6 months
Permanently Deleted
English
You must log in or register to comment.
6 monthsThis headline feels like a trap. Yes, Valve is the arbiter of what passes through the Steam store. Part of that involves checking for malware which, while their record isn’t flawless, they’ve let very little of it through given the sheer volume of games published to Steam every year. The consequences were terrible here, and I hope that can be rectified somehow. But the implication of this is that Valve makes this sort of error all the time through their “incompetence”, which they don’t, and the point of phrasing it this way seems to be to call anyone stating otherwise some kind of defender of a multibillion dollar company. It seems like a far better use of everyone’s time to be mad at the scammer here. Supporting and profiting from child gambling via Counter-Strike is a much better reason to be mad at Valve than the mistakes or other gaps in their vetting process that will be slightly tighter as a result of this mishap.
- over_clox@lemmy.worldEnglish6 months
Jerboa developers, may I kindly ask for an option to disable automatic video preview?
Don’t get me wrong, it’s a nice feature and all, but fuck it eats at my limited cellular data usage and eats my battery…
Edit: That was meant to be a top level comment, my bad. Leaving it though.
Looks like they just added it in the new release. We should get you to ask for world peace next time, but this is pretty good too.
- over_clox@lemmy.worldEnglish6 months
Oh, new update?!
Awesome, thanks for letting me know, hope the option is there… 👍
- pulsewidth@lemmy.worldEnglish6 months
Well since Steam provide absolutely zero details about their scanning process (or even if it exists), seems like conversely people are making a lot of really complementary assumptions about Steam, no?
This is certainly not the first malware distributed by Steam - this is in fact the fourth publicly-known instance just this year.
Seems like they need to step up their game if you ask me.Reporting from outside sources has covered what Steam’s vetting process is. They check to see if the game runs, if it has the features that the publishers/developers claim it has on the side bar, and they check for malware. Often times this is outsourced, but the buck does stop with Valve. The thing with any security measure though is that anything can be circumvented, and preventing the same vector of attack in the future is an arms race. And another way to read what you said about how many instances of malware there are is that it affects 0.02% of games released this year so far, and they’re not the games that customers are most likely to buy in the first place like your Borderlands or Battlefields.
- YellaLeber@sh.itjust.worksEnglish6 months
Almost 14 thousand games released this year on steam. You could say malware is 100x more likely than the 4 publicly known instances you mention and that’s still not even 3% of games released. Steam is responsible but I don’t know how you expect them to get that down 0% besides manually reviewing game code line by line, which would probably destroy the platform. Don’t let perfection be the enemy of good
- pulsewidth@lemmy.worldEnglish6 months
Good it is not when the recommendation from security experts and reporters is to avoid any Steam games with low numbers of installs / reviews and betas from small companies. That’s where we’re at now.
Nobody reviews game code, as game code is not supplied, only binaries with their relevant resources. There are many security providers that would be able to provide better service that whatever Valve is doing - but who knows, because they keep tight-lipped about it every time there’s an issue, and just patiently await their defenders to hand-wave any concerns.
- YellaLeber@sh.itjust.worksEnglish6 months
Lmao well I don’t know what you want. If you want your PC to be secure, don’t use the Internet. You can’t expect every piece of software you come across to be perfectly vetted. In an ideal world sure everything would be foss and peer reviewed but that sure as hell ain’t the world we live in.
- Echo Dot@feddit.ukEnglish6 months
Providing details about their screening process wouldn’t change anything in fact it would make it less secure.
Is not like this sort of thing doesn’t happen on other platforms including the Apple app store.
- ibot@feddit.orgEnglish6 months
No discussion, it is super shitty that someone stole the money.
But the real scandal is, that anybody needs to raise money, to get a cancer treatment.
If it’s true they the malicious game has been available for a month then steam has some blame.
- 6 months
Why so? Assuming this is the 1st complaint against the game, what was steam supposed to do in the past month?
- kbobabob@lemmy.dbzer0.comEnglish6 months
Obviously, Steam is supposed to vet the source code of every game thoroughly before it ever gets put up for sale.
- 6 months
I wonder how many people are taking your statement at face value without recognising the sarcasm…
- KuroiKaze@lemmy.worldEnglish6 months
It’s not sarcastic. That’s exactly how most of these platforms work behind the scenes. They run automated, dynamic and static analysis against all the app code looking for potentially harmful signatures.
- 6 months
Pretty sure Steam already does that. And no automated (or even manual) analysis is going to be 100% foolproof, or we wouldn’t be worrying about supply chain attacks in Linux. So that puts us back at square one.
- KuroiKaze@lemmy.worldEnglish6 months
Yeah that’s literally what I said. Seems like the previous guy didn’t understand that. I don’t know why anyone would downvote me for just explaining how it works.
- Nibodhika@lemmy.worldEnglish6 months
That’s not analyzing the code. Also almost assuredly steam does that. Finally that wouldn’t catch this since it was a back door, as long as the attacker didn’t use it it would not be detected by any automated means.
- KuroiKaze@lemmy.worldEnglish6 months
That’s called cloaking and you are right that it’s not easy to find which is why you have to trip the payload with varied approaches. Reverse engineers generally are tipped off by suspicious code artifacts then start diving in. I guess the lesson here is that people really overestimated steam’s capabilities at keeping out bad stuff and you should definitely never install any game that you’re not familiar with.
- pulsewidth@lemmy.worldEnglish6 months
Dumb take. There are many ways to scan software without needing access to the source code.
Do you think retail antivirus providers approach every developer of every program version to request a copy of their source code for review before they can verify it’d safe?
- 6 months
Steam could easily gave automation the installs and runs games in a sandbox. Then watches what they do. The things it needed to do to steal the crypto should be vastly different than what a game should be allowed to do.
- dafta@lemmy.blahaj.zoneEnglish6 months
This isn’t foolproof. A lot of malware these days is resistant to analysis because they can detect that they’re running in a sandbox and refuse to run the malicioua code.
- 6 months
I chose not to spell out the full test. The fact is, valve could do it. It is just somewhat expensive. Make a law that game distributors are liable for losses if they distribute malware and you would see how well they could do it.
There are so many ways malware could get through that. What if it waits for a specific date or a certain amount of progress in the game? This automated sandbox probably wouldn’t be smart enough to beat the game, certainly not with as many games as they have.
- 6 months
I chose not to spell out the full test. The fact is, valve could do it. It is just somewhat expensive. Make a law that game distributors are liable for losses if they distribute malware and you would see how well they could do it.
- dogs0n@sh.itjust.worksEnglish6 months
It isn’t easy as you say.
If they could let us run games in a sandbox/virtualised area that would be amazing though. That’s a very big ask though.
I do know that xbox consoles run games in their own hyper-v vm which gives extra protections to us from most malicious code.
Obviously this would be hard for Steam to implement, but it would be a very nice measure.
- 6 months
I didn’t say it was easy. The fact is, valve could do it. It is just somewhat expensive. Make a law that game distributors are liable for losses if they distribute malware and you would see how well they could do it.
- dogs0n@sh.itjust.worksEnglish6 months
I believe you said it was easy in the first sentence of the comment I replied to, though maybe I am reading it wrong and you are speaking on something else.
Nevertheless, they surely have the money to make some type of sandboxed environment for us to run games in, but I can also see why they haven’t since they have so many other things in the works right now and I believe they famously don’t have that many employees (they could hire more, but that could ruin their workflow, etc, not sure). Still, I would like to see this somewhere in the future so I can be a bit more carefree when running less known games.
Maybe this is something that operating systems need to do for us though, I don’t know. Xbox can do it because Windows/HyperV allow it to, but they are created by the same company so the lines are blurred a bit. Not to mention use cases for PC gaming are much wider in scope, so the sandbox environment would have a lot more things to consider (probably).
Anyways I still think this would be sorta far fetched, but I can dream it will soon exist.
Not sure how I feel about making software distributors liable for the malware (it would make any smaller stores go out of business straight away for sure).
Edit: this became long sorry i forgive u if you dont read
- 6 months
You are right I did say easy. In my head I meant that valve pay for it and such, not that it was technically easy. But what I typed didn’t line up.
And as far as sandboxing, I wasn’t really thinking vm sandboxing, I was thinking they could litterally take a whole pc, run the game and see what it does. I assume they could probably do that in a less labor intensive way like run it in the cloud and watch for the process to try to detect that as well. All in all I was thinking more testing env, and not end user changes. Cause yeah, end user support for isolating processes should be on the OS.
But in general, they should do a better job vetting publishers and ensuring those publishers can be held accountable. That is hard to do without blocking out the smaller publishers, but I have faith that if they put a few minds to it, they could figure it out. Probably could contract out the planning part to some experts so they wouldn’t have to perm hire a lot. Might even be able to contract out the vetting so they could pass the liability on.
A crazy thought just hit me. Something like fdic insurance. Won’t happen with this admin in the US, but if the gov setup the vetting guidelines, they could insure the vetters for damages if they followed the guidelines. That would spur vetters into existence that valve and others could then contract. Pipe dream I am sure.
- ryathal@sh.itjust.worksEnglish6 months
Malware creation and detection are billion dollar industries playing an eternal cat and mouse game with each other. These programs don’t just instantly try to steal every file the second they run.
- 6 months
I am decently versed in the game of cat and mouse. The fact is, valve could do it. It is just somewhat expensive. Make a law that game distributors are liable for losses if they distribute malware and you would see how well they could do it.
- pulsewidth@lemmy.worldEnglish6 months
It had a password protected zip file in an update that hid the payload. That is pretty damn basic and would not have gotten past any retail antivirus program’s heuristic detection.
Chances are that Valve is treated as a ‘trusted publisher’ by Microsoft Defender and thus it bypassed the scan. The malware even payload explicitly checks that no retail antivirus was installed, and that Microsoft Defender was active, prior to attempting to extract and run its payload.
(See comments above from other users for explicit details regarding the malware)
- Nibodhika@lemmy.worldEnglish6 months
Password protected zip file is also a way to deliver content an indie dev might use to lock content, so that on its own is not enough, but also the “payload” was connecting to a remote server, which is not indication of bad behavior, lots of games connect to remote servers and receive commands from there, e.g. event X starts now, or something. Except in this case it allowed a reverse shell.
- pulsewidth@lemmy.worldEnglish6 months
Citation please for any indie dev using passworded zip files to lock game content. That would be a pretty dumb approach given all retail security suites / antiviruses will flag a password-protected archive as suspect by default (because they’re so commonly used in the past to distribute malware).
- 6 months
Clearly it passed thier test. But it was not undetectable.
- pulsewidth@lemmy.worldEnglish6 months
It really isn’t. Scanning code for vulnerabilities should be at a very high standard for the dominant and most wealthy game platform on Earth.
Very standard practice for malicious software scanning is to install the program in a virtual environment and then monitor its processes to see if it’s performing malicious activities: eg keylogging while a background process (eg alt-tabbed), or if it interacts with browser data (trying to get saved auth cookies or saved account info), running searches for strings that are common for crypto wallets, etc.
Its entirely possible that Steam has dropped the ball in a big way here.
I can only imagine the animosity in the comments if it was from a game on the Epic store or Ubisoft UPlay…
- 6 months
There are so many ways to bypass what you describe, in addition to it not working for games with kernel anti-cheat etc.
The real issue is all desktop OSes deciding everything should be allowed to access everything. Why is a game able to access your crypto wallet by default, without any permission required? Why can a fake pdf access browser cookies? This has been solved on phones for years.
- pulsewidth@lemmy.worldEnglish6 months
And there are so many ways to detect the bypasses. It’s an arms race, and the most profitable games store of all time should really have a cutting edge system to deal with it is all I said.
Windows should have better security too, but the two thoughts can be held in the mind at the same time.
- 6 months
Well, I just disagree with you. IMO, they are a game distribution company, not a security company. I don’t see this as their job and I am not willing to pay more for games to have some far from perfect behavior scanning.
PS: That is not to say Steam should do nothing, just not behavior analysis, which is an unnecessarily difficult and expensive measure to implement and operate.
- pulsewidth@lemmy.worldEnglish6 months
Who said you need to pay more for games? Steam already takes thirty percent of sales (for the vast majority of sales), they are a $10b+ game distribution company… They’re worth more than several leading security/antivirus companies combined.
I just don’t understand the mindset people get around Steam. They are a business that makes a fortune distributing games, run by a billionaire - they are not a little indie company struggling under the weight of their success.
- 6 months
And I don’t get the mindset of large company should do things for free. Valve is using the 30% to distribute games, provide backups for saves, run steam workshop, make games playable on Linux, creating the steam framework for games, and more. And of course keeps some of it as profit. Being a large company does not give you infinite resources. If they invest massive effort into some behavior analysis stuff, either they increase prices or cut something else they are doing.
- pulsewidth@lemmy.worldEnglish6 months
All they’re expected to do is pay for upstream providers to scan their submissions (eg third party security providers), no need to hire new staff. This is the fourth instance publicized this year! They should communicate regarding issues like OPs - but like usual, it’s crickets.
It’s trivial to detect running in a vm and behave differently
It’s more like “why the industry standard to allow games installers to run as admin is widely accepted?”
Or “why a crypto wallet needs to have unencrypted files in the user home, ready for exfiltration?”
- pulsewidth@lemmy.worldEnglish6 months
Its also trivial for apps detecting any trivial attempts at scanning if they’re running in a VM to be detected, and masked.
Those are also valid concerns, but in an environment where admin rights are granted to games installers the vendor of the games (Steam) needs to adopt a highly curated and protective stance. To this date they provide zero details of their protection - their entire FAQ on malware on their store boils down to ‘if you find malware, please flag it on the store page for us to investigate’.
If anyone is gonna claim the steam store is highly curated… I’d point out to them that a very large amount of their store is shovelware asset flips with very few purchases and installs. There are over 150,000 games on Steam, and tens of thousands of them would fall into that category.
- ryathal@sh.itjust.worksEnglish6 months
Steam does scan for malware, which is why this is news. It’s notable that a game got through that was malware. You haven’t heard about other stores because it’s not worth the effort in targeting them. I wouldn’t be surprised to learn that most stores use the same vendor for malware scanning.
- pulsewidth@lemmy.worldEnglish6 months
I didn’t say they dont scan for malware, I said it “should be to a very high standard”, fully understanding they already do.
- ryathal@sh.itjust.worksEnglish6 months
It is to a very high standard. There’s been 14k games released this year alone which would be a .01% miss rate for malware games. If you compare against all games to account for updates that add malware after submission it’s basically 0 at .000001%
- pulsewidth@lemmy.worldEnglish6 months
They’ve already missed four instances of malware this year that have been publicly reported. How many have other storefronts missed?
I don’t see why asking them out to improve is an unbalanced response or unfair, given the enormous budget they have and the market dominance.
- Nibodhika@lemmy.worldEnglish6 months
And it is very easy to detect you’re in a virtual environment and not do those things, or have a date to trigger the changes or something. The game had been out for a while when this happened without any issues. I just dug a little bit and it was opening a back door apparently, so as long as the attacker did nothing at that time it would have been impossible to detect. You had to know that it was malicious to look for it, then it was quite obvious, but with Valve needing to vet millions of games it’s not feasible to do a full scan of every update of every game.
- pulsewidth@lemmy.worldEnglish6 months
Its “not feasible to do a full scan of every update of every game”?
My friend the scans are automated. Is Steam strapped for cash this month?
Honestly the apologia here for Steam is pretty rank.
- Nibodhika@lemmy.worldEnglish6 months
No automated scan would have captured this, only a paid professional dedicating some time would (and only because this was an obvious attempt, a more subtle one would go unnoticed even by an expert) and that is not feasible.
- pulsewidth@lemmy.worldEnglish6 months
It literally contained a known version StealC malware in its payload, and had basic python scripting with the Telegram bot code and access tokens left visible to researchers (very bad OSINT). This was not sophisticated scripting, nor novel malware, just some script kid that sourced the whole setup on Telegram. The malware would easily have been captured by a competent security company’s automated scanner.
At this point people should not keep substantial amounts of crypto on their main PC anymore. Either get a hardware wallet or an old smartphone or other device to dedicate to that purpose and not install anything else on it.
- bigboismith@lemmy.worldEnglish6 months
Yeah, like 100% not to victim blame, but that is what not to do 101
Reason why I am hesitant to do online banking on my PC and rather do it on my phone if possible.
- Echo Dot@feddit.ukEnglish6 months
You get that your phone is a PC right? You’re no more secure if you just do it on your phone.
Your security from banking comes from the fact that the industry is regulated and has fraud protection. Crypto is just as wild west of anything goes nonsense.
Sure. I could also limit myself to doing it on a separate machine or a VM that has different credentials than my usual PC.
But my phone is more convenient :)- Echo Dot@feddit.ukEnglish6 months
That wouldn’t protect you either since the risk is fraud not anything digital. None of this would have been able to happen had people not been able to get fraudulent software on his computer. If they can get software on computers that can take malicious actions, then even having it on a virtual machine won’t help you since it still needs to be connected to the internet to be useful.
An active antivirus system would have prevented this. Windows built-in antivirus system is horse dung. I’m pretty sure even the free tier of malware bites would have dealt with this.
Virtual machine as in: Gapped purposes for different tasks.
For example: I don’t do my taxes on my gaming rig.
old smartphone
Please don’t use a device without security updates and a shitton of known vulnerabilities as your wallet
If that’s what’s available I will argue it’s still a better option, because it’s isolated. You can make transactions with QR codes and do nothing with the device except run the wallet app, which removes most options for an attacker, including some that could work on a hardware wallet (ie. more complex transactions where it doesn’t display enough info about what is happening to know not to approve it).
- prole@lemmy.blahaj.zoneEnglish6 months
The crypto was never stored on their PC, that’s not how it works.
- skozzii@lemmy.caEnglish6 months
America is the only country where this could occur, look yourself in the mirror…
- 6 months
Needs to raise money to get cancer treatment. America is a real dystopia.
- 6 months
That’s the real story here. Everything else after that is just icing on the tragedy cake.
Why does this guy need to raise 32 grand (a respectable salary in plenty of places) for cancer treatment
- daniskarma@lemmy.dbzer0.comEnglish6 months
It’s cooler when americans become drug dealing kingpins because they got lung cancer.
Crapto is a total scam. Stop putting your money into this damn Ponzi scheme.
- ms.lane@lemmy.worldEnglish6 months
I would have agreed a year ago.
But the only clearing houses for online transactions turned out to be a bunch right wing stooges that hate LGBT and Adult Games.
Oh crypto, can’t you go five minutes without being a scam?
… How long was that?
- otp@sh.itjust.worksEnglish6 months
This isn’t a problem of crypto being a scam. The scam was a video game in this case.
If someone hides $30k in cash in their home, gets robbed, then the robber spends it all and dies penniless? The victim won’t get their money back. Same as this victim.
That’d make cash just as much of a scam as crypto in these two scenarios.
If someone hides $30k in cash in their home, gets robbed
That’s not really a comparable scenario though, is it? To be robbed of cash someone has to physically be in the same location, and physically remove an object from your safe keeping (be it a literal safe, or on your person)
To steal crypto someone on the other side of the world can just be like “yo bro click this” and 18 seconds later its gone. Who was it? Who knows. Where are they? No idea! Not even a chance to yell out “omg help help someone help this guy is stealing my stuff” as they do it.
As a side note, I’m not a “cash is king” type person anyway. I much prefer electronic transfers. I just prefer my electronic transfers to be real money handled by financial insitutions where its protected by laws, not magic beans.
- otp@sh.itjust.worksEnglish6 months
As others have described, people can steal money digitally the same way. Yes, real money is infinitely more trackable.
That doesn’t mean crypto is a scam. It just means it’s not (as) trackable as traditional currencies.
And I’m not a cryptobro or anything. I just don’t think cryptocurrencies are inherently “a scam”.
- prole@lemmy.blahaj.zoneEnglish6 months
Yes, real money is infinitely more trackable.
This isn’t even true, unless you’re specifically talking about coins like Monero.
If you think bitcoin is untraceable, then I’ve got a bridge to sell you
- otp@sh.itjust.worksEnglish6 months
Yeah, that was a bad description on my part.
Compared to digital transactions of traditional currencies though, my understanding is that traditional currencies are easier to trace
- daniskarma@lemmy.dbzer0.comEnglish6 months
You can definitely get your bank account emptied by just “clicking here”. Personally know people that suffered that. And depending on the bank they will refund or not. If they got away with being a user rampant error you will be on your own.
The game in question, Block Blasters, which was free to play, has been removed from Steam, although it seems owners can still try to install it, but antivirus programs may block those attempts.
The GData linked in the post shows that the game was released in July 31 and that the malware update came in August 30, adding a .bat and 2 .zip files within the
Engine/Binaries/ThirdParty/Oggdirectory. The zip files were password protected, which blocked scanning.The batch script checks first if the system is running only Windows Defender and does not have any of the listed AV products from AV_PROCESSES as a running process; if these criteria are met, the batch script unpacks the contents of the archive “v1.zip” (…) The script “1.bat” adds the destination folder of the executables found inside the “v3.zip” archive to the exemption list for Microsoft Defender Antivirus. [emphasis mine]
So, yeah, it’s pretty clear how easily it went undetected by Steam, Windows Defender or any other antivirus program - malware inside a password protected zip. I suspect making something similar on Android wouldn’t be much harder, as an app or game that needs access to your internal storage isn’t “too weird”, like something that asks for some music to play in a stage.
- pulsewidth@lemmy.worldEnglish6 months
A password-protected zip file should have been flagged by Steam as suspect before they approved the update, its a very old and very common method for detection bypass.
- HeyJoe@lemmy.worldEnglish6 months
With how much money valve makes, just fix it. Its nothing to them and makes them look good.
- 6 months
Incentives. If valve did this, the expectation would be for them to cover any and all future breaches. They don’t have the capability of detecting and preventing all attempts, and this would incentivise a wave of new malicious programs. Because hey, if you get one into the store, you can now steal a million bucks from your own sockpuppet account, and valve will cover it.
People would do this on purpose to steal their own money and then beg Valve to pay them lol
- 6 months
Honest to God, this is a PR slam dunk if they do that. They get to write if the pay out as a donation to charity for tax purposes, get the lime light of them doing something generous for a cancer patient, and can show that they take the few breeches of their malware.qall seriously. Hell they could probably double the pay out and they wouldn’t even notice the loss.
- 6 months
See other comment for why this would be a horrible, horrible idea
- rbesfe@lemmy.caEnglish6 months
Maybe don’t raise money for your cancer treatment in the form of crypto? Hard lesson to learn for sure
- Katana314@lemmy.worldEnglish6 months
I don’t think it’s such a direct lesson since it could’ve been other financial information on there. Instead of a crypto key, the game could’ve installed a keylogger that read the player’s banking password later.
It’s more of a general warning that Steam games are not necessarily safe.
- kossa@feddit.orgEnglish6 months
Well, with my banking login the scammer could look at my balance and my poor spending habits. To withdraw/transfer they would need a TAN as well and therefore my banking card. Good luck getting hold of that with malware ¯\_(ツ)_/¯
- dogs0n@sh.itjust.worksEnglish6 months
I believe they were streaming on a platform that is built around cryptos
I’ll be the asshole: why the fake money wasn’t immediately converted to real money giving directly the exchange address instead of a locally hosted wallet? Except bitcoin all the shitcoins are devaluating in real time
- 6 months
With meme coins, the liquidity is dogshit. There’s no real market for sale.
If you sell the tokens piece-by-piece as you get them, you drive down the future price and might get less real money overall. Better to sell a big chunk at once.
Also, not every exchange has a wallet/custody system. It’s entirely possible for direct p2p trades to happen without any intermediate transfers. I don’t know if pump.fun actually does this.
- Echo Dot@feddit.ukEnglish6 months
This is why services like steam don’t offer bitcoin and other cryptocurrencies as a method of payment. Because you’re screwed no matter what you do, if you convert it you drive the cost down, if you don’t convert it it stays in this unsecured unverified easy to steal format with insane value fluctuation. You would literally be better off getting paid in roubles.
- NotKyloRen@lemmy.zipEnglish6 months
They (Steam) offered Bitcoin payment, but pulled out because of what you said. They were covering the changes in fluctuation, but ultimately it was too unstable. I recall a statement from them saying something like, the value fluctuated too much during the brief checkout process, even.
- Sonalder@lemmy.mlEnglish6 months
Criminals are often not the most highly intellectual people on this planet…
- daniskarma@lemmy.dbzer0.comEnglish6 months
I’m not into crypto. But how can it being stolen just by reading some file in the computer? Isn’t the private key encrypted with some really secure password? It was stolen while the private key was being used?
Considering how the malware works, it seems that the criminal managed to copy/steal all the browser data of Rastaland, including open sessions, allowing him to login on any site that had an active session/cookies, including that pumpdotfun where the coin was
- Sonalder@lemmy.mlEnglish6 months
To keep it short there is two big families of wallets. Hot and cold wallet. Hot wallets are the one that got an internet connection wether it’s a constant one or periodically connecting. Cold wallets are never connected to the internet and often are dedicated hardware devices with the better ones having a Secure Element to store the private key or even sometimes sign transactions directly in it.
Victims of this attacks were using hot wallet on a not-dedicated machine which is consider bad practice. Hot wallets have to be consider more like a physical wallets for daily spends and cold wallet being privilege for long-term saving and monthly or yearly transactions.
I’m not an expert but desktop OS (especially Windows) are not as well contained than phone so I almost never use hot wallet on my computer. Often users are tricked to sign transactions to get stolen but I think if the wallet is unlocked a malware with the right privileges/permissions could easily steals money.
by reading some file in the computer Aren’t Steam games always executable for Windows?
- fuzzywombat@lemmy.worldEnglish6 months
People keep saying $32k was stolen by malware. No, that did not happen. Malware did not reach into someone’s bank account and withdrew $32k. Here is a simple fact. Crypto is not money. If your brain says something like “it works just like money, or it’s worth just as much as money so it’s basically money” then you’re most likely to get scammed at sometime in the future by putting your actual real money into crypto. It’s that simple.
- 6 months
If a collective of people say its worth something then it’s worth something. That’s literally what money is and how it works
- TheObviousSolution@lemmy.caEnglish6 months
Trust and regulations that are lacking in crypto make it what it is. If a collective of people are willing to offer something in exchange for something else, even just because it is a crowdsourced confidence scam, it doesn’t really ethically exonerate what you are supporting. Every person who participates in crypto is also holding up its underground international market. It was bad enough under normal markets, but the difference is between night and day with crypto. Crypto is far too easy to turn into a bunch of excuses and anonymous pseudonyms.
- 6 months
Do you realize the scale of illicit trade in us dollars is like 10 orders of magnitude more than crypto?
- TheObviousSolution@lemmy.caEnglish6 months
Only because the trade power of US dollars is like 10000madeupbagillionzillioninternetnumber0000 order of magnitude more. Talk in fractions. Preferably in not also made up ones. I know, I know, crypto habits die hard.
- 6 months
I do realize that, so tell me again what the point of your original statement was?
- TheObviousSolution@lemmy.caEnglish6 months
Trust and regulations that are lacking in crypto make it what it is. If a collective of people are willing to offer something in exchange for something else, even just because it is a crowdsourced confidence scam, it doesn’t really ethically exonerate what you are supporting. Every person who participates in crypto is also holding up its underground international market. It was bad enough under normal markets, but the difference is between night and day with crypto. Crypto is far too easy to turn into a bunch of excuses and anonymous pseudonyms.
- Mr_Dr_Oink@lemmy.worldEnglish6 months
Isnt the difference that money is valued against something tangible. Like gold, oil or data. The strength of a countries currency is based on how much of these things it has.
Whereas crypto isn’t valued against anything other than thoughts and prayers. If people think it has value then it has value. Until people no longer think it does, at which point it tanks and you are no longer rich. It’s the same as those NFTs.
Sure you can make money in crypto, you can exchange it for traditional money if you play the game well. But that doesnt mean crypto has any inherent value.
- ogy@lemmy.zipEnglish6 months
No. It used to be fixed against a physical asset but it hasn’t been for a long time now.
- HereIAm@lemmy.worldEnglish6 months
Most currencies today are fiat currency. They only got value because they are the official currency of a nation and their government says so and people have the belief it has value. The US dollar used to be backed by gold but was stopped in the 70’s.
- 6 months
data
tangiblein that case money itself is tangible and can be valued against itself. You are confusing exchange value and use value. Money has an exchange value, so does gold, oil or any other commodity. But unlike money they also have a use value.
- prole@lemmy.blahaj.zoneEnglish6 months
The USD is backed only by the “full faith and credit of the United States government”. Nothing tangible whatsoever. It’s fiat.
- Sonalder@lemmy.mlEnglish6 months
1 USD is worth 1 USD because you can pay 1 USD of taxes. It is backed by political promises, oil, weapons and war. This can’t end well.
Crypto means cryptography. Cryptocurrencies are a variety of things from stablecoin (digital token backed by fiat money often by a private company ), company shares, community projects, scams, scams, ponzi, scams, cool technical experiments and technically bad experiment. In the other hand there is Bitcoin (and Monero to some extent) that is owned by humanity, no foundation, no company, no state. It is backed by a proof of past energy brining the most innovative security system in the history of IT, not based on restricted access and opacity but by economical incentive to play fair with others in a big game theory peer-to-peer network.
Bitcoin is not the money of the internet. It’s the internet of money.
Andreas Antonopoulos
- 6 months
Sat what you will, crypto paid off my student loans and helped me buy a house
- Lumisal@lemmy.worldEnglish6 months
A form of relatively stable currency that is accepted to have value for the trade of goods and services by the majority of locations.
Memecoins from pump fun that are less stable than Trump’s mood and vent be used to buy pretty much anything are definitely not that
- prole@lemmy.blahaj.zoneEnglish6 months
So would you consider a stable coin like USDC (fully backed by USD, and audited) to be “money” then?
- Lumisal@lemmy.worldEnglish6 months
Do the majority of locations that offer goods and services accept USDC in it’s designated region? Can you buy groceries at basically anywhere with it, watch a movie, pay for a gym subscription etc with it? Can you buy a home or other shelter with it?
If no, then no, I don’t, since it didn’t meet that criteria.
Edit: also, what’s the point of USDC, at least based on your description? Sounds it’s just using more resources to do the same thing a debt card does.
- Nibodhika@lemmy.worldEnglish6 months
By that definition the Argentinian Peso is not money because it’s not stable, nor is the dollar since the majority of stores in the world don’t accept it (mostly just the ones in the USA do, and a couple of others here and there, but definitely not the majority worldwide). And if you’re going to start randomly limiting locations, I’m fairly confident you can find a specific neighborhood or city where more stores accept Bitcoin than dollars, and worldwide I’m fairly confident more stores accept Bitcoin than Tuvaluan dollar, does that mean that that is not money?
- Lumisal@lemmy.worldEnglish6 months
You crypto heads always bring up the Argentinian Peso even though it’s still actually more stable than even Bitcoin. People aren’t buying Argentinian Pesos thinking they might become rich one day, because it’s an actual currency, not a speculative asset, which is what crypto is. It won’t spike in value over 3 months or dive off a cliff by multitudes of thousands. I guess if you’re a 300 year old vampire or a Galapagos tortoise it’s not stable to you, but a currency having a crash but then staying at a crashed value, over the course of decades, is in fact stability. Having crashes and spikes over months if not weeks is not stability.
But ignoring that, most of the world does actually accept US dollars - it’s the most traded currency in the world. It’s also safe to say in nearly every country you can probably exchange USD to the local currency fairly easily.
If you can find me a city where more stores accept Bitcoin rather than the designated currency, then sure. I’m not sure a single one exists.
And that’s bitcoin, which actually is well known and traded. What the person in the article lost wasn’t even that, not any other well known crypto like Ethereum.
- Nibodhika@lemmy.worldEnglish6 months
You crypto heads always bring up the Argentinian Peso even though it’s still actually more stable than even Bitcoin.
I bought the Argentinian Peso because I am Argentinian, and lived through the devaluation of our currency, and the Patacones and Corralito, maybe because you haven’t experienced something similar you don’t understand just how much of “money” is based on trust.
People aren’t buying Argentinian Pesos thinking they might become rich one day, because it’s an actual currency, not a speculative asset, which is what crypto is.
You can speculate with anything, the fact that people speculate with crypto has no bearing on it being money or not. Also you might be unaware but people do speculate with dollars/pesos in Argentina, that does not disqualify either of those as money.
But ignoring that, most of the world does actually accept US dollars
No, you’re wrong, outside of Argentina and the US (and a few tourist heavy places) I have never seen stores that accept dollars. This is a misconception Americans have, dollars are not accepted worldwide, you need to exchange it for the location currency, just like how trying to pay for stuff in the USA with Euros or Reais would not work.
it’s the most traded currency in the world.
Bitcoin is more traded than some small countries currency, if that mattered then Bitcoin would be more of a currency than that one.
It’s also safe to say in nearly every country you can probably exchange USD to the local currency fairly easily.
Also possible to exchange Bitcoin, that has no bearing.
If you can find me a city where more stores accept Bitcoin rather than the designated currency, then sure. I’m not sure a single one exists.
Than the designated currency no, but than a specific currency absolutely, I’m 99% sure every city I’ve lived for the past 5 years has more places that accept Bitcoin than Argentinian Peso.
And that’s bitcoin, which actually is well known and traded. What the person in the article lost wasn’t even that, not any other well known crypto like Ethereum.
Still, it’s a problem of definition, money is an abstract concept, one where is very hard for you to find a definition that includes all of the countries currency but doesn’t include Bitcoin.
But here’s the most important thing that goes through everyone’s heads, just because something is money doesn’t mean it has inherent value. People who invest in crypto, be it FT or NFT, are no different from people who invest in gold or art. And scams involving crypto are no different from other scams, you don’t go around saying emails are scam because people use them to scam others.
All of that being said, crypto bros are the other extreme from you, thinking that crypto is a magical solution to everything and can’t see the glaring issues that will make it impossible from being adopted in any meaningful scale (and it boils down to cryptocurrencies having the same attributes than paper money, bit people not taking digital security seriously the same way they do with securing paper currency)
- Sonalder@lemmy.mlEnglish6 months
Then what is money? State approved piece of paper backed by oil, weapons, war and slavery?
- funkless_eck@sh.itjust.worksEnglish6 months
I mean down that road you end up at “what is anything? does anything exist? does free will exist?”
