Crypto exchange in court: It owes $190m to netizens after founder 'dies without telling anyone vault passwords'

Re: Bullshit

"If ...only one person held the passwords, then they deserve to be sued into oblivion."

If only one person held the passwords they don't need to be sued.

Re: Bullshit

If this outrageous B.S. story was actually true and only one person held the passwords, then they deserve to be sued into oblivion.

What would be the point? Despite government insistence to the contrary, a court order can't beat the maths in modern encryption. If, and I'll freely admit it's a big if, the stroy as told is true, then they have no recoverable assets, rendering suing them pointless.

If, of course, its a fraud - either the guy has a fake death cert, or the wife has the decryption keys and he's really dead - then proving that seems to be challenging. I may very well have this wrong as I claim very little knowledge of crypto currency, but presumably the 'coins' in the 'wallets' are identifiable, and could be watched/tracked; any movement of any part of the 'assets' at any time in the future would indicate someone having access to the keys?

Re: Bullshit

I never thought of Project Managers or Prime Minsters as a particularly good long-term investment...

Re: Bullshit

This assumes anybody knew the address(es) holding the coins. If that was properly hidden, he'd look like just another whale on the blockchain(especially if he was clever enough not to move it all at once).

Re: Bullshit

"Since it would easily be known if someone took the money out of that wallet"

This assumes the wallet contained the expected bitcoin total or even existed in the first place.

Password recovery on garbage can prove difficult...

Re: Bullshit

According to a WSJ pay piece there are indications that the money isn't there.

But two independent researchers say publicly available transaction records associated with QuadrigaCX suggest the money may be gone, not trapped.

Re: Bullshit

On the topic of faking one's death, if this happened, he could probably transfer the funds out somewhat easily by sending them to an exchange and getting a different currency. He'd lose a bunch of it, but you can lose a lot of $137 million and still be fine. In the meantime, while someone could detect that the money was taken, they wouldn't know how to find the thief.

Two things don't make sense here:

1. That the company would be so large and store all the passwords and other critical data in one brain and one computer.

2. That the company would put all the cold storage cryptocurrency in one wallet. That's just asking for someone to get in and take it. If you store a medium amount in each of four hundred wallets, an intrusion can be detected before you lose too much.

I would expect any crypto company to do both of these things. The fact that they have not makes them incompetent, whether these actions were done out of negligence or malice (I think it more likely to be the former).

Re: Bullshit

Re: Bullshit

Well, he died from complications from Crohns. I have Crohns, the last way I want anyone to know I went is that I shat myself to death. There are honestly a gazillion other ways you could pretend to be killed by in India (and get a death cert for). Gored by a cow. Run over by an elephant. Knocked off your motorbike as it slips into neutral in front of a killer red line bus... but a shitting disease aggravated by Delhi Belly? It's entirely credible.

Re: Lesson for us all...

re $190 million gone.

Excuse my ignorance, of bitcoin, but as i understand it that a finite number of Bitcoin can be issued.

If the $190m of bytes has truly gone for good, in the short term does that not make each of the remaining quantity of Bitcoin more valuable?

Within reason, once it is down to the last few Bitcoins then they'll almost, if not actually be worthless?

Re: Lesson for us all...

"whereas $190 million in US currency or gold will likely be worth pretty much the same in five years."

Gold fluctuates based on how good/bad things are perceived to be, and what the Chinese and India governments are doing. In the last 10 years it's been between $400 and $1800 an ounce. I no longer own any since both China and India have been paying spot plus 15% for a couple of years now.

Based on current inflation rates, USD from 5 years ago has lost about 8% of it's purchasing power.

As compared to Lego, which gains about 3% a year in value. Someone even analysed which would be the better investment, and the returns Lego beats gold for about 38 out of 40 years. Obviously there are more traditional investments that beat it too, but it's not quite as good a store of value as it appears.

Re: Damn.

"....this wouldn't have happened in January 2000 perchance...?"

Yep, got it in one.

Re: Someone had wikipedia open when they wrote that

"Shamir Secret Sharing". First time I read about it was in Donald Knuth's "Art of Computer Programming", printed some time in the 1980's. Of course you might tell Adi Shamir to not write his own crypto, but he'd probably just say "and who are you?"

And it works perfectly fine for k out of m people. Just a polynomial of degree k-1, evaluated at m points, so k results reconstruct the polynomial, an doing everything over some finite field makes sure there is ZERO information out from k-1 results.

Re: Someone had wikipedia open when they wrote that

Don't try to make this algorithm sound more complicated than it really is, for the purpose of excusing the exchange for not implementing it. It really isn't. If you can live with small numbers of n (i.e. any 3 out of 4 keyholders need to collaborate, which if we assign a key to the CEO, CFO, CTO and an independent director would have sufficed perfectly) then the simplest possible algorithm would be to encrypt the main key multiple times, using different key fragments xor'd together. Encrypt it 4 times, using a^b^c, a^b^d, a^c^d and b^c^d. Any combination of 3 fragments can then decrypt it. Job done. It really is that simple.

Re: Someone had wikipedia open when they wrote that

No, apparently, YOU were the one with Wikipedia open--and you misread it.

Yes, the #1 rule of crypto is you don't role your own--but this applies to creating the primitives, not implementing them. As I've repeatedly mentioned here, however, if you're not using libraries, you better have a **** good reason.

And the prior poster mentioned libraries.

But secret sharing is actually one of the more simple primitives (and arguably less sensitive than encryption or hashing). I actually would not be too freaked out over an independent implementation.

If you want to share this secret among n people (with infinite storage) so that any three or more can know it, just translate the secret into a plane in R^3, and hand out random points on the plane.

Of course, we are finite beings, so you need to use finite fields instead of R--say, of order p^k. This in turn means that any two collaborators can "compromise" the secret to the point that only p^k possibilities remain. So, choose p^k to be as high as you need for your application, and you check that no set of three points end up on the same line.

If you want to require four to reveal, just step up the dimension of the affine plane (and "line") in question.

If you need to look up anything I just wrote, then use a ******* library.

The issue is application development. All of the usual issues apply here, but it's important to keep in mind that the secret is not known to the application until enough keys are provided--and the application properly combines them.

Re: Someone had wikipedia open when they wrote that

Shamir secret sharing, which is what I'm talking about, is completely indifferent to the order in which the shares are used to unblind the secret (in fact there is no 'order', per se). For an (m, k) scheme where you need k from m it is trivial to make k = m.

I've been doing this stuff since the early 90's so a bunch of hand-waving doesn't impress me, I'm afraid.

Re: As we get older...

"there is/was a widespread superstition that making a will brings forward your demise."

Or the simple fact that thinking about one's demise is not a pleasant thing to do and hence gets put off...and off ...and off.

Re: As we get older...

"(A)pparently there is/was a widespread superstition that making a will brings forward your demise."

Based on some families that I'm aware of, it may not be pure superstition.

Re: As we get older...

It's 'shuffle'.

http://shakespeare.mit.edu/hamlet/full.html

That's because Shakespeare didn't have shift registers available. The big question is, is it shift right or left, pursued by bear?

Re: Crypto-busting test case

If an encrypted computer (I'm going to assume that means "encrypted data on the hard drive" in this case) is a "problem with a solution", what is the point of encrypting any computer...?

Re: Crypto-busting test case

Is my understanding correct that the data needed to access the cryptocurrency is contained on the laptop and nowhere else??? If so, this would seem to introduce further potential points of failure:

1. If the hard drive fails catastrophically

2. The laptop is lost or stolen

Re: Crypto-busting test case

"If an encrypted computer (I'm going to assume that means "encrypted data on the hard drive" in this case) is a ["]problem with a solution["][my statement], what is the point of encrypting any computer...?"

The point is to prevent data being stolen with a machine. If you were to rob me in the street today, you'd get my computer, but not the data on it. You could try some passwords, but it wouldn't get you in, and the security of my data would be intact. That's because it's not worth a ton of money to you. $190 million in bitcoin, on the contrary, is worth quite a bit to people, including to the people who run this company who could face some negligence cases if they don't get access to the thing. That makes it possible to invest some more resources into brute forcing passwords. For example, if the encryption is done using bitlocker on Windows, the passwords aren't super-secure*. It would be possible to brute force the possibilities of the default code if you had the inclination. For $190 million, the inclination is there more than for the random files I happen to have, and it is thus more likely to be attempted by this company than it is by a street thief who already has the main source of value, the hardware of my laptop.

*The default password for bitlocker is a 6-digit numeric pin. This machine could use a different system and/or a more secure password. This system could in fact not be encrypted at all. However, automatically typing in all combinations of digits is doable if you are willing to spend a couple of weeks on it, and other methods of trying to crack the password are doable too.

Re: Has anyone tried....

toomanysecrets

Re: Has anyone tried....

The Magic Words are Squeamish Ossifrage

Re: Show us the Body ...

Yes, but you need to reverse the order. After all, YOU are the only one with the key, and are the only one who can check to see if the money's still there.

That and the fact that it’s just slurped up 10MWh of energy