Tag: Crypto Security

Categories
Blockchain and DLT Crypto

Security in Blockchain: Myths and Truths

Around security in blockchain some interesting myths have been created that make this technology look like a total panacea and something almost surreal, for that reason, we dedicate this article to break these myths and make see the truth about this technology. Safety is certainly one of the main, or perhaps the main, requirement for […]

Around security in blockchain some interesting myths have been created that make this technology look like a total panacea and something almost surreal, for that reason, we dedicate this article to break these myths and make see the truth about this technology. Safety is certainly one of the main, or perhaps the main, requirement for […]

Around security in blockchain some interesting myths have been created that make this technology look like a total panacea and something almost surreal, for that reason, we dedicate this article to break these myths and make see the truth about this technology.

Safety is certainly one of the main, or perhaps the main, requirement for blockchain technology. In fact, in a way, security has become the first bastion of defense of this technology that now conquers more and more spaces. And it is not for less, the security in the blockchain is excellent, but reaching it takes a lot of work. In addition, it is not a magic solution, because as in any computer system always reigns the premise of cybersecurity:

“There is no 100% secure computer system.”

That is the harsh reality of the computer world, and blockchain, being a computer technology, is not exempt from this rule. So why our confidence in your safety? Why have so many myths been created around this technology? What is the truth? Let’s try to show that several of the myths that have been created around blockchain technology.

Myth 1: Blockchain is unhackable.

One of the first myths we see in the blockchain world is about the inability of blockchain technology. The truth is that this is not 100% true. Certainly, blockchain technology presents a high level of security, and more if we compare it with any type of sector that is based on centralized technologies.

Bitcoin, the world’s first cryptocurrency, has shown us several times that it has errors that can be dangerous for everyone. So what protects us from the blockchain catastrophe? Simple, the assurance that the community will detect and correct those errors, as it has always done. And in the worst-case scenario, in the event of an error that has not been detected early, the network can always agree to return to a block where that has not happened.

This is in addition to the continuous work to develop security measures that avoid serious problems, and the always reliable decentralization, which will allow us to rebuild everything in case the worst comes to pass. But we can also be sure of something, that a project like Bitcoin has accumulated 46 serious errors, is an incredible achievement, because in contrast Windows 10 (developed by one of the corporations that dominate the world) in just a period of 4 years accumulates more than 8100 errors.

Myth 2: Blockchain is absolutely immutable.

Another common myth in the blockchain world is the “absolute immutability” of the blockchain. Something that is not true. The truth is that the blockchain can be rectified or modified under very specific conditions, and we know that from those who have read about the 51% Attack. This attack has the ability to modify the blockchain significantly despite the attempts we make to avoid it, and all within the parameters allowed by the protocol because after all, most of the nodes (51%) have decided to do so.

The attack we have already seen in action, Ethereum Classic (ETC) recently suffered another attack of this type. Bitcoin Gold was another recent victim of such attacks, and other cryptocurrencies are constantly suffering it today. But isn’t Blockchain supposed to be immutable? The answer to this is: It is under certain circumstances. If a blockchain network has its power distributed among its nodes so that none of them has the most power in their hands, then that network will be secure. Otherwise, it’s a recipe for disaster.

Myth 3: All blockchain is highly decentralized.

Decentralization may be the worst myth of all, and it is because decentralization in blockchain projects is misunderstood (or misused). And many projects, and companies, use the word “Blockchain” to confuse, trying to convey that they are a decentralized network when they are not.

For example, Bitcoin is a fairly decentralized network, but there’s still a long way to reach a “safe zone of decentralization”, that area where Bitcoin users turn to their own nodes instead of third parties to perform their operations. The latter may sound utopian, but it would be the perfect example of absolute decentralization. Still, Bitcoin is a good example of decentralization.

However, if we choose other projects such as Ripple, Stellar, Tether, Bitcoin SV, Tron, UNUS, IOTA, Compound, BAT, Theta,… that decentralization is lost. Yes, these projects are blockchain, some with great renown and great economic level, but each and every one of them have of decentralized what of decentralized has a Bank.

In short, they are projects that use the words “blockchain” and “decentralization” to disguise an almost absolute centralization existing over their systems. And we are not talking about centralization at the level of development, but also at the level of nodes, miners, and other structures that make it possible to function. In this sense, this myth falls for the clear evidence that a “blockchain project” is not automatically decentralized because it is blockchain.

Myth 4: Cryptography makes Blockchain secure.

This myth, surely, is one of the most difficult of all to understand. The reason for this is because it is a half-truth. Cryptography is certainly the basis of blockchain security, but cryptography is constantly broken.

An example that breaks this myth can be seen in IOTA. This cryptocurrency is based on DAG (Directed Acyclic Graphs) technology and uses a cryptographic function that was considered secure. However, a hacker managed to break that algorithm and as a result, thousands of users were affected, with theft of funds and access to the seeds of their purses. A serious problem where cryptography was not enough to maintain security. As a negative result, the IOTA network was out of service for 14 days until the problem was fixed.

However, the operating model of Bitcoin, the management of its development, and its active community is a successful formula to combat the problems that could come along this line.

Myth 5: Smart contracts are the ultimate programming tool.

Smart contracts are often seen as the biggest breakthrough achieved thanks to blockchain, and that vision is correct. However, smart contracts are not inherently secure by running on a blockchain, as many show, on the contrary, a public smart contract is subject to public scrutiny, and if there are malicious actors in that audience who can see a vulnerability, they’ll exploit it for a profit.

Yes, smart contracts are very powerful, but their security is far from perfect, in fact, we could say that it is still a work in progress, as we can see to platforms like Ethereum, where they seek to constantly improve their language to enable the most secure development of such tools.

Computer security has always been a space where the impossible always ends up being possible. There are many systems that claim to be “ineligible” and always end up giving in to some error in their systems sooner or later. It is something that reaches even the big ones, such as OpenBSD, the most secure operating system in the world, and that in all its history (23 years) has only had two errors in its installation by default.

That being said, blockchain although it is a very secure system, perhaps one of the safest to handle our money, is not an all-powerful and perfect solution. We are certainly far from that, and that, however illogical, is a good thing. 

In this sense, the future of blockchain security will always be positive, it will always go in the interest of being able to improve what we currently have, to face the challenges of the future. That way we can stay calm, blockchain security will improve, and with it, our impression of a technology that is changing the world.

Categories
Crypto Daily Topic Cryptocurrencies

What Exactly is Proof of Keys?

In crypto, there’s a saying: “not your keys, not your coins.” This means that if you do not have sole custody of your private keys, you cannot really claim to have ownership over your funds. If your keys are with a crypto exchange or any other third-party custodian, you may as well forget about being the true owner of your funds. 

In crypto, there’s a saying: “not your keys, not your coins.” This means that if you do not have sole custody of your private keys, you cannot really claim to have ownership over your funds. If your keys are with a crypto exchange or any other third-party custodian, you may as well forget about being the true owner of your funds. 

In crypto, there’s a saying: “not your keys, not your coins.” This means that if you do not have sole custody of your private keys, you cannot really claim to have ownership over your funds. If your keys are with a crypto exchange or any other third-party custodian, you may as well forget about being the true owner of your funds. 

Many crypto owners today make the mistake of leaving their funds on exchanges. But considering the insecurity history of crypto exchanges, they are far from the safest place to keep your cryptocurrency. Millions, (or perhaps billions) worth of crypto has been lost through hacks on exchanges. The most famous one is Mt. Gox, in which people lost vast sums of Bitcoin and are yet to be compensated up to this day. And while that may be several years ago, crypto hackers are always upping the game. This is to say exchanges are not a safe place to store your crypto. 

So, how does that have anything to do with proof of keys? 

Understanding Proof of Keys 

Proof of Keys is actually ‘Proof of Keys Day’ in full. The event is the idea of crypto investor Trace Mayer, who came up with the concept so as to spread awareness of the need for crypto owners to practice self custody of their private keys and, in so doing, reclaim their financial independence. Proof of Keys is an annual celebration every January 3rd. 

Proof of Keys day is an idea geared at preventing crypto investors’ reliance on exchanges to store their funds. The first Proof of Keys event happened on January 3rd, 2019 – to intentionally coincide with the day of Bitcoin’s genesis block. 

In essence, Proof of Keys Day is a day to celebrate financial autonomy. The bigger picture is to remind crypto investors of the importance of keeping their private keys in their personal wallets. By having full control of their keys, they can rest assured that no one has access to their crypto holdings. 

Crypto holders have access to numerous types of crypto wallets – from online wallets to paper wallets to desktop wallets to hardware wallets. However, hardware wallets are the most secure options out there – and among the most reputable of these is Ledger, Trezor, and KeepKey. Hardware wallets are not connected to the internet. This renders them immune to hackings and other online vulnerabilities. 

What are the Intended Outcomes of Proof of Keys Day? 

The philosophy guiding Proof Of Keys Day is perfectly in step with that of Bitcoin: to eliminate third-party intermediaries and operate in a trustless electronic money transfer system where parties can operate securely and confidently without sacrificing their financial sovereignty. With that, let’s look at the intended outcomes of Proof Of Keys Day: 

#1. Teach new crypto investors how to move funds around

Crypto holders should be knowledgeable and comfortable enough to move their coins around. While this may be as easy as ABC for veterans, it can be intimidating for newcomers. From the (seemingly) complex key numbers to the wide range of wallets, it can all look absolutely bewildering. For this reason, Proof of Keys Day encourages investors to familiarize themselves with the different types of cryptocurrency wallets and how to use them. It also reminds them how the transfer of value happens on the blockchain. 

#2. Remind crypto holders to actually own their funds 

Like we’ve mentioned before, the main objective of Proof of Keys Day is to encourage crypto investors to take ownership of their private keys. When you leave your funds on an exchange, you essentially forfeit complete control of your money. Though it takes place only once a year, Proof of Keys Day is a chance for people to reclaim control of what’s theirs. 

#3. Expose dishonest crypto exchanges

Financial entities are known for fractional reserve banking – which is the practice of leveraging existing customer deposits by lending out more funds than what they truly have at hand. While this profits the institutions, it’s risky for the real owners of the money since a ‘bank panic’ could cause bankruptcy for the institution. In the crypto space, Proof of Keys Day could encourage holes of crypto investors to withdraw their money from exchanges. If enough investors do that, it may expose exchanges engaging in fractional reserve tendencies or those that lie about their actual reserves. That’s if the publicly verifiable nature of blockchain networks has not already done so.

#4. Celebrate Bitcoin’s genesis block

Last but certainly not least, Proof of Keys Day allows investors from all over the world to celebrate the Bitcoin genesis block – the first day a block was mined on the Bitcoin network. The genesis block was the first-ever Bitcoin transaction. In the transaction, Satoshi Nakamoto sent 50 BTC to Hal Finney – an early Bitcoin developer. It’s also, to an extent, a day to remember the first ‘commercial” Bitcoin transaction when somebody bought two pizzas for 10,000 Bitcoins.

How to Participate in the Proof of Keys Movement

Whether you’re a newcomer to crypto or a veteran, you’ll find that participating in Proof of Keys Day is very easy. Again the idea is to express financial independence by moving all funds from exchanges or other custodial services. 

To get started, take an inventory of all crypto coins you have on exchanges. This will show you who really owns what in regards to your money. Then, proceed to choose a crypto wallet of your choice. Ensure to choose a wallet that you’re comfortable with and one with a sufficient level of security. Next, transfer your funds from custodial platforms to your personal wallet. This means you can now control your private keys and, with them, your funds. 

Some crypto investors celebrate Proof of Keys Day, even if for one day. This involves moving their coins from exchanges for one day in a symbolic move to affirm their financial autonomy. Active traders are the ones more likely to engage in this kind of practice. This is because they need to have their crypto funds in exchanges to facilitate trades. After the symbolic transfer of funds to their personal wallets, they usually move them back to exchanges. But for long-term investors (HODLers), it’s better to keep their money in their personal wallets. 

Final Thoughts

Proof of Keys Day is a simple concept – but quite monumental in meaning. It’s a day to remind crypto holders to take back ownership of their funds by taking control of their private keys. Hordes of crypto investors participate in the event with a single goal of affirming their financial sovereignty. It’s a day to educate people and remind them about crypto security principles in general. 

Categories
Crypto Daily Topic

Should you Use a VPN for Cryptocurrency Transactions? 

With the growing number of cybersecurity threats, online privacy is becoming a huge concern for most internet users. As such, privacy-conscious users will likely prefer using cryptocurrencies to fiat or debit cards for financial transactions. 

Crypto_VPN | Forex Acdemy

With the growing number of cybersecurity threats, online privacy is becoming a huge concern for most internet users. As such, privacy-conscious users will likely prefer using cryptocurrencies to fiat or debit cards for financial transactions. 

With the growing number of cybersecurity threats, online privacy is becoming a huge concern for most internet users. As such, privacy-conscious users will likely prefer using cryptocurrencies to fiat or debit cards for financial transactions. 

Sure enough, all financial transactions done using digital currencies are cryptographically secured, protecting user privacy and anonymity. Recipients won’t know your identity or any other personal information unless you buy physical goods and have them shipped to your physical address. 

But the security of your transactions is just one part of the whole online privacy equation. As long as your crypto transactions are done over the internet, you still face the risk of being hacked, falling victim to identity theft, and other cybercrimes. Now, this is where a VPN comes in. 

But first, let’s understand how a VPN works. 

What is a VPN? 

A virtual private network (VPN) service is a programmed security tool that encrypts data being transmitted over the internet. The tool secures your privacy by routing your internet traffic through an encrypted channel, making it hard for third-parties, the government, and even your internet service provider (ISP) to intercept or read your online data.

In other words, the sources and destination of your data are masked when using a VPN. This is especially important if you are using public WiFi to access the internet. At this time, you are highly vulnerable to third-party traffic interceptions who may exploit your personal data. 

Vpn Forex Academy

On a regular network, all your online activities can be traced back to you using your computer/smartphone IP address. The address functions pretty the same way as a home address in that it helps identify your exact location. However, when using a VPN, your real IP address is concealed then you’re assigned a new mock IP address enabling you to bypass geo-restrictions. This means your online activities can’t be traced to your exact physical location. 

Why You Should use a VPN for Cryptocurrency Transactions

Now that we understand how a VPN works, it’s easy to see how it adds an extra layer of security when using cryptocurrencies. Let’s break down why you need to use a VPN when transacting in cryptos over the internet. 

I) Sending Cryptos to other Hot wallets

One of the easiest ways for a hacker to steal your cryptocurrency is by exploiting security loopholes in your hot wallet. Whether you’re sending digital currencies to an exchange site or to another party that you are in business with, your wallet and public key address can easily be identified. With this information, all your transactions can be monitored and even intercepted to gain access to your hot wallet. 

The security loopholes stem from the fact that hot wallets and most cryptocurrency transactions are done over the internet. As such, hackers can leverage their expertise to prey on your activities online and even steal your personal information.

Using a VPN, in this case, can help encrypt your online transactions by encrypting data on both ends. That is to say, transactional data between your device as the sender, and that of the receiver cannot be intercepted in any way. Even when using a public WiFi network to carry out the transaction, your activities are hidden from third-parties’ preying eyes. 

II) Using Decentralised Apps

On the bright side, decentralized apps such as decentralized exchanges and DeFi tools, do not request users to provide identifying Know Your Customer (KYC) information. From a privacy and security front, users are protected from hacks and personal data theft. But even with this security advantage, users’ activities can still be monitored by identifying their unprotected IP address. You can keep your actual location under wraps by leveraging the ability of a VPN to conceal your real IP address. This way, your activities will be completely invisible, making you less of a target of cybercriminals. 

III) Bypassing Internet Firewalls

In the few countries where cryptocurrencies are completely illegal, the government places a geo-restriction, barring any cryptocurrency transactions within the country’s borders. Even those using digital currencies within the country can easily be traced by the government and charged for violating the crypto ban. 

However, using a VPN, your connection is routed to a remote server that virtually puts you in a different geographical location. As such, your new location won’t be under the geo-restriction even when you’re actually located in a country that has imposed the geo-block. This way, you can freely transact in cryptocurrencies without detection. 

In a good number of countries, using cryptocurrencies is legal. But this doesn’t mean that the government is friendly to the idea of blockchain and cryptocurrencies altogether. As such, the regulators have been known to keep tabs or monitor the transactions of those using digital currencies. If you are concerned about your privacy, the idea of the government monitoring your transactions won’t sit right with you. 

Which VPN should you Use

The VPN market is flooded with numerous providers touting their services to be the best in the market. While indeed some offer superior privacy protection, a good number of them should be avoided.  

For starters, steer clear of free VPN services for the simple reason that these providers tend to fund themselves by selling users’ private data to governments and advertisement agencies. On the other hand, paid VPN fund their services and infrastructure from the subscription fees paid by the users and have no reason to sell personal data. 

Additionally, the headquarter of a VPN service determines its commitment to protecting users’ data. A VPN operating from one of the 14-Eyes Alliance countries can be forced by the law to provide a user’s data since these countries often conduct mass surveillance programs. A VPN service provider based in privacy-friendly countries such as the British Virgin Islands, Panama, and Switzerland can be trusted to keep their client’s data private. In fact, these privacy-friendly countries have imposed laws restricting companies from recording any personal data of the users. 

Other useful features you should consider when choosing a VPN include a kill-switch function that terminates your internet connection if you encounter any problem connecting to the VPN. The provider should also have a transparent no-logs policy, meaning that they won’t record any of your online activities. Also, be sure to check if the VPN provider accepts cryptocurrency payments, just to add a little more security and privacy. 

Conclusion 

There’s no doubt that cryptocurrencies are an ideal way to protect your online financial transactions. While they offer a certain degree of anonymity, users can still fall victim to cybersecurity attacks from the fact that they are connected to the internet when transacting cryptos. So, be sure to use a VPN service to keep your transactions under wraps while at the same time protecting your devices from malware. 

Categories
Crypto Guides

How Do ‘Ring Signatures’ Increase The Privacy Of A Crypto Network

Introduction

Introduction

Introduction

Cryptocurrencies are the primary application of blockchain. Transparency and Privacy are two terms that go side by side concerning cryptocurrencies. Users of cryptocurrencies are looking for more and more Privacy with more adaptability of cryptocurrencies. Anyone can open the bitcoin ledger and check the ongoing transactions and find out the users who are transacting and the amounts of the transactions as well. Hence to increase the Privacy of the cryptocurrency network, Ring Signatures have been introduced to cryptocurrencies.

What are Ring Signatures?

Ring signatures are nothing but digital signatures performed by anyone from a group of members but not possible to know who has done the signature. We can add any group of members without any additional setup. The concept was initially developed to leak the information, especially from high ranking individuals. This way, we will not know who leaked the news, but one can ascertain the information is authentic. The concept is developed by Ron Rivest, Adi Shamir, and Yael Tauman and announced at Asiacrypt in 2001.

Since then, there have been certain developments made in the ring signatures called traceable ring signatures to overcome vulnerabilities raised due to malicious or irresponsible people. The modification or further development of this is what is used in crypto note coins developed to overcome the weaknesses of bitcoin. By this development, the ring signatures were effective enough to obscure the sender’s information in the peer to peer transactions.

Now the concept is further developed called Ringed Confidential Transactions (Ring CT’s), which obscures the transaction amount as well instead of obscuring only the sender’s information. Monero Labs formally announced this in 2015. We all know that Privacy is strictly entitled when it comes to the transactions in the Monero platform, and now we know why, i.e., because of the concept of ring signatures.

How Do They Work?

Cryptocurrencies work on the principle of digital signatures. Ring signatures are digital signatures, which are group signatures. Ring signatures require multiple partial digital signatures of different users who may be part of the network already to form a single digital signature, which is used to sign the transaction. Thus, to validate the signature, multiple private keys are required, which wouldn’t be possible to obtain. The name ring came up because of the use of various users’ output to generate a single digital signature.

Let us see an example of a transaction in Monero blockchain and see how the concept of ring signature works.

⭕ A intends to send 50 coins to B in the Monero network basically to B’s Monero crypto wallet and initiates a transaction.

⭕ In general, this transaction would be signed using A’s private/public key combination, but in this case, a unique one time spend key is generated that starts with the output from the sender’s wallet.

⭕ The other signatures are picked up randomly from the users in the ring from the past outputs in the network to create a unique digital signature, which wouldn’t be possible to determine the original signer.

⭕ Even though the public key of the original sender is used, since the signature is created using different users’ previous outputs, it is not possible to determine the sender’s identity.

Ring signatures have started to become vital, especially where Privacy is a matter of concern in cryptocurrency networks. CryptoNote coins are the most well-known coins for Privacy. Monero and Bytecoins are excellent examples which use ring signatures and Ring CT’s.