The CoinSec Podcast-logo

The CoinSec Podcast

United States

More Information

Location:

United States

Language:

English


Episodes

Episode 22: Passphrase Cracking, ZCash ASICs, BitThumb Hack, Blockchain C2, and Firebase DBs Hacked

6/22/2018
More
On this episode the hosts discuss cracking passphrases with hashcat. Also, Zcash is battling ASICs. A proof of concept for a command and control channel over Ethereum is discussed. BitThumb got hacked. Lastly we discuss some recent arrests that were made in the cryptocurrency world. http://coinsecpodcast.com/episode-22-show-notes/ Honk Kong by Taseh is licensed under a Attribution-NonCommercial-ShareAlike License. Based on a work at https://taseh.bandcamp.com/ Business Box by Audeka is...

Duration:01:08:20

Episode 21: Blockchain-based Voting, EOS Bug Bounty Payouts, Raven Coins Jacked from YiiMP Pools, and North Korea Targeting Exchange Users

6/8/2018
More
West Virginia becomes the first U.S. state to allow internet voting by blockchain in primary elections. Does security matter now??? An EOS Bug Bounty paid out $90k to one researcher. YiiMP pools being jacked of Raven coins, and more! Show notes: http://coinsecpodcast.com/episode-21-show-notes/ Honk Kong by Taseh is licensed under a Attribution-NonCommercial-ShareAlike License. Based on a work at https://taseh.bandcamp.com/ Business Box by Audeka is licensed under a...

Duration:00:52:26

Episode 20: EOS Remote Code Execution Vuln, Cost of a 51% Attack, Banks Blackmailed for XRP, and Electroneum Issues

6/1/2018
More
In episode 20 of the CoinSec podcast we discuss the epic remote code execution vulnerability found in EOS. How much would it cost to perform a 51% attack against a given cryptocurrency? Two banks were blackmailed for XRP. Electroneum is having block issues. Show Notes: http://coinsecpodcast.com/episode-20-show-notes/ Honk Kong by Taseh is licensed under a Attribution-NonCommercial-ShareAlike License. Based on a work at https://taseh.bandcamp.com/ Business Box by Audeka is licensed...

Duration:01:03:16

Episode 19: Hack Miami Interviews, Bitcoin Gold Double Spend Attack, Verge Hacked, & Sentinel Protocol ICO

5/25/2018
More
On this week's episode we discuss the Bitcoin Gold double spend attack. Verge, Taylor, and Cypherium Chain all got hacked. Coincheck is removing privacy coins, and we have interviews from Hack Miami. Also, we talked about the Sentinel Protocol ICO. Show Notes: http://coinsecpodcast.com/episode-19-show-notes/ Honk Kong by Taseh is licensed under a Attribution-NonCommercial-ShareAlike License. Based on a work at https://taseh.bandcamp.com/ Business Box by Audeka is licensed under a...

Duration:01:03:26

Episode 18: Bad Ideas

5/18/2018
More
This week we didn't have much of an agenda but we chatted a lot about some of the potential innovations attackers could make in terms of malware and had some other really really bad ideas. Show notes: https://coinsecpodcast.com/episode-18-show-notes Honk Kong by Taseh is licensed under a Attribution-NonCommercial-ShareAlike License. Based on a work at https://taseh.bandcamp.com/ Business Box by Audeka is licensed under a Attribution-Noncommercial-Share Alike 3.0 United States License.

Duration:01:01:10

Episode 17: The Gang Builds A Cryptocurrency Mining Rig

5/14/2018
More
In this episode the hosts of the show talk about what it takes to build a cryptocurrency mining rig. We fill a cart and purchase all the pieces necessary by the end of the episode. To see the details of the rig we built be sure to check out the show notes here: https://coinsecpodcast.com/episode-17-show-notes Honk Kong by Taseh is licensed under a Attribution-NonCommercial-ShareAlike License. Based on a work at https://taseh.bandcamp.com/ Business Box by Audeka is licensed under a...

Duration:01:31:31

Episode 16: Cryptocurrency CTFs and MonteCrypto

5/4/2018
More
We welcome the creators of the cryptocurrency CTF held at BSides NoVA John and Will (bspar_) to the show. Capture the Flag contests are a huge part of the InfoSec ecosystem. We discuss their CTF along with how they can create more interest in a specific topic like cryptocurrency. The hosts also discuss their experience with the cryptocurrency challenge MonteCrypto. http://coinsecpodcast.com/episode-16-show-notes/ Honk Kong by Taseh is licensed under a Attribution-NonCommercial-ShareAlike...

Duration:01:07:54

Episode 15: Special Guest Troy Mursch AKA "Bad Packets", BatchOverflow, Route53 BGP Hijack, and a New Vulnerability in Equihash Mining Pools

4/27/2018
More
Special guest Troy Mursch AKA "@bad_packets" is a researcher who specializes in cryptojacking, botnets, and more. We discuss his experience with the latest trends in cryptojacking. Also, a new vulnerability was discovered in some Equihash mining pools. A new smart contract vulnerability called BatchOverflow was discovered. We also discuss the Route53 BGP hijack that happened this week. Show Notes here: http://coinsecpodcast.com/episode-15-show-notes/ Honk Kong by Taseh is licensed under...

Duration:01:02:06

Episode 14: Special Guests Maurelian and Bernhard from ConsenSys

4/20/2018
More
In episode 14 we are joined by Maurelian and Bernhard from ConsenSys. They brought their knowledge around smart contract security to the show. Bernhard recently published a paper titled "Smashing Ethereum Smart Contracts for Fun and Real Profit" that introduces a security analysis tool for Ethereum smart contracts called "Mythril". Discussion around auditing smart contracts and how to get started in smart contract security was also had. Show Notes:...

Duration:01:00:58

Episode 13: Top 10 Smart Contract Vulns (DASP), Flaw in Zerocoin, ACINQ Losing Their Code Signing Key, & $3.3 Million in Bitcoin Stolen from CoinSecure

4/14/2018
More
A cryptographic flaw was found in Zerocoin. Hosts discuss the top 10 smart contract vulnerabilities as detailed in the Decentralized Application Security Project (DASP). ACINQ lost their code signing key forcing them to push a new Android app. $3.3 million worth of Bitcoin was allegedly stolen from the CoinSecure exchange. Honk Kong by Taseh is licensed under a Attribution-NonCommercial-ShareAlike License. Based on a work at https://taseh.bandcamp.com/ Business Box by Audeka is licensed...

Duration:01:08:38

Episode 12: Special Guest Sneakerhax, Wallet Software Security, Android App Mining Malware, and Verge Hacked

4/6/2018
More
In episode #12 we welcome special guest Sneakerhax to the CoinSec Podcast! We discuss some of the security issues around cryptocurrency wallet software. Malicious coin-miners have been found embedded into semi-legitimate Android applications. Lastly, we discuss Verge cryptocurrency being hacked. Honk Kong by Taseh is licensed under a Attribution-NonCommercial-ShareAlike License. Based on a work at https://taseh.bandcamp.com/ Business Box by Audeka is licensed under a...

Duration:01:02:27

Episode 11: Cryptocurrency Hidden in Artwork, Atlanta Ransomware, Drupalgeddon 2.0, and Fileless Crypto-Malware

3/30/2018
More
This week on the CoinSec Podcast Brian Krebs investigates who and what Coinhive is. The city of Atlanta is fighting a ransomware attack. Drupalgeddon 2.0 is happening as a new RCE has surfaced. Fileless crypto-mining malware has surfaced. All that and more on CoinSec Ep. 11. Honk Kong by Taseh is licensed under a Attribution-NonCommercial-ShareAlike License. Based on a work at https://taseh.bandcamp.com/ Business Box by Audeka is licensed under a Attribution-Noncommercial-Share Alike...

Duration:00:58:00

Episode 10: Ledger & Trezor Vulns, Illegal Content on the Blockchain, Epic Coinbase Bug Bounty, $20 Million in Eth stolen, and More

3/23/2018
More
A fifteen-year-old found some pretty epic vulnerabilities in both of the leading hardware wallets Ledger Nano S and Trezor One. Research was released detailing how there is potentially illegal content being posted on the Bitcoin blockchain. A $10,000 bug bounty was payed out by Coinbase to a researcher who found a vulnerability that would have allowed an attacker to steal millions in Ether. Over the past two years attackers have been stealing over $20 million in Ether from publicly facing...

Duration:01:14:19

Episode 9: IOTA Signature Issues, Monero ASICs, Echidna Fuzzer, CryptoSecure ICO, and CryptoHex Steel Rod Seed Backup

3/16/2018
More
This week Beau and Ralph discuss a new vulnerability patched in IOTA related to signature issues. Monero is forking due to ASIC mining systems hitting the market for the CryptoNight algorithm. Trail of Bits released a new smart contract fuzzer called Echidna. A Kickstarter for a steel rod called CryptoHex to store BIP39 seeds is running. Additional topics covered this week were the CryptoSecure ICO, Google banning cryptocurrency ads, and more!

Duration:01:02:14

Episode 8: Bitcoin Private, Binance Stop Hackers, Ethereum Eclipse Attacks, and Electroneum Hardcoded Hash

3/9/2018
More
Bitcoin Private is a fork of a fork of a fork that merges the ZClassic and Bitcoin blockchains. The Binance exchange protected its' users against a major hack this week. Researchers found that the Ethereum network was vulnerable to 'Eclipse' attacks. Electroneum re-implemented a bug where a hardcoded hash was copied over from Monero. Lastly, $2 million worth of cryptocurrency mining equipment was stolen from a mining farm in Iceland.

Duration:00:59:19

Episode 7: Cracking Bitcoin Wallet Passwords, Key Collisions, Ethereum Honeypots, and Jaxx/Bitcoin.com Wallet Vulns

3/2/2018
More
How to crack Bitcoin wallets with BTCRecover was discussed by the hosts on this week's episode of the CoinSec Podcast. Hackers hacking hackers with Ethereum honeypots was talked about. Discussion around the potential of generating keys that match wallet addresses was had. Lastly, don't store your mnemonic recovery keys on your disk or your going to have a bad day (Looking at you Bitcoin.com and Jaxx wallets).

Duration:01:05:50

Episode 6: Cryptocurrency Sidechains, Bitgrail Hacked, Bitmessage 0-day, and the Next Dark Web Currency

2/16/2018
More
Sidechains in cryptocurrency have been a relatively hot topic recently with currencies like Cardano and Lisk building functionality around them. Security concerns around sidechains were discussed in this episode. The crew talked about the Bitgrail hack, a 0-day vulnerability in Bitmessage, and the next dark web currency. Also discussed was how SETI (Search for Extraterrestrial Intelligence) is upset about the lack of availability of GPU's to use in their search for aliens.

Duration:01:14:24

Episode 5: Travis Lelle (Host of Bitbull) Interview, Verge Wraith Protocol, Russian Supercomputer Mining, and Predictable PRNG's in Smart Contracts

2/10/2018
More
The CoinSec Podcast welcomes Travis Lelle (host of The Bitbull Podcast) to the show for an interview. Steve gave a rundown of the Verge cryptocurrency Wraith Protocol. A Russian engineer tried to use a supercomputer to mine Bitcoin. More mining malware, a Ledger hardware wallet vulnerability, predicting PRNG's in Ethereum Smart Contracts, and more on this week's episode!

Duration:01:07:20

Episode 4: Smart Contract Security Issues, Coincheck Hack, NIST Guidance on Blockchain, Coinhive in Google Ads, and WannaMine

2/2/2018
More
On this episode Mike Felch (@ustayready) details some of the critical vulnerabilities that can be introduced into Ethereum smart contracts. The largest cryptocurrency hack ever happened to Coincheck. Coinhive made it's way into Google ads, and a new malware called WannaMine is using the NSA Eternal Blue exploit to compromise more hosts to mine on. Also, NIST put out guidance on Blockchain & cryptocurrency.

Duration:01:02:58

Episode 3: Intro to Mining, Sia ASICs, VeChain DRP Plan, Hacken, and North Korea Hacking South Korean Exchanges

1/25/2018
More
Steve Borosh (@424f424f) gives an introduction to mining cryptocurrencies. The hosts chat about the idea of splitting up private keys in different physical locations. News items for the week included VeChain's first ever cryptocurrency disaster recovery plan, reports of North Korea hacking South Korean exchanges, Sia ASIC miner drama, and discussion around millions being stolen from ICO's every month. Lastly the group chats about the penetration testing and bug bounty token Hacken.io.

Duration:01:01:57