Time for a disclosure: this author is not an application to monitor the behavior of the ICOs post-analysis. Sometimes, by the time of publication, things are already shifting, and updates are necessary. In IOTA, there was a rush to publishing because we did not want readers to miss out on the obvious hype bubble. We feel that plenty of such readers were able to extract profit at the top there, but this doesn’t prevent us from checking in on IOTA.
We find that a few days ago, a major security vulnerability was discovered in IOTA, and that trading was suspended at Bitfinex for at least a day. We find two separate blog posts from IOTA on the matter, we’ll call these Exhibit A and Exhibit B.
In Exhibit A, IOTA cursorily alludes to the security vulnerability:
One of the cryptographers we reached out to months ago to review Curl has disclosed that he is worried there might be a potential vulnerability in Curl. We have since had our internal team, as well as other cryptographers review it and asked the disclosing party for more information. While the party that did the responsible disclosure has been quite forthcoming, there are still some of the last details to be discussed more thoroughly with the respective teams in order to reproduce the claims and verify if there was even any vulnerability.
We reached out to the researchers (associated with a security lab at MIT) who discovered the vulnerability. We spoke with Ethan Heilman from Boston’s Commonwealth Crypto, who works with Neha Narula, Tadge Dryja, Madars Virza, the other researchers. The author first reached out to Narula, but
she was on vacation was traveling for work, deferring to Heilman. Heilman’s first reply to our inquiry was illuminating, and led to more questions, especially as we had just discovered Exhibit B as well. The first piece of IOTA’s response that he addressed was the following passage:
“Don’t roll your own crypto” is a compulsory uttered mantra that serves as a good guiding principle for 99.9% of projects, but there are exceptions to the rule. When spearheading technology for a new paradigm this statement is no longer axiomatic.
To this, Heilman said that if a new cryptographic hashing function is necessary, then there is a process for that and it should have been followed. “I’ve found no record of any such paper for IOTA’s Curl, we had to read the IOTA source code to understand how the algorithm functioned. For instance as part of my work on MD6 I spent two years designing a proof of differential resistance for MD6 which I then published at a peer reviewed conference. The burden of proof rests on the designer of a new cryptographic algorithm,” he wrote.
Heilman also tipped the author off to another primary source, a post on Reddit which quotes the author of IOTA’s Curl function –Sergey Ivancheglo who goes by the name of Come-from-Beyond – as saying that the vulnerability that Heilman and friends were able to exploit was actually a feature intended to copy-protect the source code of the project.
This is extraordinarily unusual among cryptocurrency projects or open source projects in general. Transparency in the code does not lead to less opacity in the ledger; open source is not only safer in argument, it’s safer in practice. Had this code been previously published, for instance, despite its design intent, the bug could have been caught. According to Heilman, it’s unlikely that this code was looked at by the alleged legion of cryptographers “over the years.”
I look forward to IOTA providing a list of cryptographers who reviewed Curl, until that point I have no way of knowing who IOTA did or didn’t speak with. What I will say is that the vulnerability we found was fairly simple and I believe many people with a cryptanalytic background would have discovered it after visually inspecting the Curl source code. Differential cryptanalysis, which is what we used to break Curl, is the first thing you check when attacking a cryptographic hash function.
Bruce Schneier, globally recognized security pundit, brilliant cryptographer, and one of the core contributors to the Skein hashing function (which has passed peer review and is currently in practice in more than one cryptocurrency) commented on the research saying:
In 2017, leaving your crypto algorithm vulnerable to differential cryptanalysis is a rookie mistake. It says that no one of any calibre analyzed their system, and that the odds that their fix makes the system secure is low.
In Exhibit B, IOTA were a little more forthcoming about what all went down, but still couldn’t help themselves: they had to spin it.
As part of an on-going conversation between the IOTA Team and security researchers from Boston University and MIT DCI, the teams published their report on a vulnerability in Curl today. […] We have since formed stronger partnerships with several large academic institutions around the world, and will continue to do so. As for Curl, the IOTA Foundation has already subcontracted a team of 5 world-class cryptographers, as well as 3 independent ones to come up with a final design of Curl and then start the long peer-reviewed process, as was always the plan. No change.
Most of this sounds good, and positive. This post also works to downplay the seriousness of the steps that were skipped in the process of developing the IOTA alpha. There are several arguments you can make in their defense, but in the end, doesn’t it begin to feel like IOTA were just afraid their grand idea wouldn’t fund in another, less frenetical ICO investor setting?
IOTA team has already responded to the paper published by Neha Narula.
It was me who created Curl and IOTA signature scheme in those old days when there was no IOTA Foundation.
[…] […] In 2013 I created the first full Proof-of-Stake currency and protected it with my novel techniques against cloning.
Those who knew me as BCNext were sure that I would do the same trick to protect IOTA, some people even approached me asking about that.
Remembering how quickly Nxt protection was disarmed I was keeping in secret the fact of existence of such mechnism in IOTA.
I was pretty sure that the protection would last long time because it was hidden inside cryptographical part and programming skills would be insufficient to disarm the mechanism.
Sergey Ivancheglo aka Come-from-Beyond
To this, Heilman responded:
Is IOTA saying they backdoored their own cryptocurrency? How does that relate to David Sønstebø earlier statements?
It would seem there remains more to the story, but we’re here to talk about the impact on the market.
All of these things being noted, we can’t leave IOTA in such high standing by comparison to her peers who are blameless of these sorts of hubris-induced mistakes. For whatever IOTA wants to say in their press releases, they were given a serious pass by the entire industry in getting listed at Bitfinex in the first place. The machinations there, allowing unreviewed cryptographric code on a multi-billion dollar exchange, are interesting. Economic impact was had by their entire investment community, in a negative way: trading was halted for at least one day because of something the firm did. This disposition would be reading differently if things had not turned upward following resumption of trading.
Nonetheless, after trading did resume, it appears the market was okay with their response, while this author clearly isn’t, and while established cryptographers are clearly calling warning signs on this project, and the market rewarded the token with a moderate rise:
Thus, our actual point revision has to be less. It looks like they might get through this, but there are serious issues raised during this episode, some of which the author is keeping under his collar for the moment, which make us weary of the future for IOTA.
Luckily for everyone involved, IOTA have a vault of cash to throw at these problems. It seems they might even know where it should be thrown. As such, we’re deducting 99% of one point from IOTA, since we believe their response and intent was worth about 1% of the market reward that followed it. We still believe this technology has legs, but like with Enigma, at this point, they’re vulnerable to a far more competent team coming along and doing the job independently of them. More to the point, those copy protections aren’t going to slow down a firm if they see the opportunity and the gains that IOTA had just through being the big first-mover on sponge-type cryptocurrency. This leaves their updated rating at a 6.01, still probably plenty to be made in speculating here.
Cryptocurrency Analysis: Ripple Continues Rampage as Litecoin and Ethereum Enter Correction
Ripple remained in the center of attention in the segment after breaking out to a new all-time high yesterday, and the coin almost doubled in value, climbing above the $0.80 level. The currency concluded a 6-month long consolidation pattern with the move after being the only major on a long-term buy signal in our trend model.
XRP gave a short-term sell signal today, while turning neutral regarding the long-term setup. Investors now shouldn’t add to their positions, although further gains are still possible, and reducing holdings somewhat is a good idea here. Major support is still found at the prior high near $0.4250 and in the $0.30-$0.32 range.
XRP/USDT, 4-Hour Chart Analysis
While Bitcoin stagnated, and Bitcoin Cash jumped, Ethereum, Litecoin, Dash, and IOTA has been drifting slightly lower, although the recent gains are still mostly intact, and the basic setup in the segment is unchanged.
Litecoin fell below the $300 level after yesterday’s consolidation, and the coin faced strong selling pressure in the latter half of the session. The currency remains extremely stretched regarding the long-term momentum indicators, and although the short-term uptrend is still intact, a deeper correction is likely in the coming weeks, with key support levels found at $125 and $100, and weaker levels at $260 and $170.
LTC/USD, 4-Hour Chart Analysis
Daily Analysis: Dollar Falls, Gold Jumps after Yellen’s Final Move
Wednesday Market Recap
|Asset||Current Value||Daily Change|
|WTI Crude Oil||56.65||-0.68%|
The Federal Reserve hiked interest rates as expected today, and although the central bank’s monetary statement was slightly more hawkish than expected, the market’s reaction didn’t reflect the much-anticipated move. The worse than expected Core CPI reading that underlined the low-inflation narrative weighed on the recently strong Greenback, while stocks were unchanged after decision and bonds gained ground as yields retreated.
EUR/USD, 4-Hour Chart Analysis
The major indices are hovering near their all-time highs with the DOW leading the way higher, hitting a new record for the second day in a row. While volatility Is expected to remain low as we approach the end of the year, market internals and valuation levels are still concerning from a long-term perspective, and stocks outside the US are also negatively diverging. The action in crude oil could be slightly more interesting as the commodity is starting to act in a slightly bearish manner after a grinding multi-month rally.
WTI Crude Oil, 4-Hour Chart Analysis
The Brexit process is still in the center of attention in Europe, although volatility took a nosedive on the old continent as well, and it’s unlikely that the Christmas period will be much different, given the predictable drop in volumes and trading activity. The date of the next election in the financially and politically troubled Italy has been set to March 4th next year, and the early date caused some turmoil in the countries assets, which dragged the Euro Stoxx 50 lower today, together with the DAX and the other major indices.
As the total market cap of the crypto-market crossed the incredible $500 billion mark, Ripple, NEO, and Ethereum made headlines with lofty gains in the face of the severely overbought readings elsewhere in the segment. While XRP and NEO are still not overbought from an investment perspective, Ethereum reached our final target for its break-out and triggered a long-term sell signal.
ETH/USD, 4-Hour Chart Analysis
The previously surging IOTA continued its correction, Litecoin consolidated in a relatively narrow range, while Dash, ETC, and Monero scored marginal new highs before turning lower together with BTC. The most valuable coin that has lost some of its momentum “mojo” in recent days fell back below last week’s highs, and that could mark a failed break-out and a start of the deeper correction that seems more and more likely.
BTC/USD, 4-Hour Chart Analysis
Key Economic Releases on Wednesday
|11:30||UK||Claimant Count Change||5,900||3,300||6,500|
|15:30||US||Crude Oil Inventories||-5.1 mill||-3.6 mill||-5.6 mill|
|21:00||US||Fed Rate Decision||1.5%||1.5%||1.25%|
Featured image from Shutterstock
Technical Analysis: Volatility on the Rise Again, as Ripple and Ethereum Hit Targets
Ripple has been the star of today’s session in the cryptocurrency segment, as the only major coin on a long-term buy signal in our trend model continued yesterday’s break-out, and surged to a new all-time high. The currency cleared the $0.425 level that marked the top in May, and after the more than 6-month long consolidation phase, it promptly neared the $0.50 level.
While the short-term momentum indicators are now stretched, the coin is still in an encouraging long-term setup, although the best period to buy already passed. The coin could be dragged lower in the case of the expected broad correction in the segment, but we expect XRP to outperform in the coming period, with support levels found at the prior high and below that in the range between $0.30-$0.32.
XRP/USDT, 4-Hour Chart Analysis
Ethereum has been the other top coin on the rise, as the second largest digital currency surged past the final range projection target of the break-out two weeks ago at $685 in the aftermath of the launch of the BTC futures on Monday. The ETH token is now also on a sell signal on all time-frames, and we advise investors and investors to wait for the next major correction to establish new positions. Support levels are now found at $575, $500, $480, and $400.
ETH/USD, 4-Hour Chart Analysis
- Trade Recommendation: Bitcoin
- Cryptocurrency Analysis: Ripple Continues Rampage...
- Technical Analysis: Volatility on the Rise Again...
- Trade Recommendation: XMR/BTC Pair Throwback
- Trade Recommendation: FCT/BTC Bullish Reversal
- Asian Market Update – Thursday: Ethereum Extends R...
- Can a New Generation of Regulated Token Sales Save...
- Asian Market Update – Friday: Coins mixed; Asian stocks tumble as investors assess Fed, ECB decisions December 15, 2017
- Cryptocurrency Analysis: Ripple Continues Rampage as Litecoin and Ethereum Enter Correction December 14, 2017
- Trade Recommendation: XMR/BTC Pair Throwback December 14, 2017
- Trade Recommendation: FCT/BTC Bullish Reversal December 14, 2017
- Can a New Generation of Regulated Token Sales Save ICOs? December 14, 2017
- Trade Recommendation: NZDJPY December 14, 2017
- Trade Recommendation: Bitcoin December 14, 2017
- Asian Market Update – Thursday: Ethereum Extends Rally; Asian Stocks down After US Rates Hike December 14, 2017
- Daily Analysis: Dollar Falls, Gold Jumps after Yellen’s Final Move December 14, 2017
- Crypto Market Reaches Historic Milestone as Ether, Ripple Surge December 14, 2017
A part of CCN
Analysis5 days ago
Long-Term Cryptocurrency Analysis: Look Out Below?
Recommendations7 days ago
Trade Recommendation: Litecoin
Cryptocurrencies5 days ago
Trade Recommendation: Zcash
Cryptocurrencies3 days ago
Trade Recommendation: Bitcoin Cash
Cryptocurrencies6 days ago
Trade Recommendation: Stellar
Cryptocurrencies7 days ago
Trade Recommendation: Ethereum Classic
Analysis3 days ago
Technical Analysis: Litecoin Continues Surge as Bitcoin Tests Highs
Cryptocurrencies1 week ago
Trade Recommendation: Neo