It might be a solution to many problems concerning security in access in terms of technology. But in my opinion it doesn't allow users to recover accounts whenever in case an accident happened. In terms of bitcoin that uses wallet address and private key, we need to physically write or digitally save the information for us to retrieve our account. This technology might be possible and suits other platforms but I don't see its positive implication to cryptocurrency because it already uses strong encryption in hashes through the blockchain.
__________________
I am not an expert in this matter. But they write this: “Interesting information was announced in Lisbon in the July Building-on-Bitcoin conference by the famous bitcoin developer Jameson Loppe. He said that during the existence of the distributed BTC registry, about 6 million bitcoins were stolen and lost due to the loss of keys. . " As we can see, the owner’s secret keys are always under attack by a hacker.
Example 1. In July 2017, the developers of Parity, the Ethereum cryptocurrency wallet, faced theft. Unknown attackers took advantage of the bug in the multi-signature contract, which allowed them to steal funds from other people's wallets.
As a result, all users who deal with multi-signature wallets created earlier on July 19, 2017 were affected. In the pockets of criminals settled 153 thousand ETH, that is, about $ 30 million at the current rate.
Hacking occurs through the spread of viruses. Such viruses can be divided into two types.
The first is hidden miners. They infect the system and start mining crypts on the infected computer without the knowledge of the computer owner and in the interests of the virus owner.
The second is stylers. They steal wallets passwords and wallets themselves. The stylers can also include primitive viruses, which replace the sender address on the clipboard.
Example 2. Old proven phishing.
At the end of September 2017, cyber police together with employees of the Talos division of Cisco launched an investigation into one of the largest phishing campaigns aimed at cryptocurrency users (Coinhoarder operation).
According to the press service of the cyber police, a large number of domains have been discovered, the names of which are similar to the original resource of the online service of virtual Bitcoin-wallets: blockchain.info.
Eight dozens of phishing blockchain sites are already known. Victims were lured to them through Google Adwords advertising campaigns.
When the keyword “blockchain” was introduced on Google, a link appeared that looked legitimate. However, after clicking on this link the user was taken to a fake domain (similar to bockchain.info). The domain looked similar to the original, but had a different domain name and a specially designed script from attackers.
It might be a solution to many problems concerning security in access in terms of technology. But in my opinion it doesn't allow users to recover accounts whenever in case an accident happened. In terms of bitcoin that uses wallet address and private key, we need to physically write or digitally save the information for us to retrieve our account. This technology might be possible and suits other platforms but I don't see its positive implication to cryptocurrency because it already uses strong encryption in hashes through the blockchain.
---------------------------
As for the use of keyless technologies in cryptocurrency wallets, such projects are still possible, theoretically. Here is an example:
https://toxic.chat/
In addition to the benefits for the user, because you can not steal the key, there are advantages for the blockchain itself, in general.
Here are the three principles of this keyless technology, built on geometry, not mathematics:
1) a chain of state sequences;
2) the presence of all links of the chain (blocks)
3) the absolute dependence of each new link (state of space) on all the information used for the exchange
- correspond to the definition of the classic “blockchain”: “a continuous sequential chain of blocks built up according to certain rules (linked list)”, with the important difference that there are no blocks as such, they all correspond to existing system states that need not be saved (unlike blocks).
--------------------------------------------------
classic blockchain alternative blockchain
1) No parallelization, no synergy, no mutual assistance - only duplication, and immediately (continuously) million times/
1) Copying or partial copying, distribution of parts of the system between any number of users, node or super nods, central server - no restrictions, the weight of the system does not change as many times as its direct and continuous use
2) All blocks are linked by a cryptographic signature in chronological order in a single chain, complex mathematical algorithms are responsible for this
2) All blocks (states) are linked by an analogue of a cryptographic signature (the Vernam cipher level), not complex algorithms are responsible for this.
3) Attempting to integrate current payment networks into a blockchain can be so complex that no one will even try to go this way.
3)The problem of overloading computing power and existing networks is absent due to the complete lack of scalability in this technology.
4) Currently, there are more than 1,400 digital coins, many of which have their own versions of the blockchain, each with its own “+” and “-”
4) It makes no sense to create such a number of technology options in the case of its use in cryptocurrencies, since The technology is free from the main disadvantages of any variant of the classic blockchain.
5) To prevent an attack, you need to use complex security keys and two-factor authentication, there is a "human factor". Each data packet not only carries information, but also performs (as a 100% hash) the verification function of each previously received and current data packet, there is no “human factor”
In the current reality, the blockchain's “eternity” is limited to a dozen years - the increase in the capacity of hard drives definitely does not keep pace with the growth in blockchain volume
5) The system does not scale to any bit depending on any number of transactions, but increases when a new unit appears
6) Very low speed of operations, hung stocks, miners are combined into pools - the problem of 51% is becoming more urgent
6) The speed of operations depends only on the number of nodes, there is no problem confirming all the “blocks”, a very high and stable performance
Phishing is possible only if you have a persistent identifier. In addition, the server checks you, and you are the server? In keyless encryption technology in the client-server model, phishing is not possible because your identifier is always variable. And the check goes in both directions. This makes the transmission and reception protocol of the encryption system itself. If this were not so, then the encryption scheme would be either constant or predictable. This would be an ordinary cryptographic keyless primitive, of which there are a lot, they are called unidirectional functions and so on.
Here is an example of how phishing works on the blockchain:
"As soon as the user entered the wallet, or created a new one, Nginx replaced it with his own on the fake server. Criminals accessed information from the graph sharedkey, password, secondPassword, isDoubleEncrypted, pbkdf2_iterations, accounts."
And further:
"According to information from security specialists at blockchain.info, this phishing campaign is one of the largest in history ..."
Moreover:
"The experts also found confirmation that these attackers were involved in the creation of several so-called HYIP projects, such as: flexibit.bz, verumbtc.com, hashminers.biz.
Cisco researchers said fraudsters earned $ 50 million in cryptocurrency over the past three years. It's about losing users all over the world. "
What other examples are needed to understand that key technologies are very dangerous.
Today, even a poorly trained user can do a phishing attack. There are ready-made programs for this. Everyone needs to know about this.
Here's a nasty fresh example of how they might attack us:
Large online services use two-factor authentication (2FA) to protect accounts. Usually its implementation comes down to the fact that in addition to the login and password, you must enter a one-time code sent in SMS or push-notification to the mobile number specified during registration. Until recently, 2FA was considered a relatively reliable anti-theft system, but now there are already ready-made tools that make it easy to overcome it.
One of them is Evilginx 2, which we will talk about. This is a reverse proxy server and a ready-made framework for performing a MITM attack to bypass two-factor authentication. Everything that is possible is automated in it.
Evilginx 2 has the super ability to create a signed certificate for a fake site using the client’s free and fully automated Let’s Encrypt Certification Authority. This helps the attacker to use HTTPS and decorate the phishing site with a green lock in the address bar. As a result, the fake is visually indistinguishable from the original. Plus, Evilginx 2 independently detects and intercepts valid cookies, and this is the main component of a successful hack.
We are used to the fact that all hacker tools are written for Linux, however Evilginx 2 is available both on Windows and as a Docker container.
South Korea’s largest cryptocurrency exchange, Upbit, has notified its users of the theft of tens of millions of dollars in cryptocurrency from its wallet.
According to Lee Seok-Wu, the head of the Dunamu managing company exchange, on Wednesday, November 27, at 13:06 from the “hot” Ethereum wallet Upbit 342 thousand ETH (about $ 50 million) were transferred to an unknown wallet (0xa09871AEadF4994Ca12f5c0b6056BBd1d343c029)
The number of bitcoins lost due to the loss of keys or the death of the key keeper is huge and is growing every year. The theft of our confidential information, passwords - is growing. I get new confirmations of my position that new passwordless and keyless systems will be in demand. Here is a fresh example.
Positive Technologies experts summed up the results of the third quarter of 2019. Every fifth attack was directed against individuals, with almost half (47%) of all data stolen from them - these are credentials in various systems (logins and passwords). For example, the Clipsa Trojan is able to covertly “mine” cryptocurrency, steal passwords, change the addresses of crypto-wallets, and also launch brute force attacks against WordPress-based sites.
