In this article, we will again touch on the topic: “Bitcoin’s Critical Vulnerability” and use the brand new attack of 2023 “POLYNONCE ATTACK” on all three examples . The very first mention of this attack is described in an article from “Kudelski Security” . https://research.kudelskisecurity.com/2023/03/06/polynonce-a-tale-of-a-novel-ecdsa-attack-and-bitcoin-tears/ As a practical basis, we will take materials from our earlier article “ Speed ​​up secp256k1 with endomorphism” where the values ​​​​on…

In this article, we will do a fresh install SageMathin Google Colab. We previously published an article: “ Install SageMath for cryptanalysis on Fedora 64bit(10GB) Cloud Virtual Server ”, but in order to continue cryptanalysis of the Bitcoin blockchain, many of our readers prefer to use Debian and, Ubuntuin contrast to Fedora. As far as we know, Google Colab it has been updated to "Ubuntu 20.04.5 LTS". We…

ChatGPT has become an integral tool that most people use daily to automate various tasks. If you have used ChatGPT for any length of time, you would have realized that it can provide wrong answers and has limited to zero context on some niche topics. This brings up the question of how we can tap into chatGPT…

In this article, we will show in detail on slides how to install "SageMath" on a Fedora 30 64bit (10GB) cloud virtual server. For example, we will use the "DIGITAL RUBLE TECH" server . Previously, we used the Google Colab cloud service to install "SageMath" , but unfortunately, due to the latest updates, not all components for cryptanalysis of the Bitcoin blockchain work properly. Registration: First we need…

Front-Running AKA Transaction-Ordering Dependence The University of Concordia considers front-running to be, "a course of action where an entity benefits from prior access to privileged market information about upcoming transactions and trades." This knowledge of future events in a market can lead to exploitation. For example, knowing that a very large purchase of a specific token is…

In this article, we will implement a Twist Attack using example #2, according to the first theoretical part of the article, we made sure that with the help of certain points on the secp256k1 elliptic curve, we can get partial values ​​​​of the private key and within 5-15 minutes restore a Bitcoin Wallet using the “Sagemath pollard rho function :…

The rise of fake cryptocurrency apps and how to avoid them. Scammers are using fake crypto apps to steal funds from investors. Some malicious apps find their way into official app stores. And, according to the latest fraud report, fraudsters are using fake crypto apps to steal money from unsuspecting crypto investors. It highlights that American investors have lost…

Background on Log4j Alibaba Cloud Security Team publicly disclosed a critical vulnerability (CVE-2021-44228) enabling unauthenticated remote code execution against multiple versions of Apache Log4j2 (Log4Shell). Vulnerable servers can be exploited by attackers connecting via any protocol such as HTTPS and sending a specially crafted string. Log4j crypto-mining campaign Darktrace detected crypto-mining on multiple customer deployments which occurred…

Not so long ago, the elliptic (6.5.4) package for standard elliptic curves was vulnerable to various attacks , one of which is the Twist Attack . The cryptographic problem was in the implementation of secp256k1. We know that the Bitcoin cryptocurrency uses secp256k1 and this attack did not bypass Bitcoin, according to the CVE-2020-28498 vulnerability, the confirming parties of the ECDSA algorithm transaction through certain points on the secp256k1…

But is actually just a trap. Honeypots work by luring attackers with a balance stored in the smart contract, and what appears to be a vulnerability in the code. Typically, to access the funds, the attacker would have to send their own funds, but unbeknownst to them, there is some kind of recovery mechanism allowing the smart…