Scammy ETH "Forks" to Steal Users' Private Keys

Ethereum Nowa (ETN) and Ethereum Classic Vision (ETCV) are new crypto scam projects
11 January 2019   1555

Ethereum Nowa (ETN) and Ethereum Classic Vision (ETCV) fraudulent projects steal private keys from users, offering the latter to participate in the free distribution of coins. This is reported by the Cointelegraph.

There is no white paper on the Ethereum Nowa project site, however, the order of actions that users are invited to perform in order to receive ETN coins is described. In particular, they are advised to send a ETH to a specific address, then export the private key and receive forks using a special online tool.

The tool itself, proposed for obtaining coins, is a clone of the Ethereum wallet MyEtherWallet. It has a lot of design elements of a popular wallet, the only difference is in the domain.

Another scam project - Ethereum Classic Vision - has whitepaper. It says that hardfork will be held today, January 11, at 20:00 GMT. 

The analysis on the code performed by our team has shown that the piece of code provided actually sends your private key data on the Ethereum Classic Vision servers, masking it as an API token.
 

Guarda Wallet Team

The project website contains links to wallets under Windows and Linux.

Potentional Vulnerabilities Found in ETH 2.0

Least Authority have found potentional security issues in the network P2P interaction and block proposal system
26 March 2020   935

Technology security firm Least Authority, at the request of the Ethereum Foundation, conducted an audit of the Ethereum 2.0 specifications and identified several potential vulnerabilities at once.

Least Authority said that developers need to solve problems with vulnerabilities in the network layer of peer-to-peer (P2P) interaction, as well as in the block proposal system. At the same time, the auditor noted that the specifications are "very well thought out and competent."

However, at the moment there is no large ecosystem based on PoS and using sharding in the world, so it is impossible to accurately assess the prospects for system stability.
Also, information security experts emphasized that the specifications did not pay enough attention to the description of the P2P network level and the system of records about Ethereum nodes. Vulnerability risks are also observed in the block proposal system and the messaging system between nodes.

Experts said that in the blockchains running on PoS, the choice of a new block is simple and no one can predict who will get the new block. In PoS systems, it is the block proposal system that decides whose block will fall into the blockchain, and this leads to the risk of data leakage. To solve the problem, auditors suggested using the mechanism of "Single Secret Leader Election" (SSLE).

As for the peer-to-peer exchange system, there is a danger of spam. There is no centralized node in the system that would evaluate the actions of other nodes, so a “malicious" node can spam the entire network with various messages without any special punishment. The solution to this problem may be to use special protocols for exchanging messages between nodes.