business?” Simply put, it can be. But, not by just turning the key. Security will depend on a variety of factors, none the least of which requires a robust risk management framework. Consider, for example, that as many as half of vulnerability exploitations occur within 10 to 100 days after they are published according to one study3. Then add in the number of threats that are already known. Next, factor in the plethora of unknowns that accompany emerging technologies and you quickly see why a comprehensive view of your risk and threat landscape is necessary.
    [Show full text]
  • Virtual Currencies and Terrorist Financing : Assessing the Risks And
    DIRECTORATE GENERAL FOR INTERNAL POLICIES POLICY DEPARTMENT FOR CITIZENS' RIGHTS AND CONSTITUTIONAL AFFAIRS COUNTER-TERRORISM Virtual currencies and terrorist financing: assessing the risks and evaluating responses STUDY Abstract This study, commissioned by the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs at the request of the TERR Committee, explores the terrorist financing (TF) risks of virtual currencies (VCs), including cryptocurrencies such as Bitcoin. It describes the features of VCs that present TF risks, and reviews the open source literature on terrorist use of virtual currencies to understand the current state and likely future manifestation of the risk. It then reviews the regulatory and law enforcement response in the EU and beyond, assessing the effectiveness of measures taken to date. Finally, it provides recommendations for EU policymakers and other relevant stakeholders for ensuring the TF risks of VCs are adequately mitigated. PE 604.970 EN ABOUT THE PUBLICATION This research paper was requested by the European Parliament's Special Committee on Terrorism and was commissioned, overseen and published by the Policy Department for Citizens’ Rights and Constitutional Affairs. Policy Departments provide independent expertise, both in-house and externally, to support European Parliament committees and other parliamentary bodies in shaping legislation and exercising democratic scrutiny over EU external and internal policies. To contact the Policy Department for Citizens’ Rights and Constitutional Affairs or to subscribe to its newsletter please write to: [email protected] RESPONSIBLE RESEARCH ADMINISTRATOR Kristiina MILT Policy Department for Citizens' Rights and Constitutional Affairs European Parliament B-1047 Brussels E-mail: [email protected] AUTHORS Tom KEATINGE, Director of the Centre for Financial Crime and Security Studies, Royal United Services Institute (coordinator) David CARLISLE, Centre for Financial Crime and Security Studies, Royal United Services Institute, etc.
    [Show full text]
  • Read the Report Brief
    A REVOLUTION IN TRUST Distributed Ledger Technology in Relief & Development MAY 2017 “The principal challenge associated with [DLT] is a lack of awareness of the technology, especially in sectors other than banking, and a lack of widespread understanding of how it works.” - Deloitte Executive Summary1 The Upside In 2016, the blockchain was recognized as one of the top 10 In a recent report, Accenture surveyed emerging technologies by the World Economic Forum.2 The cost data from eight of the world’s ten potential of the blockchain and distributed ledger technology largest investment banks, with the goal of putting a dollar figure against potential (hereinafter “DLT”) to deliver benefits is significant. Gartner cost savings that might be achieved with estimates that DLT will result in $176 billion in added business DLT. The report concluded that the value by 2025; that total reaches $3.1 trillion by 2030.3 banks analyzed could reduce infrastructure costs by an average $8 to Investment in the field reflects the widespread belief that the $12 billion a year. The survey mapped technology can deliver value. Numerous trials, and some more than 50 operational cost metrics deployments, can be found across multiple sectors. and found the savings would break down as follows: Over two dozen countries are investing in DLT 70% savings on central financial More than 2,500 patents have been filed in the last 3 reporting 4 30-50% savings on compliance years 50% savings on centralized operations As of Q4, 2016, 28 of the top 30 banks were engaged in 50% savings on business blockchain proofs-of-concept operations.
    [Show full text]
  • Coinbase Explores Crypto ETF (9/6) Coinbase Spoke to Asset Manager Blackrock About Creating a Crypto ETF, Business Insider Reports
    Crypto Week in Review (9/1-9/7) Goldman Sachs CFO Denies Crypto Strategy Shift (9/6) GS CFO Marty Chavez addressed claims from an unsubstantiated report earlier this week that the firm may be delaying previous plans to open a crypto trading desk, calling the report “fake news”. Coinbase Explores Crypto ETF (9/6) Coinbase spoke to asset manager BlackRock about creating a crypto ETF, Business Insider reports. While the current status of the discussions is unclear, BlackRock is said to have “no interest in being a crypto fund issuer,” and SEC approval in the near term remains uncertain. Looking ahead, the Wednesday confirmation of Trump nominee Elad Roisman has the potential to tip the scales towards a more favorable cryptoasset approach. Twitter CEO Comments on Blockchain (9/5) Twitter CEO Jack Dorsey, speaking in a congressional hearing, indicated that blockchain technology could prove useful for “distributed trust and distributed enforcement.” The platform, given its struggles with how best to address fraud, harassment, and other misuse, could be a prime testing ground for decentralized identity solutions. Ripio Facilitates Peer-to-Peer Loans (9/5) Ripio began to facilitate blockchain powered peer-to-peer loans, available to wallet users in Argentina, Mexico, and Brazil. The loans, which utilize the Ripple Credit Network (RCN) token, are funded in RCN and dispensed to users in fiat through a network of local partners. Since all details of the loan and payments are recorded on the Ethereum blockchain, the solution could contribute to wider access to credit for the unbanked. IBM’s Payment Protocol Out of Beta (9/4) Blockchain World Wire, a global blockchain based payments network by IBM, is out of beta, CoinDesk reports.
    [Show full text]
  • Tenx Whitepaper
    PAYMENT PLATFORM WHITEPAPER Final Version: June 21st 2017 1 IMPORTANT NOTICE PLEASE READ THIS SECTION AND THE FOLLOWING SECTIONS ENTITLED “DISCLAIMER OF LIABILITY”, “NO REPRESENTATIONS AND WARRANTIES”, “REPRESENTATIONS AND WARRANTIES BY YOU”, “CAUTIONARY NOTE ON FORWARD-LOOKING STATEMENTS”, “MARKET AND INDUSTRY INFORMATION AND NO CONSENT OF OTHER PERSONS”, “NO ADVICE”, “NO FURTHER INFORMATION OR UPDATE”, “RESTRICTIONS ON DISTRIBUTION AND DISSEMINATION”, “NO OFFER OF SECURITIES OR REGISTRATION” AND “RISKS AND UNCERTAINTIES” CAREFULLY. IF YOU ARE IN ANY DOUBT AS TO THE ACTION YOU SHOULD TAKE, YOU SHOULD CONSULT YOUR LEGAL, FINANCIAL, TAX OR OTHER PROFESSIONAL ADVISOR(S). The PAY tokens are not intended to constitute securities in any jurisdiction. This Whitepaper does not constitute a prospectus or offer document of any sort and is not intended to constitute an offer of securities or a solicitation for investment in securities in any jurisdiction. This Whitepaper does not constitute or form part of any opinion on any advice to sell, or any solicitation of any offer by the distributor/vendor of the PAY tokens (the “Distributor”) to purchase any PAY tokens nor shall it or any part of it nor the fact of its presentation form the basis of, or be relied upon in connection with, any contract or investment decision. The Distributor will be an affiliate of TenX Pte. Ltd. (“TenX”), and will deploy all proceeds of sale of the PAY tokens to fund TenX’s cryptocurrency project, businesses and operations. No person is bound to enter into any contract or binding legal commitment in relation to the sale and purchase of the PAY tokens and no cryptocurrency or other form of payment is to be accepted on the basis of this Whitepaper.
    [Show full text]
  • Blockchain for Dummies® Published By: John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030-5774
    Blockchain Blockchain by Tiana Laurence Blockchain For Dummies® Published by: John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030-5774, www.wiley.com Copyright © 2017 by John Wiley & Sons, Inc., Hoboken, New Jersey Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the Publisher. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/ permissions. Trademarks: Wiley, For Dummies, the Dummies Man logo, Dummies.com, Making Everything Easier, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book. LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES.
    [Show full text]
  • Introducing Ethereum and Solidity Foundations of Cryptocurrency and Blockchain Programming for Beginners — Chris Dannen Introducing Ethereum and Solidity
    Introducing Ethereum and Solidity Foundations of Cryptocurrency and Blockchain Programming for Beginners — Chris Dannen Introducing Ethereum and Solidity Foundations of Cryptocurrency and Blockchain Programming for Beginners Chris Dannen Introducing Ethereum and Solidity: Foundations of Cryptocurrency and Blockchain Programming for Beginners Chris Dannen Brooklyn, New York, USA ISBN-13 (pbk): 978-1-4842-2534-9 ISBN-13 (electronic): 978-1-4842-2535-6 DOI 10.1007/978-1-4842-2535-6 Library of Congress Control Number: 2017936045 Copyright © 2017 by Chris Dannen This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image, we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made.
    [Show full text]
  • Shapeshift Joins Global Digital Finance and Assumes a Seat on the Advisory Council
    ShapeShift joins Global Digital Finance and assumes a seat on the Advisory Council In addition to joining the Advisory Council, ShapeShift also registers their self-attestation to the GDF Code of Conduct registry ____ London and New York - 31 October, 2019​ – Global Digital Finance (GDF), the global member association who works with industry participants, policy makers and regulators across the world to develop supranational best practices and Codes of Conduct for digital assets, announces today that ShapeShift, a leading digital asset exchange, has joined GDF and the GDF Advisory Board. ShapeShift joins Archax, Bandman Advisors, Cambrial, Circle, Coinbase, ConsenSys, Crypto Compare, Diginex, DLA Piper, 11FS, Elipses, Hogan Lovells, Huobi, Messari, Metaco, R3, Radix, Solidus Labs, Steptoe & Johnson on the GDF Advisory Council. The Advisory Council supports the GDF community in the ongoing development of the GDF Code of Conduct and the Code Registration Programme, which enables GDF member firms to self-attest their compliance to the Code of Conduct. “ShapeShift is excited to be partnering with GDF; an organization working to bring about mainstream adoption in the digital currency space by clearing regulatory uncertainty and obstacles,” says ShapeShift Founder and CEO, Erik Voorhees. “We look forward to contributing to the future leadership of GDF through our position on the Advisory Council.” ShapeShift has also registered its self-attestation to the GDF Registry, committing to adopt the GDF Code of Conduct, including Part I: Introduction and Overarching Principles and Part III: Principles for Token Trading Platforms and Part VIII: Principles for KYC and AML. “GDF is delighted to welcome ShapeShift, one of the industry’s longest-established crypto marketplaces, to our membership.
    [Show full text]
  • Blockchain + Cryptocurrency: Preparing Pennsylvania for a Digital Future Monday, July 19, 2021 | 10 A.M
    House Democratic Policy Committee Virtual Hearing Blockchain + Cryptocurrency: Preparing Pennsylvania for a Digital Future Monday, July 19, 2021 | 10 a.m. Hosted by State Rep. Napoleon Nelson 10 a.m. PANEL ONE Tonya Evans, Founder Advantage Evans Academy Professor of Law, Penn State Dickinson Law Brian Knight, Director of Innovation and Governance/ Senior Research Fellow Mercatus Center at George Mason University Kevin Werbach, Professor University of Pennsylvania Q & A WITH LEGISLATORS 10:50 a.m. PANEL TWO Gerard Dache, Executive Director Founder, Government Blockchain Association – Global Scott Nissenbaum, President & CEO Ben Franklin Technology Partners of Southeastern PA Q & A WITH LEGISLATORS 11:25 a.m. PANEL THREE Andrew Bull, Esquire Founder, Bull Blockchain Law Miller Whitehouse-Levine, Director of Policy Blockchain Association Q & A WITH LEGISLATORS Testimony submitted for the record by Blockchain Innovation Group of PA’s Michelle Bohnke Tonya M. Evans Professor of Law Dickinson Law The Pennsylvania State University Lewis Katz Hall 150 South College Street Carlisle, PA 17013 Testimony before the Pennsylvania House Democratic Policy Committee On Preparing Pennsylvania for a Digital Future Submitted by Tonya M. Evans on July 19, 2021 Professor, Penn State Dickinson Law School Founder & CEO, Advantage Evans Academy Host, Tech Intersect Podcast Chair, Maker Foundation To Chairman Bizzarro and Representative Nelson: Thank you for the invitation to participate in this important conversation as Pennsylvania prepares to position itself as a leader in digital innovation to be on the leading edge of the future of work and wealth. I am an intellectual property and technology lawyer and professor at Penn State Dickinson Law School.
    [Show full text]
  • Financial Privacy: Exchanges & Regulation
    1 Institutional Digital Asset Derivatives Market Research Financial Privacy: Exchanges & Regulation DEVELOPED BY Karim Helmy & Matthew Batsinelas THEBLOCKCRYPTO.COM Research THEBLOCKCRYPTO.COM 2 Financial Privacy: Exchanges & Regulation Quick Take • As crypto exchanges face increased pressure from regulators, the opportunities presented by regulatory arbitrage are diminishing. • Across crypto trading platforms, users are increasingly required to disclose personal information to keep accounts open. The amount of sensitive information that users need to provide is also increasing. • P2P exchanges, Bitcoin ATMs, and distributed exchanges pro- vide alternatives to regulated exchanges for privacy-minded individuals. Know Your Exchange The second-hardest part of using Bitcoin privately is getting it. The hardest part is getting rid of it. For privacy-focused users, trading on exchanges with few to no KYC (Know Your Customer), AML (Anti-Money Laundering), and CFT (Combating the Financing of Terrorism) policies has its appeal. Users can move funds in and out of these unregulated entities without exposing sensitive data. However, opportunities to trade on these platforms are drying up as regulators force the adoption of KYC and AML policies. P2P exchanges, like Local Bitcoins and Paxful, have strengthened customer information policies over the years. Similarly, non-custo- dial coin swapping service Shapeshift has added personal informa- tion requirements for users. There are ways for users to acquire Bitcoin privately, but they have drawbacks. Distributed services like Bisq lack liquidity. Bitcoin ATMs are convenient, but typically only accept cash. It’s important for users to understand the privacy implications of the different methods of trading Bitcoin. To do so, they need to know what kind of information exchanges collect, why they collect it, and what happens when things go wrong.
    [Show full text]
  • The Foreign Service Journal, November 2015.Pdf
    PUBLISHED BY THE AMERICAN FOREIGN SERVICE ASSOCIATION NOVEMBER 2015 IN THEIR OWN WRITE RAISING FOREIGN SERVICE KIDS U.S. FOREIGN POLICY IN THE ARCTIC ADVERTISEMENT FOREIGN November 2015 SERVICE Volume 92, No. 9 AFSA NEWS COVER STORY AFSA President Urges Focus on “New Threat Set” / 69 Getting into the Game: America’s Arctic Policy / 23 State VP Voice: AFSA Post Reps / 70 Climate change is opening up new opportunities and challenges in the Arctic. Is the United States ready to lead? FCS VP Voice: At Last! Temporary Duty Housing / 71 BY ÁSGEIR SIGFÚSSON Retiree VP Voice: Entitlements vs. the Economy / 72 FOCUS ON BOOKS BY FOREIGN SERVICE AUTHORS New Partnership Engages Next Generation / 73 In Their Own Write / 31 Ambassador Young on the We are pleased to present this year’s roundup of books by members Call to Serve / 74 of the Foreign Service community. CFC: Two Ways to Support AFSA / 75 BY SUSAN MAITRA 2016-2017 Scholarship Applications / 76 A Bibliography of USAID Authors / 40 Second Annual AFSA Book This new compendium of works by USAID authors focuses on development issues. Market / 77 BY JOHN PIELEMEIER New AFSA Staff Member at USAID / 77 Of Related Interest / 50 Call for Nominations: Here is a short listing of books of interest to diplomats that have Exemplary Performance / 78 not been written by members of the Foreign Service or their families. Nominations for Sinclaire Language Awards / 78 FS HERITAGE AFSA on the Hill: Fighting for FS Families / 79 Taking Stock of Secretary of State AFSA Governing Board Meeting/ 79 Charles Evans Hughes / 61 Speakers Bureau Critical for Outreach / 80 The 44th Secretary of State, a true statesman who displayed exemplary foreign policy leadership, deserves more recognition.
    [Show full text]
  • Security Analysis Methods on Ethereum Smart Contract Vulnerabilities — a Survey
    1 Security Analysis Methods on Ethereum Smart Contract Vulnerabilities — A Survey Purathani Praitheeshan?, Lei Pan?, Jiangshan Yuy, Joseph Liuy, and Robin Doss? Abstract—Smart contracts are software programs featuring user [4]. In consequence of these issues of the traditional both traditional applications and distributed data storage on financial systems, the technology advances in peer to peer blockchains. Ethereum is a prominent blockchain platform with network and decentralized data management were headed up the support of smart contracts. The smart contracts act as autonomous agents in critical decentralized applications and as the way of mitigation. In recent years, the blockchain hold a significant amount of cryptocurrency to perform trusted technology is being the prominent mechanism which uses transactions and agreements. Millions of dollars as part of the distributed ledger technology (DLT) to implement digitalized assets held by the smart contracts were stolen or frozen through and decentralized public ledger to keep all cryptocurrency the notorious attacks just between 2016 and 2018, such as the transactions [1], [5], [6], [7], [8]. Blockchain is a public DAO attack, Parity Multi-Sig Wallet attack, and the integer underflow/overflow attacks. These attacks were caused by a electronic ledger equivalent to a distributed database. It can combination of technical flaws in designing and implementing be openly shared among the disparate users to create an software codes. However, many more vulnerabilities of less sever- immutable record of their transactions [7], [9], [10], [11], ity are to be discovered because of the scripting natures of the [12], [13]. Since all the committed records and transactions Solidity language and the non-updateable feature of blockchains.
    [Show full text]