Estonia-based cryptocurrency and tokenized stock exchange DX.Exchange has reportedly fixed a critical vulnerability that leaked sensitive user data.Technology news website Ars Technica reported on the security leak Jan. 9, citing an anonymous trader who conducted a security analysis of DX.Exchange.According to Ars Technica’s article, a trader, who wished to remain anonymous due to legal concerns, noticed that the exchange was sending sensitive data of other users to their browser. After examining the data, the trader has reportedly found that the data included other users’ authentication tokens and password reset links:“I have about 100 collected [authentication] tokens over 30 minutes, […] if you wanted to criminalize this, it would be super easy.”The authentication tokens were reportedly formatted in the JSON Web token standard and could be easily decoded with the use of online tools, obtaining full names and email addresses of the exchange’s users.According to ArsTechnica, the trader has explained that the tokens could grant access to their associated accounts, as long as the user hasn’t manually logged out after the token was leaked.The trader has also reportedly found a way to permanently backdoor an account by using the platform’s programming interface, which would grant them access even after a user has logged out.Furthermore, Ars Technica reported that some of the login data leaked by the platform belongs to the employees of the site. The article explains the severity of the issue:“In the event that such a token gave unauthorized access to an account with administrative privileges, the hacker might be able to download entire databases, seed the site with malware, and possibly even transfer funds out of user accounts.”ArsTechnica itself has reportedly checked and confirmed the presence of the vulnerabilities discovered by the trader, obtaining what it described as a large number of authentication tokens through the publicly available programming interface.ArsTechnica contacted the DX.Exchange, and according to the article, the leak has now been fixed. However, the company declined to comment on its intentions to warn the users about the now-patched vulnerability:“Ars sent a response asking if DX.Exchange planned to reset all user tokens or passwords and to notify users that a leak exposed their names and email addresses. So far, the officials have yet to respond.”As Cointelegraph reported Jan. 3, DX.Exchange leverages Nasdaq’s Financial Information Exchange (FIX) protocol and allows its users to trade tokenized stocks of major companies, including Google, Facebook and Amazon.As of press time, DX.Exchange has not responded to Cointelegraph’s request for commentary. window.fbAsyncInit = function() FB.init( appId : ‘1922752334671725’, xfbml : true, version : ‘v2.9’ ); FB.AppEvents.logPageView(); ; (function(d, s, id) var js, fjs = d.getElementsByTagName(s); if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = “//connect.facebook.net/en_US/sdk.js”; js.async = true; fjs.parentNode.insertBefore(js, fjs); (document, ‘script’, ‘facebook-jssdk’)); !function(f,b,e,v,n,t,s) if(f.fbq)return;n=f.fbq=function()n.callMethod? n.callMethod.apply(n,arguments):n.queue.push(arguments); if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′; n.queue=;t=b.createElement(e);t.async=!0; t.src=v;s=b.getElementsByTagName(e); s.parentNode.insertBefore(t,s)(window,document,’script’, ‘https://connect.facebook.net/en_US/fbevents.js’); fbq(‘init’, ‘1922752334671725’); fbq(‘track’, ‘PageView’);
Ledger claimed that recently uncovered vulnerabilities in its hardware wallets are not critical in an official Medium blog post on Dec. 28.Yesterday at the 35C3 Refreshing Memories conference in Berlin, researchers claimed that they were able to hack the Trezor One, Ledger Nano S and Ledger Blue cryptocurrency wallets.In the post, the company explains that there appeared to be “three attack paths which could give the impression that critical vulnerabilities were uncovered,” but according to them “this is not the case.”The reason Ledger says that the vulnerability is not critical is that “they did not succeed to extract any seed nor PIN on a stolen device” and “sensitive assets stored on the Secure Element remain secure.”According to the company, the Ledger Nano S vulnerability “demonstrated that physically modifying the Ledger Nano S and installing malware on the victim’s PC could allow a nearby attacker to sign a transaction after the PIN is entered and the Bitcoin (BTC) app is launched.”This, Ledger claims, is “quite unpractical, and a motivated hacker would definitely use more efficient tricks.” While the researchers claimed that the vulnerability allowed them to “send malicious transactions to the ST31 [the secure chip] and even confirm it ourselves” Ledger denies its, stating:“Their firmware runs snake on the MCU in Bootloader mode. This means that you have to push the left button at boot and the Secure Element does not even boot.”Ledger also claims that the demonstration of the Ledger Blue attack is “a bit unrealistic and not practical,” claiming that “the position of the receiver and the attacked device must be exactly the same, the position of the USB cable is also paramount (as it acts as an antenna).”The post stated that “if the conditions are not exactly the same, the machine learning classifier won’t work properly.” For this reason, Ledger concluded:“This attack is definitely interesting, but does not allow to guess someone’s PIN in real conditions (it requires that you never move your device at all).”Furthermore, because of this vulnerability, Ledger stated that the next Ledger Blue firmware update will feature a randomized keyboard for the pin.The company also stated that they “regret that the researchers did not follow the standard security principles outlined in Ledger’s Bounty program.” According to Ledger “in the security world, the usual way to proceed is responsible disclosure. This is the model in which a vulnerability is disclosed only after a reasonable period of time that allows for the vulnerability to be patched as well as to mitigate risks for users.”In November, Ledger announced its expansion to New York in order to develop its institutional custody offering Ledger Vault. Moreover, the company also recently signed an agreement with crypto payment startup Crypto.com to allow users to pay for its products with cryptocurrencies. window.fbAsyncInit = function() FB.init( appId : ‘1922752334671725’, xfbml : true, version : ‘v2.9’ ); FB.AppEvents.logPageView(); ; (function(d, s, id) var js, fjs = d.getElementsByTagName(s); if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = “//connect.facebook.net/en_US/sdk.js”; js.async = true; fjs.parentNode.insertBefore(js, fjs); (document, ‘script’, ‘facebook-jssdk’)); !function(f,b,e,v,n,t,s) if(f.fbq)return;n=f.fbq=function()n.callMethod? n.callMethod.apply(n,arguments):n.queue.push(arguments); if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′; n.queue=;t=b.createElement(e);t.async=!0; t.src=v;s=b.getElementsByTagName(e); s.parentNode.insertBefore(t,s)(window,document,’script’, ‘https://connect.facebook.net/en_US/fbevents.js’); fbq(‘init’, ‘1922752334671725’); fbq(‘track’, ‘PageView’);
Steven Peikin, co-director of the enforcement division of the U.S. Securities and Exchange Commission (SEC), recently described international cooperation as playing a critical role in facilitating investigations in the initial coin offering (ICO) sector.
Also Read: Chinese Miners Short BTC Markets to Hedge Against Falling Prices
‘Daunting Task’ of Identifying Misconduct
Speaking at Harvard Law School, Peikin described the SEC’s enforcement division as having the “daunting task of ferreting out misconduct and, where appropriate, recommending civil enforcement actions that variously seek injunctions or cease-and-desist orders, penalties, disgorgement of ill-gotten gains, suspensions and bars of bad actors, and the temporary suspension or delisting of securities.”
Peikin stated that collaboration with international regulators is “critical” to the SEC’s ability to investigate and take action against ICOs. The operators of ICOs are typically located outside of the U.S. and raise funds from “a broad base of investors both inside and outside the U.S.”
Quebec Regulator Played Key Role in Plexcoin Case
Peikin said that the SEC generally sees two types of securities law violations from token offerings.
“First, we see ICOs that meet the definition of a security, but are being sold, brokered, or traded to U.S. investors without complying with the registration requirements of the federal securities laws. Second, we see ICOs that appear to be simply outright frauds — where the issuers are using excitement around the crypto-asset space to simply rip off money from investors,” he said.
Peikin stated that the international assistance received by the SEC in regulating the ICO sphere has been “essential.” As an example, he noted how cooperation with the Autorité des marchés financiers in the Canadian province of Quebec led to the SEC charging two Canadian residents for their role in the fraudulent Plexcoin token sale. He added that the commission will continue to work with other international regulators “to develop pending ICO investigations.”
Increased Popularity of ICOs Obscures Risks
Peikin said that in recent years, ICOs have “exploded from a mere concept to a phenomenon.” He added that the global ICO industry has grown “some 22,000 percent” in just two years, comparing the “more than $22 billion” raised by ICOs in 2018 with the “less than $100 million” raised in 2016.
“The growth in the ICO market can obscure the fact that these offerings are often high-risk investments,” Peikin stated. “The issuers may lack established track records. They may not have viable products, business models, or the capacity for safeguarding digital currencies from theft by hackers. And some of the offerings can be simply outright frauds.”
What is your response to Peikin’s comments regarding the need for international cooperation in investigating ICOs? Share your thoughts in the comments section below.
Images courtesy of Shutterstock, sec.gov, Wikipedia
At Bitcoin.com there’s a bunch of free helpful services. For instance, have you seen our Tools page? You can even lookup the exchange rate for a transaction in the past. Or calculate the value of your current holdings. Or create a paper wallet. And much more.
Blockchain-based systems’ decentralized nature makes for their formidable resiliency to the outsiders’ attempts to infiltrate or take down such networks. Governments, law enforcement agencies and even military leadership around the world seem to be embracing a more blockchain-friendly way of thinking as they realize that the power of distributed ledger technology (DLT) could be harnessed to advance their goals in numerous ways. This generates increased demand for security-enhancing solutions, which pushes the private sector to come up with such products at an ever-increasing pace.The latest use case – Israel’s securities regulator introducing a blockchain-powered messaging system in order to ensure authenticity of its communications – is an instance of a prevalent, yet not exclusive, area of the technology’s security application: data protection.CybersecurityEnsuring data security and integrity is blockchain’s natural and widely recognized forte. The need to keep critical data safe and provably unaltered is even more pronounced in areas such as law enforcement and defense, where the consequences of failing to protect data might be especially dreadful. In recent years, governments have been peeking into the blockchain space en masse, so the examples of both potential and already operational implementation are abundant.In May 2016, NATO’s Communications and Information Agency first invited proposals on blockchain applications in areas such as military logistics and procurement as a part of its Innovation Challenge initiative. Around the same time, The US Defense Advanced Research Projects Agency (DARPA), the very organization that we should thank for creating the internet, announced that it was accepting bids from contractors who would ‘create a secure messaging and transaction platform that separates the message creation, from the transfer (transport) and reception of the message using a decentralized messaging backbone to allow anyone anywhere the ability to send a secure message or conduct other transactions across multiple channels traceable in a decentralized ledger.’ In May 2017, the agency awarded a grant to a firm that subscribed to create this DLT-based messaging system.Across the Atlantic, the Defence Science and Technology Laboratory, part of the UK Ministry of Defence, has been working with a domestic consultancy firm on a project aimed at improving integrity of data produced by networked sensors. Reuters also reported in late 2017 that the British justice ministry considered implementing a blockchain-powered solution to keep evidence tamper-proof. Australia’s financial intelligence agency and the Australian Criminal Intelligence Commission pooled some resources last year to fund the effort by HoustonKemp, a Singapore-based contractor, to build a blockchain system advancing the same goal – securely recording, storing, and sharing sensitive intelligence and evidence created by investigations.Russia, too, has been wasting no time, as its Ministry of Defense designated a newly built research laboratory to explore the potential applications of blockchain technology for safeguarding critical military infrastructure from cyber attacks.Tech corporations that are into the business of building blockchain applications do not just stand on the sidelines waiting for governmental agencies’ bid issuances. A few days ago, news broke that IBM registered a patent for a network security solution that relies on a distributed network of monitors to track breaches in systems’ defenses. This design will be especially effective against sophisticated attacks that cover up their own tracks. Even if one monitor is hacked, others will spot irregularities in system logs as they diverge from a previously blockchain-recorded consensus.Another product specifically aimed at law enforcement and related organizations, called the Blockchain Evidence Locker, hit the market in September. A creation from Canadian firm Leonovus, the product is designed to maintain a detailed, cryptographically secured chain of custody record for the growing body of digital evidence that security agencies store. Overall, it won’t be surprising if within a decade maintaining a distributed and encrypted database of evidence will become a standard for law enforcement in the developed world.Transaction trackingAnother common and well-documented application of blockchain technology for security and law enforcement purposes manifests in a wide range of tools that permit tracking suspicious or illegal financial activity, with the ultimate goal of matching pseudonymous crypto addresses with perpetrators of real crime. In this domain, police and intelligence agencies often operate in collaboration with private companies that build and maintain relevant software tools, or even completely outsource investigative work to them.One of the notable features of this sector is a ‘blockchain detective’ firm Chainalysis, whose software has been instrumental in multiple investigations led by the US Department of Justice and other prominent agencies. Chainalysis has recently raised millions of dollars to expand its operations from a single Bitcoin blockchain that it previously scrutinized to a much wider array of cryptocurrencies.London-based Elliptic, which often secures a mention next to Chainalysis as its closest competitor, has created tools that allow crypto exchanges or other interested parties to red-flag transactions that raise suspicions of being linked to illicit activities. Elliptic’s solutions are specifically focused on stopping criminals at the choke point where they attempt to cash out the shady money.This year also saw San Francisco-based Bitfury group, an entity that started as bitcoin miner but moved on to become a provider of a wider set of crypto-related products and services, launch its blockchain-tracking software called Crystal. The product offers an in-depth look into any transaction on the Bitcoin blockchain, which involves advanced mapping and grouping tools, as well as a quantified assessment of the odds that a given transaction is illegal.As the widespread perception of a robust link that exists between cryptocurrency and cybercrime taints the whole industry, many crypto ventures are eager to prove the stereotype inaccurate. This push resulted in creation of Blockchain Alliance, a coalition of companies whose mission is to ‘provide a forum for open dialogue between industry and law enforcement and regulatory agencies’ while combating crimes that use public blockchain infrastructure. Along with providing software tools that have already been deployed by agencies such as Europol and the US Department of Homeland Security in some high-profile investigations, Blockchain Alliance emphasizes the need to educate law enforcement on the technology underlying cybercrimes and the most efficient ways to deal with it.Military applicationsGranted, innovation-minded generals and military technology experts have been long eyeing applications of blockchain such as military logistics, cyber defense, and resilient communications. Yet some even more exciting uses might be on the horizon, as the technology’s potential extends into command and control systems, and even further – onto the battlefield.For example, in October 2016, DARPA spent some $1.8 million to pay a software company named Galois for their Blockchain application Guardtime Keyless Signature Infrastructure – basically, an unhackable code that could be deployed to enhance security in critical weapon systems. Using a mathematical technique called formal verification, the program will ensure that the system is used as intended, and no malicious code is planted within.Pairing blockchain with artificial intelligence and military ‘Internet of Things’ (IoT) could be the future of combat tactics, shifting from the centuries-old paradigm of centralized in-battle control to decentralized, at least at the unit level. Imagine a swarm of armed drones that continuously share combat data and decisions in a decentralized manner, operating as a unified organism that is not beholden to a single decision-making center and is capable of sustaining any casualties without losing operational capacity.Another field ripe for decentralization of command is complex fire systems, such as those found on modern battleships. For the last five decades, NATO navies’ vessels have relied on a centralized system of weapons control called Aegis Combat System – an ingenious yet centralized brain that collects data from dozens of sensors and coordinates fire from several types of deadly weapons simultaneously. Despite its age, it still works well, but the centralized character makes it vulnerable if the decision-making center gets taken out. A set of autonomous systems that coordinate via a blockchain could present a more viable design, retaining advantages of coordination but eliminating vulnerabilities inherent to central control.
window.fbAsyncInit = function()
appId : ‘1922752334671725’,
xfbml : true,
version : ‘v2.9’
(function(d, s, id)
var js, fjs = d.getElementsByTagName(s);
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = “//connect.facebook.net/en_US/sdk.js”;
(document, ‘script’, ‘facebook-jssdk’));
Technology & Security
Over the last 24 hours, the cryptocurrency community has been discussing a critical vulnerability that was found in the Bitcoin Core (BTC) reference client. A bug introduced in Bitcoin Core version 0.14, that also affects all subsequent versions, could have caused a great majority of current Core nodes to crash. According to the developer’s Optech newsletter, Core contributors released a patch that fixes Core version 0.16.2 and the latest 0.16.3 fix requires an immediate upgrade.
Also read: US Confiscates Millions in Cryptocurrencies in Alphabay Forfeiture Case
An Anonymous Individual Discloses a Critical Bug Found in Bitcoin Core Clients
The whole community is talking about a vulnerable bug that was introduced into the Bitcoin Core reference client two years ago. The issue found in Bitcoin Core software (patched now) versions 0.14 and above has brought about another heated discussion concerning the fallibility of developers, and using a single reference client as opposed to using multiple implementations. The bug in question went unnoticed for two years when it was introduced in November of 2016 and a great majority of Core contributors accepted (ACK) the change without many questions.
According to developers, the bugs’ patch release notes, and the Optech newsletter, an anonymous individual reported the bug to Core contributors. Essentially, the vulnerability found in Bitcoin Core software would have allowed a malicious actor with a mere 12.5 BTC to crash roughly 90 percent of Core nodes. The Fast Internet Bitcoin Relay Engine (FIBRE) baked into Core would have made matters worse because of the way FIBRE propagates blocks.
“[CVE-2018-17144] A bug introduced in Bitcoin Core 0.14.0 and affecting all subsequent versions through to 0.16.2 will cause Bitcoin Core to crash when attempting to validate a block containing a transaction that attempts to spend the same input twice,” explains the Optech newsletter.
Such blocks would be invalid and so can only be created by miners willing to lose the allowed income from having created a block (at least 12.5 XBT or $80,000 USD).
Are Bugs and Exploits a Compelling Argument for Multiple Clients?
Of course, the bug started a ferocious debate in regard to the BTC community putting Core developers up high on a pedestal all these years. Further, the bug re-invoked a compelling argument for multiple clients. For example, Bitcoin ABC released a patch for the vulnerability two days ago, but both Bitcoin XT and Bitcoin Unlimited were unaffected by the issue. On Reddit Bitcoin Unlimited’s Peter Rizun has emphasized this is why having multiple implementations is a good idea.
“Wow, isn’t this one of the most serious consensus bugs ever? It affects all BTC Core nodes and the only thing preventing unbound inflation is the fact that the nodes crash, taking down the entire BTC Core network instead,” Rizun says on September 19.
Maybe multiple implementations aren’t such a bad idea, after all, Greg Maxwell? I think only ABC is affected for Bitcoin Cash.
The issue people have with a majority dependence on one reference client, is because some people say history has shown that alternative clients can be very beneficial when critical bugs are discovered, like the one introduced in Bitcoin Core 0.14. For instance, when over the last couple of years consensus bugs were found in Ethereum’s Geth, the network still had Parity clients to rely on and vice versa.
Left: BTC nodes — Right: BCH nodes.
At the time of writing, there are 9628 nodes running on the BTC network and 9135 are Bitcoin Core nodes. That’s 94 percent of the BTC network running one reference client and every node is affected by any issues found within Core’s codebase. This means bugs not only have to be fixed fast, but mandatory upgrades have to be speedy too. In contrast to the BTC network dominated by Core nodes, there are currently 2006 nodes running on the BCH network but only 59 percent are Bitcoin ABC nodes. So much like the ETH network, client diversity gives BCH 738 Bitcoin Unlimited (BU) nodes covering 39 percent of the network.
Additionally, according to a comment on r/bitcoin, Lightning Nodes could also be vulnerable to attacks due to the recent Bitcoin Core bug.
The Reddit user /deafboy_2v1 says, “When your bitcoind is down for longer than the time lock period (usually 24 hours) of your channels, your peers could try to steal from you by publishing an outdated channel state. You have no way of knowing, because your lightning node wouldn’t receive the closing transaction. Luckily, your peers has no way of knowing which bitcoind does your lightning node really talk to, so this attack would be risky (peer trying to cheat could lose all funds if you find out).”
The recent bug confirms to many cryptocurrency proponents that being dependent on one development team’s QA process, as opposed to client diversity and multiple development teams, can be extremely risky — Especially when an exploit like this is found in production and tethered to a $100 billion dollar system.
What do you think about the bug found? Do you think multiple clients is a better way to avoid bugs and exploits? Let us know what you think about this story in the comment section below.
Images via Shutterstock, Twitter, and Coindance nodes.
Want to create your own secure cold storage paper wallet? Check our tools section.
Technology & Security
For every problem that smart contracts solve, they seem to introduce another. In a week in which EOS has made news for all the wrong reasons over a RAM vulnerability, a code auditor has revealed the prevalence of smart contract bugs. Security firm Hosho, which has forged a new partnership with community managers Amazix, has found that one in four projects contains critical vulnerabilities.
Also read: Researchers Find Discrepancies With Top Exchange Volumes
$1 Billion Is No Guarantee Against Bugs
$1 billion. That’s the amount raised by the projects whose smart contracts Hosho has audited. The security company claims to have audited more smart contracts than any other industry player. Despite the significant human and financial resources at their disposal, many of these projects would have been crippled had they neglected to have their code thoroughly scrutinized. A quarter of the projects Hosho has audited were found to have critical bugs, and some 60% of all projects they saw had at least one security issue.
Ethereum, the ICO economy’s go-to launchpad, has been the worst affected, with stories abounding of exploitable code that’s led to hundreds of millions of dollars of ether being stolen or locked up. While smart contract platforms such as Stratis are pushing the availability of debugging deployment suites and professional decompilers that come with using C#, Ethereum’s Turing-complete system leaves greater margin for error. Identifying and eliminating all potential security holes is a Sisyphean task, and one which even experienced Solidity developers struggle with. Enlisting the support of a third party specializing in smart contract audits, while not foolproof, is the best bet against shipping bug-filled code.
Smart Contract Testing as a Service
While it is industry practice to have smart contracts audited ahead of a tokensale, projects that have yet to raise funds may be tempted to cut corners and skimp on this task. Doing so can prove fatal, however, with the worst bugs leading to wallets being drained, or buffer overflow exploits being manipulated to alter account balances. Several Ethereum-based projects have been forced to conduct token swaps after screwing up their first attempt at a smart contract.
In EOS land this week, all energies have been focused on patching a RAM exploit that’s recently been detected. It allows a malicious user to “install code on their account which will allow them to insert rows in the name of another account sending them tokens. This lets them lock up RAM by inserting large amounts of garbage into rows when dapps/users send them tokens.”
Amazix, the preeminent community management and consultancy firm within the token economy, has now partnered with Hosho to offer its clients smart contract auditing. “In the absence of industry standards, we see smart contract auditing and penetration testing to be essential components of good security in blockchain systems,” said Amazix CMO Kenneth Berthelsen. “In our view, there are no better qualified people to do this than Hosho engineers.”
Proponents of cryptocurrencies see smart contracts eventually infiltrating everything from insurance to dispute resolution. Before that can happen, developing trust in the code that governs them will be crucial.
Do you think smart contracts will eventually become bug-proof, or will exploitable vulnerabilities persist? Let us know in the comments section below.
Images courtesy of Shutterstock.
Need to calculate your bitcoin holdings? Check our tools section.
Ethereum [ETH] – Parity Technologies, the developers of the widely-used software that allows a secure interaction with the Ethereum blockchain, has just announced via their company’s Twitter page that their developers have discovered yet another critical bug within their software.
A consensus issue on the public test network Ropsten has revealed a consensus vulnerability. Please update your Parity Ethereum clients to 1.11.3-beta or 1.10.6-stable asap. https://t.co/07O9qOX1Vi
— Parity Technologies (@ParityTech) June 6, 2018
The severity of the bug has been deemed “critical” via their announcement on their blog.
The announcement …
Read The Full Article On CryptoCurrencyNews.com
Get latest cryptocurrency news on bitcoin, ethereum, initial coin offerings, ICOs, ethereum and all other cryptocurrencies. Learn How to trade on cryptocurrency exchanges.
Critical bugs were found in the parity software in the test environment, so users are in a hurry to update and do not affect the main net
On Wednesday morning, Bitcoin price dipped below the critical $8,500 price level as bears began to rally, potentially sending the coin further down toward $8,000 and beyond. At its lowest point today, BTC/USD reached $8,100. For the past seven days, Bitcoin value declined by about 12%.
Bitcoin Could Fall Below $8,000
Bitcoin price dipped below $8,500 today, and it could fall even further later this week as another crypto selloff has begun. One of the catalysts triggering this selloff could be Microsoft Bing’s ban on crypto advertising. Bing now joins Facebook, Google, and Twitter in tightening …
Read The Full Article On CryptoCurrencyNews.com
Get latest cryptocurrency news on bitcoin, ethereum, initial coin offerings, ICOs, ethereum and all other cryptocurrencies. Learn How to trade on cryptocurrency exchanges.