Coincheck incident details, stolen mosaic tracker

ysh · February 16, 2018, 8:43am

In this article I see next words:
"
Coincheck able to track hackers
Investigations into who is behind the theft are ongoing, but the foundation which created the NEM cryptocurrency was able to create a tagging system that flagged all of the stolen currency.

Think of it as a digital dye pack for bank notes, which explodes and permanently marks stolen cash.

Once the hackers started moving the stolen coins, Coincheck was able to track them.

Here’s what would happen if the Bitcoin ‘bubble’ burst

Analysts are sceptical of Bitcoin’s meteoric rise. Here’s why some are predicting a crash, and what that would mean.
It means if the criminals try to cash out the coins or use them for other cryptocurrencies, they could be easily identified.
"

[QUESTION 1]: Could someone post a link to this criminal transaction? May be I just use wrong words, but google show me nothing.

[QUESTION 2]: Do you understand about what exact tagging system they talking about? This could be great idea to allow NEM mark stolen money/thrift accounts and integrate auto checks for any transaction send to any existing exchange (or even sent to any NEM address).

How this could be:

just a spy page. Open a website, type transaction hash you think is made by criminal and on this page will be presented all the next transactions with stolen money and/or final addresses where this money is now. No any modifications on blockchain is needed.
In addition to spy page from point 1 make a spy API call to the service that will make all the same calculations, but in response will return list of compromised addresses. This API could be or not part of nodes code. Any account could enable switcher “check thrift”, put the sources for compromised transactions, post his email and receive messages with details every time someone send to him compromised money. As alternative instead of mail just flag such kind of transactions and do not add received mosaic to user account automatically. List of thrift transactions could be own or posted by NEM community somewhere.

Daniel_Ju · February 20, 2018, 7:33am

Hey, I don’t know if I can answer your question completely but to my understanding accounts holding “stolen funds” are marked with a mosaic you can have a look at this account for reference:

http://chain.nem.ninja/#/account/NC4C6PSUW5CLTDT5SXAGJDQJGZNESKFK5MCN77OG/3085951

You can check out this page for reference as well:

http://chain.nem.ninja/#/mosaic/52954b2e17d8fa2689eb84e48c16a7cbcfe5d103ace3e036283c00f47529646f/0

If you’re unsure of where your xems are coming from you can always verify the senders address to see if they have these mosaics attached to them. I hope this helps

ysh · February 20, 2018, 7:57am

Yea, I have already found this way of tagging stolen funds, but in the same time as I understand someone from the NEM just created his own mosaic and by hands send it to the compromised accounts. I see several issues here:

could not guarantee that my XEM came from clean account because thrift could send stolen XEMs to new acc and in the next block send XEMs from new acc to my acc or to the exchange.
this guy could just give up and do not send mosaic to the new thrift’s account because all we are humans.
there are no any default NEM API to check is this ok or ko XEMs, so every simgle exchange should implement it’s own check on their side with it’s own bugs.

Daniel_Ju · February 20, 2018, 8:09am

If you’re familiar with the NEM sdk, you can quite easily place listeners on accounts, which will notify of incoming/outgoing transaction. I’d imagine it be quite easily to place a listener on the hackers account and then automate sending mosaics out to all the accounts that he/she has contact with. I know the one of community project proposals were notified that they were communicating with the hackers account. So they are probably already doing this. The sdk also provides a method that lets you view the mosaics that the account owns. I would assume (hope) that all the exchanges use the same method (maybe provided my NEM themselves) that lets them check the authenticity of a depositing account.

This is the sdk:

ysh · February 20, 2018, 8:37am

Cool. What I’m looking for - info about projects already doing this. I do believe that NEM should post somewhere it’s official announsment about how exactly this case could be managed by exchanges or just by simple private persons. Ideally - link to simple to use/integrate service

CryptoBeliever · February 20, 2018, 8:50am

You should check if sender is marked as ts:warning_dont_accept_stolen_funds.
If yes don’t accept deposit and hold.
Information to exchanges was sent as far as I know.