I’m not into crypto. But how can it being stolen just by reading some file in the computer? Isn’t the private key encrypted with some really secure password? It was stolen while the private key was being used?
To keep it short there is two big families of wallets. Hot and cold wallet. Hot wallets are the one that got an internet connection wether it’s a constant one or periodically connecting. Cold wallets are never connected to the internet and often are dedicated hardware devices with the better ones having a Secure Element to store the private key or even sometimes sign transactions directly in it.
Victims of this attacks were using hot wallet on a not-dedicated machine which is consider bad practice. Hot wallets have to be consider more like a physical wallets for daily spends and cold wallet being privilege for long-term saving and monthly or yearly transactions.
I’m not an expert but desktop OS (especially Windows) are not as well contained than phone so I almost never use hot wallet on my computer. Often users are tricked to sign transactions to get stolen but I think if the wallet is unlocked a malware with the right privileges/permissions could easily steals money.
by reading some file in the computer Aren’t Steam games always executable for Windows?
Considering how the malware works, it seems that the criminal managed to copy/steal all the browser data of Rastaland, including open sessions, allowing him to login on any site that had an active session/cookies, including that pumpdotfun where the coin was
The game in question, Block Blasters, which was free to play, has been removed from Steam, although it seems owners can still try to install it, but antivirus programs may block those attempts.
The GData linked in the post shows that the game was released in July 31 and that the malware update came in August 30, adding a .bat and 2 .zip files within the Engine/Binaries/ThirdParty/Ogg directory. The zip files were password protected, which blocked scanning.
The batch script checks first if the system is running only Windows Defender and does not have any of the listed AV products from AV_PROCESSES as a running process; if these criteria are met, the batch script unpacks the contents of the archive “v1.zip” (…) The script “1.bat” adds the destination folder of the executables found inside the “v3.zip” archive to the exemption list for Microsoft Defender Antivirus. [emphasis mine]
So, yeah, it’s pretty clear how easily it went undetected by Steam, Windows Defender or any other antivirus program - malware inside a password protected zip. I suspect making something similar on Android wouldn’t be much harder, as an app or game that needs access to your internal storage isn’t “too weird”, like something that asks for some music to play in a stage.
A password-protected zip file should have been flagged by Steam as suspect before they approved the update, its a very old and very common method for detection bypass.
I’ll be the asshole: why the fake money wasn’t immediately converted to real money giving directly the exchange address instead of a locally hosted wallet? Except bitcoin all the shitcoins are devaluating in real time
With meme coins, the liquidity is dogshit. There’s no real market for sale.
If you sell the tokens piece-by-piece as you get them, you drive down the future price and might get less real money overall. Better to sell a big chunk at once.
Also, not every exchange has a wallet/custody system. It’s entirely possible for direct p2p trades to happen without any intermediate transfers. I don’t know if pump.fun actually does this.
This is why services like steam don’t offer bitcoin and other cryptocurrencies as a method of payment. Because you’re screwed no matter what you do, if you convert it you drive the cost down, if you don’t convert it it stays in this unsecured unverified easy to steal format with insane value fluctuation. You would literally be better off getting paid in roubles.
They (Steam) offered Bitcoin payment, but pulled out because of what you said. They were covering the changes in fluctuation, but ultimately it was too unstable. I recall a statement from them saying something like, the value fluctuated too much during the brief checkout process, even.
People lacking empathy really messes with me. Stealing is obviously morally wrong, but to steal from someone who is obviously very sick is next level fucked up. I’m glad people helped this guy out in the end. Really sad story
People keep saying $32k was stolen by malware. No, that did not happen. Malware did not reach into someone’s bank account and withdrew $32k. Here is a simple fact. Crypto is not money. If your brain says something like “it works just like money, or it’s worth just as much as money so it’s basically money” then you’re most likely to get scammed at sometime in the future by putting your actual real money into crypto. It’s that simple.
Isnt the difference that money is valued against something tangible. Like gold, oil or data. The strength of a countries currency is based on how much of these things it has.
Whereas crypto isn’t valued against anything other than thoughts and prayers. If people think it has value then it has value. Until people no longer think it does, at which point it tanks and you are no longer rich. It’s the same as those NFTs.
Sure you can make money in crypto, you can exchange it for traditional money if you play the game well. But that doesnt mean crypto has any inherent value.
in that case money itself is tangible and can be valued against itself. You are confusing exchange value and use value. Money has an exchange value, so does gold, oil or any other commodity. But unlike money they also have a use value.
Most currencies today are fiat currency. They only got value because they are the official currency of a nation and their government says so and people have the belief it has value. The US dollar used to be backed by gold but was stopped in the 70’s.
1 USD is worth 1 USD because you can pay 1 USD of taxes. It is backed by political promises, oil, weapons and war. This can’t end well.
Crypto means cryptography. Cryptocurrencies are a variety of things from stablecoin (digital token backed by fiat money often by a private company ), company shares, community projects, scams, scams, ponzi, scams, cool technical experiments and technically bad experiment. In the other hand there is Bitcoin (and Monero to some extent) that is owned by humanity, no foundation, no company, no state. It is backed by a proof of past energy brining the most innovative security system in the history of IT, not based on restricted access and opacity but by economical incentive to play fair with others in a big game theory peer-to-peer network.
Bitcoin is not the money of the internet. It’s the internet of money.
Trust and regulations that are lacking in crypto make it what it is. If a collective of people are willing to offer something in exchange for something else, even just because it is a crowdsourced confidence scam, it doesn’t really ethically exonerate what you are supporting. Every person who participates in crypto is also holding up its underground international market. It was bad enough under normal markets, but the difference is between night and day with crypto. Crypto is far too easy to turn into a bunch of excuses and anonymous pseudonyms.
Only because the trade power of US dollars is like 10000madeupbagillionzillioninternetnumber0000 order of magnitude more. Talk in fractions. Preferably in not also made up ones. I know, I know, crypto habits die hard.
Trust and regulations that are lacking in crypto make it what it is. If a collective of people are willing to offer something in exchange for something else, even just because it is a crowdsourced confidence scam, it doesn’t really ethically exonerate what you are supporting. Every person who participates in crypto is also holding up its underground international market. It was bad enough under normal markets, but the difference is between night and day with crypto. Crypto is far too easy to turn into a bunch of excuses and anonymous pseudonyms.
Do the majority of locations that offer goods and services accept USDC in it’s designated region? Can you buy groceries at basically anywhere with it, watch a movie, pay for a gym subscription etc with it? Can you buy a home or other shelter with it?
If no, then no, I don’t, since it didn’t meet that criteria.
Edit: also, what’s the point of USDC, at least based on your description? Sounds it’s just using more resources to do the same thing a debt card does.
By that definition the Argentinian Peso is not money because it’s not stable, nor is the dollar since the majority of stores in the world don’t accept it (mostly just the ones in the USA do, and a couple of others here and there, but definitely not the majority worldwide). And if you’re going to start randomly limiting locations, I’m fairly confident you can find a specific neighborhood or city where more stores accept Bitcoin than dollars, and worldwide I’m fairly confident more stores accept Bitcoin than Tuvaluan dollar, does that mean that that is not money?
You crypto heads always bring up the Argentinian Peso even though it’s still actually more stable than even Bitcoin. People aren’t buying Argentinian Pesos thinking they might become rich one day, because it’s an actual currency, not a speculative asset, which is what crypto is. It won’t spike in value over 3 months or dive off a cliff by multitudes of thousands. I guess if you’re a 300 year old vampire or a Galapagos tortoise it’s not stable to you, but a currency having a crash but then staying at a crashed value, over the course of decades, is in fact stability. Having crashes and spikes over months if not weeks is not stability.
But ignoring that, most of the world does actually accept US dollars - it’s the most traded currency in the world. It’s also safe to say in nearly every country you can probably exchange USD to the local currency fairly easily.
If you can find me a city where more stores accept Bitcoin rather than the designated currency, then sure. I’m not sure a single one exists.
And that’s bitcoin, which actually is well known and traded. What the person in the article lost wasn’t even that, not any other well known crypto like Ethereum.
You crypto heads always bring up the Argentinian Peso even though it’s still actually more stable than even Bitcoin.
I bought the Argentinian Peso because I am Argentinian, and lived through the devaluation of our currency, and the Patacones and Corralito, maybe because you haven’t experienced something similar you don’t understand just how much of “money” is based on trust.
People aren’t buying Argentinian Pesos thinking they might become rich one day, because it’s an actual currency, not a speculative asset, which is what crypto is.
You can speculate with anything, the fact that people speculate with crypto has no bearing on it being money or not. Also you might be unaware but people do speculate with dollars/pesos in Argentina, that does not disqualify either of those as money.
But ignoring that, most of the world does actually accept US dollars
No, you’re wrong, outside of Argentina and the US (and a few tourist heavy places) I have never seen stores that accept dollars. This is a misconception Americans have, dollars are not accepted worldwide, you need to exchange it for the location currency, just like how trying to pay for stuff in the USA with Euros or Reais would not work.
it’s the most traded currency in the world.
Bitcoin is more traded than some small countries currency, if that mattered then Bitcoin would be more of a currency than that one.
It’s also safe to say in nearly every country you can probably exchange USD to the local currency fairly easily.
Also possible to exchange Bitcoin, that has no bearing.
If you can find me a city where more stores accept Bitcoin rather than the designated currency, then sure. I’m not sure a single one exists.
Than the designated currency no, but than a specific currency absolutely, I’m 99% sure every city I’ve lived for the past 5 years has more places that accept Bitcoin than Argentinian Peso.
And that’s bitcoin, which actually is well known and traded. What the person in the article lost wasn’t even that, not any other well known crypto like Ethereum.
Still, it’s a problem of definition, money is an abstract concept, one where is very hard for you to find a definition that includes all of the countries currency but doesn’t include Bitcoin.
But here’s the most important thing that goes through everyone’s heads, just because something is money doesn’t mean it has inherent value. People who invest in crypto, be it FT or NFT, are no different from people who invest in gold or art. And scams involving crypto are no different from other scams, you don’t go around saying emails are scam because people use them to scam others.
All of that being said, crypto bros are the other extreme from you, thinking that crypto is a magical solution to everything and can’t see the glaring issues that will make it impossible from being adopted in any meaningful scale (and it boils down to cryptocurrencies having the same attributes than paper money, bit people not taking digital security seriously the same way they do with securing paper currency)
I don’t think it’s such a direct lesson since it could’ve been other financial information on there. Instead of a crypto key, the game could’ve installed a keylogger that read the player’s banking password later.
It’s more of a general warning that Steam games are not necessarily safe.
Well, with my banking login the scammer could look at my balance and my poor spending habits. To withdraw/transfer they would need a TAN as well and therefore my banking card. Good luck getting hold of that with malware ¯_(ツ)_/¯
At this point people should not keep substantial amounts of crypto on their main PC anymore. Either get a hardware wallet or an old smartphone or other device to dedicate to that purpose and not install anything else on it.
You get that your phone is a PC right? You’re no more secure if you just do it on your phone.
Your security from banking comes from the fact that the industry is regulated and has fraud protection. Crypto is just as wild west of anything goes nonsense.
Sure. I could also limit myself to doing it on a separate machine or a VM that has different credentials than my usual PC.
But my phone is more convenient :)
That wouldn’t protect you either since the risk is fraud not anything digital. None of this would have been able to happen had people not been able to get fraudulent software on his computer. If they can get software on computers that can take malicious actions, then even having it on a virtual machine won’t help you since it still needs to be connected to the internet to be useful.
An active antivirus system would have prevented this. Windows built-in antivirus system is horse dung. I’m pretty sure even the free tier of malware bites would have dealt with this.
If that’s what’s available I will argue it’s still a better option, because it’s isolated. You can make transactions with QR codes and do nothing with the device except run the wallet app, which removes most options for an attacker, including some that could work on a hardware wallet (ie. more complex transactions where it doesn’t display enough info about what is happening to know not to approve it).
video.twimg.com
Gorące