Now that Chia Network has released the technical write-up about their “CAT 2 Upgrade” process, both detailing out the specifics of the security problem that affected CAT1 as well as highlighting the two previous audits they had undergone we can see what I got right and what I got wrong in my, admittedly hot-headed, original…
Tag: infosec
Hardware wallets won’t solve all your problems
(Editor’s note: The following is a guest post from friend of the site UKMayhem about an important security topic he wanted to bring to the Chia Community even though it isn’t strictly Chia-related. Yet.) Some of the older crowd within the crypto scene may remember a name. That name is Joe Grand others may know…
A brief review of Nucle Chia Wallet code
First, I would like to premise this with the fact that I am not a software developer or engineer. The team at Nucle is far better at this than I will ever be, and if they wanted to pull a fast one on me or obfuscate parts of their Chia wallet they easily could. This…
Interview with the Chia Dust Stormer
Yesterday afternoon I put out a call, first on Keybase and then on the blog, offering to tell the Chia Dust Stormer’s side of the story. This morning that individual contacted me via one of the channels I published. I established the identity of the attacker cryptographically using a transaction to an address I have…
The hurdles to blockchain adoption – reliability
In my previous piece on the hurdles to blockchain adoption I spoke about PKI. The main takeaway is how many of the problems purported to be solved by blockchain based technologies can just as easily be solved with public key infrastructure or just an x509 certificate, as the actual lever being used is the public/private…
Chia Network announces bug bounty
In a post on their official blog, Chia network has announced they will be partnering with BugCrowd – an up and coming security researcher community – to offer a new bug bounty. Initially the program will only be offered in beta, they are dipping their toes it appears, but they are offering entry into the…
The trouble with private keys
**Update** This article contains an improper critique of FlexFarmer. A more substantiative update will be done on FlexFarmer key hygiene, which is actually quite good compared to the rest of the ecosystem. **Update 2** FlexPool is back on the menu, according to Gene the farmer private key IS the risk I considered this morning. Expect…
Arbor Wallet sends private keys off device
In a reddit post, redditor u/rm-84 has been poking around the Arbor Wallet mobile app code and discovered something that was definitely not made clear and should give security conscious Chia user pause when using the app for critical transactions. You should head to reddit and read the discussion, but in a nutshell the following…
The real reason behind the Chia Blockchain 1.2.8 release
Last week Chia Network released Chia Blockchain 1.2.8 which fixed a number of issues and laid the preparatory work for the DID features coming to the ecosystem. But there was a main reason for the deployment not being talked about much: a transaction bug that could have stopped the network. In the Chia Testnet they…
What Chia Pools can do to protect themselves from online attacks
Yesterday a couple of Chia Pools were hit with a Denial of Service (DoS) attack and experienced some degree of downtime on their Chia nodes, and probably a ton of stress. Both PoolChia and FlexPool were running their pool Full Nodes in Amazon’s AWS. A couple of other pools also saw some spikes in traffic,…