John Naulty
- Grew up with big trees, waves, and creatures along the Mendocino Coast
- Fell in love with the magic of open source medical hardware + software in university and helped establish NeuroTechX
- Drawn to ‘safety + security’ work of all kinds
- Discovered open source money systems and dove into the cryptocurrency security field
- Worked at some of the larger cryptocurrency institutions in the industry
- Distrusts Software Supply Chains as much as residents of Flint, Michigan distrust water supply chains
- Sometimes helps distribute security tokens to the people great-mfa-project 36c3 -- Session: Yubikey 101
- Enjoy environments where “All Creatures are Welcome”
- Somehow affiliated with the Church of Cryptography
- Typically hanging out with friends who provide free shell services for the curious hashbang.sh
Session
12-30
11:00
40min
Dude, Where's My Crypto? - Real World Impact of Weak Cryptocurrency Keys
John Naulty
We present Milksad, our research on a class of vulnerabilities that exposed over a billion dollars worth of cryptocurrency to anyone willing to 'crunch the numbers'.
The fatal flaw? Not enough chaos.
Learn how we found and disclosed issues in affected open source wallet software, brute-forced thousands of individual affected wallets on a budget, and traced over a billion US dollars worth of prior transactions through them.
Security
Saal GLITCH