Category Archives: /r/ethereum

Raiden token/ICO – why is it necessary?

Of all the projects on Ethereum, we'd probably all agree that Raiden was one of the most promising. Why do they need to introduce a new token to make it work? Why not just use ETH to pay for the transaction costs as needed?

I don't blame the devs for wanting to get rich, but this is one project that is too critical to Ethereum to be muddied by an ICO. Surely someone will fork it and make it usable with ETH.

submitted by /u/celticwarrior72
[link] [comments]

Is Solidity a “great language”? What does the community think of these recent, mostly negative reviews of Solidity?

This post is not a criticism of our team's great work on Solidity. Rather, I'd like to understand what the community feels are the current strengths and weaknesses of Solidity.

(The recent release looks great! https://www.reddit.com/r/ethereum/comments/6vxbht/solidity_version_0416_released/ )

The Go programming language is on a meteoric rise in part because of its focus on ergonomics, toolchain, and new developer onboarding.

Everybody knows that a great programming language for Ethereum users is necessary for mass adoption. But, have read some troubling reviews of Solidity, e.g.

Solidity is so riddled with bizarre design errors it makes PHP 4 look like a work of genius.

https://news.ycombinator.com/item?id=14691212 , https://news.ycombinator.com/item?id=14810008

What is the community's take on current state of Solidity?

submitted by /u/cironoric
[link] [comments]

Where are the funds from the EOS token sale going?

I recently listened to https://epicenter.tv/episode/197, did some follow up research and am trying to understand where proceeds from the EOS token sale are going.

My understanding is that purpose of the crowd sale is simply to distribute the tokens. The tokens give me a right to some % of the computing resources that will one day be available on the EOS blockchain. For example, if I own 1% of all EOS tokens and there are 100 CPUs supporting the EOS blockchain, I essentially have a right to consume 1 CPU at any point in time.

The funding required to build the free EOS software was acquired through some other means. I'm not really sure who paid for this...

block.one is a for profit corporation incorporated in the Cayman Islands. Any funding received via the token sale will show up as revenue on block.one's balance sheet. However, as a buyer of the token, I won't be affiliated with block.one in any way. This essentially means that I made a "donation" to block.one, got tokens that may give me access to some computing power in the future, and no form of investment ever took place.

Is my understand correct? Are there any big points I'm missing?

submitted by /u/Olshansk
[link] [comments]

Protecting your Crypto – Basic Attack Vectors

Another thread talking about risks of crypto and personal identifiable information was the reason for this post. I’ll say now, I’m in no way a security professional but figured at least some of this may help a novice or further the discussion.

I view securing your crypto as sliding scales of time, money, and risk. Understand them, then you can dial the knobs as you see fit. You’ll want to mitigate as much risk as possible when securing “life changing” funds, spending as much time and money securing them. And maybe dial it back (or as you see fit) when keeping $100 bucks of crypto on your Parity wallet on your computer.

Taking this example further:

  • The Winkevoss twins spend millions of dollars securing funds on Gemini. It takes security engineers, formation of policies for security controls & separation of duties, auditors, 3rd parties, consultants, countless meetings/hours, penetration tests, Lawyers to comply with laws, and a whole bunch of other things way over my head.
  • Average income redditor spends 3 minutes downloading Jaxx on his mobile phone and sends $20 bucks to it Both examples accomplish the same goal of storing crypto, but both have completely different aspects of time, money and risk.

This may sound obvious, but I HAVE SEEN others not know this.

I think a good way to start talking about this is attack vectors. I had time to write out ~3, but there are more.

Phishing: This is probably the most popular right now. Phishing is basically a method of presenting a victim with seemingly legitimate information with the goal of stealing money or information. The scope is super broad and sometimes meant to target inexperienced users. You may have seen examples of this in phishing in e-mail. That Nigerian Prince intentionally misspelt a bunch of words to filter out intelligent recipients. If their scam has 5 parts to it, they don’t want to spend time on getting almost all the way through to the scam and have the victim realize it looks sketchy at the end.

Taking this example in the Crypto space, we have seen phishing domain names appear to look like “MyEtherWallet.com”, and Tricking users to send them coins here or here, or fake messages on Slack, or even Sending Vitalik a fake message on reddit.

Ways you can prevent this

  • Type the domain you need manually in the address bar
  • Bookmark the site you need
  • Always take “time” to verify a source before sending money or entering your private key
  • Take the “time” to read up on security, a good start would be to follow the above links when you have time.

Spear Phishing: Or simply a targeted attack. Spear phishing is a more targeted phishing attack. Unlike phishing, it casts a smaller net, but is geared more towards the target. More time and effort could be spent by the attacker doing this for greater reward. A good way of not being a targeted attack is simply not letting potentially malicious people know you’re a target. Letting others know your wealth either on purpose or accident puts you on an unnecessary radar. Similar to a bug bounty, it will only encourage malicious actors to make you the bounty. Do not give any personal identifiable info when not necessary. A good example of this is this post. It involves a targeted attack/spear phishing and social engineering.

The attacker in short found a tweet by a target that he uses Coinbase. Attacker was then able to obtain Name and phone number of target. Attacker then used social engineering to convince Verizon to relocate victims phone number to another device. With that he was then able to gain access to Coinbase. Among the several things mentioned in the article on security, simply not letting others know he used Coinbase was one of them. Protect your identity and personal information around Crypto when possible.

Security Vulnerabilities and Malware All operating systems should be considered unsecure. 0 day exploits are exploits that are known to malicious actors and not know by the developers of the software. There are also exploits that are known, but simply not patched by users. When was the last time you patched Windows? Malware (Malicious Software) can be installed on your computer via these exploits easily by a hacker given enough skill, and the reward being high enough. They can be deployed on your machine by visiting legitimate website! The exploit can live in an advertisement banner not completely controlled by the site. This Malware once infected can log keystrokes or read clipboard data (think: Private Keys), allow remote control.

Let’s give a plausible scenario that takes some or all attack vectors here.

  • I (Attacker) find out a person (Victim 1) on the internet has lots of crypto. I find out his name, email address and find out someone else’s (Victim 2) email address he seems social with on Twitter all via publicly accessible means. I have a zero day exploit that I can stage on a legitimate site, it just needs a visitor. Via this exploit I can remotely take ones clip board using malware. I use an open rely to send to victim 1 an email as victim 2 stating some plausible reason to follow a seemingly legitimate link. Victim 1 clicks on it. Days pass and Victim 1 finally copies his private key to clip board preparing a paper wallet. Funds are sent to it and I transfer them to an address I control.

Ways to help prevent this are

  • Keep up to date on patches
  • Never keep large amounts of funds on a computer or “hot wallet”
  • Create a paper wallet offline (or opt for a hardware wallet for large amount of funds (e.g. time and/or money)
  • You can keep a paper wallet backup Safe Deposit box in bank in case of fire
  • Do not give a malicious person a reason to stage an attack on you.
  • Don’t let people know how much money you have
  • Keep personal identifiable information off social media if possible

This was only a few feet wide, and an inch deep. There’s much more to this, but hope it helps someone not lose a great deal amount of funds! Understanding your risk will help you associate enough time and money to protect it

submitted by /u/OneSmallStepForLambo
[link] [comments]