Vircurex Second Exchange Hack: Difference between revisions
(30 minutes. Integrated about section information and updated template. Integrated inforamtion about Vircurex from other hacking article. Integrating information from BitcoinTalk article. Added in information from the Vircurex report, including the additional terracoin and litecoin which were stolen. Fully integrated may 2013 report and further review.) |
(30 minutes. Article review. Added in initial prevention strategies section. Review and information on the Vircurex recovery plan. Implemented all sources so far to remove template. More review of the homepage information over time.) |
||
| Line 1: | Line 1: | ||
{{Case Study Under Construction}} | {{Case Study Under Construction}}[[File:Vircurex.jpg|thumb|Vircurex Homepage/Logo]]Vircurex experienced a second hack in 2013, which ultimately contributed to the collapse of the exchange later in 2014. It appears that attempts were made to repay the debt with ongoing profits, however this proposal suffered from implementation weaknesses and lacked any indication of how the platform was going to prevent future hacks. | ||
[[File:Vircurex.jpg|thumb|Vircurex Homepage/Logo]]Vircurex experienced a second hack in 2013, which ultimately contributed to the collapse of the exchange later in 2014. It appears that attempts were made to repay the debt with ongoing profits, however this proposal | |||
== About Vircurex == | == About Vircurex == | ||
| Line 31: | Line 27: | ||
|Report Released | |Report Released | ||
|Vircurex releases a report covering the events of May, including the breach which happened<ref name="vircurexarchive-12744" />. | |Vircurex releases a report covering the events of May, including the breach which happened<ref name="vircurexarchive-12744" />. | ||
|- | |||
|March 23rd, 2014 1:55:52 PM MDT | |||
|Homepage Distribution Announcement | |||
|The Vircurex homepage warns users that due to recent large fund withdrawals depleting their cold wallet balance, the exchange has announced the immediate suspension of BTC, LTC, FTC, and TRC withdrawals and deposits<ref name=":1">[https://web.archive.org/web/20140323195552/https://vircurex.com/welcome/ann_reserved.html Vircurex Homepage Archive March 23rd, 2014 1:55:52 PM MDT] (Accessed Apr 9, 2024)</ref>. On March 24, 2014, they plan to freeze current account balances and redistribute available coins, deleting open sell orders for the affected cryptocurrencies<ref name=":1">[https://web.archive.org/web/20140323195552/https://vircurex.com/welcome/ann_reserved.html Vircurex Homepage Archive March 23rd, 2014 1:55:52 PM MDT] (Accessed Apr 9, 2024)</ref>. Two previous incidents led to significant losses, which were covered by the exchange's income<ref name=":1">[https://web.archive.org/web/20140323195552/https://vircurex.com/welcome/ann_reserved.html Vircurex Homepage Archive March 23rd, 2014 1:55:52 PM MDT] (Accessed Apr 9, 2024)</ref>. However, recent withdrawals exhausted their cold wallet balance, prompting the introduction of "Frozen Funds." These funds will gradually be repaid to users from the exchange's profits<ref name=":1">[https://web.archive.org/web/20140323195552/https://vircurex.com/welcome/ann_reserved.html Vircurex Homepage Archive March 23rd, 2014 1:55:52 PM MDT] (Accessed Apr 9, 2024)</ref>. Distribution logic entails allocating 50% of available funds from largest to smallest accounts and the remaining 50% from smallest to largest accounts<ref name=":1">[https://web.archive.org/web/20140323195552/https://vircurex.com/welcome/ann_reserved.html Vircurex Homepage Archive March 23rd, 2014 1:55:52 PM MDT] (Accessed Apr 9, 2024)</ref>. This approach aims to ensure all users eventually receive their funds without penalizing new deposits or users<ref name=":1">[https://web.archive.org/web/20140323195552/https://vircurex.com/welcome/ann_reserved.html Vircurex Homepage Archive March 23rd, 2014 1:55:52 PM MDT] (Accessed Apr 9, 2024)</ref>. | |||
|- | |||
|March 25th, 2014 2:36:39 PM MDT | |||
|Update To Homepage | |||
|An update is provided on the homepage with the number of accounts remaining<ref name=":2">[https://web.archive.org/web/20140325203639/https://vircurex.com/welcome/ann_reserved.html Vircurex Homepage Archive March 25th, 2014 2:36:39 PM MDT] (Accessed Apr 9, 2024)</ref>. There are 355 bitcoin accounts, 1,563 litecoin accounts, 77 TRC accounts, and 42 FTC accounts which are still outstanding to be reimbursed<ref name=":2">[https://web.archive.org/web/20140325203639/https://vircurex.com/welcome/ann_reserved.html Vircurex Homepage Archive March 25th, 2014 2:36:39 PM MDT] (Accessed Apr 9, 2024)</ref>. TBD keep exploring homepage<ref>https://web.archive.org/web/20140715000000*/https://vircurex.com/welcome/ann_reserved.html</ref>. | |||
|- | |- | ||
|April 18th, 2014 7:56:22 PM MDT | |April 18th, 2014 7:56:22 PM MDT | ||
| Line 38: | Line 42: | ||
== Technical Details == | == Technical Details == | ||
Based on an analysis report provided by Vircurex, the attack was a simple impersonation where the perpetrator claimed to be the exchange operator and requested a reset of the account credentials. In addition to resetting the servers, the root password was provided outside of the normal email address to be used and the attacker was able to circumvent an IP-based restriction on the account's control panel<ref name="vircurexarchive-12744" />.<blockquote>The attacker has acquired login credentials to our VPS control account with our hosting service provider and has then asked for the root password reset of all servers which – unfortunately – the service provider has then done and posted the credentials in their helpdesk ticket, rather than the standard process of sending it to our email address (which has 2FA protection), also the security setup of allowing only our IP range to login to the management console was not working. It was an additional security feature the provider offered but was obviously circumvented by the attacker. As a result out of this incident we have moved all our services to a new provider who offers 2 factor authentication for all logins as well as other verification processes that we hope will make similar attempts impossible in the future.</blockquote>Relevant blockchain transactions<ref name="bitcointalk-87" />: | Based on an analysis report provided by Vircurex, the attack was a simple impersonation where the perpetrator claimed to be the exchange operator and requested a reset of the account credentials<ref name="vircurexarchive-12744" />. In addition to resetting the servers, the root password was provided outside of the normal email address to be used and the attacker was able to circumvent an IP-based restriction on the account's control panel<ref name="vircurexarchive-12744" />.<blockquote>The attacker has acquired login credentials to our VPS control account with our hosting service provider and has then asked for the root password reset of all servers which – unfortunately – the service provider has then done and posted the credentials in their helpdesk ticket, rather than the standard process of sending it to our email address (which has 2FA protection), also the security setup of allowing only our IP range to login to the management console was not working. It was an additional security feature the provider offered but was obviously circumvented by the attacker. As a result out of this incident we have moved all our services to a new provider who offers 2 factor authentication for all logins as well as other verification processes that we hope will make similar attempts impossible in the future.</blockquote>Relevant blockchain transactions<ref name="bitcointalk-87" />: | ||
* cbce6bd1e274a9ea9d6946feaf4a1b0f80a5885a8482f4ebf3caa052f22bb4bf | * cbce6bd1e274a9ea9d6946feaf4a1b0f80a5885a8482f4ebf3caa052f22bb4bf | ||
* 85489430661f3041608749acb3019a1dcbf07a60f22e4bc43acfd05b46496cc9 | * 85489430661f3041608749acb3019a1dcbf07a60f22e4bc43acfd05b46496cc9 | ||
Relevant bitcoin addresses:<ref>[https://blockchain.info/address/16cDeEFn6sraUEJrDCt2Yg3r7j2oazSYEd Bitcoin Address 16cDeEFn6sraUEJrDCt2Yg3r7j2oazSYEd - Blockchain.info]</ref> | |||
== Total Amount Lost == | == Total Amount Lost == | ||
| Line 86: | Line 91: | ||
== Immediate Reactions == | == Immediate Reactions == | ||
| Line 96: | Line 102: | ||
=== Addition of IP Whitelisting === | === Addition of IP Whitelisting === | ||
After 3 user accounts reported being hacked, Vircurex added IP address whitelisting to their service, so users who logged in from a new IP address would have to confirm their IP address via email<ref name="vircurexarchive-12744" />. | After 3 user accounts reported being hacked, Vircurex added IP address whitelisting to their service, so users who logged in from a new IP address would have to confirm their IP address via email<ref name="vircurexarchive-12744" />. | ||
=== Frozen Fund Scheme Implementation === | |||
Due to recent large fund withdrawals depleting their cold wallet balance, Vircurex announced on their homepage the immediate suspension of BTC, LTC, FTC, and TRC withdrawals and deposits<ref name=":1" />. Two previous incidents led to significant losses, which were covered by the exchange's income<ref name=":1" />. However, recent withdrawals exhausted their cold wallet balance, prompting the introduction of "Frozen Funds." These funds will gradually be repaid to users from the exchange's profits. Distribution logic entails allocating 50% of available funds from largest to smallest accounts and the remaining 50% from smallest to largest accounts<ref name=":1" />. This approach aims to ensure all users eventually receive their funds without penalizing new deposits or users<ref name=":1" />. | |||
=== Inclusion In Lists === | === Inclusion In Lists === | ||
| Line 101: | Line 110: | ||
== Total Amount Recovered == | == Total Amount Recovered == | ||
Vircurex planned to implement a recovery process which would provide users with "frozen fund" account balances and repay those users over time from the exchange profits. They would distribute 50% of profits to the accounts with the largest balance of lost funds, and 50% of profits to the accounts with the smallest balance of lost funds. While such an idea may have been better for affected users than an outright platform collapse, this scheme was inadequate because: | |||
* The primary issue of preventing future exchange breaches was not mentioned anywhere. Thus, users had no assurances against not losing additional funds or that they would ultimately be repaid. | |||
* The scheme was implemented too late, with the full balances of users being frozen instead of a partial freeze which could be beneficial to allow users access to some of their funds. | |||
* There was no reimbursement provided for users who were not at either end of the list. This prevented those users from participating in trading and generating any platform profit. | |||
* Once users were fully reimbursed, they had no incentive to remain using the platform or engaged in the recovery of others. As such, the largest traders and a large number of small traders could leave the platform quickly. By contrast, a scheme which distributed less to more users could keep more users engaged for longer. | |||
There do not appear to have been any funds recovered in this case. | There do not appear to have been any funds recovered in this case. | ||
== Ongoing Developments == | == Ongoing Developments == | ||
What parts of this case are still remaining to be concluded? | What parts of this case are still remaining to be concluded? | ||
== Individual Prevention Policies == | == Individual Prevention Policies == | ||
{{Prevention:Individuals: | {{Prevention:Individuals:Avoid Third Party Custodians}} | ||
{{Prevention:Individuals:Store Funds Offline}} | |||
{{Prevention:Individuals:End}} | {{Prevention:Individuals:End}} | ||
== Platform Prevention Policies == | == Platform Prevention Policies == | ||
{{Prevention:Platforms: | {{Prevention:Platforms:Regular Audit Procedures}} | ||
{{Prevention:Platforms:Implement Multi-Signature}} | |||
{{Prevention:Platforms:Establish Industry Insurance Fund}} | |||
{{Prevention:Platforms:End}} | {{Prevention:Platforms:End}} | ||
== Regulatory Prevention Policies == | == Regulatory Prevention Policies == | ||
{{Prevention:Regulators: | {{Prevention:Regulators:Platform Security Assessments}} | ||
{{Prevention:Regulators:Establish Industry Insurance Fund}} | |||
{{Prevention:Regulators:End}} | {{Prevention:Regulators:End}} | ||
Revision as of 12:43, 9 April 2024
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Vircurex experienced a second hack in 2013, which ultimately contributed to the collapse of the exchange later in 2014. It appears that attempts were made to repay the debt with ongoing profits, however this proposal suffered from implementation weaknesses and lacked any indication of how the platform was going to prevent future hacks.
About Vircurex
Vircurex was a Beijing-based virtual currency exchange[1] which was operational since October 2011[1][2].
Vircurex was based in Germany(?). The exchange supported trading in different cryptocurrencies including bitcoin, namecoin, devcoin, litecoin, ixcoin, ppcoin, and terracoin[3]. The Vircurex platform enabled trading between BTC, USD or EUR, plus up to 18 other cryptocurrencies, however they've eliminated some less popular coins over time[1].
Vircurex gained popularity by offering interest to users holding multiple cryptocurrencies[2].
The exchange offered deposits and withdrawals in both USD and EUR[3]. The homepage of the website featured pricing tables for all supported coins[3].
Vircurex, the exchange platform for buying, selling and trading your Bitcoins and its various alt-chains. We currently support Bitcoin, Namecoin, Devcoin, Litecoin, Ixcoin, PPCoin, Terracoin
Homepage: vircurex.com[3]
The Reality
The Vircurex exchange had already been hacked once.
What Happened
"The hot wallet and “warm” wallet of Bitcoin to alternative cryptocurrency exchange service Vircurex was emptied in May 2013, resulting in a significant loss of three currencies: Bitcoin, Terracoin, and Litecoin."
| Date | Event | Description |
|---|---|---|
| May 10th, 2013 | Breach Date | Reported date of breach[4][5]. |
| June 5th, 2013 | Report Released | Vircurex releases a report covering the events of May, including the breach which happened[5]. |
| March 23rd, 2014 1:55:52 PM MDT | Homepage Distribution Announcement | The Vircurex homepage warns users that due to recent large fund withdrawals depleting their cold wallet balance, the exchange has announced the immediate suspension of BTC, LTC, FTC, and TRC withdrawals and deposits[6]. On March 24, 2014, they plan to freeze current account balances and redistribute available coins, deleting open sell orders for the affected cryptocurrencies[6]. Two previous incidents led to significant losses, which were covered by the exchange's income[6]. However, recent withdrawals exhausted their cold wallet balance, prompting the introduction of "Frozen Funds." These funds will gradually be repaid to users from the exchange's profits[6]. Distribution logic entails allocating 50% of available funds from largest to smallest accounts and the remaining 50% from smallest to largest accounts[6]. This approach aims to ensure all users eventually receive their funds without penalizing new deposits or users[6]. |
| March 25th, 2014 2:36:39 PM MDT | Update To Homepage | An update is provided on the homepage with the number of accounts remaining[7]. There are 355 bitcoin accounts, 1,563 litecoin accounts, 77 TRC accounts, and 42 FTC accounts which are still outstanding to be reimbursed[7]. TBD keep exploring homepage[8]. |
| April 18th, 2014 7:56:22 PM MDT | Included In BitcoinTalk List | A subsequent Vircurex exchange hack is featured in the BitcoinTalk "List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses" published by user dree12[4]. |
Technical Details
Based on an analysis report provided by Vircurex, the attack was a simple impersonation where the perpetrator claimed to be the exchange operator and requested a reset of the account credentials[5]. In addition to resetting the servers, the root password was provided outside of the normal email address to be used and the attacker was able to circumvent an IP-based restriction on the account's control panel[5].
The attacker has acquired login credentials to our VPS control account with our hosting service provider and has then asked for the root password reset of all servers which – unfortunately – the service provider has then done and posted the credentials in their helpdesk ticket, rather than the standard process of sending it to our email address (which has 2FA protection), also the security setup of allowing only our IP range to login to the management console was not working. It was an additional security feature the provider offered but was obviously circumvented by the attacker. As a result out of this incident we have moved all our services to a new provider who offers 2 factor authentication for all logins as well as other verification processes that we hope will make similar attempts impossible in the future.
Relevant blockchain transactions[4]:
- cbce6bd1e274a9ea9d6946feaf4a1b0f80a5885a8482f4ebf3caa052f22bb4bf
- 85489430661f3041608749acb3019a1dcbf07a60f22e4bc43acfd05b46496cc9
Relevant bitcoin addresses:[9]
Total Amount Lost
The amount lost is listed as being exactly 1454.015 bitcoin[4]. This was listed as being equivalent to $163,351 USD[4].
1454 BTC x $117.20 = $170408.8
In addition to the lost bitcoin, there was also 225,263 terracoin and 23,400 litecoin which were taken in the incident[5].
A breakdown of the losses was provided in a report published by Vircurex[5].
| Currency | Amount | Address | Transaction |
|---|---|---|---|
| BTC | 706 | 17gPdCyzEMRXdNTBpHrUhsM4FaiWMHhx2Q | cbce6bd1e274a9ea9d6946feaf4a1b0f80a5885a8482f4ebf3caa052f22bb4bf |
| BTC | 748 | 1PWQJu9AskoXEBYMod1KqPE6TTG4VYNz1P | 85489430661f3041608749acb3019a1dcbf07a60f22e4bc43acfd05b46496cc9 |
| TRC | 130,263 | 1Mu1wbyfkcrRarPveiihy5iuceLGC91Z4T | 33011a0e26fe1c3515c699eecdae9d7550218779ae72fe7af063fffc80361d64 |
| TRC | 95,000 | 1MeY3VVudFUV91gxVZsaY92TguRWy7eQbE | 90239779a08243883f54bdb2503f4f40be2541487c2ef2383ef4d8277660e88b |
| LTC | 23,400 | LV8VnCDYJzd3FYNwn6n3Kyi1i7PB2MvXPo | 30231aee25900b9cb1fba16f1a8923a0cd866d60b01e542be1a4b26f92d9d10f |
The total amount lost has been estimated at $170,000 USD.
Immediate Reactions
"Initially, Vircurex operated normally despite the loss, though it no longer paid dividends to shareholders."
Vircurex's initial report on the incident explained that the funds could be recovered from operating profits[5].
The loss of the funds will be recovered out of the monthly dividends. Dividends will be used to purchase back the missing funds in the coming months. Depending on the trading volume development this is expected to take 9 to 12 months.
"In March 2014, due to strain caused by large withdrawals (in addition to a default by AurumXChange, a fiat processor Vircurex used), Vircurex froze large quantities of many currencies; however, it promises to pay these back eventually."
Ultimate Outcome
Addition of IP Whitelisting
After 3 user accounts reported being hacked, Vircurex added IP address whitelisting to their service, so users who logged in from a new IP address would have to confirm their IP address via email[5].
Frozen Fund Scheme Implementation
Due to recent large fund withdrawals depleting their cold wallet balance, Vircurex announced on their homepage the immediate suspension of BTC, LTC, FTC, and TRC withdrawals and deposits[6]. Two previous incidents led to significant losses, which were covered by the exchange's income[6]. However, recent withdrawals exhausted their cold wallet balance, prompting the introduction of "Frozen Funds." These funds will gradually be repaid to users from the exchange's profits. Distribution logic entails allocating 50% of available funds from largest to smallest accounts and the remaining 50% from smallest to largest accounts[6]. This approach aims to ensure all users eventually receive their funds without penalizing new deposits or users[6].
Inclusion In Lists
The breach was ultimately included in a list published by user dree12 on Bitcoin Talk[4].
Total Amount Recovered
Vircurex planned to implement a recovery process which would provide users with "frozen fund" account balances and repay those users over time from the exchange profits. They would distribute 50% of profits to the accounts with the largest balance of lost funds, and 50% of profits to the accounts with the smallest balance of lost funds. While such an idea may have been better for affected users than an outright platform collapse, this scheme was inadequate because:
- The primary issue of preventing future exchange breaches was not mentioned anywhere. Thus, users had no assurances against not losing additional funds or that they would ultimately be repaid.
- The scheme was implemented too late, with the full balances of users being frozen instead of a partial freeze which could be beneficial to allow users access to some of their funds.
- There was no reimbursement provided for users who were not at either end of the list. This prevented those users from participating in trading and generating any platform profit.
- Once users were fully reimbursed, they had no incentive to remain using the platform or engaged in the recovery of others. As such, the largest traders and a large number of small traders could leave the platform quickly. By contrast, a scheme which distributed less to more users could keep more users engaged for longer.
There do not appear to have been any funds recovered in this case.
Ongoing Developments
What parts of this case are still remaining to be concluded?
Individual Prevention Policies
When using any third party custodial platform (such as for trading), it is important to verify that the platform has a full backing of all assets, and that assets have been secured in a proper multi-signature wallet held by several trusted and trained individuals. If this can't be validated, then users should avoid using that platform. Unfortunately, most centralized platforms today still do not provide the level of transparency and third party validation which would be necessary to ensure that assets have been kept secure and properly backed. Therefore, the most effective strategy at present remains to learn proper self custody practices and avoid using any third party custodial platforms whenever possible.
Store the majority of funds offline. By offline, it means that the private key and/or seed phrase is exclusively held by you and not connected to any networked device. Examples of offline storage include paper wallets (seed phrase or key written down and deleted from all electronic media), hardware wallets, steel wallet devices, etc...
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.
All wallets, minting functions, and critical infrastructure should be implemented with a multi-signature requirement, with a recommended minimum of 3 signatures required. This means that making important changes or approving spending will require the keys held by at least 3 separate individuals within the organization to approve. The multi-signature should be implemented at the lowest layer possible, all key holders should have security training, and all key holders should be empowered and encouraged to exercise diligence.
Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.
Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ 1.0 1.1 1.2 Exchange Vircurex Freezes Withdrawals, Claims Lack of Reserves - CoinDesk - Archive September 18th, 2021 8:02:19 PM MDT (Feb 29, 2020)
- ↑ 2.0 2.1 Vircurex Faces Class-Action Lawsuit - Finance Magnates (Jan 4, 2024)
- ↑ 3.0 3.1 3.2 3.3 Vircurex Exchange Homepage Archive April 24th, 2013 1:13:56 AM MDT (Dec 11, 2023)
- ↑ 4.0 4.1 4.2 4.3 4.4 4.5 List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses - BitcoinTalk (Feb 15, 2020)
- ↑ 5.0 5.1 5.2 5.3 5.4 5.5 5.6 5.7 May 2013 Report - Vircurex Archive March 23rd, 2014 1:59:16 PM MDT (Dec 12, 2023)
- ↑ 6.0 6.1 6.2 6.3 6.4 6.5 6.6 6.7 6.8 6.9 Vircurex Homepage Archive March 23rd, 2014 1:55:52 PM MDT (Accessed Apr 9, 2024)
- ↑ 7.0 7.1 Vircurex Homepage Archive March 25th, 2014 2:36:39 PM MDT (Accessed Apr 9, 2024)
- ↑ https://web.archive.org/web/20140715000000*/https://vircurex.com/welcome/ann_reserved.html
- ↑ Bitcoin Address 16cDeEFn6sraUEJrDCt2Yg3r7j2oazSYEd - Blockchain.info