"a series of epic vulnerabilities" in the #EOS platform


#1

#2

That’s why the diversity is very important, I am saying it now when ADA has just reached ~48% of my crypto portfolio. But, that’s fine, as I can lose all of them, as my crypto investments are only ~15% of my total investments. ADA was only about 10%, but I could not help buying some when it went down and it’s playing roller-coaster, so I just kept buying.


#3

This, right here, is the best advertising for formal methods.


#4

network will not be officially launched until these issues are fixed


#5

That doesn’t seem promising. If only there was a way to short #EOS.


#6

Haha, watched that on Sunday, it was broadcast yet again by BBC, maybe the best of all their films…


#7

Should’ve got it peer reviewed


#8

Another Hack unrelated to those other ones:


#9

It’s so sad that so many people seem not to understand that security is the single most important thing when it comes to money. Sadly I have figured this out in a painful way, after robbery of over 50k USD worth of cryptocurrency. For that reason I’d be happy for IOHK to make a hardware wallet support for ADA. Right now I don’t trust my computer anymore - all of my funds are either in Ledger Nano either on exchanges. ADA is on Bittrex and I don’t like that. Does anybody know anything about Ledger support?


#10

You can create a paper wallet in the latest version of Daedalus. Those are “cold storage” and keys are not stored on your computer

~ July\August

Ledger roadmap: https://trello.com/c/rEK3saDK/71-cardano-support

Or look for “Ledger wallet” here: https://cardanoroadmap.com/


#11

Do you know if integrating 2FA is technically possible with blockchains? Approving transactions from your phone might add another layer of security.


#12

Not on the BC level, that would be impossible. That’s usually done on the software level. It is possible, for example, to require 2FA in order to execute a transaction in Daedalus. But if your secret keys are compromised - no 2FA will save you )


#13

Wisdom you are full of:


#14

But you still have to show recovery phase on the screen. How to be sure? Also… can you really compare with a convenience of the Ledger? It seems to me that such a support would be minimum for IOHK could (and should) enable.


#15

Run antivirus and make sure no one is watching :slight_smile:

Of course not. It’s just an alternative cold-solution available now.

~ July\August

Ledger roadmap: https://trello.com/c/rEK3saDK/71-cardano-support

Or look for “Ledger wallet” here: https://cardanoroadmap.com/


#16

Also this interesting thread on the naive EOS “constitution”


#17

It’s well known there is no perfect AV software. Even HW wallets aren’t bulletproof protection, but they are as close as possible. Maybe I’m a little paranoid now, I’ve ran several AV software after the incident with no result. Since thief has stolen me bunch of ETH and Ethereum tokens, there are some additional possibilities; I’ve accessed to MEW by using my private key - maybe MEW was hacked? Also, I used Metamask and Chrome but this combination is (was) vulnerable to Spectre attack (I learnt that afterward).


#18

@bkonjevi Ever thought about using an encrypted VM? And did you have the password enabled on your wallet?


#19

My brother and I are going to start selling these pretty soon:

Probably will also sell it as a software only solution for people who want to put together their own air gapped pi. Right now only works with Ethereum. Also does encrypted messaging using public/private keys and has full encryption for the micro SD card.

Air gapped is the way to go in my mind.


#20

I know of Cardano support by Ledger. But they can do it themselves. Or - at least - pay enough for Ledger to be incentivised.