With cryptocurrencies becoming more widely adopted as a form of payment, identity management, and accountability, our understanding of security implications around digital currency needs to keep pace. This talk dives into the many ways in which the systems put in place around new cryptocurrency technologies can be exploited to take advantage of loopholes and bypasses in this technology space.
How to Remove Document Management Hurdles with X-Docs?
Crypto Hacks - Quit your Job and Become a Crypto Farmer
1. Crypto Hacks
Quit Your Job and Become a (Crypto) Farmer
Greg Foss
Distributed Consensus - August 3rd - 4th, 2018
2. Greg Foss
Head of Threat Research and Global Security Operations
OSCP, GMON, GAWN, GWAPT, GPEN, GCIH, CEH
3. Many of these topics are ‘probably’
illegal and this talk isn’t about get rich
quick schemes or scams - don’t do any
of these things without authorization
D i s c l a i m e r
6. 0
1.5
3
4.5
6
Jan Feb Mar April May June July
Bitcoin Ethereum
M o s t m i n i n g c a l c u l a t o r s d o n ’ t t a k e t h i s i n t o a c c o u n t …
Mining Difficulty Over Time - 2018
7. 0
1500
3000
4500
6000
July '16 Nov '16 Mar '17 July '17 Nov '17 Mar '18 July '18
Bitcoin
Bitcoin Mining Difficulty - Past Two Years
“ L o n g Te r m G a i n z ” - “ H O D L ” - L A M B O S ! ”
9. PRO / CON - Building a Rig
• Fun to build and looks awesome!
• You own the hardware and can use it for
other tasks - like password cracking
• Freedom over the coins that you can mine
• Residual income over time
• Not dependent on any third party
• Profit not contingent on current coin value
• Contributing to maintaining the network
PRO
• Significant upfront cost
• Time investment and ongoing maintenance
• Potentially a very log time to ROI
• Energy costs and unnecessary heat
• More profitable to buy the coin given
current cost
• TAXES
• Tax on coins, as they are mined
• Capital gains tax when trading for Fiat
CON
19. Game on…
M o d i f i e d X M R i g B i n a r y
D N S S e r v e r
T C P T u n n e l
M i n e a t 3 0 % G P U P r o f i t
20. C r e a t e A c c o u n t
C r e a t e A c c o u n t
C r e a t e A c c o u n t
C r e a t e A c c o u n t
P r o f i t
P o w e r S h e l l
P r e p a i d
C r e d i t C a r d s
24. Easy to spot and block
Included on most threat lists…
25. Bypass (some) Block Lists
P r i m a r y D N S S e r v e r
U n s u s p e c t i n g U s e r
n o t c o i n h i v e . b i z
( P r o x y )
C o i n h i v e / C o i n I m p / e t c .
s o m e t h i n g . c o m
s o m e t h i n g . c o m = 1 2 7 . 0 . 0 . 1
n o t c o i n h i v e . b i z
30. U s e r s
s o m e t h i n g . c o m
R o u t e r
P i H o l e S e r v e r
A d v e r t i s i n g S e r v e r s
C o i n h i v e / C o i n I m p / e t c .
D N S R e q u e s t
31. U s e r s
E v e r y t h i n g E l s e
s o m e t h i n g . c o m
R o u t e r
P i H o l e S e r v e r
A d v e r t i s i n g S e r v e r s
C o i n h i v e / C o i n I m p / e t c .
D N S R e q u e s t
58. P y t h o nT w i t t e r A P I
T r e n d i n g C r y p t o
$ Ta g s
G o o g l e C l o u d
N a t u r a l L a n g u a g e
A P I
E m o t i o n s
59.
60. P y t h o nT w i t t e r A P I
T r e n d i n g C r y p t o
$ Ta g s
G o o g l e C l o u d
N a t u r a l L a n g u a g e
A P I
E m o t i o n s
G r a p h i n g
a n d T r e n d
A n a l y t i c s
B i n a n c e
S h a p e s h i f t
61.
62.
63.
64. We’ve only just scratched the surface…
• Smart Contract Attacks
• Honeypot Wallets
• Miner / Mobile App Reversing
• Seed Busting
• Private Key Collisions (LBC)
• Headless browser-based mining via PowerShell
• Wallet Hijacking
• And much more…