First, I would like to premise this with the fact that I am not a software developer or engineer. The team at Nucle is far better at this than I will ever be, and if they wanted to pull a fast one on me or obfuscate parts of their Chia wallet they easily could. This…
Tag: infosec
Interview with the Chia Dust Stormer
Yesterday afternoon I put out a call, first on Keybase and then on the blog, offering to tell the Chia Dust Stormer’s side of the story. This morning that individual contacted me via one of the channels I published. I established the identity of the attacker cryptographically using a transaction to an address I have…
The hurdles to blockchain adoption – reliability
In my previous piece on the hurdles to blockchain adoption I spoke about PKI. The main takeaway is how many of the problems purported to be solved by blockchain based technologies can just as easily be solved with public key infrastructure or just an x509 certificate, as the actual lever being used is the public/private…
Chia Network announces bug bounty
In a post on their official blog, Chia network has announced they will be partnering with BugCrowd – an up and coming security researcher community – to offer a new bug bounty. Initially the program will only be offered in beta, they are dipping their toes it appears, but they are offering entry into the…
The trouble with private keys
**Update** This article contains an improper critique of FlexFarmer. A more substantiative update will be done on FlexFarmer key hygiene, which is actually quite good compared to the rest of the ecosystem. **Update 2** FlexPool is back on the menu, according to Gene the farmer private key IS the risk I considered this morning. Expect…
Arbor Wallet sends private keys off device
In a reddit post, redditor u/rm-84 has been poking around the Arbor Wallet mobile app code and discovered something that was definitely not made clear and should give security conscious Chia user pause when using the app for critical transactions. You should head to reddit and read the discussion, but in a nutshell the following…
The real reason behind the Chia Blockchain 1.2.8 release
Last week Chia Network released Chia Blockchain 1.2.8 which fixed a number of issues and laid the preparatory work for the DID features coming to the ecosystem. But there was a main reason for the deployment not being talked about much: a transaction bug that could have stopped the network. In the Chia Testnet they…
What Chia Pools can do to protect themselves from online attacks
Yesterday a couple of Chia Pools were hit with a Denial of Service (DoS) attack and experienced some degree of downtime on their Chia nodes, and probably a ton of stress. Both PoolChia and FlexPool were running their pool Full Nodes in Amazon’s AWS. A couple of other pools also saw some spikes in traffic,…
Chia Pool nodes under attack
Earlier today FlexPool posted a message to Reddit about their pool node being under attack. I had planned to write up about the attack after they had everything sorted out and had a moment to answer some questions, but it appears a second pool is under attack as well – PoolChia. Just a few minutes…
Lets talk about Nucle and Chia wallet security
Now that Nucle, Chia’s first SPV wallet, is in open beta and anyone can sign up lets talk about Chia wallet security a little bit. I have spoken before about how I don’t think security is very well understood in the cryptocurrency world, with lots of claims being made about one thing being more secure…
