Salesforce Woes Linger as Admins Clean Up After Service Outage
An accidental permissions snafu caused a massive outage for all Salesforce customers that continues to affect some businesses.
After a massive service outage on Friday, software-as-a-service giant Salesforce restored partial access to its affected customers over the weekend, while admins continued with cleanup into Monday.
The outage was brought on by a scripting error that affected all Pardot marketing automation software clients; a database script that Salesforce pushed out accidentally gave users broader access to data than their permissions levels should allow.
In response, Salesforce on Friday cut off all access to all Salesforce software clients, not just Pardot clients, while it triaged the situation – leading to a bit of a meltdown among users. Twitter hashtags #salesforcedown and #permissiongeddon began trending as users took to social media to complain.
“my salesforce rollout was scheduled at 2pm today. 300 folks on a call to do training with me. oops @salesforce #salesforcedown,” tweeted one user.
“#Salesforce #outage means that I can’t access any meaningful records, or properly do my job Now that most tabs have disappeared like 1/2 the universe in @Avengers, please bring them back, Tony Stark of @salesforce!” tweeted another.
“To all our @salesforce customers, please be aware that we are experiencing a major issue with our service and apologize for the impact it is having on you,” Salesforce co-founder and CTO Parker Harris tweeted on Friday. “Please know that we have all hands on this issue and are resolving as quickly as possible.”
Over the weekend, the cloud app provider said that access was restored to everyone not affected by the database script, so regular Salesforce.com users were back in business. However, for companies using the affected Pardot software, only system administrators were given access to their accounts – so they could help rebuild user profiles and restore user permissions. According to the incident status page, some regular users remained incapable of logging into the system as of Monday morning as administrators continued the restoration process.
That process could be onerous for many: Salesforce said that if there’s a valid backup of their profiles and user permission data in the service’s sandbox, admins can simply deploy that. However, if there’s no valid backup, admins will need to manually update the profile and permission settings. Salesforce noted in an update Monday that it has deployed automated provisioning to restore permissions where possible.
Balaji Parimi, CEO at CloudKnox, told Threatpost that admins should take care when restoring the settings.
“Enterprises need to understand that their biggest security risk is not from the attackers targeting them or even malicious insiders – it’s identities with over-provisioned privileges,” he said via email. “Security teams need to make sure that privileges with massive powers are restricted to a small number of properly trained personnel. Until companies better understand which identities have the privileges that can lead to these types of accidents and proactively manage those privileges to minimize their risk exposure, they’ll be vulnerable to devastating incidents like the one we’re seeing with Salesforce right now.”
Retail behemoth Amazon has received a patent (US 10,291,408) for generating Merkle trees as a solution to the proof-of-work (PoW) algorithm, a document confirmed on May 14.
Amazon, which has taken an increasing interest in blockchain technology in recent times, now appears to be targeting development of a specific variation of the instrument.
Specifically, the patent targets Merkle trees — a data verification tool — to constitute the work required in a PoW setup.
PoW is the algorithm used in bitcoin (BTC) and some other major cryptocurrencies such as litecoin (LTC), dogecoin (DOGE) and monero (XMR).
“This document describes techniques for using the generation of Merkle Trees as a solution to a proof-of-work challenge,” the patent reads.
The exact nature of Amazon’s plans remains unclear. The patent document does not reference specific uses within a cryptocurrency or blockchain, continuing uncertainty over the company’s stance on the wider cryptocurrency phenomenon.
As Cointelegraph reported, rumors Amazon was preparing to take a direct interest in bitcoin, for example, have repeatedly sparked a frenzy within the crypto community, each time culminating in nothing.
At the same time, others consider it only a matter of time before an integration occurs. In February, Changpeng Zhao, CEO of exchange Binance, claimed Amazon would ultimately have no choice but to issue some form of cryptocurrency.
“For any internet (non-physical) based business, I don’t understand why anyone would not accept crypto for payments,” he said.
Late last month, Amazon Web Services publicly launched its enterprise blockchain setup network, based on Ethereum (ETH) and Hyperledger technology.
ethos, logos, and pathos the three key elements to persuade
Jeff Bezos is prohibited from using Power Point presentations at meetings, as he considers them a waste of time.However, the alternative method by which he has replaced them is most useful and effective.Do you want to know what it is?
In his annual letter to employees, Jeff Bezos, the CEO of Amazon, recalled that Power Points were prohibited in any meeting.However, this does not mean that you can not use any presentation method in company meetings.
In fact, the founder of the most powerful ecommerce company in the world offers an alternative so that the ideas or strategies to be carried out are understood more clearly by the attendees: the memos, paper or essays (maximum of six pages).
“Instead of wasting time listening to one person while the rest of the audience is silent, it is more efficient to spend 30 minutes reading a 6-page essay explaining everything you want to say at the meeting.The narrative structure is easier to understand by human beings than general ideas summarized in bullet points, “explains the CEO.
But why?Inc has compiled the 3 keys by which the idea of Bezos to replace Power Points by trials is brilliant.
1. Our brains are designed to understand stories
The problem with Power Point slides is that, in general, they do not tell a story and our brain is designed to understand narratives.“When our ancestors discovered the fire, they gathered around it to cook and tell stories.In this way, the narrative served to tell anecdotes or dangers that could haunt the tribe, “explains Carmine Gallo, author of Five Stars: The Communication Secrets to Get from Good to Great.
In this way, and according to anthropologists, for us the world “is a story”, especially in leadership roles.Thus, telling events in a narrated way is essential because people remember things more with this structure.
2. Persuasive stories
Aristotle is the father of persuasion, and more than 2000 years ago he revealed the three key elements to persuade: ethos, logos and pathos.
The first one refers to character and credibility;
the second appeals to logic (an argument must have a reason);
while the last one has to do with emotion.
Therefore, the first two have no meaning without the last one.
In fact, the great orators of the history exposed in their speeches as much rational elements as emotional (it is only necessary to think about the famous I have a dream, of Martin Luther King).
In addition, according to a series of scientific studies developed by neurologists, the best way to create synapses between our neurons is emotion.In other words, if you want to communicate an idea, it is best to tell a story.“I love telling anecdotes at meetings.It’s very effective, “says Bezos.
3. Bullet points do not work
Bullet points are not useful for anyone.In fact, they do not use them in companies like Google, Virgin or Tesla.
The brain is not prepared to retain information in the form of lists.Instead, a story, a photo or an idea is easier to retain.
This is the second major protocol to be implemented on the RIF OS platform.
14 MAY 2019
RIF Labs anticipateS Bitcoin (BTC) will be able to scale to upwards of 60M users within the next few years, as the project launches Lumino Network, a new protocol for off-chain transactions on the Lightning Network.
“Using RSK network [the bitcoin-based smart contract platform] we could scale to 60M users,” said Sergio Damian Lerner, RIF Labs’ Chief Scientist, during his talk. While other platforms are growing fast, they can collapse as it becomes increasingly harder to verify transactions.
RIF OS is a suite of open and decentralized tools designed to facilitate the development of dApps on the RSK network, which seeks to provide Bitcoin with the capabilities of the Ethereum network.
The RSK Network does so by introducing smart contracts and decentralized applications on a platform that is indirectly connected to the Bitcoin blockchain. Through merge-mining, the platform is able to leverage the existing Bitcoin security infrastructure.
Gabriel Kurman, who is also one of the company’s community directors, told Crypto Briefing at Consensus that Bitcoin was a far better foundation for developing a decentralized ecosystem than many of the blockchain platforms, Ethereum (ETH) or EOS, that are currently in use.
“Bitcoin is the strongest network in the ecosystem,” said Kurman. “What we’re doing is adding additional functionality to its secure infrastructure.”
The general view is that although Bitcoin can be a stable store of value, its technological limitations prevent it from fulfilling its original objective of becoming a global peer-to-peer payments system.
But RIF Labs believes implementing off-chain protocols will enable projects to essentially bypass the scalability concerns while leveraging Bitcoin’s unmatched security. Off-chain solutions also come with the added benefit of not having to store all transaction information forever, greatly reducing storage needs in the long term.
All tokens on the RSK platform are therefore able to benefit from Lumino’s claimed 5,000 TPS, including the platform’s native RBTC token, which maintains a two-way peg with BTC.
Compared to many other crypto projects, RIF is as old as the hills. Kurman admits that he and the rest of the team were “very frustrated” when Ethereum started using smart contracts way back in 2015. He thinks most people simply, “don’t recognize its true potential.”
But he believes the community is slowly moving away from its initial scepticism and beginning to understand that Bitcoin may be more than just a simple store of value: it could be a one-stop solution for all their blockchain needs.
State Channels and Sidechains are the two terms in Ethereum community that are often used interchangeably, thus causing mass confusion.
But today we will get it clear.
Go make a cup of coffee first, it’s going to be a long one.
The purpose of this article is to clearly define:
What are State channels ?
What are Sidechains ?
Then we will compare the two:
What problems are they trying to solve ?
Which is a better scaling solution among the two ?
Without wasting much time, let’s get started.
What are State Channels ?
State channels are a very broad and simple way to think about blockchain interactions which could occur on the blockchain, but instead get conducted off of the blockchain, without significantly increasing the risk of any participant. The most well known example of this strategy is the idea of payment channels in Bitcoin, which allow for instant fee-less payments to be sent directly between two parties. Here is a list of some of the State Channel Projects.
State channels are the general form of payment channels, applying the same idea to any kind of state-altering operation normally performed on a blockchain.
Moving these interactions off of the chain without requiring any additional trust can lead to significant improvements in cost and speed. State channels will be a critical part of scaling blockchain technologies to support higher levels of use.
The basic components of a state channel are very simple:
a 2 way state channel
Part of the blockchain state is locked via multisignature or some sort of smart contract, so that a specific set of participants must completely agree with each other to update it.
Participants update the state amongst themselves by constructing and signing transactions that could be submitted to the blockchain, but instead are merely held onto for now. Each new update “trumps” previous updates.
Finally, participants submit the state back to the blockchain, which closes the state channel and unlocks the state again (usually in a different configuration than it started with).
That’s it! If the “state” being updated between participants was a digital currency balance, then we would have a payment channel. Steps 1 and 3, which open and close the channel, involve blockchain operations. But in step 2 an unlimited number of updates can be rapidly made without the need to involve the blockchain at all — and this is where the power of state channels comes into play, because only steps 1 and 3 need to be published to the network, pay fees, or wait for confirmations. In fact, with careful planning and design, state channels can remain open almost indefinitely, and be used as part of larger hub and spoke systems to power an entire economy or ecosystem.
Despite my simple description here, state/payment channels have generally been perceived as quite complicated. There are several reasons for this, and one of them is that there are some important subtleties hidden in my phrasing of the three steps. Let’s take a closer look at what these simple phrases imply, starting with:
could be submitted to the blockchain
In order for state channels to work, participants have to be assured that they could publish the current state of the channel to the blockchain at any time. This results in some important limitations, such as the fact that someone has to stay online to protect each individual party’s interests until the channel is closed.
Imagine that when we initiated a payment channel I started with 100 bitcoins and you started with 10. If we first sign an update that transfers 10 of those bitcoins to me, and then later sign an update that transfers 50 back to you, the later update is obviously more beneficial to you than the earlier one is. If you were to unexpectedly lose internet access, and I were to pretend the second update never happened, I might be able to publish the first update to the blockchain and effectively steal 50 bitcoins from you! What you need is somebody to stay online with a copy of that later transaction so that they can “trump” the earlier one and make sure your bitcoins are protected. It doesn’t have to be you — you could send a copy to many random servers who agree via smart contract to publish it only if needed (for a small fee of course). But however you do it, you need to be assured that the latest signed update to the state is available to trump all others. Which leads us to our next subtle phrase:
Each new update “trumps” previous updates
To make this part of the state channel work, the locking and unlocking mechanisms have to be properly designed so that old state updates submitted to the blockchain have a chance to be corrected by the newer state updates which replaced them. The simplest way is to have any unlocking attempt start a timer, during which any newer update can replace the old update (restarting the timer as well). When the timer completes, the channel is closed and the state adjusted to reflect the last update received. The length of the timer would be chosen for each state channel, balancing the inconvenience of a long channel closing time with the increased safety it would provide against internet connection or blockchain problems. Alternatively, you could structure the channel with a financial penalty so that anyone publishing an inaccurate update to the blockchain will lose more than they could gain by pretending later transactions didn’t happen.
But the mechanism ends up not mattering very much, because (going back to the previous point) the game theory of this situation puts a twist on things. As long as this mechanism is theoretically sound, it will probably never have to be used. Actually going through the timer/penalty process may introduce extra fees, delays, or other inconveniences; given that forcing someone into the mechanism can’t give you any advantage anyways, parties to a state channel will probably just close the channel out by mutually agreeing on a final channel state. This final close-out operation needs to be fundamentally different from the normal “intermediate” updates (since it will bypass the “trumping” mechanism above), so participants will only sign a final close-out transaction once for each portion of the state locked within a particular channel.
The details of these “subtleties” aren’t especially important. What it all ultimately breaks down to is that participants open the channel by setting up a “judge” smart contract, sign promises to each other which the judge can enforce and adjudicate if necessary, and then close the channel by agreeing amongst themselves so that the judge’s adjudication isn’t needed. As long as the “judge” mechanism can be assumed to be reliable, these promises can be counted as instant transfers, with the judge only appealed to in exceptional circumstances, such as when one party disappears.
Of course, these details are only part of the reason people think that state/payment channels are complicated. A much bigger one is that Bitcoin payment channels are complicated. Building a “judge” mechanism in Bitcoin with even reasonably useful properties is surprisingly intricate. But once you have a clear concept of state channels in general, you can see that this only comes from trying to implement the idea in a constrained context. Basic smart contract features like a timer mechanism and allowing two different paths to be taken depending on the signed message submitted are just plain harder to do in Bitcoin. Some of these features are being gradually added or built. By seeing that payment channels are only a special subcase of the broader “state channel” idea, we realise that this is a much broader technique, and that state channels can apply to any smart contract which deals with frequent updates between a defined set of participants. You can anticipate seeing this approach in many (if not most) distributed applications going forward.
Now we have a bit clear idea that what is a “state channel”. So, let’s move to side chain.
What are SideChains ?
A sidechain is a separate blockchain that is attached to its parent blockchain(mainchain) using a two-way peg.
In other words, you can move assets to the sidechain and then back to the parent chain.
a side chain
The two-way peg enables interchangeability of assets at a predetermined rate between the parent blockchain and the sidechain. The original blockchain is usually referred to as the ‘main chain’ and all additional blockchains are referred to as ‘sidechains’. The blockchain platform Ardor refers to its sidechains as ‘childchains’.
A user on the parent chain first has to send their coins to an output address, where the coins become locked so the user is unable to spend them elsewhere. Once the transaction has been completed, a confirmation is communicated across the chains followed by a waiting period for extra security. After the waiting period, the equivalent number of coins is released on the sidechain, allowing the user to access and spend them there. The reverse happens when moving back from a sidechain to the main chain.
Federations
A federation is a group that serves as an intermediate point between a main chain and one of its sidechains. This group determines when the coins a user has used are locked up and released. The creators of the sidechain can choose the members of the federation. A problem with the federation structure is that it adds another layer between the main chain and the sidechain.
Sidechains are responsible for their own security. If there isn’t enough mining power to secure a sidechain, it could be hacked. Since each sidechain is independent, if it is hacked or compromised, the damage will be contained within that chain and won’t affect the main chain. Conversely, should the main chain become compromised, the sidechain can still operate, but the peg will lose most of its value.
Sidechains need their own miners. These miners can be incentivized through ‘merged mining’, whereby two separate cryptocurrencies, based on the same algorithm, are mined simultaneously.
Here is a list of some of the Sidechain Projects.
Now, we have a good understanding of sidechains too. So, let’s put them to the ring.
What problems are they trying to solve ?
Both Sidechain and State Channel are tricks to improve the poor scalability of blockchains in general.
They both follow a bit same model.
Locking up state/assets.
Doing transactions off the blockhain/mainchain.
Unlocking the state/assets from the state channel/sidechain.
But despite this analogy, there are many differences between the two which arises from the point that in State Channels we do not use a separate blockchain whereas in Sidechains we use a separate blockchain. Let’s see what are its consequences.
Which is a better scaling solution among the two ?
To decide this, let’s see their pros and cons.
State Channel pros
State channels have strong privacy properties: This is because everything is happening “inside” a channel between participants, rather than broadcast publicly and recorded on-chain. Only the opening and closing transactions must be public. Whereas in sidechains every transaction is published on the sidechain which is received by every participant on the sidechain irrespective of the fact that you are not interacting with all of the participants on the sidechain.
State channels have instant finality, meaning that as soon as both parties sign a state update, it can be considered final. Both parties have a very high guarantee that, if necessary, they can “enforce” that state on-chain. But as discussed above that the state channel closing could take variable time considering the security level of the transaction. Whereas in sidechains you have a blockchain on the other side. So the finality depends on the mining power of the sidechain.
State Channel cons
State Channels need 100% availability of all the participants involved: As we have discussed above that if anyone the participants goes unavailable, then this could prove costly to him. The participants can use someone to represent him if he goes unavailable, but the possibility of the representative getting attacked or bribed makes it a problem for state channel. Whereas in sidechains you don’t have to be available all the time you are on the sidechain.
State channels are best used for applications with a defined set of participants: This is because the Judge contract(the contract used to lock the state) must always know the participants/entities (i.e. addresses) that are part of a given channel. We can add and remove people, but it requires a change to the contract each time. Whereas in sidechains there is no such limitation on the movement of the participants.
State Channels are particularly useful where participants are going to be exchanging many state updates over a long period of time:This is because there is an initial cost to creating a channel in deploying the Judge contract. But once it is deployed, the cost per state update inside that channel is extremely low.
Sidechain pros
Sidechains are permanent. You don’t have create your own sidechain for specific purpose if there is one present: Sidechains are created and maintained once made. We don’t close sidechains, rather we lock the assets on sidechain to move back to the mainchain. This can be helpful in the way that anyone who is doing a specific task off blockchain/mainchain (for eg. transacting in dogecoin) will come to the same sidechain. So, you don’t have to create separate chains for every new participant. Whereas in state channels you usually have to create a new channel to add a new participant. But projects such as Lightning , Raiden network have come up with brilliant solution for this. They create a mesh of participants so you don’t have to create a new channel for every new participant you interact with. You can interact with participants indirectly creating a channel between you and recipient through some other participant who is common to both: you and the recipient.
Sidechains allow cryptocurrencies to interact with one another: They add flexibility and allow developers to experiment with Beta releases of Altcoins or software updates before pushing them on to the main chain. Traditional banking functions like issuing and tracking ownership of shares can be tested on sidechains before moving them onto main chains.
Sidechain cons
Sidechains need a lot of initial investment to start off: To create a sidechain we need to have enough miners so that the network is safe from attackers. Also, we have to make it sure that they are up and running. Whereas there is no blockchain involved in state channels. So, no such requirement is needed.
A Federation is needed for sidechains: This adds another layer between the mainchain and the sidechain. This could prove as another weak point for the attackers to attack by bribing or attacking the federation. Whereas in state channel we just need a smart contract to do this for us.
The fight between the two was great. The dust has settled, but both are still standing. As the research is still going on and the practical use is not widespread we can’t decide who will be the winner. Maybe they will have to merge to form a hybrid solution to serve the purpose of scaling. Till then we have to wait, to see what time has to show us.
Thanks to Jeff Coleman for the wonderful explanation of state channels.
Counterfactual: Generalized State Channels on Ethereum
a typical state-channel, composed of counterfactually instantiated objects.
June 2018
At L4 we have been working on state channels and other blockchain scalability research. Today we’re excited to share one of the foundational pieces of our work: Counterfactual: Generalized State Channels (pdf).
State channels are the foundational technology for useable distributed applications. They can be used in any interaction with a defined set of participants, such as payments or games like chess or poker. “Channelizing” these applications makes them radically cheaper, and reduces the unacceptably high latency in today’s blockchain applications, enabling the web-like response times expected by users.
Despite this, state channels are underutilized in today’s ethereum applications. Each project that wants to use state channels must effectively build their own custom implementation, leading to redundancies and unnecessary risks. Second, existing state channel implementations still put too many operations on-chain, and compromise privacy in unnecessary ways.
We envision a better future. Earlier, we described two broad goals:
Design a generalized state channels implementation that preserves privacy, is built using modular components, has support for multiple parallel operations inside a single channel, and allows users to upgrade channel designs without any on-chain operations.
Make it easy for developers to utilize state channels by providing a framework and standard modular components for building secure, performant applications.
Our paper (pdf, local copy) describes a state channels design that places as little on-chain as possiblewhile still remaining secure. We believe it will become a standard reference for building secure and optimized state channels, something long-needed by the ethereum community.
We will be attending Off the Chain in Berlin where we will discuss our technique in more depth. Needless to say, we’re not doing an ICO or any other fundraising event involving a token.
In this blog post, we summarize the approach described in our paper. If you’re interested in a conceptual description of how state channels work, take a look at the state channels section of Josh Stark’s Layer 2 scaling article. The rest of this blog post assumes the reader has some familiarity with the basic technique.
State channels terminology
The basic technique behind state channels has been known for several years. Since then, we have found new vocabulary that lets us abstract over particular implementations and discuss components and techniques that appear in all state channels.
State channels work by “locking up” some portion of blockchain state into a multisig contract, controlled by a defined set of participants. The state that is “locked up” is called a state deposit. For instance, this might be an amount of ether or an ERC20 token, but could also be a cryptokitty or an ENS domain name.
After the state deposit is locked, channel participants use off-chain messaging to exchange and sign valid ethereum transactions without deploying them to chain. These are transactions that could be put on chain anytime, but are not.
Updating the state of the channel always proceeds by unanimous consent. All parties sign (and keep their own copies of) each off-chain transaction. Because these “state updates” are taking place entirely off chain, they have zero transaction fees, and their speed is limited only by their underlying communications protocol.
For this reason, state channels offer “instant” transactions — i.e., parties do not have to wait for any blockchain confirmations. An application can immediately consider an operation finalized and display that to users, without having to wait for a set number of confirmations. This is how state channels are able to offer web-like response times.
We call this property instant finality. In consensus research, “finality” means the extent to which a state transition is guaranteed not to be reverted. In the context of state channels, an operation is final if Alice cannot be prevented from realizing that operation on the blockchain if they choose to.
If the latest “update” in a state channel says “Alice = 5ETH, Bob = 1 ETH”, then that state is “final”. Remember, the update is a valid transaction signed by both Alice and Bob, which could be deployed on-chain by either party at any time. As long as we assume Alice can broadcast that transaction to the internet at some point, she can consider that transaction final.
The core property of state channels is the ability to refer back to the blockchain only when necessary. If a channel is properly constructed, then all parties can engage in fast operations that offer instant finality. If anything ever goes wrong, all parties always have the option to deploy the latest version of the state to the blockchain.
Keep in mind that state channels — and all blockchain technologies — should be considered within appropriate threat models. We examine in detail threat models appropriate for state channels in section 3 of our paper and limitations of state channels in section 7.
Minimizing on-chain operations
Existing application-specific state channel implementations require users to open up a new channel for each application they would like to use, paying expensive transaction fees. For instance, two users would make one on-chain transaction to open a payment channel between them, and they would need to make another on-chain transaction to play a game of chess with each other.
Our state channels minimize on-chain requirements to an extreme, moving as much logic as possible to the off-chain layer. This leads to one of the most significant insights of our paper: a sufficiently powerful multisignature wallet is the only necessary on-chain component of any individual state channel.
Moving logic off-chain allows us to gain significant advantages over existing channels. We can install new applications into a state channel without ever going on-chain. We can even upgrade or re-design a state channel without requiring on-chain transactions or fees.
This approach also has significant privacy benefits. Properly constructed, the multisignature wallet used to secure the state deposit should be indistinguishable from any other multisignature wallet. There would be no way to tell the difference, on chain, between a common multisig and one used to create a state channel.
Counterfactual Terminology
We are able to achieve these results using what we call “counterfactual instantiation”. Explaining this technique requires first defining terminology.
“Counterfactual” means something that could be true, but is not. This is an extremely helpful concept when discussing state channels, where we spend a lot of time reasoning about things that could be happening on chain, but are not.
In state channels, we say “counterfactual X” to describe a case where:
X could happen on chain, but doesn’t
Any participant can unilaterally make X happen on-chain
Participants can therefore act as though X has happened on-chain
For instance, imagine a payment channel between Alice and Bob. Alice sends 4 ETH to Bob through the channel, which in practice means that both parties sign a transaction. This transaction could be deployed on chain at any time by either party, but it is not. So we can say “counterfactual Alice gives Bob 4 ETH”. This allows them to act as though the transaction has already happened — it is final, within appropriate threat models.
Counterfactual instantiation
In the sections above, we said that our approach lets you install new applications into a state channel with zero on chain operations or fees. How it this possible?
The key to this capability is what we call counterfactual instantiation. In the section above, we described counterfactual transactions between Alice and Bob. But we can also create counterfactual contracts. Counterfactual instantiation means to instantiate a contract without actually deploying it on-chain. When a contract is counterfactually instantiated, all parties in the channel act as though it has been deployed, even though it has not. This technique lets us move almost all channel logic off-chain.
Counterfactual instantiation is achieved by making users sign and share commitments to the multisig wallet. These commitments say that if the counterfactually instantiated contract were to be instantiated on-chain, the multisig wallet (which holds the state deposit) will look at the instantiated contract and transfer the appropriate state deposits based on the state of that contract.
For this to work, we need to refer to the counterfactually instantiated contract inside the commitment, before the contract is deployed. To do this, we introduce a global registry: an on-chain contract that maps unique deterministic addresses for any counterfactual contract to actual on-chain deployed addresses.² The hashing function used to produce the deterministic address can be any function that takes into account the bytecode, its owner (i.e. the multisignature wallet address), and a unique identifier.
For example, we might have a contract `C` with bytecode and constructor arguments `initcode`. The result of running a function call to the registry with the argument `initcode` would be that an entry would be added to the registry; its key being the counterfactual address and its value being the actual on-chain deployed address.
This gives us a way of referencing off-chain contracts without needing to deploy them on-chain first. We simply do a lookup in the registry to see what address corresponds to the counterfactual address. In Solidity this is as simple as:
Our channel design lets developers take an object-oriented approach to state channels. Any individual state channel will be composed of several counterfactual objects — e.g. a payment channel object, or a chess-game channel object. Because these are counterfactually instantiated, they require no fees to be added into the channel — only signed commitments between the parties.
For instance, Alice and Bob can at any point choose to counterfactually instantiate a contract within their channel — say, a contract that defines a game of chess. They can then exchange state-updates between each other that reference that counterfactually-instantiated game, in order to actually play the game of chess, all with no on-chain fees.
We believe this object-oriented approach offers many significant benefits:
Application developers can program against a well-defined API, plugging into the core components necessary for every channel.
We can ensure that, as long as the core components are heavily audited and remain secure, bugs in the application developer’s code can be isolated to just the state it controls.
Application developers can reuse existing components via counterfactual addressing just as they would reuse ethereum contracts — for instance, a provably fair randomness source.
Users can preserve privacy in a dispute, only putting on-chain the objects that are in dispute.
We can access more points on the trade-off curve between messages passed during normal operation, and transactions that need to be posted in the case of a dispute, and in certain cases this lets us amortize responses to stale state across channels.
Conclusion
If you’re interested in learning more about generalized state channels and the counterfactual technique, we encourage you to read the paper. The paper includes significant content that we have not summarized in this post, including:
Comparisons to other techniques like sidechains and Plasma
Review of existing state channel designs
In-depth examination of relevant threat models
Meta-channels
An example construction for generalized state channels
For updates, follow us at @statechannels and keep an eye on our website.
Lastly, we’d like to thank the Ethereum Foundation for their continuing support of this important work. We are thrilled to be part of a talented community driven to scale the ethereum network, laying the groundwork for Web 3. We’d also like to thank Vitalik Buterin, Erik Bryn, Tom Close, Josh Stark, Nima Vaziri, Armani Ferrante, Lisa Eckey, Kristina Hostakova, Yoichi Hirai, and Sylvain Laurent for their discussion and feedback on earlier drafts of the paper.
NOTES
² In the future, once account abstraction is live, we’ll be able to do this trivially, since a contract address will be computable based on its bytecode and constructor arguments.
Mobile phone manufacturer HTC wants to let its smartphone customers plug into the bitcoin blockchain.
Speaking on Saturday at the Magical Crypto Conference in New York, HTC’s Phil Chen revealed a new low-cost version of its blockchain phone, the EXODUS 1s, announcing that the device will be capable of acting as a full node for the bitcoin network, meaning customers will store the entire blockchain’s data on their devices.
The company will also provide a software development kit (SDK) available for its Zion Vault, HTC’s crypto wallet app, and eventually plans to open-source the code behind its social key recovery mechanism.
Phil Chen, HTC’s decentralized chief officer, told CoinDesk that the company is targeting a release by the end of Q3.
“[The 1s is] going to be a lot cheaper, it will be a lot more accessible,” he said. The device will retail for between $250 and $300.
Specifications have not yet been released for the device.
The most striking promise of the 1s will be its ability to run a full bitcoin node. Chen explained that the company saw that as “a really important piece of the pie” for the bitcoin ecosystem.
“We think that’s foundational to the whole decentralized internet and just the whole fundamental premise,” he said. “If you don’t own your keys, you don’t own your bitcoin, you don’t own your crypto.”
The EXODUS 1 was designed to let users maintain their own private keys, which in turn formed the basis for this next move, Chen said.
He believes that from a technological standpoint, smartphones today are physically capable of handling the effort, noting that computing chips and storage media are constantly becoming cheaper and more efficient.
“We expect that phones will be powerful enough,” he contended, adding:
“The Bitcoin blockchain is about 200 [gigabytes], and it’s growing about 60 gigs per year. And those numbers are reasonable to hold on a smartphone. Imagine the iPod with 256 gigs … of course the music fan wants to keep the whole music library but the crypto fan wants to keep the whole bitcoin blockchain.”
By letting users run full nodes, HTC is giving them the ability to verify data themselves, he said.
“[You can] be a part of the bitcoin revolution by contributing to the security of the whole network,” said Chen.
That being said, the EXODUS 1s will still be capable of conducting normal smartphone operations, with room for music, videos, pictures, apps and dapps.
Other blockchains?
HTC plans to support the bitcoin blockchain at launch, but Chen did not rule out adding support for other networks. The chief considerations include how much memory and bandwidth other networks would require, he explained.
“I think running light nodes, like ethereum for example, is definitely doable, [but] it all depends on the spec,” he said.
The company also plans to focus on public blockchains, which Chen believes are far easier to support than private networks. That said, HTC is not planning on adding support for any other networks explicitly at this time.
“I see bitcoin as one of the most important if not the most important blockchains,” he said. “We definitely want to support that first and given what bitcoin stands for, open, neutral, censorship-resistance.”
He also noted that bitcoin is “the most proven” network, and supporting it was at least a little symbolic as well.
Once HTC is able to launch the 1s, Chen expects that his team will be able to apply the experience from supporting a bitcoin node to other networks.
Ecosystem construction
Its new 1s falls in line with HTC’s goal of contributing to the broader crypto ecosystem.
Demand from the EXODUS has been “in track” with HTC’s expectations, Chen said. However, the company is still soliciting feedback from the community. To that end, HTC is publishing its Zion Vault SDK for developers and ultimately plans to make its social key recovery mechanism available for other wallets to utilize (though there is no set timeline for this last part).
The company is also continuing to support its existing EXODUS 1 product, adding an Etherscan widget for customers to explore the ethereum blockchain and support for further non-fungible tokens.
Chen said the company would continue to develop products for the line, targeting a user-focused experience.
“I think people who really care about the public blockchain space see the role we play in this ecosystem. We’ve gotten a lot of support from developers and we’re very authentic about empowering developers,” he said.
With activity dating at least to 2009, the Lazarus Group has consistently ranked among the most disruptive, successful, and far-reaching state-sponsored actors.
Law enforcement agencies suspect that the group has amassed nearly $100 million worth of cryptocurrencies based on their value today.
The March 20, 2013 attack in South Korea,
the Sony Pictures hack in 2014,
the successful SWIFT theft of $81 million from the Bangladesh Bank in 2014,
and perhaps most famously this year’s WannaCry ransomware attack and its global impact have all been attributed to the group.
The Lazarus Group is widely accepted as being a North Korean state-sponsored threat actor by numerous organizations in the information security industry, law enforcement agencies, and intelligence agencies around the world. The Lazarus Group’s arsenal of tools, implants, and exploits is extensive and under constant development. Previously, they have employed DDoS botnets, wiper malware to temporarily incapacitate a company, and a sophisticated set of malware targeting the SWIFT banking system to steal millions of dollars. In this report we describe and analyze a new, currently undocumented subset of the Lazarus Group’s toolset that has been widely targeting individuals, companies, and organizations with interests in cryptocurrency.
Threat vectors for this new toolset, dubbed PowerRatankba, include highly targeted spearphishing campaigns using links and attachments as well as massive email phishing campaigns targeting both personal and corporate accounts of individuals with interests in cryptocurrency. We also share our discovery of what may be the first publicly documented instance of a state targeting a point-of-sale related framework for the theft of credit card data, again using a variant of malware that is closely related to PowerRatankba.
Conclusion
This report has introduced several new additions to Lazarus Group’s ever-growing arsenal, including a variety of different attack vectors, a new PowerShell implant and Gh0st RAT variant, as well as an emerging point-of-sale threat targeting South Korean devices. In addition to insight into Lazarus’ emerging toolset, there are two key takeaways from this research:
Analyzing a financially motivated arm of a state actor highlights an often overlooked or underestimated aspect of state-sponsored attacks; in this case, we were able to differentiate the actions of the financially motivated team within Lazarus from those of their espionage and disruption teams that have recently grabbed headlines.
This group now appears to be targeting individuals rather than just organizations: individuals are softer targets, often lacking resources and knowledge to defend themselves and providing new avenues of monetization for a state-sponsored threat actor’s toolkit.
Moreover, both the explosive growth in cryptocurrency values and the emergence of new point-of-sale malware near the peak holiday shopping season provide an interesting example of how one state-sponsored actor is following the money, adding direct theft from individuals and organizations to the more “traditional” approach of targeting financial institutions for espionage that we often observe with other APT actors.
Download the entire report here or read this local copy:
Bitcoin is a Demographic Mega-Trend: Data Analysis
What follows is data and analysis from a survey of American adults regarding general sentiment toward Bitcoin — the survey was conducted online by The Harris Poll, on behalf of Blockchain Capital, from April 23–25, 2019 among 2,029 American adults. The survey was an augmented version of one we ran in October 2017 (we added a few questions). Methodology can be found at the bottom of this post.
For context and because it’s material in considering the results, the survey in October 2017 was conducted in a bull market — Bitcoin was up over 800% YoY — whereas the most recent survey, in April 2019, was conducted in a bear market — price was down roughly 75% from all-time highs.
We suspect that the difference in market environment between the two surveys would have a negative impact on Bitcoin sentiment in the most recent survey. Despite the bear market, the data shows that Bitcoin awareness, familiarity, perception, conviction, propensity to purchase and ownership all increased/improved significantly — dramatically in many cases.
The results highlight that Bitcoin is a demographic mega-trend led by younger age groups. The only area where older demographics matched younger demographics was awareness: Regardless of age, the vast majority of the American population has heard of Bitcoin.
Awareness
The percentage of people that have heard of Bitcoin rose from 77% in October 2017 to 89% in April 2019.
Awareness of Bitcoin is strong across all age groups — those aged 18–34 have the highest rates of awareness at 90% and those aged 65+ have the lowest at 88%.
Overall, the percentage of people that have not heard of Bitcoin fell by more than half — from 23% in October 2017 to 11% in April 2019.
Familiarity
The percentage of people that are ‘at least somewhat familiar’ with Bitcoin rose by nearly half — from 30% in October 2017 to 43% in April 2019.
Among those aged 18–34, a full 60% described themselves as at least ‘somewhat familiar’ with Bitcoin — up from 42% in October 2017. Relative to older segments of the population, those aged 18–34 are 3x as likely to be at least ‘somewhat familiar’ with Bitcoin as those aged 65 and over.
The natural follow-on question is how perception is affected by rising awareness — as people become more familiar with Bitcoin do they think of it more positively or negatively?
Perception
The percentage of people whom ‘strongly’ or ‘somewhat’ agrees that ‘Bitcoin is a positive innovation in financial technology’ rose 9 percentage points — from 34% in October 2017 to 43% in April 2019.
Younger demographics were most inclined to have a positive view of Bitcoin: 59% of those aged 18–34 ‘strongly’ or ‘somewhat’ agree that ‘ Bitcoin is a positive innovation in financial technology — up 11 percentage points from October 2017.
But even if an increasing percentage of the population has a positive perception of Bitcoin, does that translate to increased conviction in future adoption?
Conviction
The percentage of people that ‘strongly’ or ‘somewhat’ agrees that ‘most people will be using Bitcoin in the next 10 years’ rose 5 percentage points — from 28% in October 2017 to 33% in April 2019.
Younger demographics have the most conviction in adoption over the next 10 years: Nearly half (48%) of those aged 18–34 ‘strongly’ or ‘somewhat’ agree that ‘it’s likely most people will be using Bitcoin in the next 10 years’ — up 6 percentage points from October 2017.
Propensity to Purchase
Despite the bear market, the percentage of people that indicated they are ‘very’ or ‘somewhat’ likely to buy Bitcoin in the next 5 years rose by nearly half — from 19% in October 2017 to 27% in April 2019.
Younger demographics appear most inclined to purchase Bitcoin: 42% of those aged 18–34 said they are ‘very’ or ‘somewhat’ likely to purchase Bitcoin in the next 5 years — up 10 percentage points from 32% in October 2017.
It’s also helpful to consider how people think about Bitcoin relative to other investable assets.
When asked which they’d prefer to own $1k of:
21% of people said they would prefer Bitcoin to government bonds — up from 18% in October 2017
17% of people said they would prefer Bitcoin to stocks — up from 14% in October 2017
14% of people said they would prefer Bitcoin to real estate — up from 12% in October 2017
12% of people said they would prefer Bitcoin to gold — up from 8% in October 2017
Focusing on those aged 18–34, when asked which they’d prefer to own $1,000 of:
30% said they would prefer Bitcoin to government bonds — flat from October 2017
27% said they would prefer Bitcoin to stocks — flat from October 2017
24% said they would prefer Bitcoin to real estate — up from 22% in October 2017
22% said they would prefer Bitcoin to gold — up from 19% in October 2017
Said differently, among those aged 18–34: Nearly 1 in 3 prefers Bitcoin to government bonds, more than 1 in 4 prefers Bitcoin to stocks, nearly 1 in 4 prefers Bitcoin to real estate and more than 1 in 5 prefers Bitcoin to gold.
The biggest increase in preference rate for Bitcoin was relative to gold — perhaps the byproduct of Bitcoin’s growing acceptance as ‘digital gold’.
Ownership
In total, 9% of the population owns Bitcoin — including 18% of those aged 18–34 and 12% of those aged 35–44.
To help put the millennial proclivity to Bitcoin in perspective: Only 37% of people under 35 are invested in the stock market (source) — so the data point that 20% of those in the same group own Bitcoin is particularly surprising.
Ultimately, Bitcoin is a demographic mega-trend: Younger demographics are leading in terms of Bitcoin awareness, familiarity, perception, conviction, propensity to purchase, and ownership rates.
Survey Methodology:
This survey was conducted online within the United States between April 23–25, 2019 among 2029 adults (aged 18 and over) by The Harris Poll on behalf of Blockchain Capital via its Harris On Demand omnibus product. Figures for age, sex, race/ethnicity, education, region and household income were weighted where necessary to bring them into line with their actual proportions in the population. Propensity score weighting was used to adjust for respondents’ propensity to be online.
All sample surveys and polls, whether or not they use probability sampling, are subject to multiple sources of error which are most often not possible to quantify or estimate, including sampling error, coverage error, error associated with nonresponse, error associated with question wording and response options, and post-survey weighting and adjustments. Therefore, the words “margin of error” are avoided as they are misleading. All that can be calculated are different possible sampling errors with different probabilities for pure, unweighted, random samples with 100% response rates. These are only theoretical because no published polls come close to this ideal.
Respondents for this survey were selected from among those who have agreed to participate in our surveys. The data have been weighted to reflect the composition of the adult population. Because the sample is based on those who agreed to participate in the online panel, no estimates of theoretical sampling error can be calculated.
Blockchain Capital, founded in 2013, is one of the oldest and most active venture investors in the blockchain industry and has financed 75+ companies and projects since its inception. Our mission is to help entrepreneurs build world-class companies and projects based on blockchain technology. We invest in both equity and tokens and are a multi-stage investor. Blockchain Capital also pioneered the world’s first ever tokenized investment fund and the blockchain industry’s very first security token, the BCAP, in April of 2017.
Die US-Amerikaner glauben an den Bitcoin: „Millennial-Mega-Trend“
Einer neu durchgeführten Befragung US-amerikanischer Bürger zufolge hat Bitcoin im Land ein überraschend gutes Standing. Die Bekanntheit der Kryptowährung und die Bereitschaft zum Kauf und Besitz von Bitcoin stiegen seit 2017 signifikant an. Die Studie konstatiert, dass BTC ein demografischer Megatrend jüngerer Bevölkerungsgruppen ist.
Die Kryptoinvestitionsfirma Blockchain Capital führte über das Web-Portal The Harris Poll eine Umfrage zum Thema Bitcoin durch. Die Studie lief zwischen dem 23. und dem 25. April 2019 und erfasste die Angaben von 2.029 volljährigen US-Bürgern. Die Ergebnisse deuten stark darauf hin, dass Kryptowährungen sich in den nächsten Jahren, vor allem unter jüngeren Amerikanern, weiter verbreiten werden.
Bitcoin-Umfragen in Zeiten des Bärenmarkts?
Die Macher der Umfrage führten die Studie erstmals im Oktober 2017 durch. Damals befand sich Bitcoin mitten im Bullenmarkt. Die Forscher glichen die Ergebnisse der ersten Befragung mit den Zahlen ab, die sie im April 2019 sammelten, zu einem Zeitpunkt, an dem der BTC-Kurs nur noch auf 25 Prozent des Höchstpreises kommt.
Positive Ergebnisse trotz Wertverlust
Entgegen den Erwartungen der Forscher, dass der Bärenmarkt sich negativ auf das Bitcoin-Image und die Bekanntheit in der Bevölkerung ausüben würde, sind die Ergebnisse nach dem Vergleich überraschend positiv.
Sowohl das Bewusstsein für die Existenz von Bitcoin, die Berührungspunkte, die Einstellung zu der Kryptowährung als auch die Bereitschaft, Bitcoin zu kaufen und zu besitzen, sind signifikant gestiegen.
Bitcoin auch älteren Amerikanern ein Begriff
Die sogenannte BTC-Awareness ist seit 2017 von 77 auf 89 Prozent rapide gestiegen. In der Altersgruppe der 18- bis 34-Jährigen wussten 90 Prozent der Befragten, was BTC ist, in der Altersgruppe ab 65 Jahren waren es immer noch solide 88 Prozent. Insgesamt haben nur elf Prozent der Befragten noch nie von BTC gehört. 2017 waren es noch 23 Prozent.
Auch im Bereich „Vertrautheit“ mit BTC gibt es erfreuliche Entwicklungen; 43 Prozent der Befragten empfinden sich als „gewissermaßen vertraut“ mit BTC, das sind 13 Prozent mehr als 2017. Weiterhin stimmen 43 Prozent der Teilnehmer der Aussage zu: „Bitcoin ist eine positive Innovation der Finanztechnologie.“
„Millennial-Mega-Trend“ einer verunsicherten Volkswirtschaft
Fast die Hälfte (48 Prozent) der Unter-34-Jährigen glauben, dass „es wahrscheinlich ist, dass die meisten Leute in den nächsten zehn Jahren Bitcoin benutzen werden.“ 42 Prozent der Befragten aus dieser Altersgruppe zeigten eine Bereitschaft zum Kauf von BTC in den nächsten fünf Jahren.
Neun Prozent der befragten US-Amerikaner besitzen BTC, unter den 18- bis 34-Jährigen sind es 18 Prozent, unter den 35- bis 44-Jährigen zwölf Prozent. Diese Zahlen sind besonders interessant, wenn man sie mit dem Investitionsverhalten der jüngeren Bevölkerung in traditionelle Finanzmärkte vergleicht: Nur 37 Prozent beteiligen sich an Börsenspekulationen.
Die Ergebnisse der Umfrage zeigen, dass sich die jüngeren US-Amerikaner zunehmend Kryptowährungen und alternativen Finanzstrukturen zuwenden. In Zeiten höchster ökonomischer Verunsicherung scheint auch der Kryptowinter nichts an dieser Innovationslust zu ändern.
You can now receive bitcoin’s experimental lightning payments with a few taps of an Apple smartwatch.
Launched Sunday by Bluewallet, one of the more popular lightning network wallets, their new app for Apple Watches allows users to receive bitcoin over its new, risky (but nonetheless promising) payment technology: lightning. Transactors can use the smartwatch app to generate a QR code — a square-shaped barcode — that someone else can then scan with their smartphone to send over a payment.
Bluewallet tweeted a sneak peek of the app weeks ago. But as of today [05 MAY 2019], it’s officially downloadable from the iTunes store.
Product and UX engineer Nuno Coelho framed the app as an experiment, telling CoinDesk:
“It’s a small experiment we’re doing to put wallets on the watch. The first releases will be simple, allowing you to receive lightning payments.”
Why might someone want to receive lightning transactions via a smart watch? you might ask. Smart watches aren’t as popular as smartphones, but many use them for the convenience of tracking health and viewing phone notifications without actually pulling out the phone.
Bluewallet, to that end, is testing to see if users might like to use them for bitcoin payments as well.
“Sometimes the convenience of just [receiving bitcoin] with two taps from your wrist can be a relevant user experience, specially on the go or if you need to be fast,” Coehlo said, adding it might be useful if you’re buying bitcoin from someone, but “don’t feel comfortable” taking out your phone, you could just use the watch instead.
But Coehlo stresses that this is an experiment, since lightning technology itself is still very experimental, and they’re not sure how many users will actually want to use the app.
“If feedback is good, we’ll spend more time on the project,” he told CoinDesk. “It’s a very early stage industry so we’re trying to figure out how to build this stuff properly.”
Bluewallet, helmed by a team of three developers, is also working on other features to expand the wallet. “We would also like to move from being a third-party service, minimizing trust. That’s our most important goal at the moment,” Coehlo said.
The Kleiman Estate is seeking return of a good portion of 1.1 million bitcoins (worth roughly $6.19 billion as of press time; $5 bln when the law suit started) mined by the two, or its “fair market value,” as well as compensation for infringement of intellectual property.
The United States District Court of the Southern District of Florida issued an order on May 3 requiring self-proclaimed Satoshi NakamotoCraig Wright to produce a list of his public bitcoin (BTC) addresses.
The order is part of an ongoing case against Wright filed by the estate of computer scientist David Kleiman, which claims that Wright stole hundreds of thousands of BTC. The coins were worth over $5 billion dollars in February last year, when Kleiman’s estate first sued Wright.
The order illustrates a number of the plaintiffs’ requests. They ask the court to order Wright to produce a list of the public addresses of bitcoin he owned as of Dec. 31, 2013, make him identify all bitcoin allegedly transferred to a blind trust in 2011 and produce documents related to said trust.
Further, the plaintiffs also ask the court to order Wright to identify under oath the identity of the current and past trustees and beneficiaries of the trust. The last request is to “permit further deposition of Dr. Wright with regard to his ownership and control over bitcoins.”
The document also specifies that the court has reconsidered its order on Wright’s previously filed motion to seal information regarding his bitcoin holdings. In addition to denying Wright’s motion regarding the list of bitcoin addresses, the court order states:
“On or before May 15, 2019, at 5:00 p.m. Eastern time, Dr. Wright shall produce all transactional records of the blind trust, including but not limited to any records reflecting the transfer of bitcoin into the blind trust in or about 2011. The production shall be accompanied by a sworn declaration of authenticity.”
As Cointelegraph reported at the end of last year, a U.S. court has already rejected repeated requests from Wright to dismiss the Kleiman case.
The now-defunct Wall Street Market (WSM). Image: Dark Web Reviews.
Criminal complaint and arrest warrants for:
TIBO LOUSEE, 22, from Kleve, also known as (“aka”) “coder420,” aka “codexx420”
JONATHAN KALLA, 31, from Bad Vilbel, aka “Kronos”
KLAUS-MARTIN FROST, 29, from Stuttgart, aka “TheOne,” aka “The_One,” aka “dudebuy” (collectively known as “The Administrators”)
MARCOS PAULO DE OLIVEIRA-ANNIBALE, 29, was arrested in Brazil and accused of being the site moderator known online as “MED3LIN” – he began blackmailing WSM vendors and buyers, asking for 0.05 Bitcoin (~$280), and threatening to disclose to law enforcement the details of WSM vendors and buyers
.
German Plaza Market (“GPM”), which launched in approximately Spring 2015, was a darknet marketplace (through which users transacted in Bitcoin) and shut down due to an “exit scam” in approximately May 2016.
the administrators of GPM likely transferred funds stolen from GPM to Wall Street Market (“WSM”), and then launched WSM in October 2016.
the BKA identified the servers operating WSM and imaged a copy of the database of WSM (a SQL database named “tulpenland”).
the WSM infrastructure that was located in Germany (production), and in the Netherlands, responsible for the development, testing, and updating of the WSM infrastructure (the “Gitlab server”)
LOUSEE: the BKA noticed that on occasion, VPN Provider #1 connection would cease, but because that specific administrator continued to access the WSM infrastructure, that administrator’s access exposed the true IP address of the administrator. The individual utilizing the IP address to connect to the WSM infrastructure used a device called a UMTS-stick7 (aka surfstick). This UMTS-stick was registered to a suspected fictitious name. The BKA executed multiple surveillance measures to electronically locate the specific UMTS-stick. The specific UMTS-stick was used at a residence of LOUSEE in Kleve, Northrhine-Westphalia (Germany), and at his place of employment.
KALLA: an IP address assigned to the home of this individual (the account for the IP address was registered in the name of the suspect’s mother) accessed VPN Provider #2. KALLA admitted that he was the administrator for WSM known as “Kronos.”
FROST: the PGP public key for “TheOne” is the same as the PGP public key for another moniker on Hansa Market, “dudebuy”. A financial transaction connected to a virtual currency wallet used by FROST was linked to “dudebuy”. Investigators identified a wallet used by FROST that subsequently received Bitcoin from a wallet used by WSM for paying commissions to administrators. Records obtained from the Bitcoin Payment Processing Company revealed buyer information (connected to Hansa Market, seized in 2017) for a Bitcoin transaction as “Martin Frost,” using the email address klaus-martin.frost@web.de. A second link connecting FROST to the administration of WSM is based on additional Bitcoin tracing analysis.
In or around April 2019, WSM experienced massive popularity and then commenced an “exit scam,” presumably in response to its increased popularity. On or about April 16, 2019, vendors on WSM could not withdraw funds from their escrow accounts; that is, they could not repatriate proceeds for contraband that was sold. Between April 22 and 26, 2019, members of the public shared that their own analyses of virtual currency transactions revealed that large amounts of virtual currency, estimated between $10 and $30 million, were being diverted from wallets believed to be associated with WSM to other virtual currency wallets.
By Brian Krebs, “Krebs on Security”:
Federal investigators in the United States, Germany and the Netherlands announced today the arrest and charging of three German nationals and a Brazilian man as the alleged masterminds behind the Wall Street Market (WSM), one of the world’s largest dark web bazaars that allowed vendors to sell illegal drugs, counterfeit goods and malware. Now, at least one former WSM administrator is reportedly trying to extort money from WSM vendors and buyers (supposedly including Yours Truly) — in exchange for not publishing details of the transactions.
A complaint filed Wednesday in Los Angeles alleges that the three defendants, who currently are in custody in Germany, were the administrators of WSM, a sophisticated online marketplace available in six languages that allowed approximately 5,400 vendors to sell illegal goods to about 1.15 million customers around the world.
“Like other dark web marketplaces previously shut down by authorities – Silk Road and AlphaBay, for example – WSM functioned like a conventional e-commerce website, but it was a hidden service located beyond the reach of traditional internet browsers, accessible only through the use of networks designed to conceal user identities, such as the Tor network,” reads a Justice Department release issued Friday morning.
The complaint alleges that for nearly three years, WSM was operated on the dark web by three men who engineered an “exit scam” last month, absconding with all of the virtual currency held in marketplace escrow and user accounts. Prosecutors say they believe approximately $11 million worth of virtual currencies was then diverted into the three men’s own accounts.
The defendants charged in the United States and arrested Germany on April 23 and 24 include 23-year-old resident of Kleve, Germany; a 31-year-old resident of Wurzburg, Germany; and a 29-year-old resident of Stuttgart, Germany. The complaint charges the men with two felony counts – conspiracy to launder monetary instruments, and distribution and conspiracy to distribute controlled substances. These three defendants also face charges in Germany.
Signs of the dark market seizure first appeared Thursday when WSM’s site was replaced by a banner saying it had been seized by the German Federal Criminal Police Office (BKA).
The seizure message that replaced the homepage of the Wall Street Market on on May 2.
Writing for ZDNet’s Zero Day blog, Catalin Cimpanu noted that “in this midst of all of this, one of the site’s moderators –named Med3l1n— began blackmailing WSM vendors and buyers, asking for 0.05 Bitcoin (~$280), and threatening to disclose to law enforcement the details of WSM vendors and buyers who made the mistake of sharing various details in support requests in an unencrypted form.
In a direct message sent to my Twitter account this morning, a Twitter user named @FerucciFrances who claimed to be part of the exit scam demanded 0.05 bitcoin (~$286) to keep quiet about a transaction or transactions allegedly made in my name on the dark web market.
“Make it public and things gonna be worse,” the message warned. “Investigations goes further once the whole site was crawled and saved and if you pay, include the order id on the dispute message so you can be removed. You know what I am talking about krebs.”
A direct message from someone trying to extort money from me [Brina Krebs]
I did have at least one user account on WSM, although I don’t recall ever communicating on the forum with any other users, and I certainly never purchased or sold anything there. Like most other accounts on dark web shops and forums, it was created merely for lurking. I asked @FerucciFrances to supply more evidence of my alleged wrongdoing, but he has not yet responded.
The Justice Department said the MED3LIN moniker belongs to a fourth defendant linked to Wall Street Market — Marcos Paulo De Oliveira-Annibale, 29, of Sao Paulo, Brazil — who was charged Thursday in a criminal complaint filed in the U.S. District Court in Sacramento, California.
Oliviera-Annibale also faces federal drug distribution and money laundering charges for allegedly acting as a moderator on WSM, who, according to the charges, mediated disputes between vendors and their customers, and acted as a public relations representative for WSM by promoting it on various sites.
Prosecutors say they connected MED3LIN to his offline identity thanks to photos and other clues he left behind online years ago, suggesting once again that many alleged cybercriminals are not terribly good at airgapping their online and offline selves.
“We are on the hunt for even the tiniest of breadcrumbs to identify criminals on the dark web,” said McGregor W. Scott, United States Attorney for the Eastern District of California. “The prosecution of these defendants shows that even the smallest mistake will allow us to figure out a cybercriminal’s true identity. As with defendant Marcos Annibale, forum posts and pictures of him online from years ago allowed us to connect the dots between him and his online persona ‘Med3l1n.’ No matter where they live, we will investigative and prosecute criminals who create, maintain, and promote dark web marketplaces to sell illegal drugs and other contraband.”
A copy of the Justice Department’s criminal complaint in the case is here (PDF).
Accused operators of illicit ‘darknet’ market arrested in Germany, Brazil
FRANKFURT (Reuters) – Three German nationals accused of running one of the world’s largest dark web sites for selling drugs and other contraband have been arrested and charged in two countries following a two-year investigation, U.S. prosecutors said on Friday.
A fourth man who allegedly acted as a moderator and promoter for the site, Wall Street Market, was taken into custody in Brazil, according to federal prosecutors in California.
“Darknet” and “dark web” refer to networks and sites hidden from most internet visitors and accessible only to users shrouded in anonymity.
“While they lurk in the deepest corners of the internet, this case shows that we can hunt down these criminals wherever they hide,” U.S. Attorney Nick Hanna said in a written statement announcing the charges.
Tibo Lousee, Klaus-Martin Frost and Jonathan Kalla are accused of running Wall Street Market for nearly three years, providing a darknet platform for the sale of narcotics, counterfeit goods and hacking software to 1.1 million customers.
The men, known to U.S., Dutch and German investigators by the monikers “coder420,” “Kronos” and “TheOne,” also face charges in Germany.
Prosecutors in Frankfurt said that the country’s federal criminal investigation office, or Bundeskriminalamt, had secured the platform’s server infrastructure.
FLORIDA RESIDENT DIED
In December 2017, a Florida resident died from using a nasal spray laced with the opioid fentanyl sold by one of the roughly 5,400 vendors on Wall Street Market, according to the criminal complaint. That vendor was convicted in U.S. District Court in Wisconsin and sentenced to 12 years in prison.
Among the site’s top vendors were two people based in Los Angeles: “Ladyskywalker,” who sold opiates such as fentanyl, oxycodone and hydrocodone; and “Platinum45,” who dealt in methamphetamine, oxycodone and Adderall.
The people operating both of those accounts have also been arrested, according to the criminal complaint. Their names were not made public.
As investigators closed in last month the operators of Wall Street Market conducted an “exit scam” – making off with an estimated $11 million in virtual currency belonging to customers, prosecutors say, before they were taken into custody in Germany.
Cyber specialists at the Bundeskriminalamt started taking “operational measures” after the suspects switched the platform into maintenance mode on April 23 and started transferring the customer funds to themselves, German prosecutors said.
Marcos Paulo De Oliveira-Annibale, 29, was arrested in Brazil and accused of being the site moderator known online as “MED3LIN.”
Prosecutors say they were able to identify Oliveira-Annibale by connecting his online persona with forum comments and pictures he posted years earlier.
How German and US authorities took down the owners of darknet drug emporium Wall Street Market
The major darknet marketplace known as the Wall Street Market has been seized and its alleged operators arrested in a joint operation between European and U.S. authorities. Millions in cash, cryptocurrency and other assets were collected, and the market shut down. How investigators tied these anonymity-obsessed individuals to the illegal activities is instructive.
The three men accused of running Wall Street Market (WSM), one of the larger hidden service markets operating via the Tor network, are all German citizens: Tibo Lousee, Jonathan Kalla and Klaus-Martin Frost; several vendors from the market have also been charged, including one who sold meth on it by the kilogram.
The investigation has been ongoing since 2017, but was pushed to a crisis by the apparent attempt in April by WSM’s operators to execute an exit scam. By suddenly removing all the cryptocurrency held in escrow and otherwise stored under their authority, the alleged owners stood to gain some $11 million if they were able to convert the coins.
Until recently, Wall Street Market was a bustling bazaar for illegal goods, including dangerous drugs like fentanyl and physical items like fake documents. It had more than a million user accounts, some 5,400 vendors and tens of thousands of items available for purchase. It has grown as other darknet marketplaces have been cornered and shut down, driving users and sellers to a dwindling pool of smaller platforms.
Whether the owners sought simply to parley this growth to a quick cash grab or whether they sensed the law about to knock down their door, the exit scam was undertaken on April 16.
This action prompted investigators in the U.S. and Germany, and Europol, to take action, as this exit scam marked not only an opportunity for investigators to gather and observe fresh evidence of the trio’s alleged crimes, but waiting much longer might let them go to ground and launder their virtual goods.
The DOJ complaint details the means by which the three administrators of the site were linked to it, despite their attempts to anonymize their access. It isn’t unprecedented stuff, but it’s always interesting to read through the step-by-step forensics that lead to charges, since it can be very difficult to tie real-world actors to virtual entities.
For Frost, it was an unstable VPN connection, plus some sleuthing by the German federal police, the Bundeskriminalamt or BKA:
The WSM administrators accessed the WSM infrastructure primarily through the use of two VPN service providers. On occasion, VPN Provider #1 connection would cease, but because that specific administrator continued to access the WSM infrastructure, that administrator’s access exposed the true IP address of the administrator
The individual utilizing the above-referenced IP address to connect to the WSM infrastructure used a device called a UMTS-stick (aka surfstick) [i.e. a dongle for mobile internet access]. This UMTS-stick was registered to a suspected fictitious name.
The BKA executed multiple surveillance measures to electronically locate the specific UMTS-stick. BKA’s surveillance team identified that, between February 5 and 7, 2019, the specific UMTS-stick was used at a residence of Lousee in Kleve, Northrhine-Westphalia (Germany), and his place of employment, an information technology company where Lousee is employed as a computer programmer. Lousee was later found in possession of a UMTS stick.
Some other circumstantial evidence also tied Lousee to the operation, such as similar login names, mentions of drugs and cryptocurrencies, and so on. (“Based on my training and experience as an investigator, I am aware that ‘420’ is a reference to marijuana,” writes the special agent who authored the complaint.)
Kalla’s VPN held strong, but the metadata betrayed him:
An IP address assigned to the home of this individual (the account for the IP address was registered in the name of the suspect’s mother) accessed VPN Provider #2 within similar rough time frames as administrator-only components of the WSM server infrastructure were accessed by VPN Provider #2.
Hardly a hole in one, but Kalla later admitted he was the user agent in question. This is a good example of how a VPN can and can’t protect you against government snooping. It may disguise your IP to certain systems, but anyone with a bird’s-eye view can see the obvious correlation between one connection and another. It won’t hold up in court on its own, but if the investigators are good it won’t have to.
Frost, the third administrator, required a more subtle approach, but ultimately it was again poor opsec; this time an unwise cross-contamination of his cryptographic and cryptocurrency accounts:
The PGP public key for [WSM administrative account] ‘TheOne’ is the same as the PGP public key for another moniker on [another hidden service] Hansa Market, ‘dudebuy.’ As described below, a financial transaction connected to a virtual currency wallet used by FROST was linked to ‘dudebuy.’
[The BKA] located the PGP public key for ‘TheOne’ in the WSM database, referred to as ‘Public Key 1’.
Public Key 1 was the PGP public key for ‘dudebuy.’ The ‘refund wallet’ for ‘dudebuy’ was Wallet 2.
Wallet 2 was a source of funds for a Bitcoin transaction… Records obtained from the Bitcoin Payment Processing Company revealed buyer information for that Bitcoin transaction as ‘Martin Frost,’ using the email address klaus-martin.frost@…
Essentially A is B, and B is C, so A is C. This little deductive trick is handy, but bitcoin wallets used by Frost were also identified through analysis by the U.S. Postal Inspection Service, which, if you didn’t know, has “a highly trained, skilled and committed cyber unit.”
The United States Postal Inspection Service learned, through its analysis of Blockchain transactions and information gleaned from the proprietary software described above, that the funds from Wallet 2 were first transferred to Wallet 1, and then “mixed” by a commercial service; mixing services is described above at paragraph 4.m. Through thorough analysis, the United States Postal Inspection Service was able to “de-mix” the flow of transactions, to eventually ascertain that the money from Wallets 1 and 2 ultimately paid FROST’s account at the Product Services Company.
Here the blockchain’s indelible record clearly worked against Frost. Wallet 1, by the way, handled thousands of bitcoins during its use in association with another darknet marketplace, German Plaza Market — which the three charged today also allegedly ran and shut down via an exit scam.
In addition to the administrators, some vendors and others associated with the site were charged. They were identified via more traditional means and their activities linked to the market in such a way that defense seems a lost cause. The record for a Brazilian man who operated as a dealer and as a sort of representative for WSM on Reddit and forums is an interesting study in the web of suggestive accounts and names that produce a damning, if circumstantial, depiction of a person’s associations and interests, from the banal to the criminal.
“The prosecution of these defendants shows that even the smallest mistake will allow us to figure out a cybercriminal’s true identity,” said U.S. Attorney McGregor W. Scott in the DOJ press release. “We are on the hunt for even the tiniest of breadcrumbs.”
Cases against the alleged criminals will be held in multiple locations and under multiple authorities — it’s safe to say this is just the beginning of a long, complicated process for everyone involved.
Der Erfolg des Bitcoins hat in den letzten beiden Jahren zu einem weltweiten Boom der Digitalwährungen geführt.
Die Seite coinmarketcap.com listet aktuell über 2.000 aktive Kryptocoins.
Dagegen hat sich deadcoins.com der dunklen Seite des Hypes verschrieben. Auf der Seite sind aktuell 1.614 gescheiterte Digitalwährungen aufgeführt, sortiert nach den Gründen ihres Endes. Demnach sind 57,9 Prozent der “Sterbefälle” von Börsen ausgelistet worden, weisen kein Handelsvolumen oder Nodes mehr auf oder wurden von ihren Entwicklern wegen finanziellem Misserfolg aufgegeben; weitere 35,3 Prozent entpuppten sich als Betrug.
Nur zwei Prozent der für eine Bitkom Research-Analyse befragten Unternehmen arbeiten mit Blockchain-Anwendungen – lediglich bei großen Unternehmen ab 500 Mitarbeitern wird der Anteil zweistellig. Diejenigen deutschen Unternehmen, die sich intensiv mit der Blockchain auseinandersetzen oder diese bereits einsetzen, sehen sich zwar generell als Vorreiter auf diesem Gebiet, sind aber der Meinung, dass Deutschland insgesamt ein Blockchain-Nachzügler ist.
Im Kern geht es bei der Blockchain laut Bitkom-Präsident Achim Berg darum, “dass Datentransaktionen nicht zentral auf einem Server gespeichert werden, sondern dezentral in der Blockchain. Das heißt: verteilt in einem Netzwerk von Rechnern.”
Als internationale Vorreiter auf diesem Gebiet gelten der Studie zufolge die Schweiz, Malta und die USA.
A side-channel attack in Qualcomm technology, which is used by most modern Android devices, could allow an attacker to snatch private keys.
Researchers have uncovered a side-channel attack that enables a bad actor to extract sensitive data from Qualcomm’s secure keystore. The critical flaw impacts most modern Android devices that use Qualcomm chips.
The issue stems from an issue in Qualcomm technology, dubbed the Qualcomm Secure Execution Environment (QSEE), designed to guard cryptographic keys on devices. As a result of exploiting the flaw, attackers can pluck “sensitive data,” including private encryption keys, passwords and more, from Qualcomm-powered devices.
“Recent Android devices include a hardware-backed keystore, which developers can use to protect their cryptographic keys with secure hardware,” according to NCC Group consultant Keegan Ryan, who discovered the attack, in a Tuesday post. “On some devices, Qualcomm’s TrustZone-based keystore leaks sensitive information through the branch predictor and memory caches, enabling recovery of 224 and 256-bit ECDSA [Elliptic Curve Digital Signature Algorithm] keys.”
Up to 36 Qualcomm chipsets are impacted – including popular Snapdragon models 820, 835, 845 and 855, which currently are used by several Android devices in the market. Most modern Android mobile devices are impacted: Including the Samsung Galaxy Phone, Sony Xperia, Xiaomi Mi, LG V50, ZTE Axon and more.
QSEE splits data execution on cell phones into a “secure world and a normal world” – sensitive data is placed in the secure world, while other data, like Android OS, can run in the normal world.
This process has two implications: It means that only the application that placed the data in the secure environment can reach that data; and it also means that even if other parts of the device is attacked, the sensitive data is still safe.
However, the two worlds often share the same microarchitectural structures, said Ryan – meaning a bad actor could use a side-channel attack to sniff out memory cache samples, and eventually piece those samples to piece together private keys.
Using a memory cache analyzer called Cachegrab, Ryan was able to do just that: He used a rooted Nexus 5X device (powered by the Qualcomm Snapdragon 808) and found a point on the QSEE that was sending out enough data to give him the ability to recover 256-bit ECDSA keys.
Importantly, the attacker must have root access to the device– which could be achieved through first infecting the device with malware, according to Ryan.
Once exploited, the flaw could also lead to wider implications for embedded devices that also use the Qualcomm technology, Ryan told Threatpost.
“Extracting these keys could make attacks on the manufacturer’s infrastructure easier to perform, or allow someone to create counterfeit devices,” he said. “Someone could use these counterfeits to gain access to services without actually paying for the authentic physical device. Because the counterfeits use the same (stolen) key pair as legitimate devices, the manufacturer can no longer distinguish between which requests come from legitimate devices, and which ones come from fakes.”
Qualcomm has issued a patch for the flaw (CVE-2018-11976), which was just publicly disclosed in April. The flaw was first reported to Qualcomm March 19, 2018, and customers were notified Oct. 1, 2018. Android also disclosed a patch for the flaw in its April update.
“Providing technologies that support robust security and privacy is a priority for Qualcomm,” a Qualcomm spokesperson told Threatpost. “We commend the NCC Group for using responsible disclosure practices surrounding their security research. Qualcomm Technologies issued fixes to OEMs late last year, and we encourageend users to update their devices as patches become available from OEMs.”
Researchers said that Qualcomm has notified impacted OEMs and carriers, “triggering the start of a six-month re-certification process.” But that doesn’t mean that all Android OEMs have patched their devices: Users should ensure that their devices are running the most recent firmware version, said Ryan.
Side-channel attacks continue to plague various products, including Android devices and Intel CPUs.
“Developers really need to take extra care to protect their apps and operate under the assumption that their app will be installed on and launched on some number of insecure devices,” said Sam Bakken, senior product marketing manager at OneSpan, in an email. “Thankfully, technology such as mobile app shielding can provide such protection, fortifying an app in potentially hostile environments — and in many cases without slowing down time-to-market.”
Ryan told Threatpost that side channel attacks are gaining increasing attention in the academic and research community over the past couple years.
“I expect this trend to continue,” he told Threatpost. “As devices become more secure against more well-known and easily exploited vulnerabilities like buffer overflows, attackers will have to turn to more sophisticated techniques to steal the information they are after. However, this sort of research demonstrates the risks and threats that manufacturers face, and we have seen them respond with more advanced defenses.”
Lightning Labs, one of the largest bitcoin companies behind the upcoming scaling technology lightning, has released its first desktop app on the bitcoin blockchain.
Previously the desktop app worked for bitcoin’s testnet — think fake bitcoins used to try out programs — but this is the first time the app will work on bitcoin mainnet, meaning users can use it to send and receive real money. Notably, the app is “non-custodial” meaning that users have control over their bitcoin.
Authored by Lightning Labs developers Tankred Hase and Valentine Wallace, the blog post announcing the new app explains:
“Driving this release is a complete commitment to scaling the principles that Bitcoin was built on: privacy, security, and self-determination. For that we need to go beyond custodial solutions and enthusiast guides and deliver a great user experience for everyone.”
Other apps work with real bitcoin today, including Bluewallet, Zap, and Zeus. But Lightning Labs, originally started by lightning’s creators, is perhaps the largest company to release a bitcoin mainnet app so far.
The app works on MacOS, Windows, and Linux devices.
Developers revealing the app are quick to note that although this is a mainnet app, it’s still made for “advanced users” who want to test out the budding technology. There’s still a risk of losing money when sending it on what remains an unfinished technology.
The other big part of the release is that behind the scenes the desktop incorporates “Neutrino,” a “light client” technology which requires users to download much less of the bitcoin blockchain in order to verify transactions are real. Though other light client technologies exist, Neutrino is more private. (Though, some developers have been known to argue about the protocol’s drawbacks.)
Looking ahead, Lightning Labs is eyeballing a release on mobile devices in the future.
The blog post explains that Lightning Labs has plans to move into mobile devices soon as well.
“[The release] also represents an important stepping stone towards mobile while we continue to invest in performance and stability,” Hase and Wallace wrote. “We’re working as quickly as we can to get our mainnet iOS and Android apps out soon.”
Rund 90 Milliarden US-Dollar sind alle Bitcoins laut coinmarketcap.com zusammengenommen wert. Allerdings ist der Bitcoin damit weit entfernt von seiner einstigen Größe. Ende 2017 erreichte die Kryptowährung eine Marktkapitalisierung von über 300 Milliarden US-Dollar.
Die Nummer 1 im Ranking der Digitalcoins ist der Bitcoin gleichwohl immer noch. Erst mit weitem Abstand folgen Ethereum (17,3 MIlliarden US-Dollar) und XRP (13,5 Milliarden US-Dollar) – auch unter dem Namen Rippel bekannt.
Studie: Deutschland bei Blockchain nur Mittelmaß
Bei der Hub Berlin stellte Bitkom-Präsident eine neue Studie vor, die das Potenzial der Blockchain-Technologie hervorhebt. Allerdings steht Deutschland im internationalen Vergleich als Nachzügler da, befand jedes Zweite der befragten deutschen Unternehmen.
DPA:
Der Digitalbranchenverband Bitkom sieht in der Blockchain großes Potenzial. Doch Deutschland hat offenbar auch hier verpasst, bei einer Digital-Technologie ganz vorne mitzuspielen.
Bei Banken oder in der Logistikbranche wird der noch jungen Blockchain-Technologie enormes Potenzial zugesprochen. Doch im internationalen Vergleich sieht jedes zweite Unternehmen hierzulande Deutschland dabei als Nachzügler, wie eine am Donnerstag auf dem Technologie-Festival Hub Berlin vorgestellte Studie des Digitalverbands Bitkom ergab. Dabei könne die Blockchain-Technologie „viele bisher gängige Verfahren völlig auf den Kopf stellen“, sagte Bitkom-Präsident Achim Berg.
Blockchain: Es fehlt an alltagstauglichen Lösungen
„Bei der Blockchain befinden wir uns aktuell in einer Experimentier-Phase, es fehlt noch an einem breiten Angebot wirklich alltagstauglicher Lösungen“, betonte Berg. Dennoch sollten Unternehmen „unbedingt heute bereits bei Forschung und Entwicklung vorne mit dabei sein“.
Blockchains sind spezielle Datenbanken, die Transaktionsdaten ohne eine zentrale Kontrollinstanz mit absoluter Transparenz verwalten können. Die Digitalwährung Bitcoin zählt zu den bekanntesten Nutzungsformen. Dabei wird bei einer Finanztransaktion ein virtuelles Logbuch angelegt, bei dem jeder einzelne Schritt kryptografisch gesichert wird und damit fälschungssicher ist.
Geschäftsprozesse ohne Middle-Man durch die Blockchain
In vielen Geschäftsbereichen könnten Geschäftsprozesse damit sicher und viel einfacher, ganz ohne Zwischenstellen, neu gestaltet werden. Das sieht mit 87 Prozent auch die überwiegende Mehrheit der in der repräsentativen Studie des Bitkom befragten Unternehmensvertreter als größten Vorteil. In der Finanzbranche ermöglicht die Blockchain etwa Transaktionen ohne Banken. In der Logistik könnte sie für einen lückenlosen Nachweis beim Transport von Waren sorgen.
Der Bitkom-Präsident begrüßte, dass die Bundesregierung eine eigene Blockchain-Strategie angekündigt hat. „Das ist ein wichtiges Signal.“ Blockchain sei neben dem Thema künstliche Intelligenz eine der spannendsten Entwicklungen. Dennoch müssen Deutschland bei der Entwicklung eine weltweite Spitzenstellung anstreben, fordert Berg. Dort habe niemand aus der Studie die deutsche Wirtschaft in internationalen Vergleich verortet. dpa
StackOverflow Developer Survey: 80% of Organizations Do Not Use Blockchain
11 APR 2019
Major developer community website StackOverflow has surveyed nearly 90,000 developers, and the results published on April 9 show that 80% of organizations are currently not using blockchain.
As well, 12.7% of the developers responded that organizations use blockchain for non-currency applications, 4% for cryptocurrency-related applications, 2.1% accept crypto as payments and 1.3% are implementing their own cryptocurrency. StackOverflow also claims that developers in India are the most likely to say that their organizations are using blockchain technology.
The most significant portion of developers, 29.2%, believes that blockchain is useful across many domains and could change our lives in many ways. Still, 26.2% thinks that it is useful just as an immutable record-keeping technology and has no use as a currency, and only 12.2% believes it is useful for decentralized currency applications.
In a likely reference to concerns over the impact of Proof of Work mining on the environment, 15.6% of the respondents noted that they think blockchain to be an irresponsible use of resources. Lastly, 16.8% believes that blockchain technology is just a passing fad. The report claims that the optimism concerning the usefulness of blockchain technology is largely concentrated among younger and less experienced developers:
“The more experienced a respondent is, the more likely they are to say blockchain technology is an irresponsible use of resources.”
As Cointelegraph reported earlier this week, most tax and finance executives do not consider adopting blockchain technology, according to a recent survey conducted by Big Four auditing firm KPMG.
Another KPMG survey, the results of which were published at the end of February, showed that 48 percent of C-level executives believe blockchain is likely to change the way they do business in the next three years.
Oracle Exec: 50% Of Companies Will Use Blockchain Tech in Next Three Years
Blockchain technology could possibly be used by 50 percent of all companies within the next three years, the vice president of blockchain product development at software company Oracle said on Monday, April 8.
Frank Xiong participated in the Forbes CIO Summit in Half Moon Bay, California, where he estimated that 50 to 60 percent of companies will use blockchain technology in the next few years.
At the same time, Xiong believes that people have become much more realistic about what blockchain can affect in various business models:
“We’re past the stage that blockchain can cure everything, so people are becoming more realistic about what’s good for their business model.”
According to Forbes, Oracle currently has more than 100 customers using its blockchain solution for supply chains. As Cointelegraph previously reported, the company launched a suite of software-as-a-service (SaaS) applications based on its Oracle Blockchain Cloud Service in late October 2018. The offering purportedly enables customers to track products through supply chains, increase transparency, accelerate product delivery, and improve customer satisfaction.
More recently, Oracle partnered with a European-based fintech startup SDK.finance that offers a payment platform for banks and financial institutions. The company will use Oracle Blockchain Platform to improve its payments processes and remove intermediaries.
A recent survey conducted by Big Four auditing firm KPMG shows that high-profile executives are interested in blockchain, but mostly delay its adoption in their companies.
WFP Introduces Iris Scan Technology To Provide Food Assistance To 76,000 Syrian Refugees In Zaatari
06 October 2016
AMMAN – The World Food Programme (WFP) in partnership with the United Nations High Commissioner for Refugees (UNHCR) has introduced an innovative iris scan payment system in Jordan’s Zaatari refugee camp, allowing 76,000 Syrian refugees to purchase food from camp supermarkets using a scan of their eye instead of cash, vouchers or e-cards.
The cutting-edge technology was launched in Jordan’s King Abdullah Park refugee camp in February this year, when for the first time in the history of humanitarian assistance, a WFP beneficiary received food assistance in the blink of an eye. The system was expanded to Azraq refugee camp in eastern Jordan in April.
“The iris scan payment system has been extremely successful, and we are thrilled that WFP and its partners are now able to serve Syrian refugees living in Jordan’s largest camp through this innovative system,” said WFP Country Director in Jordan Mageed Yahia. “Iris scan technology has reshaped the shopping experience for Syrian refugees in Jordan, making it easier and more secure for them, while also enhancing accountability.”
For Zaatari resident Hana Heraaki, the true value of this system lies in its convenience. “Now I don’t have to worry if I forgot my card at home or if I misplaced it. Whenever I’m near the shop, I can just walk in and get whatever food that’s missing from home,” she said.
WFP’s system relies on UNHCR biometric registration data of refugees. The system is powered by IrisGuard, the company that developed the iris scan platform, Jordan Ahli Bank and its counterpart Middle East Payment Services.
Once a shopper has their iris scanned, the system automatically communicates with UNHCR’s registration database to confirm the identity of the refugee, checks the account balance with Jordan Ahli Bank and Middle East Payment Services and then confirms the purchase and prints out a receipt – all within seconds.
The introduction of the iris scan payment system in Jordan’s Syrian refugee camps represents WFP’s commitment to employing innovative tools and approaches in the fight against hunger. WFP seeks to expand the use of the technology to refugees living in communities outside of camps.
Through the iris scan and electronic voucher programme, WFP supports more than half a million Syrian refugees in Jordan. WFP is also providing assistance to almost 140,000 vulnerable Jordanians through food rations and cash for work and cash for training programmes.
WFP is the world’s largest humanitarian agency fighting hunger worldwide, delivering food assistance in emergencies and working with communities to improve nutrition and build resilience. Each year, WFP assists some 80 million people in around 80 countries.
Follow us on Twitter @wfp_media and @wfp_mena
UN Partners WIN to Fight Child Trafficking With Blockchain
NOV 14, 2017
The United Nations (UN) has partnered with the World Identity Network (WIN) to create a Blockchain-based digital identity system to help fight child trafficking around the world.
The partners have already launched a pilot test of the system as of mid-November 2017.
The partners announced the launching of the pilot program at the Humanitarian Blockchain Summit held in New York. The pilot involves the participation of UN agencies, UN Office for Project Services (UNOPS) and the UN Office of Information and Communications Technology (UN-OICT).
In their press release, the partners claimed that the use of the system increases the chance of apprehending the child traffickers.
“Storing digital identities on a Blockchain provides a ‘significantly higher chance of catching traffickers.’ Additionally, securing identity data on an immutable ledger will make trafficking attempts ‘more traceable and preventable.’”
How does child trafficking happen
Child traffickers usually use fake identification documents to transport young individuals across borders. The victims are eventually forced to participate in serious illegal activities like illegal human organ trade and sex trade.
In her statement, WIN Co-Founder and Chief Executive Officer (CEO), Dr. Mariana Dahan, said that “invisible” children under the age of five and who have no birth certificates are potential trafficking victims as they are often missed by social programs being offered by governments or development agencies.
“Several developing countries are actively looking at more efficient ways to prevent child trafficking. Identification is always at the heart of the solution.”
Meanwhile, UN Women Deputy Executive Director, Yannick Glemarec, said that child trafficking is among the greatest human rights abuses. The use of Blockchain technology can be effective in resolving the problem and save millions of children around the world.
“Child trafficking is one of the greatest human rights abuses. Blockchain would be a ‘potentially powerful’ technology to address the problem and potentially save ‘millions of children.’”
UN Women and WFP harness innovation for women’s economic empowerment in crisis situations
September 18, 2018
NEW YORK/ROME — UN Women and the World Food Programme (WFP) are breaking new ground by using blockchain to assist Syrian refugee women participating in UN Women’s cash for work programmes at the Za’atari and Azraq refugee camps in Jordan.
Traditionally, cash transfers have been made available to refugees via third-party financial service providers such as banks. Through the partnership, Syrian refugee women who participate in the UN Women cash for work programme will be able to access their funds directly and the accounts will be kept securely on a blockchain network. Previously women received a monthly entitlement in the form of cash on a set date. Through blockchain, UN Women and WFP are exploring the possibility of providing female refugees with cash back at WFP-contracted supermarkets or pay for their purchases directly.
The partnership stems from WFP’s Building Blocks project, which already provides cash transfers to 106,000 Syrian refugees in Jordan through a blockchain based system.
Highlighting why technologies like blockchain have a key role to play in accelerating women’s economic empowerment, UN Women Executive Director Phumzile Mlambo-Ngcuka said: “We know that women in crisis situations and displacement settings tend to have lower digital literacy than men, and often lack access to the technology and connectivity that are so critical in today’s world. UN Women is partnering with WFP to change this by using innovative technology to drive change for women in the most challenging settings and to accelerate progress towards women’s economic empowerment on a large scale.”
How it will work:A Syrian woman will scan her eye to request cash back at WFP-contracted supermarkets. This will link to her account on the blockchain, and the amount of the cash distribution is automatically sent to Building Blocks. The fact that UN Women and WFP validate each other’s transaction through a common blockchain network, results in improved security and accountability. There are also opportunities for cost and risk reduction, as well as increased harmonization of aid efforts.
“At WFP, we will explore every possible way to deliver the help people need, in the most efficient and effective means available. Our work with UN Women to help female Syrian refugees is yet another sign of that innovative spirit, in this case using technology to make an even bigger impact on the lives of those we serve,” said David Beasley, Executive Director of WFP.
UN Women also aspires to increase the financial literacy of their recipients through expense tracking and budgeting seminars conducted at their ‘Oases’, where recipients would also be able to view their Building Blocks accounts and its history online. In Za’atari and Azraq camps, UN Women’s four Oases centres are increasing training opportunities to women and girls focused on digital literacy. They provide a holistic approach to resilience and empowerment for women and girls through livelihoods opportunities; protection and prevention of gender-based violence; remedial education and civic engagement opportunities; and access to childcare. Since 2012, UN Women has supported women in refugee camps by providing them with skills, access to public space and economic independence, including the largest female-focused cash-for-work programme.
Women are disproportionately affected by humanitarian crises; many of them are forced by conflict to become the primary breadwinners, while bearing the responsibility of taking care of their children and families.
Media contacts
Marta Garbarino, +962 0778484915, marta.garbarino[at]unwomen.org Sharon Grobeisen, +1-646-7814753, Sharon.grobeisen[at]unwomen.org Maria Sanchez, +1-646-7814507, maria.sanchez[at]unwomen.org
By continuing to use this site, you agree to the use of cookies. Please consult the Privacy Policy page for details on data use. more information
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.
