SecurityConference50min
Tornado Cash, the World's Biggest Cyber Crimes and Modern Privacy
This talk examines the massive Axie Infinity crypto-heist, detailing the sophisticated attack chain, how stolen assets were laundered through a DAO-based crypto mixer, and the resulting legal and privacy implications. It highlights broader impacts on in-game economies and what everyone should learn from this landmark cybercrime.
James BirnieMcBirnie Ltd
talkDetail.whenAndWhere
Wednesday, October 8, 12:00-12:50
Room 4
Have you heard of Axie Infinity? Its a computer game with an in game economy based on the Ethereum blockchain. So what? You might ask... Well, it became popular, very popular, some say the most popular game in existence. In game economies have always spawned grey IRL economies despite, in many cases, the best efforts of game developers to prevent them. But the in-game economy, based on real crypto-assets, of Axie Infinity grew so big that it became a target for what has been called the biggest robbery of all time - the Sky Mavis hack.
How did this robbery happen? What was the (both sophisticated and age-old) kill chain that enabled it?
After the robbery the story gets even more interesting. Any detective will always tell you, "follow the money!". Crime only pays if you can convert those ill gotten gains into a currency you spend to buy real things. So how do you launder the proceeds from the biggest robbery ever? The answer might be surprising, it winds through a crypto mixer set up to operate as a DAO (Decentralised Autonomous Organisation), following the funds, US Government sanctions (recently ruled illegal by an appeal court), an activist campaign and potentially far reaching privacy consequences for all of us.
In this talk we'll analyse the kill chain of the initial attack, where the money led and how this could affect all of us. I'll go through the main takeaways that everybody should be interested in.
How did this robbery happen? What was the (both sophisticated and age-old) kill chain that enabled it?
After the robbery the story gets even more interesting. Any detective will always tell you, "follow the money!". Crime only pays if you can convert those ill gotten gains into a currency you spend to buy real things. So how do you launder the proceeds from the biggest robbery ever? The answer might be surprising, it winds through a crypto mixer set up to operate as a DAO (Decentralised Autonomous Organisation), following the funds, US Government sanctions (recently ruled illegal by an appeal court), an activist campaign and potentially far reaching privacy consequences for all of us.
In this talk we'll analyse the kill chain of the initial attack, where the money led and how this could affect all of us. I'll go through the main takeaways that everybody should be interested in.
James Birnie
James has worked in commercial software delivery since the late 1990s, a time when Agile and Lean were words used to describe gymnasts, and Pipelines were for carrying oil.
After working in a successful startup for 10 years James discovered, while working as a consultant for Thoughtworks, that he enjoyed helping to create the conditions for other people more talented than himself to deliver working software rather than writing the code.
After leaving consultancy he worked as Head of Platform and VP Engineering before starting a new life as an independent consultant, currently helping Cyber Security Teams to deliver effective solutions.
After working in a successful startup for 10 years James discovered, while working as a consultant for Thoughtworks, that he enjoyed helping to create the conditions for other people more talented than himself to deliver working software rather than writing the code.
After leaving consultancy he worked as Head of Platform and VP Engineering before starting a new life as an independent consultant, currently helping Cyber Security Teams to deliver effective solutions.
talkDetail.transcript.loginToSeeTakeaways
talkDetail.transcript.loginToSeeInsights
comments.speakerNotEnabledComments