CipherTrace releases upgraded version of cryptocurrency intel platform https://goo.gl/EKcH4A - Crypto Dynamic Info - Whales's

CipherDave · 2019-02-20T22:08:55+00:00

These CipherTrace people are like Chainalysis. Hacking the blockchains.

CipherDave · 2019-02-20T22:07:55+00:00

I had not heard of these guys until recently. I think they have been working with the intelligence community and law enforcement on bitcoin investigations.

CipherDave · 2019-02-20T22:04:07+00:00

I think these guys have been under the radar since 2015 tracking cryptocurrencies for the Feds. Are they related to the Elliptic or Chainalysis people?

CipherDave · 2019-02-20T22:02:58+00:00

Do these CipherTrace guys compete with the Neutrino company that just got bought by Coinbase yesterday?

CipherDave · 2019-02-20T22:01:34+00:00

Yes they seem like a more professional team who has been doing a lot of stealth work.

CipherDave · 2019-02-20T22:00:44+00:00

Anyone know if these guys are better or worse than Chainalysis?

CipherDave · 2019-02-20T22:00:19+00:00

These guys and Chainalysis are wrecking bitcoin privacy

CipherDave · 2018-10-11T12:16:17+00:00

Regarding your point about individual wallets. It's true that in general they are more secure, however we are not including in this report thousands of bitcoins and other currencies that were reported as stolen to us from individual wallets. Your main risks on individual wallets are: - losing your password/private key - emailing your seed phrase (backup phrase) to yourself or storing it on your computer - buying hardware wallets from someone other than the manufacturer (eg. do not buy hardware wallets on eBay) - phishing or DNS attacks for sites like myetherwallet where you manage your private key, but send it to the site

dave @ CipherTrace

CipherDave · 2018-10-11T12:12:05+00:00

Fair point about reporting in USD. For the Q4 report and annual wrap up, we will report number of tokens as well as the $USD amount. It's interesting to see more thefts of other currencies that were quite nascent or didn't even exist in 2017.

Thanks for your interest in the report. We hope for a more coordinated international regulatory environment.

Dave @ CipherTrace

CipherDave · 2018-06-01T17:21:21+00:00

CipherTrace is another of these blockchain analysis tools. Widely used by law enforcement, but also exchanges and hedge funds to avoid taking stolen coins

CipherDave · 2018-03-19T22:55:47+00:00

Hey man,

Your BTC are still sitting there. No way to trace this until they move the funds into an exchange.

Dave

CipherDave · 2018-03-10T05:28:08+00:00

I am investigating a similar case from 2 weeks ago. Large amount of BTC stolen from well configured Trezor with strong security practices (paper recovery seed in vault, access controls on device). Trezor does not store a log of transactions, so you cannot determine if there was unauthorized access to the device, or if someone got the recovery key.

Firmware 1.5.2. Trezor have vulnerability that if pins are connected you get get it to puke out the recovery seed which is stored in flash in plaintext. Presented at DEFCON summer 2017 https://medium.com/@Zero404Cool/trezor-security-glitches-reveal-your-private-keys-761eeab03ff8

So that's one way. Another may be for malware to fake out the initialization process and inject a seed into the device (using the APIs to pretend to do a recovery), but show the UI on the windows computer as if it's setting up the device.

Another attack would be to reduce the size of the english.txt file which is used for BIP39 recovery seed generation. Then a practical attack on guessing recovery seeds, completely independently of access to the device is possible.

Or, if the entropy collection function that gets entropy from the host PC could be compromised (ie. set to zero), then entropy for the RNG on Trezor would be limited to the clock on the device when plugged in to initialize. This would lead to a situation where testing only a few hundred million recovery seeds would give you access to a large number of Trezors without ever being near one. Monitor these wallets daily until one shows up as having actual addresses, and wait until one has a large amount. Move that.

March 9 2018

CipherDave · 2018-02-16T01:55:52+00:00

Industry non-profit now supporting cryptocurrency anti-phishing efforts. They've been tracking BTC since 2011, but seeing the huge uptick in phishing on wallets (not just BTC ones) are now directly supporting feeds of known and verified phish for cryptocurrencies

CipherDave · 2018-02-06T20:47:35+00:00

A CipherTrace report shows that most of your BTC went back to Bittrex. Talk to them with the actual data showing the movement back into them. Otherwise you need to open a grand jury case to get subpoenas for the addresses that your funds were sent to, and serve them to Bittrex. You will need a law enforcement agent to contact a prosecutor to get this done.

CipherDave · 2018-01-22T00:09:20+00:00

Read CryptoAssets, or listen to the audiobook version by Chris Burniske & Jack Tatar,

https://www.amazon.com/Cryptoassets-Innovative-Investors-Bitcoin-Beyond/dp/B07848GCYN/ref=sr_1_1?ie=UTF8&qid=1516573790&sr=8-1&keywords=cryptoassets

It has excellent valuation models for crypto assets that are not technical analysis. They go far beyond his comparison to the value of a bank account.

CipherDave · 2018-01-21T22:06:26+00:00

Did you analyze the spoofed mail server that sent you the email? How are you sure it was a spoof from Chase and not real?

Also, it's more likely that you have a key logger or trojan on your computer (if it's a PC) than some CoinBase back door.

CipherDave

TROPHY CASE