If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!
Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.
In July 2023, people in our circle of friends noticed a series of seemingly impossible cryptocurrency thefts, which added up to over one million US dollars.
A common denominator was discovered across the set of victims we knew: the wallet software `libbitcoin-explorer`. Vulnerable versions used a weak pseudorandom number generator when creating cryptocurrency wallets. Within a short period of time, we disclosed the vulnerability, [CVE-2023-39910](https://milksad.info/disclosure.html).
Using this weakness, attackers were able to compute private keys of victims, which is supposed to be impossible under normal circumstances.
In this talk we
* 📜 - tell the story of uncovering a digital currency heist
* 🌐 - dive into similar vulnerabilities
* 🔍 - trace the movement of coins
* ⚖ - outline ethical challenges of cryptocurrency security research
* 🛡 - explore methods to defend and protect against this bug class
Our intention is to share the story of how little details can have big consequences and the importance of quality chaos.