back to article Crypto wallet providers urged to rethink security as criminals drain them of millions

Infosec researchers are noting rising cryptocurrency attacks and have encouraged wallet security providers to up their collective game. Check Point specifically cites the growth of attacks that abuse Ethereum's CREATE2 opcode, dubbing it a "critical issue in the blockchain community" that's seeing millions of dollars worth of …

  1. Mike 137 Silver badge

    Rather obvious?

    "The fact that attackers can set up a contract before deploying it (before it even exists)" is a huge and glaring vulnerability that should never have been allowed. It's just asking for trouble and clearly got it. The great weakness of all these 'alternative' regulation-free financial systems is that they haven't embraced the lessons that the regulated ones took over a century to learn the hard way.

    1. I ain't Spartacus Gold badge

      Re: Rather obvious?

      I've seen Crypto described as like going through all the scandals of 19th Century banking again at high speed.

      It seems particularly odd that security measures that are designed to track illicit payments only look for black-listed accounts. Given that the blockchain exists, you can look up the history of any account - so if a payment is due to go to a new account that has hosted zero transactions - that ought to be flagged as obviously dodgy.

      Plus am I really supposed to take seriously someone saying their SuperVerse tokens have been stolen? If it's a crying 5 year-old who's lost their coins to play a Marvel game, I'm going to have some sympathy.

      As with taxes, regulations are annoying. But both are often there for a reason.

      1. Michael Wojcik Silver badge

        Re: Rather obvious?

        if a payment is due to go to a new account that has hosted zero transactions - that ought to be flagged as obviously dodgy

        Counterpoint: If I ever used cryptocurrency (unlikely), I'd use a fresh address for every transaction, except for transactions between wallets I control. I don't know why anyone keeps wallets with anything more than the cryptocurrency they need to have liquid "hot". That seems just marvelously stupid. Yes, there are transaction fees; but if you're moving cryptocurrency around often enough for those to be a problem, then you're doing something wrong.

        I suppose I might sometimes reuse zero-balance wallets for temporarily holding precisely the amount of tokens I need for an upcoming transaction, or for briefly holding incoming tokens. But I certainly wouldn't use the same address for transactions with a lot of different parties, or with suspect parties, or to hold tokens long-term.

        Of course this is all hypothetical.

  2. Mage Silver badge

    Elephant in the room

    Is so-called Crypto-coins or Cryptocurrency.

    An environmentally damaging technology, and like Blockchain, a solution looking for a problem.

    Just protect consumers by making the scam illegal. Why does Revolut offer it?

    1. hoola Silver badge

      Re: Elephant in the room

      Whilst it is very sad if people lose their money or the Crypto Currencies/Exchanges lose stuff I an not hugely sympathetic.

      It is a completely unregulated market with no protection to anyone other than the criminals who appear to use it for anonymity.

      There is a reason that banks exist, surrounded by regulation and in the UK protection for savers. It is also why returns are lower.

      You could buy shares and things but the caveat is always there "you may not get back your original investment".

  3. Anonymous Coward
    Anonymous Coward

    Looking at crypto wallets at a technical level, so many of them are very poorly written with some verging on downright scummy!

    I believe in the future there is going to be a big number of flaws in these wallets coming to light. I think a vast portion of the less technical Bitcoin fans who have only been attracted by "user-friendly UX" are going to be hit, big. A secure wallet could ultimately resemble something similar to a CLI ssh client, with the keys handled fairly manually. A fancy GUI heavy frontend hides the complexity (and ultimately the dangers).

    Since I am not really big on crypto currencies (my investment hobby is fixing shite buildings), I am happy to watch from the sideline with popcorn.

    1. druck Silver badge

      Some of the flaws are so obvious and intractable, the only explanation is they have been designed that way to allow exploitation once enough people have adopted the wallets.

      1. Anonymous Coward
        Anonymous Coward


        Once they reach critical mass, the wallet developers are going to extract and vanish. Perhaps only 0.001 of a bitcoin from every user so not to raise too much noise.

        1. druck Silver badge

          They seem happy taking the entire bloody lot.

  4. Kev99 Silver badge


  5. anthonyhegedus Silver badge

    Cryptocurrencies have no actual real-world purpose, apart from criminal activity. And wasting electricity.

  6. Anonymous Coward
    Anonymous Coward

    Back to the future

    Next up: Hoverboard NFTs

    It’s what the kids want!

  7. Michael Wojcik Silver badge

    I'm opposed to improving cryptocurrency security

    Anything that reduces the volume of my schaden-feed from Molly White is a bad idea.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like