• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

Atomic Wallet has been hacked, if you have Dash or other coins there - withdraw ASAP

So many hacks last year and this year. Now this hack of Atomic Wallet, a wallet that suppose to be a (trusted? trustless?) secure decentralized wallet.
Still strange to read posts from people claiming to have put their life savings into a hot (connected to internet) closed sourced software wallet like Atomic Wallet, instead of keeping it on a cold wallet / hardware wallet.

This all does make me worry about the Platform Credit Pool that Dash Core Group is working on and which will contain the majority of the masternode blockrewards in the form of Credits (after activation of future Dash Core v20 update). How hacking-resistant will that Platform Credit Pool proof to be and will it be trustless or is a level of trust required ? How well-protected will that Platform Credit Pool be for example from a developer gone rogue and perhaps trying to setup a backdoor into that pool for himself ? Is there a dependency for the Platform Credit Pool on certain external/third party libraries that could be exploitable / hackable ?

With regards to the hack of Atomic Wallet, people can also view whats going on there on Reddit : https://www.reddit.com/r/atomicwallet/new/
 
Last edited:
qwizzie said:
So many hacks last year and this year. Now this hack of Atomic Wallet, a wallet that suppose to be a (trusted? trustless?) secure decentralized wallet.
Still strange to read posts from people claiming to have put their life savings into a hot (connected to internet) closed sourced software wallet like Atomic Wallet, instead of keeping it on a cold wallet / hardware wallet.

This all does make me worry about the Platform Credit Pool that Dash Core Group is working on and which will contain the majority of the masternode blockrewards in the form of Credits (after activation of future Dash Core v20 update). How hacking-resistant will that Platform Credit Pool proof to be and will it be trustless or is a level of trust required ? How well-protected will that Platform Credit Pool be for example from a developer gone rogue and perhaps trying to setup a backdoor into that pool for himself ? Is there a dependency for the Platform Credit Pool on certain external/third party libraries that could be exploitable / hackable ?

With regards to the hack of Atomic Wallet, people can also view whats going on there on Reddit : https://www.reddit.com/r/atomicwallet/new/
Click to expand...

I share many of the same concerns of the Dash Credit Pool,l namely from software errors, it will be trust-less in the same way our UTXOs are trust-less on the Dash Blockchain, but it will be a honey pot that I am sure hackers will try to drain, as for rogue devs, they would have to slip in the code while everyone is watching, I don't think they could do that.

All that said, there are some checks 'n' balances in place to minimize issues. On the Platform side is sum trees which is able to compute the total amount of Platform credits held in Platform from block to block, this will be compared to the Dash in the Dash Credit Pool (DCP) and if the two ever don't agree a chain halt will occur, this prevents inflation bugs. As for drains, initially, the maximum amount of Dash that will be allowed to drain from Platform will be very small, eg 100 dash per day, this is so that any hack is minimised, the devs will monitor this 'bridge' and increase limits as the confidence in the system grows.
 
xkcd said:
I share many of the same concerns of the Dash Credit Pool,l namely from software errors, it will be trust-less in the same way our UTXOs are trust-less on the Dash Blockchain, but it will be a honey pot that I am sure hackers will try to drain, as for rogue devs, they would have to slip in the code while everyone is watching, I don't think they could do that.

All that said, there are some checks 'n' balances in place to minimize issues. On the Platform side is sum trees which is able to compute the total amount of Platform credits held in Platform from block to block, this will be compared to the Dash in the Dash Credit Pool (DCP) and if the two ever don't agree a chain halt will occur, this prevents inflation bugs. As for drains, initially, the maximum amount of Dash that will be allowed to drain from Platform will be very small, eg 100 dash per day, this is so that any hack is minimised, the devs will monitor this 'bridge' and increase limits as the confidence in the system grows.
Click to expand...

The fundamental flaw of the Dash Platform is that there are no written specifications of the platform. Or if written , they are not complete or reviewed by anyone else. So no other development group can test the specs and develop an alternative platform using another language or another approach. We rely on the trust in the developers and in their specific platform implementation. So the so called decentralized platform becomes extremely centralized.

The masternodes should vote in the budget for two (or more) separate and competitive development groups (DCGs), and ask them to be based on the specs and built various platform implementations, written in different programming languages. If the various platform releases work and cooperate eachother, so that a masternode can choose to install whatever release he wants in order to participate to the platform, then a real decentralization is achieved. Otherwise the Dash community is highly dependant on the mood of a clan of developers who are friends eachother , thus the Dash community is doomed.
 
Last edited:
You must log in or register to reply here.
Back
Top