Crypto wallet providers urged to rethink security as criminals drain them of millions Infosec researchers are noting rising cryptocurrency attacks and have encouraged wallet security providers to up their collective game. Check Point specifically cites the growth of attacks that abuse Ethereum's CREATE2 opcode, dubbing it a "critical issue in the blockchain community" that's seeing millions of dollars worth of …
"The fact that attackers can set up a contract before deploying it (before it even exists)" is a huge and glaring vulnerability that should never have been allowed. It's just asking for trouble and clearly got it. The great weakness of all these 'alternative' regulation-free financial systems is that they haven't embraced the lessons that the regulated ones took over a century to learn the hard way.
I've seen Crypto described as like going through all the scandals of 19th Century banking again at high speed.
It seems particularly odd that security measures that are designed to track illicit payments only look for black-listed accounts. Given that the blockchain exists, you can look up the history of any account - so if a payment is due to go to a new account that has hosted zero transactions - that ought to be flagged as obviously dodgy.
Plus am I really supposed to take seriously someone saying their SuperVerse tokens have been stolen? If it's a crying 5 year-old who's lost their coins to play a Marvel game, I'm going to have some sympathy.
As with taxes, regulations are annoying. But both are often there for a reason.
if a payment is due to go to a new account that has hosted zero transactions - that ought to be flagged as obviously dodgy
Counterpoint: If I ever used cryptocurrency (unlikely), I'd use a fresh address for every transaction, except for transactions between wallets I control. I don't know why anyone keeps wallets with anything more than the cryptocurrency they need to have liquid "hot". That seems just marvelously stupid. Yes, there are transaction fees; but if you're moving cryptocurrency around often enough for those to be a problem, then you're doing something wrong.
I suppose I might sometimes reuse zero-balance wallets for temporarily holding precisely the amount of tokens I need for an upcoming transaction, or for briefly holding incoming tokens. But I certainly wouldn't use the same address for transactions with a lot of different parties, or with suspect parties, or to hold tokens long-term.
Of course this is all hypothetical.
Whilst it is very sad if people lose their money or the Crypto Currencies/Exchanges lose stuff I an not hugely sympathetic.
It is a completely unregulated market with no protection to anyone other than the criminals who appear to use it for anonymity.
There is a reason that banks exist, surrounded by regulation and in the UK protection for savers. It is also why returns are lower.
You could buy shares and things but the caveat is always there "you may not get back your original investment".
Looking at crypto wallets at a technical level, so many of them are very poorly written with some verging on downright scummy!
I believe in the future there is going to be a big number of flaws in these wallets coming to light. I think a vast portion of the less technical Bitcoin fans who have only been attracted by "user-friendly UX" are going to be hit, big. A secure wallet could ultimately resemble something similar to a CLI ssh client, with the keys handled fairly manually. A fancy GUI heavy frontend hides the complexity (and ultimately the dangers).
Since I am not really big on crypto currencies (my investment hobby is fixing shite buildings), I am happy to watch from the sideline with popcorn.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
