If Cryptocurrencies and Children are our future, that future will depend on secure computing and informed youth

Protect That Future!

A Million commits a day? There's a doctor to pay!

We've reached the point where companies expect feature-rich apps developed in days or weeks not months or years.

They expect the apps to be secure, scalable, and free of defects.

Thanks to Open Source Software, this is entirely possible! ... right?

As Panama Papers learned, Maybe not.

But are blog owners alone? No.

Stores on Opencart, Magento, and basically anything built using Drupal were all at risk at various points. Virtually every software product suffered--open source or not.

The top-50 list of software with the most vulnerabilities includes:

Linux Linux
Mac OS X Mac OS X
Windows Windows
Apple iOS Apple iOS
Android Android
Flash Player Flash Player
Chrome Chrome
Firefox Firefox
Safari Safari
Internet Explorer Internet
Acrobat Reader Acrobat
Microsoft Office Microsoft
If you've ever been on the internet, you probably  got hacked.

What could go wrong?

Cryptocurrencies use Cryptography.
That's the secret sauce of security!
Obviously, nothing could go wrong with Crypto! ... right?
Jun 2011
$ 17 M
Mt. Gox logo

Early Signs of Things to Come

A former owner with administrator access had their account compromised and 2, 643 BTC were lost.

July 2011
$ 165 M
Allinvain placeholder

Mining 2011 Bitcoin in vain

A Bitcointalk user "allinvain" complained about losing 25, 000 BTC to a thief.

July 2011
$ 520 M
MyBitcoin logo

Might as well Retire!

MyBitcoin allegedly closed down operations to steal 78, 739 BTC from customers. The current value of stolen coins is staggering.

July 2011
$ 110 M
Bitcoin.pl logo

Backup Money? Isn't That Counterfeiting?

Bitomat.pl lost 17, 000 BTC when it accidentally deleted the private keys that owned the funds. More a problem with system design than a hack.

Oct 2011
$ 17 M
Mt. Gox logo

Fool Me Once...

A series of bad transactions destroyed 2, 609 BTC. MtGox pioneered it with BTC, but QuadrigaCX later perfected the art with ETH.

$ 1.74 B
BST / Pirate 40 logo

Let me hold five dollars

First Pirate Savings and Trust, later known as Bitcoin Savings and Trust, defrauded investors out of an estimated 263, 024 BTC. If investors got their coins back today, there'd probably be no hard feelings.

Mar 2012
$ 285 M
Linode logo

Digital Pickpocketting

Employees with access to the data stored on cloud servers at Linode were able to pilfer over 43, 000 BTC from customers.

Mar 2012
$ 195 M
Silk Road logo

Deals on Drugs!

A Silk Road vendor going by the name of Tony76 offered remarkable deals on drugs, prompting a fury of users to attempt to buy at a discount. Turns out, it was a 30, 000 BTC scam.

May/Jul 2012
$ 515 M
Bitcoinica logo

A Recurring Theme

Hackers stole 38, 527 BTC from Bitcoinica and its users in May/2012, then 40, 000 BTC were misappropriated from the Bitcoinica Mt. Gox wallet in July/2012 (those funds eventually were returned).

Sept 2012
$ 155 M
Bitfloor logo

BTC reserves are hitting the floor!

Bitfloor, one of the largest exchanges at the time, lost 24, 000 BTC. A 'small' early loss that has a huge current value.

Oct 2013
$ 26 M
Inputs.io logo

Your bank says account Inputs = IOUs.

Inputs.io lost ~4, 000 BTC because of a server-side vulnerability -- a significant loss by today's standards. Always validate inputs; don't assume a $2/hour Elbonian programmer will.

Oct 2013
$ 145 M
GBL Placeholder

Chinese Innovation

GBL seems to have scammed its investors out of ~22, 000 BTC. They may not have pioneered scamming Bitcoin users, but they get an honourable mention.

Nov 2013
$ 39 M
Picostocks logo

No target too small

Picostocks lost 6, 000 BTC despite being a relatively unknown player--if that can be said of a company that can survive a 6, 000 BTC loss.

Dec 2013
$ 635 M
Sheep Market logo

Scam or Hack, it could have been worse!

Sheep Marketplace, an online drug market, stole or lost 96, 000 BTC according to a self-proclaimed 'Forensic Blockchain Accountant'. I suppose users should be happy all they lost was BTC and not their freedom.

Jan 2014
$ 5.62 B
Mt. Gox logo

Bitcoin Transaction Malleability

A quirk with Bitcoin made it possible to modify the hash of a broadcast transaction such that the transaction hash you see might not be the one the miners do. Biggest amongst those affected was Mt. Gox who claimed to have lost approximately 850, 000 BTC

Jan 2014
$ 24 M
MintPal logo

I'm your Pal! You can trust me!

An inside job cost Mintpal ~3, 700 BTC. It's hard to convince someone to guard a million dollars for $10/hour. The struggle is real!

Feb 2014
$ 29 M
Silk Road 2 logo

I may sell drugs, but I'm a trustworthy guy!

4, 474 BTC were stolen from Silk Road 2, an internet drug market cashing in on the branding of the first.

Mar 2014
$ 2 M
Pandora Marketplace logo

Seriously! Not all drug dealers are bad!

425 BTC were stolen from Pandora Marketplace, an internet drug market on TOR.

Mar 2014
$ 0.50 M
Poloniex logo

F1 Score Low. Bad Race Conditions.

Poloniex's sloppy coding resulted in the loss of 12% of their BTC--76 total. A very small loss, but one that was quite avoidable by a company now given a large amount of trust.

Mar 2014
$ 6 M
Cryptorush logo

Rushing is Cutting Corners

CryptoRush was robbed of ~950 BTC and ~2, 500 LTC by an "IP from Ukraine". A well engineered product is almost always better than a rushed one.

Aug 2014
$ 1 M
Cannabis Road logo

Should have stuck to back rooms in bars

Cannabis Road, yet another drug market, was hacked for 200 BTC. You know the motto: don't say bye to BTC from your own supply.

Jan 2015
$ 120 M
BitStamp logo

Can't open the vault? Then empty the register!

Bitstamp's hotwallet was compromised. While it was fortunate that the publicly exposed servers used a hotwallet rather than acting as a massive vault, more 18, 866 BTC was taken.

Jan 2015
$ 46 M
BTER.com logo

Empty the register? Nah. I'm going for the vault!

One of the smaller hacks, BTER lost ~7, 100 BTC. Notably, the hack took place on the cold storage wallet which is traditionally maintained with the utmost security.

A few months earlier, BTER also lost more than $6 million worth of NXT.

Is nothing sacred?

Feb 2015
$ 19 M
Kipcoin logo

A Chinese New Year, a new Chinese Hack

Kipcoin, a Chinese bitcoin exchange and wallet service, reported that ~3, 000 BTC had been stolen by hackers. Customers got to celebrate a new year with the loss of their funds.

Feb 2015
$ 10 M
Secret Service logo

You Trust Your President to the Secret Service?

A rogue Secret Service agent stole 1, 606.6488 BTC during the arrest and conviction of the operator of the Silk Road.

Jan 2016
$ 100 M
Cryptsy logo

A Hack, Or an Inside Job?

Cryptsy, a significant player in altcoin exchange, reported that it was missing 13, 000 BTC and 300, 000 LTC of user funds. There was an ensuing lawsuit.

May/Jun 2016
The DAO logo

Off the cliff on autopilot

The DAO was supposed to be the ultimate ICO. Unfortunately, it was plagued with security issues. The Ethereum network split in two over the controversy. Given the 1, 500-2, 000% gain in Ether prices, the millions of Ether that were vulnerable, and the split it's difficult to reason about how big an impact the DOA meltdown had. The market cap of Ether had the DAO succeeded might have exceeded Bitcoin's. The DOA might have driven Ether prices up by showing the community can respond, or it could have hurt more than 10 Mt. Gox hacks. We'll never know.

Aug 2016
$ 790 M
Bitfinex logo

The strongest link in a weak chain

Approximately 120, 000 BTC was stolen from Bitfinex. Multisig wallets with a third party--Bitgo--were supposed to be more secure than alternatives. Secret sauce a good burger does not make.

Jun 2017
$ 20 M
QuadrigaCX logo

It's an update. So it must be better!

Canadian exchange QuadrigaCX upgraded their Ethereum node. As a result, ~67, 000 ETH are 'stuck' in a contract--a significant error caused by a simple software update.

Jul 2017
$ 1 M
BitThumb logo

Keeping their thumb on the record of losses

Bithumb, one of the largest crypto exchanges--operating in Asia--was compromised due to the security of an employee's personal computer. No official statement as to the magnitude of the loss has been made, but it may be in the billions of KRW.

Jul 2017
$ 13 M
Coindash logo

Send my tax payment to India? OK!

Coindash had a successful ICO. But hackers perhaps got the better deal. ~43, 488 ETH was stolen by hackers who inserted their address on the Coindash website, where the Coindash address should have been.

Jul 2017
$ 160 M
Parity logo

A Parity Product that leaves a bad taste

An issue with Parity's multisig contract implementation left more than 527, 000 ETH vulnerable. The actual losses seem to have been reduced to 150, 000 ETH thanks to whitehat hackers securing 377, 000 ETH and promising to give them back (protip: you always want a doctor of debugging on call).

Jul 2017
$ 0.24 M
Ethereum Classic logo

A Classic Misdirect

A 'trustless' client side wallet served from the domain classicetherwallet.com reminded users of ETC that the term 'trustless', like 'decentralized', is perhaps used too loosely in the cryptocurrency industry. An estimated 16, 500 ETC were stolen.

Jul 2017
$ 1 M
Veritaseum logo

Speaking Truth to Customers

The response from Veritaseum seems to suggest losing 36, 000 (maybe 50, 000) of their VERI tokens is minuscule. Perhaps they'll fund this ICO with VERI tokens, since they're okay with giving them up so freely? ... with their OWN VERI tokens, of course. Doctor Oss doesn't condone throwing your user's coins away.

Aug 2017
$ 4 M
Enigma logo

ICOs are getting redundant

Another ICO trying to do the same thing as all the other ICOs--and getting funds stolen in the same way. 15, 000 ETH were stolen by hackers who put their wallet address on the Enigma website.

$ Billions
Crypto Locker logo

The End -- or the End User

No quick review of Cyber Crime's intersection with Cryptocurrencies would be complete without discussing ransomware (dishonorable mention to drug markets and the people who steal from them).

Do you use Windows? Linux? Mac OS X? Android? IOS? If you answered yes to any of these questions, are you worried about ransomware or stolen bank/credit card/exchange login info?

What about your health records? Worried about those being stolen?

Are you a famous celebrity with nude selfies on your iCloud?

Cyber Crime is scary. It can impact virtually anyone. And it has HUGE financial impact.

We need vaccines for all the ills inter-connectivity can bring. Somebody call a doctor!

Cyber Criminals have made off with more than $11, 580, 725, 937.18 USD in crypto currencies!!!
What needs to be done?

Engineer to Succeed

Are you trying to create a decentralized store of value free from the influence of those currently in power?

That's almost like making a skyscraper that won't get blown down.

What do you know about the big bad wolf? Would you buy a straw house without asking a real estate agent or engineer?

Let us help.

Audit The Code

When a skyscraper is built by an army of tradespersons, their collective work is inspected by someone with a holistic understanding of the project, and intimate material-sciences knowledge.

Code also needs to be inspected to ensure that when the individual pieces work, it also works as a whole.

We will treat the code as an integrated circuit, and ensure everything is wired correctly.

The cards are dealt, let's do some final accounting

9/11 incident

If 'Religion Flies Planes into Buildings', what does lack of spending on cyber-securiry do?

Late August 2017 saw the recall of 465, 000 St. Jude pacemakers.

With IoT devices becoming more and more prevalent, and the incredible speed at which malware spreads (e.g. the Mirai Botnet), we should be VERY CONCERNED ABOUT CYBER SECURITY.

Flying a plane into a building, historically, causes approximately 3, 000 deaths.

Fighting a war in Afghanistan because of someone flying a plane into a building, historically, causes approximately 3, 000 U.S. military deaths.

The Mirai Botnet could have potentially killed 465, 000 people!

St. Jude pacemakers and the Mirai Botnet could have been
Seventy-Seven Times (77x) More Deadly
than then 9/11 terror attack and ensuing nearly two-decade long war!
Equifax Logo

If we all use the same password, we're all equally protected!

In September 2017, we learned that Equifax was responsible for leaking highly sensitive information about more than 100 million people.

Again, we think you should be VERY CONCERNED ABOUT CYBER SECURITY.

In case you've seen Mr. Robot, we now find ourselves in a situation where we could end up living in a post-banking wasteland if the rest of the economy doesn't absorb the debt created by Equifax's lack of spending on cyber security.

Rather than inform companies immediately (we work with a company using Equifax's services--I can assure you they made no disclosures in Canada), Equifax executives liquidated their shares.

They were more concerned with keeping the money they stole from the American people than they were in protecting the people and companies that use their services (skimping on cyber security to get rich is like skimping on safe building materials--be it theft or negligence or reckless endangerent, it's still wrong).

If you sell a credit monitoring service, and your company is the one that 'stole the identity', how could you charge someone for a monitoring service and not tell them. THAT IS LITERALLY FRAUD.

If you care about your life, or your personal finances
Windows Logo

If you've trusted someone for 17 years, does that automatically make them worthy of your trust?

We also recently learned that Windows has made it possible for impossible-to-detect malware to exist for 17-years.

At the risk of becoming repetitive, we think you should be VERY CONCERNED ABOUT CYBER SECURITY.

The Windows market share amongst desktop users is HUGE. This revelation is to desktops what the one about Equifax is to people who use money.

Money and Operating Systems are, like it or not, integral to the survival of modern society (imagine grocery stores stopped taking cash and their computers didn't work. Where are you getting your food next week?)

When Microsoft's Steve Ballmer can't get their engineers to fix a friend's laptop

A Brick House, A Mecha-Big Bad Wolf

When an Engineer builds a Skyscraper, they know whether the wind will blow it down.
Are you sure Bitcoin and Ethereum can withstand a jet-setter flapping their wings?
Can this ICO Help?

Signal Analysis

Humans and AIs are similar beasts. They use multi-channel stimulus streams, reward and loss functions, and are constantly adjusting the significance of signals from their environments.

Stimulus streams--whether that be the data between a video game and server, or radio station and listener--follow certain patterns.

We visualize everything in a given stimulus stream like its a hieroglyph. A face emoji might be a "smiling emoji". It might be "a yellow faced emoji". It might simultaneously be "an emoji with a smile".

When you know what the relevant stimulus inputs are, you are able to train classifiers to competently spot outliers and anomalies.

Blockchain Analysis

We've helped a Europol analyst get a grasp of the blockchain, and how one might be able to use it to track down Cyber Criminals.

He was provided with a copy of the software powering Blockchain.Exposed so he could combine the KYC disclosures from Exchanges to Europol with public, identifying information about businesses that use Bitcoin

Although Blockchain.Exposed doesn't offer the public access to the insights that machine learning / graph network traversals offer, it does give a quick view of what citizens are capable of doing to fight Cyber Crime.

Cryptocurrency Exchange

We've both audited exchanges made by others--full of fund-losing exploits--and created secure trading platforms for businesses pushing the envelope in their jurisdictions.

We're familiar with what goes wrong. We know what to do right.

Circuit Design

When designing a circuit, you don't slap a bunch of semiconductors together with a fuzzy feeling in your mind, then proudly proclaim you've succeeded.

PHP Code as a circuit diagram

We want to make better tools so you can put the hammer down and pick the compass up.

Tired of Hackers?

For every 1 ETH received during the ICO at the smart contract address, the smart contract will return 10 DOC (Doctor Oss Coins).

Step 1) Create an Ethereum network wallet that supports Tokens. E.g. using a trezor with https://www.myetherwallet.com/.

Step 2) Transfer the ETH you want to contribute to the project to 0x3B1b5e271DF00c627484585Ee01D66cbE94Ed0c0. [Show Contract ABI]

Step 3) Watch the progress of the project.

Step 4) Trade your DOC on the Ethereum network, or send it to 0x7e2a7e9a814e4018b7a2128e010339d1fae3b778 and the contract will send your share of the ETH 'manufactured' by finding bugs back. [Show Token ABI]

Help Us Help You

Trust Bitcoin with $ 109.07 B? Even if a developer pushing updates says "There are never guarantees with software"?

Wouldn't it be better to have some kind of tool where you could have a guarantee?

A guarantee that your BTC, ETH, etc. won't simply disappear while you sleep?

One where:

<CODE> = LOGIC TABLE = Translation into a few paragraphs of readable English

Instead of gambling on eSports, we propose you gamble that we can make more off Bug Bounties than you pay for your tokens.

As an added bonus, you should get the benefit of avoiding being hacked once we've audited the apps you use.

With $ 11.58 B in losses to hackers already, a small investment in the crypto ecosystem's security simply makes CENTS[sic]

How It Works

The ICO starts block 4, 262, 000 (approx. Sep 11, 2017--the day commemorating fearful citizens) and ends block 4, 466, 000 (approx. Nov 11, 2017--the day commemorating citizens breathing a sigh of relief).

The token smart contract has a depositProfits method. It adds the WEI transferred with the method call to a 'contract profits' variable.

When DOC are sent to the token contract address ( 0x7e2a7e9a814e4018b7a2128e010339d1fae3b778 ), they are 'burned'. The percentage of total supply you burned is calculated, and you receive that percentage of the profit variable's ether. The profit variable is reduced by what you received and total DOC issued decreased by what you burned.

E.g. 100 DOC were issued. 100 ETH were deposited into the contract profit variable. You burn 10 DOC, you get 10 ETH. Now there's 90 DOC and 90 ETH left. Burn 5 more DOC? Get 5 more ETH.

What Are The Rewards?

If funding reaches $10 M USD we will, as a bonus, vastly improve the blockchain.exposed explorer, open source it, and host it so that Crypto Enthusiasts can become 'Forensic Blockchain Accountants' in their own right from their own homes and track down some of the BILLIONS of USD in illegally obtained Crypto. It would feature an effective implementation of the 'coloured coins' concept.

90% of the bounties paid to us for bugs we find with the tools we will develop will be converted into ETH and deposited as the manufactured reward for kickstarting this project--stored in the profit variable (or, should another fork occur, split between ETH and forked currencies respecting the smart contract, in the ratio we deem appropriate based on our estimation of how long a given fork might survive--which you can then hedge against by burning tokens on one fork and not another).

With some bounties topping out at $250, 000.00 USD we hope to offer a substantial benefit to contributors quickly, with added benefit in terms of security following in toe.

Our intention is to claim as many bug bounties as possible before releasing the code to the OSS community, to disclose responsibly and ensure--as much as is possible given vendor cooperation--the patching of critical internet infrastructure before exposing the internet to potential harm, and to release the code regardless of profitability in the near future (current goal: winter 2022).

When 10% of the value of bug bounties and the remaining ICO funds are no longer sufficient to cover the ongoing cost of development and bug hunting, the code base will be released on github (or other source-sharing service if need be) under an MIT license, to the extent that MIT licensing is possible.

Salaries will be aligned with prevailing market rates given experience, job duties, and individuals' costs of living. Expenses will be limited to those required to operate the business--office space, telecommunications, salaries, insurance, professional fees, domain registration, necessity-only computing power. Basically, limited to only expenses that would pass the scrutiny of a rigorous tax audit.

Will This ICO Get Hacked?

The funds from the ICO are transferred to an account on a Trezor hardware wallet. From there, they will be split into multiple accounts to hedge against the minuscule risk of account address collisions and resulting theft. The recovery seed is split into two halves, stored separately.

Unfortunately, this is more than we can say about most ICOs.

Who Are We Trusting?

Aaron Kuchma

Aaron isn't particularly known for being a free man. Tirelessly, he analyzes, debugs, repairs, and in so doing expands his network.

At 18, he found himself holding email addresses and passwords for executives at Industry Canada. When he met with them, they explained, "jokingly", that if they catch someone breaching their cyber security, they take them out back behind the wood shed and shoot them. Fine when the person goes down to Ottawa to meet you in person, not so great a strategy when the attacker is in Ukraine.

Later, he turned his eye to the law. Reduced it to a system of logic statements. Concluded that since they cannot be combined into a satisfiable prologue script, the law must not be 'real'. He then learnt the hard way that even if the law isn't 'real' and/or "can't protect you", there are people with guns willing to shoot or kidnap you, and people with keybaords willing to hack you or blow up power plants.

Aaron thought that we trust online games with a lot of control over our computers. He thought we should have some kind of assurance that they aren't doing anything sneaky with our data or connection. So, he made a signal analysis application to do so.

Then came bitcoin. A new hope. Among the many Crypto-Space projects Aaron was involved in was auditing the source code for the Taurus Exchange (which, at least at one point, shared some of its code base with the infamous > 10-million dollar losing QuadrigaCX). The code base was terribly flawed. There were simple ways of bypassing the 'escalating trust' model, of causing a DoS, and of course, of stealing funds because of poor race condition handling (then again, Poloniex had trouble too, so these aren't uniquely Canadian problems).
There IS a unique, one-size-fits-all solution though. DOC COINS!

He also helped a Europol analyst with his goal of developing an in-house forensic blockchain analysis tool. Of all the domain names you could host one at, Blockchain.Exposed is obviously the best, and Aaron controls it.

While working for an exchange, Aaron had the pleasure of implementing Equifax services. He wasn't impressed. He wasn't surprised when they were hacked.

Among the changes he wants to see implemented is a new browser element. A "secure password" box. The site you're logging in to gets your login name. It returns "Account Salt" and "Login Salt". The browser then hashes the account salt with the password, and returns it when the secure password box is read, not the password itself. The site can then hash that value with the Login Salt.
You may be asking yourself why. To protect users against themselves. Users who never change or pick new passwords. If sites never get to see your password, then a site for cooking recipes can't try logging in to your facebook using the login name and password you chose at www.recipesforhackingfacebook.com.

Jacob Chodoriwsky

Jacob has always been enthralled by mathematics. The purity and predictability of algorithms. The reproducibility of mathematical proofs. The timelessness of the truth.

That there is still debate about climate change is the unmistakable result of failing to reduce the evidence and laws of physics to a mathematical proof, and a civilization filled with people who wouldn't understand the mathematical proof if they had it.

When he isn't busy teaching at Hamilton High Schools or Colleges, or being the CEO of Board and Tale Games Inc., Jacob can be found raising his twins with his equally talented wife.

The internet might know Jacob more for creating the algorithmically-balanced tabletop game Stratos that, as one presumes is typical of all games created by mathematicians with a penchant for combinatorics, allows a near endless number of world configurations, game rules, and ensuing dominant strategies.

His M.Sc. thesis dealt with efficiently finding faults, through masterful application of combinatorics, that are caused by and only evident during interactions between multiple partially-faulty components. He co-published an article about such an adaptive algorithm implemented with a CPU-friendly Big-O complexity that's humbling. This experience with "observed to cause failure" analytics perfectly complements the proposed "known to cause failure" system. The first audits and enhances the later.

Have you Tested This?

Manually performing logic-table analysis of code has yielded great results and revealed what could have otherwise been very costly mistakes. But, it takes a lot of time. And there is a lot of code. That makes manually auditing with logic tables as impractical as building a skyscraper without power tools.

The smart contract was verified on an Ethereum test network. It worked flawlessly.

Then, we did one last pre-flight test of the Smart Contract on the live Ethereum network to ensure it would work with the latest rules and fees.

You can [Click to see the TEST contract details]. We've hidden them so that visitors to this page don't accidentally copy the wrong address.