"Isaac Asimov's remark that in science 'Eureka!' is less exciting than 'That's funny...' applies equally to security vulnerabilities."
That should be on a poster in every security engineer's view. I cannot count the number of times a really big problem was uncovered by a very small, yet unexpected, anomaly. It was also the core of Cliff Stoll's quest to find the hacker who hit UC Berkeley. Bottom line, never let that sort of observation go until you fully understand why it happened.
Many years ago, that's how I found a vendor-managed (but not vendor-patched) system had been compromised; I went from "why the hell is that multi-pipe command segfaulting?"to "why the hell aren't the system binaries stripped?" to "how long has this thing been compromised?"
My favorite incident was back when ISP's gave you Unix shell accounts to get Internet access. I logged into mine, searched back through command history to find the name of an ftp site I had previously connected to, and saw a bunch of "ps -fe" commands. Now I always type in "ps -ef". So I new my account was compromised. (Boring compromise really -- someone sniffed my password, and used my shell account to run an Eggdrop IRC bot).
Exactly. In this case -- working from antique memory here -- Solaris binaries were normally stripped, while the compromised versions placed by the hacker weren't, which was an immediate red flag. The system was compromised as part of a very large-scale, probably North Korean, attack that exploited an OpenWindows buffer overflow bug that was fixed many patch-revs ago by the time I saw the system (and shouldn't have been exploitable over the Internet anyway, but the firewall was also not properly set up at the time of compromise). Drive-by hacking, in other words. Luckily their compromised binaries -- specifically a 'ps' that filtered out the hackers' background attack processes -- weren't particularly robust to arbitrary input.
I saw that one item on a website was not displaying comments when it should have, and decided to see why. It turns out someone posted a comment ending with at :\ smiley, and the comments were passed in JSON with backslashes not being escaped. So the \ escaped the ending " causing it to fail. I quickly used the unescaped backslashes to insert < and got an XSS.
There's a word for incidences where you hear something once, and then see it everywhere. I just looked him up[1] the other day because someone linked to this article[2] elsewhere, and I happened to decide to look up the author of the article.
Great job of laying this out. It highlights how important the edge cases are. People wonder, why do we spend so much time on our financial code even though the base case is simple. It's that the amount of edge cases is insane.
It's not just that there are a lot of edge cases; it's also that a single edge case could allow someone to extract an effectively unlimited amount of money from you.
That's exactly what hit etherium in its early days. A bad actor programmed a contract that vaccuumed all VC money attached to the system. There was/is(?) a great debate on wether to invalidate the transaction (defeating the stated goal of "no central authority" in the system) or letting it ride, and allowing the bad actor his spoils.
I still don't think that it was a bad actor. The Etherium guys explicitely said that the code is the contract. If the code allows you to get all the money, then it's not malicious to do so.
It's like the tax code. Leaving your profits in a foreign country to avoid paying higher taxes at home is not malicious, it's just the best way for you to comply with the law.
I wonder how many people were already exploiting this by stealing $50 a day or something. With bitcoin it'd be nearly impossible to arrest them, right? So an unethical person would have tremendous incentive to abuse it?
It's perfectly possible to arrest them, it just may be harder to track them down... or easier, the blockchain does sometimes reveal a lot and unless the attacker is fairly clever they may easily compromise their identity (ie: depositing to an exchange account tied to their name and verified).
If they're smart and ran the exploit via Tor -> VPN (as to not get caught by automatic Tor filters) and then took the coins through a few mixers and onto a russian exchange, they could then sweep them back into a wallet in near-complete safety.
Laundering bitcoins is challenging and risky due to the nature of the ledger - all transactions since mining must be known for all time - if you were to look at something like Monero or ZCash, things get a lot easier and you get cryptographically unbreakable anonymity rather than socially and legally difficult-to-break complexity.
If you have an offline wallet that has always been offline it is very, very, very easy to get away with criminal activity and take Bitcoin. After I read through the Satoshi paper and understood it completely I realized that Bitcoin was either going to be worth $0 in the future or $100k or more per coin, but it probably won't stay in between for the long term.
The $0 case is the case where hostage taking starts to become mainstream. I'm actually shocked it isn't happening more in places like Brazil. Perhaps cyber criminals aren't smart to begin with and are (rightfully) wary of things like computers, but I expect that this will change over time. Once MPs in Canada start getting kidnapped and ransomed there will be public outrage to do something. The problem is that due to the decentralized nature the best you can hope for is to block it / make it illegal within the country. If every country does this it's value will go to 0 or just above.
The other case is where Bitcoin solves the financial problem of our time: other Governments / financial institutions can't be trusted this provides (among other things) a way of transferring $100m securely for 0 cost. It also allows individuals to avoid exponential inflation. Just an unbelievably useful service that if you make illegal before other countries and it takes off leaves your economy in much worse shape since the appreciation of the coins has gone largely to other individuals.
My pet conspiracy theory that I don't really believe, but I like to entertain, is that Bitcoin was an American intelligence operation to ensure currency dominance in an era of weakening US influence. Satoshi himself has quite a bit of Bitcoin (around 1M BTC / $100m USD) and it would be fairly easy for an NSA staffer to raise his hand in a meeting and say "Hey guys, we should mine this stuff because it will be useful for buying zero days from cyber criminals one day."
But maybe I'm giving the NSA more credit than they deserve.
And what are you going to do once you have that bitcoin in your secure offline wallet? Anywhere you spend it can see it came from your address and you just kidnapped X person, so you'll have a hard time spending it in person especially if authorities are watching. You can try to spend it online, but if you spend it with anyone more easily accessible than you and provide any identifying information to convert funds to a local currency or ship yourself something, you're screwed.
Like I said, the best you can do is mixing and similar, but you know what criminals actually primarily use? Cash. Cash is fungible and untraceable. If you're going to do some hostage taking, you may as well do it for cash rather than bitcoin, the only potential benefit of bitcoin would be verification might be easier than cash.
Ransoms are not paid with clean cash. They are paid with marked bills. If you take a ransom and, after taking some precautions, wait a year then meet up with someone in another country it's pretty likely you'll get away with it. If you have someone you trust in a location that's out of reach for the authorities it's even easier. It isn't like the FBI is busting down the doors of the encrypted HD ransomers.
I fully agree with your thoughts bu but I wanted to add 2 things.
1. Even if all states prohibit BTC (a bigg if) there will still be demand from entities not under state control (black market), especially so in ineffective countries (socialist or wartorn or with just big slums). Consequently price won't go to zero because of this.
2. The biggest threat is BTC competitors because there can be infinitely many.
Let's be honest about something about BTC: It's price is where it is because nerds understand mathematics and realize that the Bitcoin goes to the moon if it becomes the new standard international settlement currency. If all or most states prohibit, then this element goes away and the price collapses in a selling spree. I agree that the black market needs a tool, but it doesn't have to be this.
As for #2, I agree that that was a bigger risk early on, but the problem with taking on a second or third currency is it leads to the question of "what stops a fourth or fifth?" it's sort of a recursive proof that could lead you to conclude that either all crypto-currencies will be worthless or one will win. Since crypto-currencies are so inherently useful they probably aren't going to 0, so now the task is finding the winner. And despite ETH being more useful in some regards, and despite Burstcoin or Peercoin having better fundamentals it seems to be that the market has centralized around Bitcoin so out of the CC that exist today, for now I'd put BTC as a 99% chance to own the market 10 years from now if there is one.
What do you mean by offline wallet? The only times I've heard of offline wallets is in the context of preventing your bitcoins from being stolen, not of avoiding being caught by police.
You can generate a wallet on a computer that isn't connected to the internet and then get someone to send money to it. A wallet is just a bunch of fancy cryptographic tools, none of which need to be online. Once you are ready to spend your Bitcoins, then you'll need to communicate with the blockchain, but not before.
I wonder if there's still a small arbitrage window here. The ten minute lockin is essentially a short lived option. If you lockin a rate at $101 and the price drops to $100 over the next nine minutes, buy bitcoin and complete the transfer, then request refund. If the price goes up, let the option expire.
The peak daily volatility of bitcoin is in the ~10% a day range [1], varying a lot month to month. The implied 10-minute volatility is 10% / sqrt(24 * 6) ~= 0.83%, assuming independence of successive 10-minute windows. This is likely an underestimate, because most financial time series display mean reversion.
The Black-Scholes price of an at-the-money option is very approximately 1/sqrt(2pi) * vol to maturity, so the option is worth somewhere around 0.3% of the notional price on a high-volatility Bitcoin day, somewhat less than the 0.8% transaction charge.
However, the charge is only paid if you go through with the transaction, so really this is an option that's 0.8% out of the money. With that assumption, the value of the option is just 0.08%.
It's not much, but if somebody puts a button on the internet that gives me 8 cents every time I push it, I might try pushing it a few million times. :)
You only pay the fee if you end up paying, which is exactly the times that you make a profit since the value went down (making the coins worth less, and so a higher guaranteed price is helpful to you). If the value goes up or stays the same (or drops by less than the fee) you don't do anything.
You'd also need to be shorting bitcoin at the same time and covering the short at the same time as sending the transaction, but that's not hard. (Or already have the money in an account and buy it on demand, but that will add a delay)
So you make money or don't do anything, stripe/coinbase is never paid for their risk.
I might be missing something, but it seems you're making some unwarranted assumption there.
Stripe guarantees a $101 quote to the merchant. That is, as long as the consumer pays 1 BTC within 10 minutes, the merchant will get $101 -- essentially Stripe buys BTC at $101. But Stripe is not selling BTC at $101! So even if the bitcoin price goes down 5 minutes later so that Stripe promises to buy at $100 (for new orders), it's not necessarily true that the consumer can buy at $100.
> they merely need to find a merchant which uses Stripe for bitcoin payments [...]
> or even better, set up to automatically refund bitcoin overpayments
Any idea what proportion of merchants using Stripe's bitcoin handling actually do this automatic refunding?
It's a very interesting vulnerability and I enjoyed reading the write-up and thought process, but I'm not sure how practical it is if it requires interaction from the merchant to perform the refund. I think an overpayment and refund request weeks after the initial payment (when coincidentally the BTC value has reduced) would definitely ring some alarm bells - hopefully with both the merchant and the team at Stripe.
I guess you could spread out your overpayments amongst different merchants and try and limit the time between the initial purchase and the refund requests but the entire thing seems a bit convoluted to pull off.
In any case, kudos to the author for the responsible disclosure and for Stripe for handling this professionally.
Any idea what proportion of merchants using Stripe's bitcoin handling actually do this automatic refunding?
You only need to find one. Or sign up as a Stripe customer yourself -- they'd have a hard time proving that it was you who made the overpayment rather than one of your customers.
I think an overpayment and refund request weeks after the initial payment (when coincidentally the BTC value has reduced) would definitely ring some alarm bells
Maybe... but "oops I sent the coins to the wrong address" is a pretty plausible story. If there's one thing I've learned from accepting bitcoin payments at Tarsnap, it's that poor bitcoin client UIs seem to be responsible for a very large number of mistakes. (The most common one I see is failing to adjust for the miner fee.)
I don't know the proportion, but coincidentally enough, I work at a startup that uses Stripe and we used to support bitcoin transactions (and thus refunds). I just asked a friend who's been here longer why we're not supporting bitcoins anymore and his response was "exchange rates were a huge pain" haha so yeah it is indeed convoluted to do refunds with bitcoins, but if we are to attempt to use them as regular currency for goods and services, we can't not support refunds. so we dropped bitcoin support altogether.
Was that bitcoin support manual, or through stripe? I would never want to deal with bitcoin payments manually due to the exchange rate issue; but taking them through stripe works wonderfully.
Hmm digging through our old code looks like we never tried to use Stripe, for reasons unknown to me (maybe their support/requirements were different back then, maybe it didn't work for our product, idk). But yeah, especially after reading this article, handling bitcoin payments and dealing with the exchange rate sounds unfavorable lol :) glad we're not doing that.
That's my point - with stripe, you don't have to deal with the exchange rate. You say "I want $X" and magic happens. Stripe takes care of the messy details of fluctuating exchange rates.
So that's not entirely true depending on how you use the product. We were attempting to use Stripe for a contract-like setup, e.g. person A pays person B, but person B doesn't get paid until some event occurs, and we hold on to the funds until that happens since that expiration of that event isn't guaranteed to be under 10 min.
"Isaac Asimov's remark that in science 'Eureka!' is less exciting than 'That's funny...' applies equally to security vulnerabilities."
That should be on a poster in every security engineer's view. I cannot count the number of times a really big problem was uncovered by a very small, yet unexpected, anomaly. It was also the core of Cliff Stoll's quest to find the hacker who hit UC Berkeley. Bottom line, never let that sort of observation go until you fully understand why it happened.