America’s days as the recognized leading superpower of blockchain tech development may be numbered, a report by PwC suggest. Instead, it is China that is expected to close the gap and take the lead.
The survey , which asked 600 executives across 14 nations, found that 29 percent of respondents saw the US as world leaders when it comes to development of the decentralized technology, followed by China at 18 percent.
Before you start to criticize the survey methodology, the executives were also asked what they perceive the future will hold.
Between 2021 and 2023 the tables are expected to turn, and respondents believe that these figures will switch. The research found that 30 percent of those surveyed believe that China will become the world leader in blockchain development. Just 18 percent believe that the US will still be leading the way in the next five years.
While this is all well and good, the survey also highlighted the low figures for companies that actually have a live blockchain project. Which echoes our previous explorations, where we saw that 60 percent of the top 100 cryptocurrencies don’t have a working product.
The research from PwC shows that only one quarter of those surveyed actually have a working blockchain product. The remaining three quarters claim to be still developing or researching blockchain, or they have nothing at all.
Hackers target EOS gambling dApp once again, $338K believed stolen
Hackers are believed to have stolen hundreds of thousands of dollars worth of EOS cryptocurrency from blockchain-powered gambling dApp EOSBet — again .
Thieves have exploited another vulnerability in the automated dice game, allegedly taking at least $338,000 from its operational wallets.
By injecting standard EOS accounts with malicious code, digital baddies appear to have tricked its smart contract into mistakenly crediting their accounts with large amounts of cryptocurrency.
Shown below are three transactions thought to be illegitimate. They detail one of the attackers accounts (“ilovedice123”) siphoning 65,000 EOS ($338K) directly to a major cryptocurrency exchange.
The EOSBet team is yet to reveal the full extent of the damage, but a block producer did confirm developers have since patched the platform.
EOS wallets injected with code
Hackers added malicious code to their EOS wallets, causing a targeted account to instantly grant attackers with cryptocurrency every time they sent transactions between themselves.
In this case, the code activated EOSBets ‘ “transfer” function, tricking it into matching every EOS sent with equal amounts from its operational wallets.
Here, we can see the dodgy transactions happening rapidly, draining a significant chunk of EOSBets ‘ holdings in less than a minute. Each transaction is thought to represent another 500 EOS gained by the thieves.
Just a month ago, hackers stole $200,000 from EOSBet by exploiting a different security flaw in its smart contract. Only days earlier, its developers had declared their platform to be the safest of its kind.
Well, after that incident, EOSBet promised the code had been audited “extensively” by its development team and “multiple independent third parties.” They then pledged to “harden” their security measures.
Let’s see if a further $338,000 in losses inspires some more drastic changes.
Craving more blockchain? Join us at Hard Fork Decentralized, our three-day event in London. We’ll discuss the industry’s future together. You can now register on our website !
Monero wallet vulnerability made it possible to steal XMR from exchanges
It appears popular cryptocurrency Monero, often praised for its privacy functions, was riddled with security vulnerabilities – one of which allowed hackers to steal coins directly from the wallets of exchange desks.
Utilizing old-fashioned social engineering, inventive hackers could forge transaction data and use it to trick support staff into crediting their account manually with extra XMR.
By simply copying a line of code from Monero’s wallet – which is open-sourced and accessible to everyone – the attackers could manipulate the amounts shown by the wallet when facilitating transactions between addresses.
Each additional line multiplied the amount of XMR shown – which made tricking support staff into approving dodgy transactions much simpler. Hackers could then call exchanges and demand the transactions be processed immediately – claiming totals way over the amount originally sent for confirmation.
“An attacker could exploit this repeatedly to siphon of all of the exchange’s balance,” the researcher who found the bug wrote in the disclosure.
Another disturbing details is that it appears the bug extends to other Monero-based coins. Indeed, the disclosure notes attackers were able to steal ARQ coins – a hard fork of Monero – from the wallet of exchange desk Altex.
The good thing is that the flaw has since been patched (in Monero at least, it is not entirely clear if this is the case for other Monero-based coins). The more concerning part is that it is only one out of six vulnerabilities disclosed by Monero in the last 24 hours alone, according to information from its HackerOne bug bounty program.
Other bugs included a Denial of Service attack vector that could’ve been abused to clog the Monero blockchain and a Python script exploit that made it possible to take down active nodes on the network. Just like the wallet flaw, all of these vulnerabilities have already been fixed.
This is not the first time researchers have found kinks in the anonymous cryptocurrency’s code – but to Monero’s credit, its dev team has always made sure to address such concerns appropriately.
It’s no surprise that bug bounties are really becoming an industry standard, considering considering how much damage they can prevent. Recently $24,000 was claimed in one week across four different blockchain projects.
Apparently, probing EOS is even more profitable: one hacker got paid $80,000 in one day for identifying critical bugs in its code.
Update August 3, 09:15 AM UTC: Monero project lead Riccardo Spagni, better known under the pseudonym ‘ fluffypony ,’ has since addressed the vulnerability disclosures in an email to Hard Fork.
Spagni highlighted that although the bugs were made public yesterday, they were discovered – separately – over the span of several months.
“ The [wallet] vulnerability was introduced by the sub-address functionality, so it’s relatively new,” Spagni told Hard Fork.
“As to the other bugs,” he continued, “there were old triaged reports on HackerOne that were pending disclosure, so they just disclosed it all together.”
“The reports span many months and are unrelated.”
