> if a serious crime were committed, the police don't need to have the victim cooperate.
That's what I remember as well, but thought maybe it's different in different countries, or there is some other kind of cleverness behind the offer. Otherwise, it makes them look kind of silly.
Depends on what serious means here. In financial/wire fraud, the police often need support from the victim to collect sufficient evidence. If the victim does not cooperate, the case could be dropped due to lack of evidence.
The police in general are so far behind on their ability to prosecute crypto/cyber crimes for so many reasons that in practice they would basically never be interested in prosecuting without victim cooperation. Not to mention that in theory this would retroactively make the crime totally definitely above board ethical hacking which is not a crime in any jurisdiction as far as I know.
ok lets lay this out, somebody claims that some big complicated numbers that they had and claimed to be valuable, got removed by somebody else, useing a lot more smaller less complicated numbers
worth essentialy nothing, and now are seeking the help of someone else with presumably, slightly more, uncomplcated numbers to retrieve the big complicated numbers,from the whoever it is that has them now, in return for a smaller share
of said large and complicated numbers.
Hmm, maybe but it would have to be come from the prosecutor's office, of whatever country has the best chance of catching the hacker, and the hacker has to be believe it.
Crypto being stolen from exchanges happens so often and in such large quantities that $13M seems like nothing, which doesn't seems like a good sign for the industry.
Not your keys, not your coins. It is never a sound idea to leave a large amount of cryptocurrency on an exchange. I don't think this will fundamentally change from Mt. Gox
One of the few upsides of Crypto is that it provides a constant reminder of why we have banking regulations. Anytime says regulations are onerous or slow down the process and are outdated you can point to our current day poorly regulated crypto markets and show them what it could be like instead.
I was hoping for more information about the nature of the attack. All I saw was that 'funds must be deposited before they can be withdrawn' and 'Tornado Cash' was used for the deposit.
Does anyone have more details about how (or if) Tornado Cash was involved/used in this attack?
Tornado Cash was essentially irrelevant to the attack. Just a way the attacker worked to hide themselves.
The attack was able to happen as a result of two separate bugs.
First, a user was able to use something as collateral with a price that could be manipulated. This allowed them to make the collateral to instantly manipulated to appear worth less than the amount borrowed, allowing it to be liquidated.
The second bug was that they had code that should not allow a user to do a series of interaction with the contract that end in bad debt for the user, however since they were able to liquidate their own bad debt from inside the series of interactions, the liquidation cleared out the bad user debt, and moved it to bad protocol debt. This made it so the whole process was checked at the end of the transaction, the user debt looked fine.
Or I could be slightly wrong - it was an usually gnarly attack.
At this point, it might be fair to say that anyone with significant crypto holdings who isn't storing them offline instead of in some third-party "vault", is an idiot.
Readit News
Then, the magician said "Abracadabra!" and poof! the money is gone.
> The company also offered a bug bounty to the hacker of 20% of the stolen funds.
Would that give them immunity from prosecution if they ever catch him. If not, what's the upside for the hacker to return anything back?
They can certainly offer to not call the police, but if a serious crime were committed, the police don't need to have the victim cooperate.
That's what I remember as well, but thought maybe it's different in different countries, or there is some other kind of cleverness behind the offer. Otherwise, it makes them look kind of silly.
Murder is typically more serious.
https://www.reddit.com/r/CryptoCurrency/comments/sdsp0i/shoc...
Does anyone have more details about how (or if) Tornado Cash was involved/used in this attack?
The attack was able to happen as a result of two separate bugs.
First, a user was able to use something as collateral with a price that could be manipulated. This allowed them to make the collateral to instantly manipulated to appear worth less than the amount borrowed, allowing it to be liquidated.
The second bug was that they had code that should not allow a user to do a series of interaction with the contract that end in bad debt for the user, however since they were able to liquidate their own bad debt from inside the series of interactions, the liquidation cleared out the bad user debt, and moved it to bad protocol debt. This made it so the whole process was checked at the end of the transaction, the user debt looked fine.
Or I could be slightly wrong - it was an usually gnarly attack.