Hello, welcome to the Tuesday, August 22nd, 2017 edition of the Sands and Internet Storm Center's

Stormcast. My name is Johannes Ulrich, and today I'm recording from Virginia Beach, Virginia.

Cryptocurrency, initial coin offerings continue to be easy pickings for attackers. The latest example is Enigma, a currency that is supposed to go live on September 11th.

They already solicited funds, but sadly their domain, enigma.co, got taken over a bind attacker,

who then stole about $500,000 worth of cryptocurrencies.

The response, I think, actually highlights a little bit the mindset of some of these companies

that are starting these crypto kinds.

They're stating here that they're changing all passwords,

engaging two-factor authentication and taking other security precautions, in particular not engaging

two-factor authorizations on, for example, their domain registrar account, which may have been

compromised here, is something that probably should not

have done in hindsight. Now sticking with cryptocurrencies here for a second story, one of the

perceived advantages of cryptocurrencies is sometimes privacy. Now, you all know that with Bitcoin, it is possible to follow transactions within the Bitcoin

network, but the difficult part tends to be to link a certain Bitcoin wallet to an actual

person.

Well, a paper by researchers from Princeton University does show that this may not be all

that difficult because a lot of e-commerce websites that do accept Bitcoin also do use third-party

trackers, for example, in order to track the effectiveness of advertisements.

These third-party trackers may in some cases receive the receiving Bitcoin address,

which is the Bitcoin address of the merchant.

They may also receive the amount being transmitted.

With that, it's typically possible to determine the wallet from which

...