This week in crypto: the golden bull run is back?

Well, it happened again.

Crypto prices went crazy this week. Bitcoin broke the $10k barrier, the market broke $300 billion and a good number of alts popped.

As I write this – at 11am on Friday – 39% of the top 100 cryptos are up by 20% or more in the last seven days.

And for a change, Bitcoin isn’t among them. In terms of 7-day gains, Bitcoin is way down in 78^th place, which could… could… be the first tell-tale sign of an altcoin run. The fabled golden bull run.

Of course, it might not.

Either way, it’s been an exciting week.

The top three gainers were:

• Hedera Hashgraph – down 20% today, but still up a whopping 173% for the week, thanks to Google joining its governing council.
• OKB – up 64%, thanks to OKEx announcing the testnet of its decentralised trading platform. (OKB is to OKEx what Binance Coin is to Binance).
• Tezos – up 54% for the week and 146% Year to Date. Find all my coverage on Tezos here.

Hedera Hashgraph is an interesting one. In theory, it solves many of crypto’s biggest issues. But when I took a deep dive into it for Exponential Investor in 2018, I found a number of unsettling things.

You can read my findings here: Is Hedera Hashgraph crypto’s salvation, or its antichrist?

But here were the Cliffs notes:

Hedera Hashgraph is a for-profit foundation

Unlike many cryptos, which form non-profit foundations, Hedera Hashgraph has formed a for-profit foundation.

From the white paper (the single mention, emphasis mine):

Hedera Hashgraph Council (HHC) is a for-profit LLC that will be governed by up to 39 renowned enterprises and organizations, across multiple industries and geographies.

And yet it wants to be “the new internet”. If the internet had been created as a for-profit foundation and built on closed-source software, the world would be a very different place now. A much less collaborative and much less technologically advanced place.

Most cryptos see this and pride themselves on building open-source platforms and protocols. But not Hedera Hashgraph.

Hedera Hashgraph is ruled by corporations

There are 39 corporations who make up the HHC. The HHC says what happens to the Hedera Hashgraph protocol and users must oblige.

HHC owns 60% of its supply

Hedera Hashgraph will run a proof-of-stake protocol (POS). This means people who own it can “stake” what they own to secure the network and in turn get rewarded in fees.

Given that HHC owns 60% of the supply, it will collect 60% of the fees for itself.

And what’s more, the Hedera Hashgraph Council (HHC) will also get periodic dividend payments from network users.

Oh, and because it has total control of updates and upgrades to how Hedera Hashgraph works, it could allocate itself even more at any time and all users would have to go along with it.

Hedera Hashgraph was created by two ex-military men

The co-founders of Hedera Hashgraph are ex US Air Force.

This brings up all kinds of questions about government collusion and makes the patenting and secrecy behind Hedera Hashgraph’s code all the more poignant.

Just what is in there that it doesn’t want people to know about?

***

(As you’ll soon see, given the news that came to light this week about encryption and the CIA, that last point is very relevant.)

After I published that article, I got an email from Hedera Hashgraph itself

When I was writing Exponential Investor, I covered A LOT of different cryptos and crypto stories. Some in a positive light, some in a negative light.

If you’ve followed my writing over the last few years, you’ll know I try to be as impartial as possible – and add in a dose of humour where I can. There’s enough tribalism in crypto without me adding to it.

But of all the cryptos I covered, only one ever got in contact with me about what I’d written about them. Hedera Hashgraph.

Basically, they didn’t like my article, but they didn’t refute any of the points I made in it.

I’ve since seen Hedera Hashgraph present at Blockchain Week Paris, and as expected, they were extremely professional and extremely corporate.

If you like the idea of a slick organisation running a crypto, and doing it in a professional way, then I can see the appeal.

But personally, I’m not a fan. I don’t really like the idea of “the next internet” being controlled and monetised by a cabal of for-profit corporations.

And while we’re on the topic of control…

IOTAs shuts down its network to investigate stolen funds

Up until Thursday evening, it looked as though IOTA was going to make it into this week’s top three gainers.

Adding to the coordicide alphanet release last week, IOTA made another major announcement on Monday (11^th February).

IOTA and the Eclipse Foundation launched a working group to “build enterprise solutions on IOTA”.

That working group is called Tangle EE, and among its members are: Dell, STMitroelectronics and Software AG.

And members of Eclipse Foundation itself include Google, Microsoft, IBM, Intel, the Linux Foundation, Oracle, BMW, Bosch… the list goes on.

You can read more about it all on IOTA’s official blog. But needless to say, this was very big news. Not just for IOTA, but for the world of crypto in general.

So IOTA was really on a roll…

But then disaster.

On the 12^th of February IOTA shut down its mainnet to investigate multiple reports of stolen funds.

Make no mistake, that is a huge step to take, and its impact has not yet been fully felt… as no one can access their IOTA right now.

(You can see the latest on this on IOTA’s status page. By the time you read this, the mainnet will likely be back online, and who knows what will have happened to the price).

So what’s going on with IOTA?

I’ll quote IOTA’s official communications to avoid any confusion:

February 12th 2020 – 16:55

After receiving several reports of fund theft that looked out of the ordinary in a short timeframe we decided to warn about this in Discord and on Twitter. As a precaution we ask you to keep your Trinity wallet closed for now.

February 12th 2020 – 17:20

After initial investigation we decided to turn off the Coordinator to make sure no further theft can occur until we find out the root cause of these thefts. Further investigation taking place from here on.

February 13th 2020 – 15:45

We’ve shifted the complete focus of all relevant resources of the IOTA Foundation to this investigation last night and we have been working in teams to investigate impact and cause together with the identified victims. The conclusions so far are:

– Most evidence is pointing towards seed theft, cause still unknown and under investigation

– Victims (around 10 that identified with the IOTA Foundation so far) all seem to have recently used Trinity

– After in depth transaction analysis it looks like about half of the victims with confirmed funds moved out are already in contact with the IOTA Foundation

– We will continue to investigate to find the root cause and will follow up with further actions and updates

– We’ll share a full transparent report of all events once this has concluded, for now we’ll limit the information we share to not give provide the attackers with any additional insights

– We can’t rule out other scenario’s, the found information is not conclusive.

February 13th 2020 – 20:45

We are still evaluating multiple possible root causes, including an exploit of a previous Trinity version with all its dependencies.

We have been working on the investigation of attacked seeds and analyzed the attack pattern, using a set of newly developed tools, as well as finishing a complete manual verification (to validate tooling reliability).

In order to have a single point of information for the community, we have accelerated the setup of status.iota.org, which is available since the afternoon to consolidate all updates. A newly created questionnaire also gives us a more detailed insight around the circumstances under which the funds have been stolen.

Additional several cyber forensic experts have joined the investigation to perform deep scans of Trinity’s dependencies as well as affected systems. First (but not all) exchanges have responded, reporting that no monitored funds have been transferred or liquidated.

Due to the ongoing investigation of the root cause, we will continue to halt value transactions on the network. Please note that data transactions are not affected.

February 14th 2020 – 13:45

After another long night we are confident to exclude several of the initially estimated root causes of the attack. The team is investigating every single dependency (and their dependencies) of Trinity.

Additional external cyber security experts have joined the investigation with multiple security teams working on the incident analysis. The investigation has yielded absolutely no indication that there has been a core protocol breach of any kind. Rather, all evidence so far points to a problem with a dependency of the Trinity wallet.

The attack pattern analysis showed that the halt of the coordinator interrupted the attacker’s attempts to liquidate funds on exchanges. The stolen funds have been purposely and repeatedly merged and split to obfuscate the investigation, and with the current token exchange rate as well as exchanges’ KYC limits in mind. We received additional feedback from more exchanges (not all yet), confirming that none of the identified transactions has been received or liquidated. Our current assumption is that the perpetrator targeted high value accounts first, before moving on to smaller accounts and then being interrupted early by the halt of the coordinator. (Again: Hardware wallet users are not affected.)

Please note that we are very much aware of the sentiment of the community. But with the safety of the users’ funds being the highest priority in a Major Incident like this, we stand by our decision to make use of the coordinator’s security features and halt all value transfers during the ongoing investigation, in order to protect the users. This not only stops the perpetrator from exploiting more captured seeds but ensures the time needed to fully understand the intrinsics of the attack and enact a mitigation strategy.

***

To summarise:

• A number of IOTA holders reported missing fuds
• IOTA investigated and found it was theft
• IOTA shut down the IOTA network to investigate and stop any further thefts
• At time of writing the IOTA value transfer network is still “turned off” but the data network is on
• Hardware wallet users were not affected

This has understandably caused a lot of controversy.

People want to know if their funds are safe, and people also want to know how IOTA can shut down a “decentralised” network.

To answer the first question, going off IOTA’s official communications, it looks as though only a very small number of people were affected. So it’s unlikely this is some fundamental flaw in the Trinity Wallet. But we’ll wait and see.

And on the second point. Right now IOTA is not decentralised. It is controlled by the coordinator.

Once coordicide happens, it will be fully decentralised. Hence all the hype about coordicide. (If you want to know more about coordicide, you can read last week’s issue).

The thing I find strange about the whole incident is this:

Clearly whoever is behind the thefts is very smart and knows a lot about IOTA.

So they will know enough to know that coordicide will be complete within the next year or so.

And when coordicide is complete, IOTA would not be able to shut down the network.

So, if the hacker/thief wanted to make a lot of money, surely they should have waited until after coordicide was complete so they could steal much more and over a much longer timeframe.

But then, I guess, we don’t know how much they got away with yet. Maybe if was a major amount.

And maybe they wanted to do it now for fear the vulnerability would soon be discovered by someone else or patched.

Clearly there is a lot more to this story than we know right now, so I’ll come back to in in next week’s issue, when hopefully we’ll know a lot more.

It’ll be interesting to see where IOTA’s price is this time next week.

In the meantime, you can stay up to date by checking IOTA’s official status page.

Now back to a more general theme.

The CIA controlled Crypto AG for decades and backdoored most of the world’s “encrypted” communications

Now this is an interesting story!

From The Guardian:

Encryption weaknesses added to products sold by Crypto AG allowed the CIA and its German counterpart, the BND, to eavesdrop on adversaries and allies alike while earning millions of dollars from the sales, according to Washington Post and the German public broadcaster ZDF, based on the agencies’ internal histories of the intelligence operation.

“It was the intelligence coup of the century,” the CIA report concluded. “Foreign governments were paying good money to the US and West Germany for the privilege of having their most secret communications read by at least two (and possibly as many as five or six) foreign countries.”

The CIA’s compromised encryption products were used by over 100 countries, with only Russia and China smart enough not to trust them.

And the operation ran from 1945 to 2018!

Again, from The Guardian:

At their height, Operations Thesaurus and Rubicon provided the US with a powerful intelligence edge. When Anwar Sadat and Menachem Begin were hosted by the former president Jimmy Carter at Camp David in 1978 to negotiate an Egyptian-Israeli peace accord, the US was able to monitor all Sadat’s communications with Cairo.

Iran was also a Crypto customer, allowing CIA and the National Security Agency (NSA) to spy on the revolutionary government in Tehran during the 1979 hostage crisis. US intelligence was also able to eavesdrop on Libyan officials congratulating each other on the 1986 bombing of a Berlin disco.

According to the CIA’s history, the US passed on intercepted communications about Argentinian military plans to the UK during the Falklands war, exploiting Argentina’s reliance on Crypto encryption equipment.

So, how safe is today’s encryption, really?

Is Bitcoin just another front for the CIA? (After all, it makes finding criminal transactions – or any transactions for that matter – extremely easy to do.)

Is Satoshi Nakamoto some CIA mastermind?

Will IOTA ever turn its network back on?

When I see the colour orange, is that the same as what you see when you see the colour orange?

Is the Matrix real?

One of these questions will be answered next week.

See you then.

Thanks for reading

Harry

PS I do intend to write an issue on STOs and an issue on DeFi. But crazy things keep on happening in the world of crypto, which I think are more important to cover. Maybe next week will be a little more boring and I can get on with the DeFi article… but given the IOTA drama, that’s not looking likely.

PPS Thanks to everyone who has written in over the last couple of weeks, and hello to all our new subscribers. If you wrote in, I will get back to you. It just might take me a little while.