BitGrail checked balances before withdrawals in clientside JS. There’s no nationwide bank in the country that doesn’t spend tens of millions on appsec annually.https://twitter.com/matthew_d_green/status/962746421169487872 …
-
Show this thread
-
Replying to @tqbf
One has to ask: if the full design of those systems was completely public (and attackers were smarter) would that spending be enough?
2 replies 0 retweets 1 like -
Replying to @matthew_d_green
Enough? Of course not. Better by leagues than cryptocurrency infrastructure? Absolutely.
1 reply 0 retweets 9 likes -
Replying to @tqbf
But cryptocurrency infrastructure has been astonishingly robust. Bitcoin clients are written in C++. Heard of any network-crashing RCE? Eth uses a custom VM. Heard of any major attacks on it? Exchanges aren’t “cryptocurrency infrastructure”. They’re random websites by amateurs.
4 replies 6 retweets 36 likes -
Replying to @matthew_d_green @tqbf
While we haven't seen sandbox escape/RCE-style vulnerabilities, mistakes in its design as manifested in Solidity are largely implicated in the loss of billions of dollars worth of cryptocurrency/tokens on the Ethereum platform
2 replies 0 retweets 6 likes -
I’ve said this many times. This is definitely a flaw. But it’s not some intractable flaw. It’s a “this is v0.1 don’t put a lot of money into it you idiots” flaw.
3 replies 0 retweets 4 likes -
Replying to @matthew_d_green @bascule
It sounds like you’re saying, “don’t put a lot of money into it, you idiots, but also probably better to have your money there than in a bank”.
1 reply 0 retweets 4 likes -
Oh no. I think banks have a great risk profile. My only question is whether that’s because they’re really, really technologically robust under the hood — or if it’s because there’s so much obscurity and so many expensive human checks and delays that they get there.
2 replies 0 retweets 5 likes -
I think missing from this debate is the vast regulatory and legal apparatus around banks and bank heists, as well as the fact that regulators and judges have a deep familiarity with the financial system. Take that away and banks look a lot more like crypto
1 reply 1 retweet 8 likes -
I wonder, in th aggregate, how much that is costing us.
2 replies 0 retweets 0 likes
Not as much as political donations are costing you. Pony up!
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.